{"id":5863,"name":"types-pyyaml","ecosystem":"pip","repository_url":"https://github.com/typeshed-internal/stub_uploader","issues_count":1054,"created_at":"2025-06-06T21:57:35.888Z","updated_at":"2025-06-06T21:57:35.888Z","purl":"pkg:pypi/types-pyyaml","metadata":{"id":2957657,"name":"types-pyyaml","ecosystem":"pypi","description":"Typing stubs for PyYAML","homepage":"https://github.com/python/typeshed","licenses":"apache-2.0","normalized_licenses":["Apache-2.0"],"repository_url":"https://github.com/typeshed-internal/stub_uploader","keywords_array":[],"namespace":null,"versions_count":57,"first_release_published_at":"2021-02-02T20:27:23.000Z","latest_release_published_at":"2022-09-27T02:08:47.000Z","latest_release_number":"6.0.12","last_synced_at":"2025-06-07T00:07:36.330Z","created_at":"2022-04-10T12:56:19.808Z","updated_at":"2025-06-07T00:07:36.330Z","registry_url":"https://pypi.org/project/types-pyyaml/","install_command":"pip install types-pyyaml --index-url https://pypi.org/simple","documentation_url":"https://types-pyyaml.readthedocs.io/","metadata":{"funding":null,"documentation":null,"classifiers":["Programming Language :: Python :: 3","Typing :: Stubs Only"],"normalized_name":"types-pyyaml"},"repo_metadata":{"id":37306395,"uuid":"331669593","full_name":"typeshed-internal/stub_uploader","owner":"typeshed-internal","description":"Scripts and actions to auto-upload typeshed stubs to PyPI","archived":false,"fork":false,"pushed_at":"2024-10-29T02:46:23.000Z","size":2182,"stargazers_count":21,"open_issues_count":9,"forks_count":16,"subscribers_count":6,"default_branch":"main","last_synced_at":"2024-10-29T16:45:09.321Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/typeshed-internal.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2021-01-21T15:27:10.000Z","updated_at":"2024-10-29T02:46:27.000Z","dependencies_parsed_at":"2023-09-23T18:17:04.216Z","dependency_job_id":"ec44092e-9d05-4320-9755-351952bf9fab","html_url":"https://github.com/typeshed-internal/stub_uploader","commit_stats":{"total_commits":2121,"total_committers":14,"mean_commits":151.5,"dds":0.05704856199905706,"last_synced_commit":"7d344113e5fd5fd475f82ce42023ecf0f567d1d6"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/typeshed-internal%2Fstub_uploader","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/typeshed-internal%2Fstub_uploader/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/typeshed-internal%2Fstub_uploader/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/typeshed-internal%2Fstub_uploader/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/typeshed-internal","download_url":"https://codeload.github.com/typeshed-internal/stub_uploader/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":222090776,"owners_count":16929471,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"typeshed-internal","name":"typeshed-internal","uuid":"77794589","kind":"organization","description":null,"email":null,"website":null,"location":null,"twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/77794589?v=4","repositories_count":1,"last_synced_at":"2023-03-04T18:18:20.191Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/typeshed-internal","funding_links":[],"total_stars":null,"followers":null,"following":null,"created_at":"2022-11-14T22:28:01.701Z","updated_at":"2023-03-04T18:18:20.368Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/typeshed-internal","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/typeshed-internal/repositories"},"tags":[]},"repo_metadata_updated_at":"2024-10-29T19:44:14.756Z","dependent_packages_count":330,"downloads":36873298,"downloads_period":"last-month","dependent_repos_count":4758,"rankings":{"downloads":0.07740179418092577,"dependent_repos_count":0.14068051217244093,"dependent_packages_count":0.07391687927704524,"stargazers_count":15.930463108507412,"forks_count":11.217941075591472,"docker_downloads_count":0.8160203372297127,"average":4.7094039511598345},"purl":"pkg:pypi/types-pyyaml","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/pypi/types-pyyaml","docker_dependents_count":105,"docker_downloads_count":48894871,"usage_url":"https://repos.ecosyste.ms/usage/pypi/types-pyyaml","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/pypi/types-pyyaml/dependencies","status":null,"funding_links":[],"critical":true,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/types-pyyaml/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/types-pyyaml/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/types-pyyaml/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/types-pyyaml/related_packages","maintainers":[{"uuid":"typeshed_bot","login":"typeshed_bot","name":null,"email":null,"url":null,"packages_count":259,"html_url":"https://pypi.org/user/typeshed_bot/","role":null,"created_at":"2023-01-18T21:26:27.314Z","updated_at":"2023-01-18T21:26:27.314Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers/typeshed_bot/packages"}],"registry":{"name":"pypi.org","url":"https://pypi.org","ecosystem":"pypi","default":true,"packages_count":690419,"maintainers_count":292811,"namespaces_count":0,"keywords_count":228590,"github":"pypi","metadata":{"funded_packages_count":48950},"icon_url":"https://github.com/pypi.png","created_at":"2022-04-04T15:19:23.364Z","updated_at":"2025-06-06T05:32:09.692Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/namespaces"}},"unique_repositories_count":338,"unique_repositories_count_past_30_days":19,"recent_issues":[{"uuid":"4576009766","node_id":"PR_kwDONDo5gc7iBcdO","number":727,"state":"closed","title":"Bump the python-dependencies group with 25 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-06-09T16:04:55.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-03T00:50:11.000Z","updated_at":"2026-06-09T16:04:58.000Z","time_to_close":573284,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"python-dependencies","update_count":25,"packages":[{"name":"certifi","old_version":"2026.4.22","new_version":"2026.5.20","repository_url":"https://github.com/certifi/python-certifi"},{"name":"django","old_version":"6.0.4","new_version":"6.0.5","repository_url":"https://github.com/django/django"},{"name":"django-import-export","old_version":"4.4.0","new_version":"4.4.1","repository_url":"https://github.com/django-import-export/django-import-export"},{"name":"django-stubs-ext","old_version":"6.0.3","new_version":"6.0.5","repository_url":"https://github.com/typeddjango/django-stubs"},{"name":"gunicorn","old_version":"25.3.0","new_version":"26.0.0","repository_url":"https://github.com/benoitc/gunicorn"},{"name":"idna","old_version":"3.13","new_version":"3.18","repository_url":"https://github.com/kjd/idna"},{"name":"requests","old_version":"2.33.1","new_version":"2.34.2","repository_url":"https://github.com/psf/requests"},{"name":"urllib3","old_version":"2.6.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"click","old_version":"8.3.3","new_version":"8.4.1","repository_url":"https://github.com/pallets/click"},{"name":"platformdirs","old_version":"4.9.6","new_version":"4.10.0","repository_url":"https://github.com/tox-dev/platformdirs"},{"name":"pymdown-extensions","old_version":"10.21.2","new_version":"10.21.3","repository_url":"https://github.com/facelessuser/pymdown-extensions"},{"name":"coverage","old_version":"7.13.5","new_version":"7.14.1","repository_url":"https://github.com/coveragepy/coveragepy"},{"name":"distlib","old_version":"0.4.0","new_version":"0.4.1","repository_url":"https://github.com/pypa/distlib"},{"name":"django-stubs","old_version":"6.0.3","new_version":"6.0.5","repository_url":"https://github.com/typeddjango/django-stubs"},{"name":"librt","old_version":"0.9.0","new_version":"0.11.0","repository_url":"https://github.com/mypyc/librt"},{"name":"mypy","old_version":"1.20.2","new_version":"2.1.0","repository_url":"https://github.com/python/mypy"},{"name":"python-discovery","old_version":"1.2.2","new_version":"1.4.0","repository_url":"https://github.com/tox-dev/python-discovery"},{"name":"regex","old_version":"2026.4.4","new_version":"2026.5.9","repository_url":"https://github.com/mrabarnett/mrab-regex"},{"name":"ruff","old_version":"0.15.12","new_version":"0.15.15","repository_url":"https://github.com/astral-sh/ruff"},{"name":"soupsieve","old_version":"2.8.3","new_version":"2.8.4","repository_url":"https://github.com/facelessuser/soupsieve"},{"name":"types-django-import-export","old_version":"4.4.0.20260408","new_version":"4.4.0.20260518","repository_url":"https://github.com/python/typeshed"},{"name":"types-markdown","old_version":"3.10.2.20260408","new_version":"3.10.2.20260518","repository_url":"https://github.com/python/typeshed"},{"name":"types-pyyaml","old_version":"6.0.12.20260408","new_version":"6.0.12.20260518","repository_url":"https://github.com/python/typeshed"},{"name":"types-requests","old_version":"2.33.0.20260408","new_version":"2.33.0.20260518","repository_url":"https://github.com/python/typeshed"},{"name":"virtualenv","old_version":"21.3.0","new_version":"21.4.2","repository_url":"https://github.com/pypa/virtualenv"}],"path":null,"ecosystem":"pip"},"body":"Bumps the python-dependencies group with 25 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [certifi](https://github.com/certifi/python-certifi) | `2026.4.22` | `2026.5.20` |\n| [django](https://github.com/django/django) | `6.0.4` | `6.0.5` |\n| [django-import-export](https://github.com/django-import-export/django-import-export) | `4.4.0` | `4.4.1` |\n| [django-stubs-ext](https://github.com/typeddjango/django-stubs) | `6.0.3` | `6.0.5` |\n| [gunicorn](https://github.com/benoitc/gunicorn) | `25.3.0` | `26.0.0` |\n| [idna](https://github.com/kjd/idna) | `3.13` | `3.18` |\n| [requests](https://github.com/psf/requests) | `2.33.1` | `2.34.2` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.6.3` | `2.7.0` |\n| [click](https://github.com/pallets/click) | `8.3.3` | `8.4.1` |\n| [platformdirs](https://github.com/tox-dev/platformdirs) | `4.9.6` | `4.10.0` |\n| [pymdown-extensions](https://github.com/facelessuser/pymdown-extensions) | `10.21.2` | `10.21.3` |\n| [coverage](https://github.com/coveragepy/coveragepy) | `7.13.5` | `7.14.1` |\n| [distlib](https://github.com/pypa/distlib) | `0.4.0` | `0.4.1` |\n| [django-stubs](https://github.com/typeddjango/django-stubs) | `6.0.3` | `6.0.5` |\n| [librt](https://github.com/mypyc/librt) | `0.9.0` | `0.11.0` |\n| [mypy](https://github.com/python/mypy) | `1.20.2` | `2.1.0` |\n| [python-discovery](https://github.com/tox-dev/python-discovery) | `1.2.2` | `1.4.0` |\n| [regex](https://github.com/mrabarnett/mrab-regex) | `2026.4.4` | `2026.5.9` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.15.12` | `0.15.15` |\n| [soupsieve](https://github.com/facelessuser/soupsieve) | `2.8.3` | `2.8.4` |\n| [types-django-import-export](https://github.com/python/typeshed) | `4.4.0.20260408` | `4.4.0.20260518` |\n| [types-markdown](https://github.com/python/typeshed) | `3.10.2.20260408` | `3.10.2.20260518` |\n| [types-pyyaml](https://github.com/python/typeshed) | `6.0.12.20260408` | `6.0.12.20260518` |\n| [types-requests](https://github.com/python/typeshed) | `2.33.0.20260408` | `2.33.0.20260518` |\n| [virtualenv](https://github.com/pypa/virtualenv) | `21.3.0` | `21.4.2` |\n\nUpdates `certifi` from 2026.4.22 to 2026.5.20\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/d7ea151afc2ce6bef0555b9349902bd867e928dd\"\u003e\u003ccode\u003ed7ea151\u003c/code\u003e\u003c/a\u003e 2026.05.20 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/413\"\u003e#413\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/certifi/python-certifi/compare/2026.04.22...2026.05.20\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `django` from 6.0.4 to 6.0.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/8f8ad09659d728423a00e0a3b5f16da5c3a38e24\"\u003e\u003ccode\u003e8f8ad09\u003c/code\u003e\u003c/a\u003e [6.0.x] Bumped version for 6.0.5 release.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/44ad76efcbe3c4ca0f08bb9dabe916f6374596c9\"\u003e\u003ccode\u003e44ad76e\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed CVE-2026-6907 -- Prevented caching of requests when Vary header...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/1b0184aa657bc3f5859aeb0206e7c1e94e48b103\"\u003e\u003ccode\u003e1b0184a\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed CVE-2026-35192 -- Ensured Vary header is sent when setting sess...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/ad8f9e19e0897ea45ded7c046ff28daf6f773e92\"\u003e\u003ccode\u003ead8f9e1\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed CVE-2026-5766 -- Enforced DATA_UPLOAD_MAX_MEMORY_SIZE in Memory...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/990ab01e70fd8f55e867b4a234c0ee242fd33fec\"\u003e\u003ccode\u003e990ab01\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed \u003ca href=\"https://redirect.github.com/django/django/issues/37039\"\u003e#37039\u003c/a\u003e -- Removed outdated note from QuerySet.iterator() docs.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/f0c269f285ab58bfb4a120141d7dd41ff4f42b45\"\u003e\u003ccode\u003ef0c269f\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed typo in stub release notes for 5.2.14.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/8bcd15beeff6542acc381b83f50b061d62284c2b\"\u003e\u003ccode\u003e8bcd15b\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed \u003ca href=\"https://redirect.github.com/django/django/issues/37067\"\u003e#37067\u003c/a\u003e -- Added trailing slash in django_file_prefixes().\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/3cdec6454fb86e8d03a06944c0c68025733ed93f\"\u003e\u003ccode\u003e3cdec64\u003c/code\u003e\u003c/a\u003e [6.0.x] Refs CVE-2026-25674 -- Clarified role of umask in upload permissions.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/5dd5c70cf1056e8e04badb687f773e8f16bba257\"\u003e\u003ccode\u003e5dd5c70\u003c/code\u003e\u003c/a\u003e [6.0.x] Added stub release notes and release date for 6.0.5 and 5.2.14.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/8ee73415270a1a54daaec9bb529ad82c6f7a6d4c\"\u003e\u003ccode\u003e8ee7341\u003c/code\u003e\u003c/a\u003e [6.0.x] Refs \u003ca href=\"https://redirect.github.com/django/django/issues/373\"\u003e#373\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/django/django/issues/34122\"\u003e#34122\u003c/a\u003e -- Removed warning that ForeignObject is an interna...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/django/django/compare/6.0.4...6.0.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `django-import-export` from 4.4.0 to 4.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/django-import-export/django-import-export/releases\"\u003edjango-import-export's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.4.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://django-import-export.readthedocs.io/en/stable/changelog.html#id1\"\u003eChangelog\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/django-import-export/django-import-export/blob/main/docs/changelog.rst\"\u003edjango-import-export's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.4.1 (2026-05-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRefactor lookup value retrieval in Field and CachedForeignKeyWidget (\u003ccode\u003e2146 \u0026lt;https://github.com/django-import-export/django-import-export/pull/2146\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix IncorrectLookupParameters when exporting from filtered change view (\u003ccode\u003e2154 \u0026lt;https://github.com/django-import-export/django-import-export/pull/2154\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix console error 'resource select input not found' on export (\u003ccode\u003e2158 \u0026lt;https://github.com/django-import-export/django-import-export/pull/2158\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix CachedForeignKeyWidget type mismatch on non-string lookup fields (\u003ccode\u003e2159 \u0026lt;https://github.com/django-import-export/django-import-export/pull/2159\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-import-export/django-import-export/commit/f4cfc4d090d6a7f485b3f06a769f7f8fa72052b6\"\u003e\u003ccode\u003ef4cfc4d\u003c/code\u003e\u003c/a\u003e updated changelog\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/django-import-export/django-import-export/compare/4.4.0...4.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `django-stubs-ext` from 6.0.3 to 6.0.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typeddjango/django-stubs/commit/8f534d0a4d2884d2e0b45749714deae60aa92b2e\"\u003e\u003ccode\u003e8f534d0\u003c/code\u003e\u003c/a\u003e Version 6.0.5 release (\u003ca href=\"https://redirect.github.com/typeddjango/django-stubs/issues/3402\"\u003e#3402\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typeddjango/django-stubs/commit/16679ef11d151dc6dafc15b4c83c0b85685888d7\"\u003e\u003ccode\u003e16679ef\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eAdminSite.register\u003c/code\u003e typing (\u003ca href=\"https://redirect.github.com/typeddjango/django-stubs/issues/3387\"\u003e#3387\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typeddjango/django-stubs/commit/030484fb9682f1e8a0b70dcc2b6914f706a9c393\"\u003e\u003ccode\u003e030484f\u003c/code\u003e\u003c/a\u003e Update dependency ty to v0.0.38 (\u003ca href=\"https://redirect.github.com/typeddjango/django-stubs/issues/3400\"\u003e#3400\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typeddjango/django-stubs/commit/906abd50d6bff56e9cdda3ddbe42a4e42d926a41\"\u003e\u003ccode\u003e906abd5\u003c/code\u003e\u003c/a\u003e Fix InlineModelAdmin parent-object method signatures (\u003ca href=\"https://redirect.github.com/typeddjango/django-stubs/issues/3308\"\u003e#3308\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typeddjango/django-stubs/commit/ad05f893e9825081a68fd50a3940e623f95ca6aa\"\u003e\u003ccode\u003ead05f89\u003c/code\u003e\u003c/a\u003e Update ty to v0.0.37 (\u003ca href=\"https://redirect.github.com/typeddjango/django-stubs/issues/3399\"\u003e#3399\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typeddjango/django-stubs/commit/c67f6b45b081b2f048129ac4a4ce68094e4d6035\"\u003e\u003ccode\u003ec67f6b4\u003c/code\u003e\u003c/a\u003e Update int128/hide-comment-action action to v1.59.0 (\u003ca href=\"https://redirect.github.com/typeddjango/django-stubs/issues/3397\"\u003e#3397\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typeddjango/django-stubs/commit/5322457da83de3aca22bacd4052303fc950f4b39\"\u003e\u003ccode\u003e5322457\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/typeddjango/django-stubs/issues/3396\"\u003e#3396\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typeddjango/django-stubs/commit/e097380fd28b7451a04bc477ee86835cdc28fbfd\"\u003e\u003ccode\u003ee097380\u003c/code\u003e\u003c/a\u003e Update dependency ty to v0.0.36 (\u003ca href=\"https://redirect.github.com/typeddjango/django-stubs/issues/3395\"\u003e#3395\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typeddjango/django-stubs/commit/97b6e0ea13ad558b9a5f4c5b037bf86886600651\"\u003e\u003ccode\u003e97b6e0e\u003c/code\u003e\u003c/a\u003e Update dependency pytest-mypy-plugins to v4.0.3 (\u003ca href=\"https://redirect.github.com/typeddjango/django-stubs/issues/3394\"\u003e#3394\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typeddjango/django-stubs/commit/5680543268bdb2294a1c61831d853e21540ffc51\"\u003e\u003ccode\u003e5680543\u003c/code\u003e\u003c/a\u003e Enable \u003ccode\u003eunused-ignore\u003c/code\u003e code in pyrefly (\u003ca href=\"https://redirect.github.com/typeddjango/django-stubs/issues/3393\"\u003e#3393\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/typeddjango/django-stubs/compare/6.0.3...6.0.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `gunicorn` from 25.3.0 to 26.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/benoitc/gunicorn/releases\"\u003egunicorn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.0.0\u003c/h2\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eEventlet worker removed\u003c/strong\u003e: The \u003ccode\u003eeventlet\u003c/code\u003e worker class has been dropped. Migrate to \u003ccode\u003egevent\u003c/code\u003e, \u003ccode\u003egthread\u003c/code\u003e, or \u003ccode\u003etornado\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eASGI Framework Compatibility Suite\u003c/strong\u003e: New end-to-end compatibility test harness covering Starlette, FastAPI, Litestar, Quart, Sanic, and BlackSheep. Current grid passes 438/444 tests (98%).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eASGI Test Suite Expansion\u003c/strong\u003e: 134 additional ASGI unit tests covering protocol semantics, lifespan, websockets, and chunked framing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP/1.1 Request-Target Validation\u003c/strong\u003e (RFC 9112 sections 3.2.3, 3.2.4):\n\u003cul\u003e\n\u003cli\u003eReject \u003ccode\u003eauthority-form\u003c/code\u003e request-target outside \u003ccode\u003eCONNECT\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eReject \u003ccode\u003easterisk-form\u003c/code\u003e request-target outside \u003ccode\u003eOPTIONS\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eReject \u003ccode\u003erelative-reference\u003c/code\u003e request-targets\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHeader Field Hardening\u003c/strong\u003e (RFC 9110):\n\u003cul\u003e\n\u003cli\u003eReject control characters in header field-value (section 5.5)\u003c/li\u003e\n\u003cli\u003eReject forbidden trailer field-names (section 6.5.1)\u003c/li\u003e\n\u003cli\u003eReject \u003ccode\u003eContent-Length\u003c/code\u003e list form (RFC 9112 section 6.3)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRequest Smuggling Hardening\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eTighten keepalive gate and scope \u003ccode\u003efinish_body\u003c/code\u003e byte cap\u003c/li\u003e\n\u003cli\u003eKeep \u003ccode\u003e_body_receiver\u003c/code\u003e alive across the keepalive smuggling gate so pipelined requests cannot re-enter a closed body\u003c/li\u003e\n\u003cli\u003eAddress parser/protocol findings from a six-point WSGI/ASGI audit\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePROXY Protocol (ASGI)\u003c/strong\u003e: Enforce \u003ccode\u003eproxy_allow_ips\u003c/code\u003e and tighten v1/v2 parsing in the ASGI callback parser.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eConnection Draining\u003c/strong\u003e: Drain the connection on close per RFC 9112 section 9.6 to prevent reset-on-close truncation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBody Framing on HEAD/204/304\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eKeep \u003ccode\u003eContent-Length\u003c/code\u003e on HEAD and 304 responses (\u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3621\"\u003e#3621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop body framing on HEAD/204/304 even when the framework set it\u003c/li\u003e\n\u003cli\u003eWarn once when an ASGI app emits a body for a no-body response\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP/2 ASGI\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003e_handle_stream_ended\u003c/code\u003e to set \u003ccode\u003e_body_complete\u003c/code\u003e in the async HTTP/2 handler so request bodies finalize correctly on stream end\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eInvalidChunkExtension\u003c/code\u003e mapping and fast-parser support in ASGI tests (\u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3565\"\u003e#3565\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP/1.1 100-Continue\u003c/strong\u003e: Stop adding \u003ccode\u003eTransfer-Encoding: chunked\u003c/code\u003e to 100-Continue interim responses.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eWebSocket Close Handshake\u003c/strong\u003e (RFC 6455):\n\u003cul\u003e\n\u003cli\u003eComply with the close handshake state machine\u003c/li\u003e\n\u003cli\u003eClose the transport after the close handshake completes\u003c/li\u003e\n\u003cli\u003eFix binary send when the \u003ccode\u003etext\u003c/code\u003e key is \u003ccode\u003eNone\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eEarly Hints\u003c/strong\u003e: Validate headers in the \u003ccode\u003eearly_hints\u003c/code\u003e callback to match \u003ccode\u003eprocess_headers\u003c/code\u003e; pass only the header name to \u003ccode\u003eInvalidHeader\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3588\"\u003e#3588\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eASGI Framework Fixes\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eFix ASGI disconnect handling for Django-style apps\u003c/li\u003e\n\u003cli\u003eFix Litestar request handling (use raw ASGI receive for body/headers)\u003c/li\u003e\n\u003cli\u003eFix Litestar HTTP endpoints for compatibility tests\u003c/li\u003e\n\u003cli\u003eFix Quart headers endpoint to normalize keys to lowercase\u003c/li\u003e\n\u003cli\u003eFix Quart WebSocket close test app (missing \u003ccode\u003eaccept()\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eFix duplicate \u003ccode\u003eTransfer-Encoding\u003c/code\u003e header for BlackSheep streaming\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/5d819cf36040f6cc6175fcc804d703fb899509dd\"\u003e\u003ccode\u003e5d819cf\u003c/code\u003e\u003c/a\u003e release: 26.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/b45c70df105f7d5dcbc5abfb732804d6464edc21\"\u003e\u003ccode\u003eb45c70d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3611\"\u003e#3611\u003c/a\u003e from zc-mattcen/docs-typo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/99c8d48acf453deb5c49fe12e195dbc00d888d1e\"\u003e\u003ccode\u003e99c8d48\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3623\"\u003e#3623\u003c/a\u003e from benoitc/chore/drop-eventlet-add-h2-uvloop-test-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/5a655af50f20e005dd9e32e6078dc82fa45f3d4b\"\u003e\u003ccode\u003e5a655af\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3622\"\u003e#3622\u003c/a\u003e from benoitc/test/docker-port-and-ipv4-fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/201df19a8011c0a1d6a0e75ebe22e89d48eb935e\"\u003e\u003ccode\u003e201df19\u003c/code\u003e\u003c/a\u003e chore: remove eventlet worker; add h2 and uvloop to test deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/f4ac8e1f1bf1d365e77f41915da55bec31873f84\"\u003e\u003ccode\u003ef4ac8e1\u003c/code\u003e\u003c/a\u003e test: pass action name to dirty client and stabilize after TTOU spam\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/54d38afddf1f0db0c15b5f4ff63f3c7bfad96961\"\u003e\u003ccode\u003e54d38af\u003c/code\u003e\u003c/a\u003e test: unblock docker fixtures on macOS hosts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/68843c8893dd938456f0a2da62085ab5776f8871\"\u003e\u003ccode\u003e68843c8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3621\"\u003e#3621\u003c/a\u003e from benoitc/fix/asgi-preserve-content-length-on-hea...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/31f2618f733cc0c78690df63f4e344aaf3f56b20\"\u003e\u003ccode\u003e31f2618\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3620\"\u003e#3620\u003c/a\u003e from benoitc/fix/asgi-proxy-protocol-trust-and-parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/41ec7527dbd8a9e52728477700707ad40e41d9dc\"\u003e\u003ccode\u003e41ec752\u003c/code\u003e\u003c/a\u003e fix: keep Content-Length on HEAD and 304 responses\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/benoitc/gunicorn/compare/25.3.0...26.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.13 to 3.18\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.18 (2026-06-02)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWhen decoding a domain, add a \u003ccode\u003edisplay\u003c/code\u003e argument that will pass\nthrough invalid labels rather than raising an exception.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.17 (2026-05-28)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSubstantial 75% reduction in memory usage through new data\nstructures and some optimization in processing speed.\u003c/li\u003e\n\u003cli\u003eAdded a general 1024-character input length cap to the public\nvalidation, conversion, and codec entry points. This is well above\nany legitimate domain or label and guards against pathological\ninputs.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.16 (2026-05-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a command-line interface (\u003ccode\u003epython -m idna\u003c/code\u003e, also available as\nthe \u003ccode\u003eidna\u003c/code\u003e script). Encodes or decodes one or more domains supplied\nas arguments or on standard input, with options to select A-label\nor U-label output and control error handling.\u003c/li\u003e\n\u003cli\u003eRaise the minimum supported Python version to 3.9\u003c/li\u003e\n\u003cli\u003eVarious code quality improvements\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f39ea903ba49eb5a0b2c6723c9a929b41ed4a0f1\"\u003e\u003ccode\u003ef39ea90\u003c/code\u003e\u003c/a\u003e Release 3.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/40f4e407bc7452da37c24b0c112dcda9a5b299ba\"\u003e\u003ccode\u003e40f4e40\u003c/code\u003e\u003c/a\u003e Pre-release 3.18rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/1a5bf80f2fa40454589e6144efe5f72015ef9d24\"\u003e\u003ccode\u003e1a5bf80\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/253\"\u003e#253\u003c/a\u003e from kjd/lenient-decode\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5bbb26fc86e28c4ee1434ae8ae8db76de4c2a5ac\"\u003e\u003ccode\u003e5bbb26f\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into lenient-decode\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/c532bae5270489cef8faf9f6b1eb70cbcb454c6d\"\u003e\u003ccode\u003ec532bae\u003c/code\u003e\u003c/a\u003e Rename decode() lenient= option to display= (issue \u003ca href=\"https://redirect.github.com/kjd/idna/issues/248\"\u003e#248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/0b1758ba11952a2e88fd6141ffa620409bff0580\"\u003e\u003ccode\u003e0b1758b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/252\"\u003e#252\u003c/a\u003e from kjd/release-3.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f48619c4cea6859b938d560fdd9feb898e678567\"\u003e\u003ccode\u003ef48619c\u003c/code\u003e\u003c/a\u003e Release 3.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/7421ba8003227f816142ab40178e3a7d204e6847\"\u003e\u003ccode\u003e7421ba8\u003c/code\u003e\u003c/a\u003e Pre-release 3.17rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/22ebb73b164081f209449b50162eb7ce086e96a4\"\u003e\u003ccode\u003e22ebb73\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/251\"\u003e#251\u003c/a\u003e from kjd/structure-optimizations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2a7ac0a58c788d50112a5003af545a83807fb108\"\u003e\u003ccode\u003e2a7ac0a\u003c/code\u003e\u003c/a\u003e Drop redundant parallel-arrays comment from uts46data\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.13...v3.18\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.33.1 to 2.34.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.34.2\u003c/h2\u003e\n\u003ch2\u003e2.34.2 (2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMoved \u003ccode\u003eheaders\u003c/code\u003e input type back to \u003ccode\u003eMapping\u003c/code\u003e to avoid invariance issues with \u003ccode\u003eMutableMapping\u003c/code\u003e and inferred dict types. Users calling \u003ccode\u003eRequest.headers.update()\u003c/code\u003e may need to narrow typing in their code. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.34.1\u003c/h2\u003e\n\u003ch2\u003e2.34.1 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWidened \u003ccode\u003ejson\u003c/code\u003e input type from \u003ccode\u003edict\u003c/code\u003e and \u003ccode\u003elist\u003c/code\u003e to \u003ccode\u003eMapping\u003c/code\u003e\nand \u003ccode\u003eSequence\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanged \u003ccode\u003eheaders\u003c/code\u003e input type to MutableMapping and removed \u003ccode\u003eNone\u003c/code\u003e from\n\u003ccode\u003eRequest.headers\u003c/code\u003e typing to improve handling for users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.reason\u003c/code\u003e moved from \u003ccode\u003estr | None\u003c/code\u003e to \u003ccode\u003estr\u003c/code\u003e to improve handling\nfor users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where some bodies with custom \u003ccode\u003e__getattr__\u003c/code\u003e implementations\nweren't being properly detected as Iterables. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7433\"\u003e#7433\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/k223kim\"\u003e\u003ccode\u003e@​k223kim\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7433\"\u003epsf/requests#7433\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.34.0\u003c/h2\u003e\n\u003ch2\u003e2.34.0 (2026-05-11)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRequests 2.34.0 introduces inline types, replacing those provided by\ntypeshed. Public API types should be fully compatible with mypy, pyright,\nand ty. \u003cstrong\u003eWe believe types are comprehensive but if you find issues, please\nreport them to the \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003epinned tracking issue\u003c/a\u003e.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eSpecial thanks to \u003ca href=\"https://github.com/bastimeyer\"\u003e\u003ccode\u003e@​bastimeyer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/cthoyt\"\u003e\u003ccode\u003e@​cthoyt\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/edgarrmondragon\"\u003e\u003ccode\u003e@​edgarrmondragon\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/srittau\"\u003e\u003ccode\u003e@​srittau\u003c/code\u003e\u003c/a\u003e for\nhelping review and test the types ahead of the release. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7272\"\u003e#7272\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDigest Auth hashing algorithms have added \u003ccode\u003eusedforsecurity=False\u003c/code\u003e to clarify\nsecurity considerations. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7310\"\u003e#7310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.15 based on beta1. Downstream projects\nshould be able to start testing prior to its release in October. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7422\"\u003e#7422\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.14t. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7419\"\u003e#7419\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eResponse.history\u003c/code\u003e no longer contains a reference to itself, preventing\naccidental looping when traversing the history list. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7328\"\u003e#7328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests no longer performs greedy matching on no_proxy domains. The\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.34.2 (2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMoved \u003ccode\u003eheaders\u003c/code\u003e input type back to \u003ccode\u003eMapping\u003c/code\u003e to avoid invariance issues\nwith \u003ccode\u003eMutableMapping\u003c/code\u003e and inferred dict types. Users calling\n\u003ccode\u003eRequest.headers.update()\u003c/code\u003e may need to narrow typing in their code. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.34.1 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWidened \u003ccode\u003ejson\u003c/code\u003e input type from \u003ccode\u003edict\u003c/code\u003e and \u003ccode\u003elist\u003c/code\u003e to \u003ccode\u003eMapping\u003c/code\u003e\nand \u003ccode\u003eSequence\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanged \u003ccode\u003eheaders\u003c/code\u003e input type to MutableMapping and removed \u003ccode\u003eNone\u003c/code\u003e from\n\u003ccode\u003eRequest.headers\u003c/code\u003e typing to improve handling for users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.reason\u003c/code\u003e moved from \u003ccode\u003estr | None\u003c/code\u003e to \u003ccode\u003estr\u003c/code\u003e to improve handling\nfor users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where some bodies with custom \u003ccode\u003e__getattr__\u003c/code\u003e implementations\nweren't being properly detected as Iterables. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7433\"\u003e#7433\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.34.0 (2026-05-11)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRequests 2.34.0 introduces inline types, replacing those provided by\ntypeshed. Public API types should be fully compatible with mypy, pyright,\nand ty. We believe types are comprehensive but if you find issues, please\nreport them to the pinned tracking issue.\u003c/p\u003e\n\u003cp\u003eSpecial thanks to \u003ca href=\"https://github.com/bastimeyer\"\u003e\u003ccode\u003e@​bastimeyer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/cthoyt\"\u003e\u003ccode\u003e@​cthoyt\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/edgarrmondragon\"\u003e\u003ccode\u003e@​edgarrmondragon\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/srittau\"\u003e\u003ccode\u003e@​srittau\u003c/code\u003e\u003c/a\u003e for\nhelping review and test the types ahead of the release. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7272\"\u003e#7272\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDigest Auth hashing algorithms have added \u003ccode\u003eusedforsecurity=False\u003c/code\u003e to clarify\nsecurity considerations. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7310\"\u003e#7310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.15 based on beta1. Downstream projects\nshould be able to start testing prior to its release in October. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7422\"\u003e#7422\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.14t. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7419\"\u003e#7419\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eResponse.history\u003c/code\u003e no longer contains a reference to itself, preventing\naccidental looping when traversing the history list. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7328\"\u003e#7328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests no longer performs greedy matching on no_proxy domains. The\nproxy_bypass implementation has been updated with CPython's fix from\nbpo-39057. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7427\"\u003e#7427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests no longer incorrectly strips duplicate leading slashes in\nURI paths. This should address user issues with specific presigned\nURLs. Note the full fix requires urllib3 2.7.0+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7315\"\u003e#7315\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/6e83187b8feb273ed4c6cdab5efd8d54901dfab3\"\u003e\u003ccode\u003e6e83187\u003c/code\u003e\u003c/a\u003e v2.34.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/84d10f0be83e8f6aeca8a05230c52216431c4d0b\"\u003e\u003ccode\u003e84d10f0\u003c/code\u003e\u003c/a\u003e Move Request.headers back to Mapping (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/b7b549b54571d03950b16afd2d01bc6ff0348224\"\u003e\u003ccode\u003eb7b549b\u003c/code\u003e\u003c/a\u003e v2.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e511bc72777a94c45d004e010c597925092e1efe\"\u003e\u003ccode\u003ee511bc7\u003c/code\u003e\u003c/a\u003e Fix mutability issues with headers input types (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/5691f596134c2feb121e595c77a0178921fcce61\"\u003e\u003ccode\u003e5691f59\u003c/code\u003e\u003c/a\u003e Update JsonType containers to read-based collections (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/2144213c307691710c9d665700860fc4993c3035\"\u003e\u003ccode\u003e2144213\u003c/code\u003e\u003c/a\u003e Constrain Response.reason to str (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/6404f345e562d962abe6700a1c357ec1e7e18232\"\u003e\u003ccode\u003e6404f34\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eprepare_body\u003c/code\u003e stream detection for \u003ccode\u003e__getattr__\u003c/code\u003e-based file wrappers (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7\"\u003e#7\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0b401c76b6e80a4eecf3c690085b2553f6e261ca\"\u003e\u003ccode\u003e0b401c7\u003c/code\u003e\u003c/a\u003e v2.34.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/86b378d3f60f828daa13ca50aa82e287ff7b66b4\"\u003e\u003ccode\u003e86b378d\u003c/code\u003e\u003c/a\u003e Align Session.get parameters with requests.get (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7429\"\u003e#7429\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/a4f9a5999bdb9bf2d6e7c8aa973b28cacb17134f\"\u003e\u003ccode\u003ea4f9a59\u003c/code\u003e\u003c/a\u003e Port bpo-39057 to Requests (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7427\"\u003e#7427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.33.1...v2.34.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.6.3 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.6.3...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `click` from 8.3.3 to 8.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/releases\"\u003eclick's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.4.1\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.4.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.4.1/\"\u003ehttps://pypi.org/project/click/8.4.1/\u003c/a\u003e\nChanges: \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-4-1\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-4-1\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/click/milestone/32?closed=1\"\u003ehttps://github.com/pallets/click/milestone/32?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eget_parameter_source()\u003c/code\u003e is available during eager callbacks and type conversion again. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3458\"\u003e#3458\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3484\"\u003e#3484\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eZsh completion scripts parse correctly on Windows. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3277\"\u003e#3277\u003c/a\u003e # 3466\u003c/li\u003e\n\u003cli\u003eShell completion of \u003ccode\u003eChoice\u003c/code\u003e \u003ccode\u003eEnum\u003c/code\u003e values produces a valid completion result. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3015\"\u003e#3015\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix empty byte-string handling in echo. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3487\"\u003e#3487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix closed file error with \u003ccode\u003eecho_via_pager\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3449\"\u003e#3449\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.0\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.4.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecation, or introduce potentially breaking changes.\u003c/p\u003e\n\u003cp\u003eWe encourage everyone to upgrade. You can read more about our \u003ca href=\"https://palletsprojects.com/versions\"\u003eVersion Support Policy\u003c/a\u003e on our website.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.4.0/\"\u003ehttps://pypi.org/project/click/8.4.0/\u003c/a\u003e\nChanges:  \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-4-0\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-4-0\u003c/a\u003e\nMilestone \u003ca href=\"https://github.com/pallets/click/milestone/30\"\u003ehttps://github.com/pallets/click/milestone/30\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eParamType\u003c/code\u003e typing improvements. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3371\"\u003e#3371\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e is now a generic abstract base class,\nparameterized by its converted value type.\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.convert\u003c/code\u003e return types are narrowed on all\nconcrete types (\u003ccode\u003estr\u003c/code\u003e for :class:\u003ccode\u003eSTRING\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e for\n:class:\u003ccode\u003eINT\u003c/code\u003e, etc.).\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.to_info_dict\u003c/code\u003e returns specific\n:class:\u003ccode\u003e~typing.TypedDict\u003c/code\u003e subclasses instead of\n\u003ccode\u003edict[str, Any]\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e:class:\u003ccode\u003eCompositeParamType\u003c/code\u003e and the number-range base are now\ngeneric with abstract methods.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor \u003ccode\u003econvert_type\u003c/code\u003e to extract type inference into a private\n\u003ccode\u003e_guess_type\u003c/code\u003e helper, and add :func:\u003ccode\u003etyping.overload\u003c/code\u003e signatures.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/3372\"\u003e#3372\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eParameter\u003c/code\u003e typing improvements. \u003ca href=\"https://redirect.github.com/pallets/click/issues/2805\"\u003e#2805\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e is now an abstract base class, making explicit\nthat it cannot be instantiated directly.\u003c/li\u003e\n\u003cli\u003e:attr:\u003ccode\u003eParameter.name\u003c/code\u003e is now \u003ccode\u003estr\u003c/code\u003e instead of \u003ccode\u003estr | None\u003c/code\u003e.\nWhen \u003ccode\u003eexpose_value=False\u003c/code\u003e, the name is set to \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e instead\nof \u003ccode\u003eNone\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ectx\u003c/code\u003e parameter of :meth:\u003ccode\u003eParameter.get_error_hint\u003c/code\u003e is now\ntyped as \u003ccode\u003eContext | None\u003c/code\u003e, matching the runtime behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSplit string values from \u003ccode\u003edefault_map\u003c/code\u003e for parameters with \u003ccode\u003enargs \u0026gt; 1\u003c/code\u003e\nor :class:\u003ccode\u003eTuple\u003c/code\u003e type, matching environment variable behavior.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/blob/main/CHANGES.rst\"\u003eclick's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 8.4.1\u003c/h2\u003e\n\u003cp\u003eReleased 2026-05-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eget_parameter_source()\u003c/code\u003e is available during eager callbacks and type\nconversion again. :issue:\u003ccode\u003e3458\u003c/code\u003e :issue:\u003ccode\u003e3484\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eZsh completion scripts parse correctly on Windows. :issue:\u003ccode\u003e3277\u003c/code\u003e :pr:\u003ccode\u003e3466\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eShell completion of \u003ccode\u003eChoice\u003c/code\u003e \u003ccode\u003eEnum\u003c/code\u003e values produces a valid completion\nresult. :issue:\u003ccode\u003e3015\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix empty byte-string handling in echo. :issue:\u003ccode\u003e3487\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix closed file error with \u003ccode\u003eecho_via_pager\u003c/code\u003e. :issue:\u003ccode\u003e3449\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 8.4.0\u003c/h2\u003e\n\u003cp\u003eReleased 2026-05-17\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e typing improvements. :pr:\u003ccode\u003e3371\u003c/code\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e is now a generic abstract base class,\nparameterized by its converted value type.\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.convert\u003c/code\u003e return types are narrowed on all\nconcrete types (\u003ccode\u003estr\u003c/code\u003e for :class:\u003ccode\u003eSTRING\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e for\n:class:\u003ccode\u003eINT\u003c/code\u003e, etc.).\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.to_info_dict\u003c/code\u003e returns specific\n:class:\u003ccode\u003e~typing.TypedDict\u003c/code\u003e subclasses instead of\n\u003ccode\u003edict[str, Any]\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e:class:\u003ccode\u003eCompositeParamType\u003c/code\u003e and the number-range base are now\ngeneric with abstract methods.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor \u003ccode\u003econvert_type\u003c/code\u003e to extract type inference into a private\n\u003ccode\u003e_guess_type\u003c/code\u003e helper, and add :func:\u003ccode\u003etyping.overload\u003c/code\u003e signatures.\n:pr:\u003ccode\u003e3372\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e typing improvements. :pr:\u003ccode\u003e2805\u003c/code\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e is now an abstract base class, making explicit\nthat it cannot be instantiated directly.\u003c/li\u003e\n\u003cli\u003e:attr:\u003ccode\u003eParameter.name\u003c/code\u003e is now \u003ccode\u003estr\u003c/code\u003e instead of \u003ccode\u003estr | None\u003c/code\u003e.\nWhen \u003ccode\u003eexpose_value=False\u003c/code\u003e, the name is set to \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e instead\nof \u003ccode\u003eNone\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ectx\u003c/code\u003e parameter of :meth:\u003ccode\u003eParameter.get_error_hint\u003c/code\u003e is now\ntyped as \u003ccode\u003eContext | None\u003c/code\u003e, matching the runtime behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSplit string values from \u003ccode\u003edefault_map\u003c/code\u003e for parameters with \u003ccode\u003enargs \u0026gt; 1\u003c/code\u003e\nor :class:\u003ccode\u003eTuple\u003c/code\u003e type, matching environment variable behavior.\n:issue:\u003ccode\u003e2745\u003c/code\u003e :pr:\u003ccode\u003e3364\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAuto-detect \u003ccode\u003etype=UNPROCESSED\u003c/code\u003e for \u003ccode\u003eflag_value\u003c/code\u003e of non-basic types\n(not \u003ccode\u003estr\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e, \u003ccode\u003efloat\u003c/code\u003e, or \u003ccode\u003ebool\u003c/code\u003e), so programmer-provided\nPython objects like classes and enum members are passed through unchanged\ninstead of being stringified. Previously \u003ccode\u003etype=click.UNPROCESSED\u003c/code\u003e had\nto be set explicitly. :issue:\u003ccode\u003e2012\u003c/code\u003e :pr:\u003ccode\u003e3363\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/6eeb50e948ea136db145280f6f5dd52eca3fa7e5\"\u003e\u003ccode\u003e6eeb50e\u003c/code\u003e\u003c/a\u003e release version 8.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/67921d5b71584112eebcbf89596b5f0e6d14c49f\"\u003e\u003ccode\u003e67921d5\u003c/code\u003e\u003c/a\u003e change log and doc fixes (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3495\"\u003e#3495\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/9c41f46a4015700489ad009266edf1f3893d01d1\"\u003e\u003ccode\u003e9c41f46\u003c/code\u003e\u003c/a\u003e Fix changelog and version admonitions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/6cb34774f20598aa288332f8da02c5aee85448a6\"\u003e\u003ccode\u003e6cb3477\u003c/code\u003e\u003c/a\u003e fix skip condition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/5ee8e3123d8ddece6c47eff9a7a7d4ca478c4f37\"\u003e\u003ccode\u003e5ee8e31\u003c/code\u003e\u003c/a\u003e fix I/O operation on closed file error with CliRunner and echo_via_pager (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3482\"\u003e#3482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/becbde5cf416441627f779e8dd34e57738ee1c1f\"\u003e\u003ccode\u003ebecbde5\u003c/code\u003e\u003c/a\u003e pager doesn't close std streams\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/a5f5aa6d4012d256ccca24638f2642fc371e9f77\"\u003e\u003ccode\u003ea5f5aa6\u003c/code\u003e\u003c/a\u003e Handle empty bytes in echo (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3493\"\u003e#3493\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/4d3db84b251518e97299a38a5ca4bab3d01873a2\"\u003e\u003ccode\u003e4d3db84\u003c/code\u003e\u003c/a\u003e handle empty bytes in echo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/d42f15b71757de791a5781fb179fd972da9169f5\"\u003e\u003ccode\u003ed42f15b\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eget_parameter_source()\u003c/code\u003e during type conversion and eager callbacks (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3484\"\u003e#3484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/0baa8db07736fc7ad3d3eed97d4c73b0059c63e1\"\u003e\u003ccode\u003e0baa8db\u003c/code\u003e\u003c/a\u003e Document ctx.params bypass with test and doc\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/click/compare/8.3.3...8.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `platformdirs` from 4.9.6 to 4.10.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/platformdirs/releases\"\u003eplatformdirs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.10.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: improve platformdirs maintenance path by \u003ca href=\"https://github.com/lphuc2250gma\"\u003e\u003ccode\u003e@​lphuc2250gma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/platformdirs/pull/488\"\u003etox-dev/platformdirs#488\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e✨ feat: add user_projects_dir for $XDG_PROJECTS_DIR by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/platformdirs/pull/490\"\u003etox-dev/platformdirs#490\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e✨ feat: add user_publicshare_dir, user_templates_dir, user_fonts_dir, user_preference_dir by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/platformdirs/pull/491\"\u003etox-dev/platformdirs#491\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lphuc2250gma\"\u003e\u003ccode\u003e@​lphuc2250gma\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/platformdirs/pull/488\"\u003etox-dev/platformdirs#488\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/platformdirs/compare/4.9.6...4.10.0\"\u003ehttps://github.com/tox-dev/platformdirs/compare/4.9.6...4.10.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/platformdirs/blob/main/docs/changelog.rst\"\u003eplatformdirs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e###########\nChangelog\n###########\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003e4.10.0 (2026-05-28)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e✨ feat: add user_publicshare_dir, user_templates_dir, user_fonts_dir, user_preference_dir :pr:\u003ccode\u003e491\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e✨ feat: add user_projects_dir for $XDG_PROJECTS_DIR :pr:\u003ccode\u003e490\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003echore: improve platformdirs maintenance path :pr:\u003ccode\u003e488\u003c/code\u003e - by :user:\u003ccode\u003elphuc2250gma\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e4.9.6 (2026-04-09)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(release): use double quotes for tag variable expansion :pr:\u003ccode\u003e477\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e4.9.5 (2026-04-06)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e📝 docs(appauthor): clarify None vs False on Windows :pr:\u003ccode\u003e476\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eSeparates implementations of macOS dirs that share a default :pr:\u003ccode\u003e473\u003c/code\u003e - by :user:\u003ccode\u003eGoddesen\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRemove persist-credentials: false from release job :pr:\u003ccode\u003e472\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003efix: do not duplicate site dirs in Unix.iter_{config,site}_dirs() when use_site_for_root is active :pr:\u003ccode\u003e469\u003c/code\u003e - by\n:user:\u003ccode\u003eviccie30\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🔧 fix(type): resolve ty 0.0.25 type errors :pr:\u003ccode\u003e468\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🔒 ci(workflows): add zizmor security auditing :pr:\u003ccode\u003e467\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(release): generate docstrfmt-compatible changelog entries :pr:\u003ccode\u003e463\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e4.9.4 (2026-03-05)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e461\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md\u003c/li\u003e\n\u003cli\u003e📝 docs: add project logo to documentation :pr:\u003ccode\u003e459\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eStandardize .github files to .yaml suffix\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump the all group with 2 updates :pr:\u003ccode\u003e457\u003c/code\u003e - by :user:\u003ccode\u003edependabot[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMove SECURITY.md to .github/SECURITY.md\u003c/li\u003e\n\u003cli\u003eAdd permissions to workflows :pr:\u003ccode\u003e455\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd security policy\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e454\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e4.9.2 (2026-02-16)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e📝 docs: restructure following Diataxis framework :pr:\u003ccode\u003e448\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/platformdirs/commit/04cb1361a064132102612ab05053351196a62b40\"\u003e\u003ccode\u003e04cb136\u003c/code\u003e\u003c/a\u003e Release 4.10.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/platformdirs/commit/078bc61171e1a0cfbb3f210ff0fd30795a359664\"\u003e\u003ccode\u003e078bc61\u003c/code\u003e\u003c/a\u003e ✨ feat: add user_publicshare_dir, user_templates_dir, user_fonts_dir, user_pr...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/platformdirs/commit/d27974762005fa35cebcd4dd7236f8081e88ad75\"\u003e\u003ccode\u003ed279747\u003c/code\u003e\u003c/a\u003e ✨ feat: add user_projects_dir for $XDG_PROJECTS_DIR (\u003ca href=\"https://redirect.github.com/tox-dev/platformdirs/issues/490\"\u003e#490\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/platformdirs/commit/4116391f16178ee5c4b293761491519f9f3c9834\"\u003e\u003ccode\u003e4116391\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/platformdirs/issues/489\"\u003e#489\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/platformdirs/commit/dbc63f58261f1b109f2d75c7d35a485331dbbe6f\"\u003e\u003ccode\u003edbc63f5\u003c/code\u003e\u003c/a\u003e chore: improve platformdirs maintenance path (\u003ca href=\"https://redirect.github.com/tox-dev/platformdirs/issues/488\"\u003e#488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/platformdirs/commit/9265108d732233ce7fbb63a94cd389708ce5e102\"\u003e\u003ccode\u003e9265108\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/platformdirs/issues/487\"\u003e#487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/platformdirs/commit/9f857ec172a1a09a9c608c28cfe2c460c3baac8e\"\u003e\u003ccode\u003e9f857ec\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/platformdirs/issues/486\"\u003e#486\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/platformdirs/commit/a76e77756278566e414eebbc03f789b3a21ea2fa\"\u003e\u003ccode\u003ea76e777\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/platformdirs/issues/484\"\u003e#484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/platformdirs/commit/903fd9f321285c38d4741d2e5ea1881938405d16\"\u003e\u003ccode\u003e903fd9f\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/platformdirs/issues/483\"\u003e#483\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/platformdirs/commit/a5da35d0d57cbcb5f30b18203aa7fbb44be69978\"\u003e\u003ccode\u003ea5da35d\u003c/code\u003e\u003c/a\u003e build(deps): bump astral-sh/setup-uv from 8.0.0 to 8.1.0 in the all group (\u003ca href=\"https://redirect.github.com/tox-dev/platformdirs/issues/482\"\u003e#482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tox-dev/platformdirs/compare/4.9.6...4.10.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pymdown-extensions` from 10.21.2 to 10.21.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/facelessuser/pymdown-extensions/releases\"\u003epymdown-extensions's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e10.21.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFIX\u003c/strong\u003e: Fix regression that allows a snippet to be loaded outside of the base path using directory traversal when\n\u003ccode\u003erestrict_base_path\u003c/code\u003e is enabled (the default). Found by \u003ca href=\"https://github.com/gistrec\"\u003e\u003ccode\u003e@​gistrec\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facelessuser/pymdown-extensions/commit/42628414c6591b1a1ce211157090783e3b2242d6\"\u003e\u003ccode\u003e4262841\u003c/code\u003e\u003c/a\u003e Fix spelling\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facelessuser/pymdown-extensions/commit/63b7835776d703d6c339cf2110d9888f676efc0c\"\u003e\u003ccode\u003e63b7835\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facelessuser/pymdown-extensions/commit/3d185501daaa1424c4a8d42124112c44ef6ab635\"\u003e\u003ccode\u003e3d18550\u003c/code\u003e\u003c/a\u003e Docs: update js deps\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/facelessuser/pymdown-extensions/compare/10.21.2...10.21.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `coverage` from 7.13.5 to 7.14.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst\"\u003ecoverage's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 7.14.1 — 2026-05-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the HTML report used typographic niceties to make file paths more\nreadable by adding a small amount of space around slashes. Those spaces\ninterfered with searching the page for file paths of interest. Now the report\nuses CSS to accomplish the same visual tweak so that searches with slashes\nwork correctly. Closes \u003ccode\u003eissue 2170\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eAdd a 3.16 PyPI classifier \u0026lt;hugo-316_\u0026gt;\u003c/code\u003e_ since we test on the 3.16 main\nbranch.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _issue 2170: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2170\"\u003ecoveragepy/coveragepy#2170\u003c/a\u003e\n.. _hugo-316: \u003ca href=\"https://mastodon.social/@hugovk/116588523571204490\"\u003ehttps://mastodon.social/@​hugovk/116588523571204490\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e.. _changes_7-14-0:\u003c/p\u003e\n\u003ch2\u003eVersion 7.14.0 — 2026-05-10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeature: now when running one of the reporting commands, if there are\nparallel data files that need combining, they will be implicitly combined\nbefore creating the report. There is no option to avoid the combination; let\nus know if you have a use case that requires it.  Thanks, \u003ccode\u003eTim Hatch \u0026lt;pull 2162_\u0026gt;\u003c/code\u003e\u003cem\u003e. Closes \u003ccode\u003eissue 1781\u003c/code\u003e\u003c/em\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the output from \u003ccode\u003ecombine\u003c/code\u003e was too verbose, listing each file\nconsidered. Now it shows a single line with the counts of files combined,\nfiles skipped, and files with errors. The \u003ccode\u003e-q\u003c/code\u003e flag suppresses this line.\nThe old detailed lines are available with the new \u003ccode\u003e--debug=combine\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: running a Python file through a symlink now sets the sys.path correctly,\nmatching regular Python behavior. Fixes \u003ccode\u003eissue 2157\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: \u003ccode\u003eCollector.flush_data\u003c/code\u003e could fail with \u0026quot;RuntimeError: Set changed\nsize during iteration\u0026quot; when a tracer in another thread added a line to the\nper-file set that \u003ccode\u003eadd_lines\u003c/code\u003e (or \u003ccode\u003eadd_arcs\u003c/code\u003e) was iterating. The values\npassed to \u003ccode\u003eCoverageData\u003c/code\u003e are now snapshotted via \u003ccode\u003edict.copy()\u003c/code\u003e and\n\u003ccode\u003eset.copy()\u003c/code\u003e, which are atomic under the GIL. Thanks, \u003ccode\u003eAlex Vandiver \u0026lt;pull 2165_\u0026gt;\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the soft keyword \u003ccode\u003elazy\u003c/code\u003e is now bolded in HTML reports.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWe are no longer testing eventlet support. Eventlet started issuing stern\ndeprecation warnings that break our tests. Our support code is still there.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _issue 1781: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/1781\"\u003ecoveragepy/coveragepy#1781\u003c/a\u003e\n.. _issue 2157: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2157\"\u003ecoveragepy/coveragepy#2157\u003c/a\u003e\n.. _pull 2162: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/pull/2162\"\u003ecoveragepy/coveragepy#2162\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/64d9b66fd852c1920ffe6cb8b58d7e4fdae90226\"\u003e\u003ccode\u003e64d9b66\u003c/code\u003e\u003c/a\u003e docs: correct the date for 7.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/6fa7dd44c25e1a660252faaf030dd8f2f1e20861\"\u003e\u003ccode\u003e6fa7dd4\u003c/code\u003e\u003c/a\u003e chore: bump actions/dependency-review-action (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2181\"\u003e#2181\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/078afae263597b004eb9a85d880b6a65008e75ed\"\u003e\u003ccode\u003e078afae\u003c/code\u003e\u003c/a\u003e docs: sample HTML for 7.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/cb4f028a36e008b664739d04f387b90ee5105044\"\u003e\u003ccode\u003ecb4f028\u003c/code\u003e\u003c/a\u003e docs: prep for 7.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/ae2d09f562271c6169534e1c242d015dd0823dda\"\u003e\u003ccode\u003eae2d09f\u003c/code\u003e\u003c/a\u003e Merge branch 'nedbat/classifire-316-kits'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/2c3568b2e041f2c0dbbc8eaa3919d46ee891b743\"\u003e\u003ccode\u003e2c3568b\u003c/code\u003e\u003c/a\u003e build: declare 3.16 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/faa68f8601cf098701b68976dbb73b9fc23c9297\"\u003e\u003ccode\u003efaa68f8\u003c/code\u003e\u003c/a\u003e chore: bump github/codeql-action in the action-dependencies group (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2173\"\u003e#2173\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/eb55feedf54b363e3d0b678f20abf3bfd3551a88\"\u003e\u003ccode\u003eeb55fee\u003c/code\u003e\u003c/a\u003e test: we don't need PyPy \u0026lt; 7.3.22 anymore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/ac168fe53c04cdb2ff5231c0c4e5045021ee339b\"\u003e\u003ccode\u003eac168fe\u003c/code\u003e\u003c/a\u003e test: the text summary should show missing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/fed4bd2db3c1cb2916a07791041da693fbf8e996\"\u003e\u003ccode\u003efed4bd2\u003c/code\u003e\u003c/a\u003e chore: upgrade virtualenv\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/coveragepy/coveragepy/compare/7.13.5...7.14.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `distlib` from 0.4.0 to 0.4.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/distlib/blob/master/CHANGES.rst\"\u003edistlib's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e0.4.1\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\nReleased: 2026-06-02\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003escripts\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix path traversal bug in handling entry points which allowed escaping the scripts directory.\nThanks to tonghuaroot for the comprehensive report.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003etests\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://redirect.github.com/pypa/distlib/issues/251\"\u003e#251\u003c/a\u003e: Change test function following a reorganization which happened in the Python stdlib.\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/distlib/commit/d562ad5aabe23dc03b22fccdf84dc01fddf0d336\"\u003e\u003ccode\u003ed562ad5\u003c/code\u003e\u003c/a\u003e Changes for 0.4.1.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/distlib/commit/6286442857de9f734686d08f0e59ca8048ee357a\"\u003e\u003ccode\u003e6286442\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/pypa/distlib/issues/251\"\u003e#251\u003c/a\u003e: Use more appropriate function in test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/distlib/commit/e3b1cd6ec121058ae71a2aab08aa2a120360c872\"\u003e\u003ccode\u003ee3b1cd6\u003c/code\u003e\u003c/a\u003e Bump version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/distlib/commit/da3e90aef9c2ea545ac653039dd970174b48ebd4\"\u003e\u003ccode\u003eda3e90a\u003c/code\u003e\u003c/a\u003e Added tag 0.4.0 for changeset d31f0b340fde\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pypa/distlib/compare/0.4.0...0.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `django-stubs` from 6.0.3 to 6.0.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typeddjango/django-stubs/commit/8f534d0a4d2884d2e0b45749714deae60aa92b2e\"\u003e\u003ccode\u003e8f534d0\u003c/code\u003e\u003c/a\u003e Version 6.0.5 release (\u003ca href=\"https://redirect.github.com/typeddjango/django-stubs/issues/3402\"\u003e#3402\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typeddjango/django-stubs/commit/16679ef11d151dc6dafc15b4c83c0b85685888d7\"\u003e\u003ccode\u003e16679ef\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eAdminSite.register\u003c/code\u003e typing (\u003ca href=\"https://redirect.github.com/typeddjango/django-stubs/issues/3387\"\u003e#3387\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typeddjango/django-stubs/commit/030484fb9682f1e8a0b70dcc2b6914f706a9c393\"\u003e\u003ccode\u003e030484f\u003c/code\u003e\u003c/a\u003e Update dependency ty to v0.0.38 (\u003ca href=\"https://redirect.github.com/typeddjango/django-stubs/issues/3400\"\u003e#3400\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://git...\n\n_Description has been truncated_","html_url":"https://github.com/direct-framework/direct-webapp/pull/727","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/direct-framework%2Fdirect-webapp/issues/727","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/727/packages"},{"uuid":"4544615051","node_id":"PR_kwDOQqG8is7gcnC3","number":430,"state":"open","title":"chore(deps): bump the python-dependencies group across 1 directory with 21 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-28T23:57:23.000Z","updated_at":"2026-05-28T23:57:29.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"python-dependencies","update_count":21,"packages":[{"name":"numpy","old_version":"2.4.4","new_version":"2.4.6","repository_url":"https://github.com/numpy/numpy"},{"name":"pandas","old_version":"3.0.2","new_version":"3.0.3","repository_url":"https://github.com/pandas-dev/pandas"},{"name":"astropy-iers-data","old_version":"0.2026.5.4.1.4.54","new_version":"0.2026.5.25.1.14.13","repository_url":"https://github.com/astropy/astropy-iers-data"},{"name":"certifi","old_version":"2026.4.22","new_version":"2026.5.20","repository_url":"https://github.com/certifi/python-certifi"},{"name":"click","old_version":"8.3.3","new_version":"8.4.1","repository_url":"https://github.com/pallets/click"},{"name":"coverage","old_version":"7.13.5","new_version":"7.14.1","repository_url":"https://github.com/coveragepy/coveragepy"},{"name":"decorator","old_version":"5.2.1","new_version":"5.3.1","repository_url":"https://github.com/micheles/decorator"},{"name":"fonttools","old_version":"4.62.1","new_version":"4.63.0","repository_url":"https://github.com/fonttools/fonttools"},{"name":"idna","old_version":"3.13","new_version":"3.17","repository_url":"https://github.com/kjd/idna"},{"name":"librt","old_version":"0.10.0","new_version":"0.11.0","repository_url":"https://github.com/mypyc/librt"},{"name":"matplotlib-inline","old_version":"0.2.1","new_version":"0.2.2","repository_url":"https://github.com/ipython/matplotlib-inline"},{"name":"mypy","old_version":"2.0.0","new_version":"2.1.0","repository_url":"https://github.com/python/mypy"},{"name":"platformdirs","old_version":"4.9.6","new_version":"4.10.0","repository_url":"https://github.com/tox-dev/platformdirs"},{"name":"pyjwt","old_version":"2.12.1","new_version":"2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"},{"name":"regex","old_version":"2026.4.4","new_version":"2026.5.9","repository_url":"https://github.com/mrabarnett/mrab-regex"},{"name":"requests","old_version":"2.33.1","new_version":"2.34.2","repository_url":"https://github.com/psf/requests"},{"name":"rpds-py","old_version":"0.30.0","new_version":"2026.5.1","repository_url":"https://github.com/crate-py/rpds"},{"name":"ruff","old_version":"0.15.12","new_version":"0.15.15","repository_url":"https://github.com/astral-sh/ruff"},{"name":"tornado","old_version":"6.5.5","new_version":"6.5.6","repository_url":"https://github.com/tornadoweb/tornado"},{"name":"types-pyyaml","old_version":"6.0.12.20260408","new_version":"6.0.12.20260518","repository_url":"https://github.com/python/typeshed"},{"name":"types-requests","old_version":"2.33.0.20260503","new_version":"2.33.0.20260518","repository_url":"https://github.com/python/typeshed"}],"path":null,"ecosystem":"pip"},"body":"Bumps the python-dependencies group with 21 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [numpy](https://github.com/numpy/numpy) | `2.4.4` | `2.4.6` |\n| [pandas](https://github.com/pandas-dev/pandas) | `3.0.2` | `3.0.3` |\n| [astropy-iers-data](https://github.com/astropy/astropy-iers-data) | `0.2026.5.4.1.4.54` | `0.2026.5.25.1.14.13` |\n| [certifi](https://github.com/certifi/python-certifi) | `2026.4.22` | `2026.5.20` |\n| [click](https://github.com/pallets/click) | `8.3.3` | `8.4.1` |\n| [coverage](https://github.com/coveragepy/coveragepy) | `7.13.5` | `7.14.1` |\n| [decorator](https://github.com/micheles/decorator) | `5.2.1` | `5.3.1` |\n| [fonttools](https://github.com/fonttools/fonttools) | `4.62.1` | `4.63.0` |\n| [idna](https://github.com/kjd/idna) | `3.13` | `3.17` |\n| [librt](https://github.com/mypyc/librt) | `0.10.0` | `0.11.0` |\n| [matplotlib-inline](https://github.com/ipython/matplotlib-inline) | `0.2.1` | `0.2.2` |\n| [mypy](https://github.com/python/mypy) | `2.0.0` | `2.1.0` |\n| [platformdirs](https://github.com/tox-dev/platformdirs) | `4.9.6` | `4.10.0` |\n| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.12.1` | `2.13.0` |\n| [regex](https://github.com/mrabarnett/mrab-regex) | `2026.4.4` | `2026.5.9` |\n| [requests](https://github.com/psf/requests) | `2.33.1` | `2.34.2` |\n| [rpds-py](https://github.com/crate-py/rpds) | `0.30.0` | `2026.5.1` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.15.12` | `0.15.15` |\n| [tornado](https://github.com/tornadoweb/tornado) | `6.5.5` | `6.5.6` |\n| [types-pyyaml](https://github.com/python/typeshed) | `6.0.12.20260408` | `6.0.12.20260518` |\n| [types-requests](https://github.com/python/typeshed) | `2.33.0.20260503` | `2.33.0.20260518` |\n\n\nUpdates `numpy` from 2.4.4 to 2.4.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/numpy/numpy/releases\"\u003enumpy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.4.6 (May 18, 2026)\u003c/h2\u003e\n\u003ch1\u003eNumPy 2.4.6 Release Notes\u003c/h1\u003e\n\u003cp\u003eNumPy 2.4.6 is a quick release that fixes a regression discovered in the 2.4.5\nrelease.\u003c/p\u003e\n\u003cp\u003eThis release supports Python versions 3.11-3.14\u003c/p\u003e\n\u003ch2\u003eContributors\u003c/h2\u003e\n\u003cp\u003eA total of 4 people contributed to this release. People with a \u0026quot;+\u0026quot; by their\nnames contributed a patch for the first time.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e!EarlMilktea\u003c/li\u003e\n\u003cli\u003eCharles Harris\u003c/li\u003e\n\u003cli\u003eSebastian Berg\u003c/li\u003e\n\u003cli\u003eWarren Weckesser\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ePull requests merged\u003c/h2\u003e\n\u003cp\u003eA total of 4 pull requests were merged for this release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31444\"\u003e#31444\u003c/a\u003e: MAINT: Prepare 2.4.x for further development\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31453\"\u003e#31453\u003c/a\u003e: BUG: Fix regression in \u003ccode\u003earr.conj()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31459\"\u003e#31459\u003c/a\u003e: BUG: \u003ccode\u003enp.linalg.svd(..., hermitian=True)\u003c/code\u003e returns non-unitary...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31460\"\u003e#31460\u003c/a\u003e: BUG: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator...\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.4.5 (May 15, 2026)\u003c/h2\u003e\n\u003ch1\u003eNumPy 2.4.5 Release Notes\u003c/h1\u003e\n\u003cp\u003eNumPy 2.4.5 is a patch release that fixes bugs discovered after the 2.4.4\nrelease, has some typing improvements, and maintains infrastructure.\u003c/p\u003e\n\u003cp\u003eThis release supports Python versions 3.11-3.14\u003c/p\u003e\n\u003ch2\u003eContributors\u003c/h2\u003e\n\u003cp\u003eA total of 17 people contributed to this release. People with a \u0026quot;+\u0026quot; by their\nnames contributed a patch for the first time.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAleksei Nikiforov\u003c/li\u003e\n\u003cli\u003eAnarion Zuo +\u003c/li\u003e\n\u003cli\u003eAnkit Ahlawat\u003c/li\u003e\n\u003cli\u003eBreno Favaretto +\u003c/li\u003e\n\u003cli\u003eCharles Harris\u003c/li\u003e\n\u003cli\u003eIgor Krivenko +\u003c/li\u003e\n\u003cli\u003eIjtihed Kilani +\u003c/li\u003e\n\u003cli\u003eJoren Hammudoglu\u003c/li\u003e\n\u003cli\u003eMaarten Baert +\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/b832a09cf2a169c833dd2371e7c07aa00b293242\"\u003e\u003ccode\u003eb832a09\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31462\"\u003e#31462\u003c/a\u003e from charris/prepare-2.4.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/57cc147d2ceacffc6534642bfbdebb3a80428e1e\"\u003e\u003ccode\u003e57cc147\u003c/code\u003e\u003c/a\u003e REL: Prepare for the NumPy 2.4.6 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/0c72b0b53b6b83c004e434b2c7855e73c000d21e\"\u003e\u003ccode\u003e0c72b0b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31459\"\u003e#31459\u003c/a\u003e from charris/backport-31347\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/9778d26e0475d381ccb7817c3b4dd8cacef2b9eb\"\u003e\u003ccode\u003e9778d26\u003c/code\u003e\u003c/a\u003e BUG: core: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator. (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/e0e38767d5d0f848ab44befeedcad71e8ef589c7\"\u003e\u003ccode\u003ee0e3876\u003c/code\u003e\u003c/a\u003e BUG: core: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator. (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/d1bffeb9ec4ec0bf029c94ea35abffa92d5c30f2\"\u003e\u003ccode\u003ed1bffeb\u003c/code\u003e\u003c/a\u003e BUG: \u003ccode\u003enp.linalg.svd(..., hermitian=True)\u003c/code\u003e returns non-unitary \u003ccode\u003evh\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31347\"\u003e#31347\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/8d8d7e5a14a1da0bfb0faf609a7a7610c431e6e9\"\u003e\u003ccode\u003e8d8d7e5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31453\"\u003e#31453\u003c/a\u003e from seberg/issue-31452\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/bddaab7ace45f90148d8f2bb6e67daab2d45ec76\"\u003e\u003ccode\u003ebddaab7\u003c/code\u003e\u003c/a\u003e BUG: Fix regression in \u003ccode\u003earr.conj()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/37a1ecca8dff09b2c579a991194ac55b9971f3a7\"\u003e\u003ccode\u003e37a1ecc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31444\"\u003e#31444\u003c/a\u003e from charris/begin-2.4.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/3c0e043217a759a8a948ade158fec14348c3b459\"\u003e\u003ccode\u003e3c0e043\u003c/code\u003e\u003c/a\u003e MAINT: Prepare 2.4.x for further development\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/numpy/numpy/compare/v2.4.4...v2.4.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pandas` from 3.0.2 to 3.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pandas-dev/pandas/releases\"\u003epandas's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003epandas 3.0.3\u003c/h2\u003e\n\u003cp\u003eWe are pleased to announce the release of pandas 3.0.3.\nThis is a patch release in the 3.0.x series and includes some regression fixes and bug fixes. We recommend that all users of the 3.0.x series upgrade to this version.\u003c/p\u003e\n\u003cp\u003eSee the \u003ca href=\"https://pandas.pydata.org/docs/whatsnew/v3.0.3.html\"\u003efull whatsnew\u003c/a\u003e for a list of all the changes.\u003c/p\u003e\n\u003cp\u003ePandas 3.0 supports Python 3.11 and higher.\nThe release can be installed from PyPI:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epython -m pip install --upgrade pandas==3.0.*\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eOr from conda-forge\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge pandas=3.0\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003ePlease report any issues with the release on the \u003ca href=\"https://github.com/pandas-dev/pandas/issues\"\u003epandas issue tracker\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThanks to all the contributors who made this release possible.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/72f2fea91530b5abb3cf2100cb22d84e504695c0\"\u003e\u003ccode\u003e72f2fea\u003c/code\u003e\u003c/a\u003e RLS: 3.0.3 (\u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/65590\"\u003e#65590\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/2897590094c2b6e3962d01a82665936f30be563d\"\u003e\u003ccode\u003e2897590\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/65436\"\u003e#65436\u003c/a\u003e on branch 3.0.x (Account for privatization of matplotlib `...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/49894b5b6037c50f6444504070d9b1e8e514001a\"\u003e\u003ccode\u003e49894b5\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/65499\"\u003e#65499\u003c/a\u003e on branch 3.0.x (BUG: fix check if pyarrow is installed in...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/1c6d1e30cc4b80bedb769a8b3731b0788f69c9dc\"\u003e\u003ccode\u003e1c6d1e3\u003c/code\u003e\u003c/a\u003e [backport 3.0.x] PERF: remove special casing for zoneinfo in tz_localize_to_u...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/2a547116afc46d88d4e6584670fd793949222a1e\"\u003e\u003ccode\u003e2a54711\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/64379\"\u003e#64379\u003c/a\u003e on branch 3.0.x (PERF: improve performance with ZoneInfo t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/036bb7c0e7160b9d5a7f6bd26a9fc00921fa6977\"\u003e\u003ccode\u003e036bb7c\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/65482\"\u003e#65482\u003c/a\u003e on branch 3.0.x (PERF: don't call unique on dtypes for che...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/bf4c182b09251f5b469e8e246ae3ea3e1ae07164\"\u003e\u003ccode\u003ebf4c182\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/65410\"\u003e#65410\u003c/a\u003e on branch 3.0.x (TST: also convert str index to object in ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/dd02d75ce219135f9f3f65c13644d4be35585d42\"\u003e\u003ccode\u003edd02d75\u003c/code\u003e\u003c/a\u003e [backport 3.0.x] BUG: keep fsspec OpenFile alive for chained URL reads (\u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/6547\"\u003e#6547\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/aef3d0f6698667262c6d6ffc69180b280b0fa86a\"\u003e\u003ccode\u003eaef3d0f\u003c/code\u003e\u003c/a\u003e [backport 3.0.x] CI: lowercase types-pymysql/types-pyyaml to fix mamba 2.6.0 ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/bb8e24876273a14322047f4b89e648f6a4abebae\"\u003e\u003ccode\u003ebb8e248\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/65399\"\u003e#65399\u003c/a\u003e on branch 3.0.x (DOC: fix source link for classes in the r...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pandas-dev/pandas/compare/v3.0.2...v3.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `astropy-iers-data` from 0.2026.5.4.1.4.54 to 0.2026.5.25.1.14.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astropy/astropy-iers-data/releases\"\u003eastropy-iers-data's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.2026.5.25.1.14.13\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/astropy/astropy-iers-data/compare/v0.2026.5.18.1.11.28...v0.2026.5.25.1.14.13\"\u003ehttps://github.com/astropy/astropy-iers-data/compare/v0.2026.5.18.1.11.28...v0.2026.5.25.1.14.13\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.2026.5.18.1.11.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/astropy/astropy-iers-data/compare/v0.2026.5.11.1.8.52...v0.2026.5.18.1.11.28\"\u003ehttps://github.com/astropy/astropy-iers-data/compare/v0.2026.5.11.1.8.52...v0.2026.5.18.1.11.28\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.2026.5.11.1.8.52\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/astropy/astropy-iers-data/compare/v0.2026.5.4.1.4.54...v0.2026.5.11.1.8.52\"\u003ehttps://github.com/astropy/astropy-iers-data/compare/v0.2026.5.4.1.4.54...v0.2026.5.11.1.8.52\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astropy/astropy-iers-data/commit/4a9ec12088a97c1da12a41836c1460b21c86f438\"\u003e\u003ccode\u003e4a9ec12\u003c/code\u003e\u003c/a\u003e Update IERS Earth rotation and leap second tables\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astropy/astropy-iers-data/commit/6fa1a100b2560cef129bbde0c274bacbbac60ce5\"\u003e\u003ccode\u003e6fa1a10\u003c/code\u003e\u003c/a\u003e Update IERS Earth rotation and leap second tables\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astropy/astropy-iers-data/commit/f21a227f08b656a5dd03d7244f14c1c57a0737c1\"\u003e\u003ccode\u003ef21a227\u003c/code\u003e\u003c/a\u003e Update IERS Earth rotation and leap second tables\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/astropy/astropy-iers-data/compare/v0.2026.5.4.1.4.54...v0.2026.5.25.1.14.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `certifi` from 2026.4.22 to 2026.5.20\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/d7ea151afc2ce6bef0555b9349902bd867e928dd\"\u003e\u003ccode\u003ed7ea151\u003c/code\u003e\u003c/a\u003e 2026.05.20 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/413\"\u003e#413\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/certifi/python-certifi/compare/2026.04.22...2026.05.20\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `click` from 8.3.3 to 8.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/releases\"\u003eclick's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.4.1\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.4.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.4.1/\"\u003ehttps://pypi.org/project/click/8.4.1/\u003c/a\u003e\nChanges: \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-4-1\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-4-1\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/click/milestone/32?closed=1\"\u003ehttps://github.com/pallets/click/milestone/32?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eget_parameter_source()\u003c/code\u003e is available during eager callbacks and type conversion again. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3458\"\u003e#3458\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3484\"\u003e#3484\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eZsh completion scripts parse correctly on Windows. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3277\"\u003e#3277\u003c/a\u003e # 3466\u003c/li\u003e\n\u003cli\u003eShell completion of \u003ccode\u003eChoice\u003c/code\u003e \u003ccode\u003eEnum\u003c/code\u003e values produces a valid completion result. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3015\"\u003e#3015\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix empty byte-string handling in echo. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3487\"\u003e#3487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix closed file error with \u003ccode\u003eecho_via_pager\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3449\"\u003e#3449\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.0\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.4.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecation, or introduce potentially breaking changes.\u003c/p\u003e\n\u003cp\u003eWe encourage everyone to upgrade. You can read more about our \u003ca href=\"https://palletsprojects.com/versions\"\u003eVersion Support Policy\u003c/a\u003e on our website.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.4.0/\"\u003ehttps://pypi.org/project/click/8.4.0/\u003c/a\u003e\nChanges:  \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-4-0\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-4-0\u003c/a\u003e\nMilestone \u003ca href=\"https://github.com/pallets/click/milestone/30\"\u003ehttps://github.com/pallets/click/milestone/30\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eParamType\u003c/code\u003e typing improvements. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3371\"\u003e#3371\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e is now a generic abstract base class,\nparameterized by its converted value type.\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.convert\u003c/code\u003e return types are narrowed on all\nconcrete types (\u003ccode\u003estr\u003c/code\u003e for :class:\u003ccode\u003eSTRING\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e for\n:class:\u003ccode\u003eINT\u003c/code\u003e, etc.).\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.to_info_dict\u003c/code\u003e returns specific\n:class:\u003ccode\u003e~typing.TypedDict\u003c/code\u003e subclasses instead of\n\u003ccode\u003edict[str, Any]\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e:class:\u003ccode\u003eCompositeParamType\u003c/code\u003e and the number-range base are now\ngeneric with abstract methods.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor \u003ccode\u003econvert_type\u003c/code\u003e to extract type inference into a private\n\u003ccode\u003e_guess_type\u003c/code\u003e helper, and add :func:\u003ccode\u003etyping.overload\u003c/code\u003e signatures.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/3372\"\u003e#3372\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eParameter\u003c/code\u003e typing improvements. \u003ca href=\"https://redirect.github.com/pallets/click/issues/2805\"\u003e#2805\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e is now an abstract base class, making explicit\nthat it cannot be instantiated directly.\u003c/li\u003e\n\u003cli\u003e:attr:\u003ccode\u003eParameter.name\u003c/code\u003e is now \u003ccode\u003estr\u003c/code\u003e instead of \u003ccode\u003estr | None\u003c/code\u003e.\nWhen \u003ccode\u003eexpose_value=False\u003c/code\u003e, the name is set to \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e instead\nof \u003ccode\u003eNone\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ectx\u003c/code\u003e parameter of :meth:\u003ccode\u003eParameter.get_error_hint\u003c/code\u003e is now\ntyped as \u003ccode\u003eContext | None\u003c/code\u003e, matching the runtime behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSplit string values from \u003ccode\u003edefault_map\u003c/code\u003e for parameters with \u003ccode\u003enargs \u0026gt; 1\u003c/code\u003e\nor :class:\u003ccode\u003eTuple\u003c/code\u003e type, matching environment variable behavior.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/blob/main/CHANGES.rst\"\u003eclick's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 8.4.1\u003c/h2\u003e\n\u003cp\u003eReleased 2026-05-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eget_parameter_source()\u003c/code\u003e is available during eager callbacks and type\nconversion again. :issue:\u003ccode\u003e3458\u003c/code\u003e :issue:\u003ccode\u003e3484\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eZsh completion scripts parse correctly on Windows. :issue:\u003ccode\u003e3277\u003c/code\u003e :pr:\u003ccode\u003e3466\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eShell completion of \u003ccode\u003eChoice\u003c/code\u003e \u003ccode\u003eEnum\u003c/code\u003e values produces a valid completion\nresult. :issue:\u003ccode\u003e3015\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix empty byte-string handling in echo. :issue:\u003ccode\u003e3487\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix closed file error with \u003ccode\u003eecho_via_pager\u003c/code\u003e. :issue:\u003ccode\u003e3449\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 8.4.0\u003c/h2\u003e\n\u003cp\u003eReleased 2026-05-17\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e typing improvements. :pr:\u003ccode\u003e3371\u003c/code\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e is now a generic abstract base class,\nparameterized by its converted value type.\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.convert\u003c/code\u003e return types are narrowed on all\nconcrete types (\u003ccode\u003estr\u003c/code\u003e for :class:\u003ccode\u003eSTRING\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e for\n:class:\u003ccode\u003eINT\u003c/code\u003e, etc.).\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.to_info_dict\u003c/code\u003e returns specific\n:class:\u003ccode\u003e~typing.TypedDict\u003c/code\u003e subclasses instead of\n\u003ccode\u003edict[str, Any]\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e:class:\u003ccode\u003eCompositeParamType\u003c/code\u003e and the number-range base are now\ngeneric with abstract methods.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor \u003ccode\u003econvert_type\u003c/code\u003e to extract type inference into a private\n\u003ccode\u003e_guess_type\u003c/code\u003e helper, and add :func:\u003ccode\u003etyping.overload\u003c/code\u003e signatures.\n:pr:\u003ccode\u003e3372\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e typing improvements. :pr:\u003ccode\u003e2805\u003c/code\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e is now an abstract base class, making explicit\nthat it cannot be instantiated directly.\u003c/li\u003e\n\u003cli\u003e:attr:\u003ccode\u003eParameter.name\u003c/code\u003e is now \u003ccode\u003estr\u003c/code\u003e instead of \u003ccode\u003estr | None\u003c/code\u003e.\nWhen \u003ccode\u003eexpose_value=False\u003c/code\u003e, the name is set to \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e instead\nof \u003ccode\u003eNone\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ectx\u003c/code\u003e parameter of :meth:\u003ccode\u003eParameter.get_error_hint\u003c/code\u003e is now\ntyped as \u003ccode\u003eContext | None\u003c/code\u003e, matching the runtime behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSplit string values from \u003ccode\u003edefault_map\u003c/code\u003e for parameters with \u003ccode\u003enargs \u0026gt; 1\u003c/code\u003e\nor :class:\u003ccode\u003eTuple\u003c/code\u003e type, matching environment variable behavior.\n:issue:\u003ccode\u003e2745\u003c/code\u003e :pr:\u003ccode\u003e3364\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAuto-detect \u003ccode\u003etype=UNPROCESSED\u003c/code\u003e for \u003ccode\u003eflag_value\u003c/code\u003e of non-basic types\n(not \u003ccode\u003estr\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e, \u003ccode\u003efloat\u003c/code\u003e, or \u003ccode\u003ebool\u003c/code\u003e), so programmer-provided\nPython objects like classes and enum members are passed through unchanged\ninstead of being stringified. Previously \u003ccode\u003etype=click.UNPROCESSED\u003c/code\u003e had\nto be set explicitly. :issue:\u003ccode\u003e2012\u003c/code\u003e :pr:\u003ccode\u003e3363\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/6eeb50e948ea136db145280f6f5dd52eca3fa7e5\"\u003e\u003ccode\u003e6eeb50e\u003c/code\u003e\u003c/a\u003e release version 8.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/67921d5b71584112eebcbf89596b5f0e6d14c49f\"\u003e\u003ccode\u003e67921d5\u003c/code\u003e\u003c/a\u003e change log and doc fixes (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3495\"\u003e#3495\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/9c41f46a4015700489ad009266edf1f3893d01d1\"\u003e\u003ccode\u003e9c41f46\u003c/code\u003e\u003c/a\u003e Fix changelog and version admonitions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/6cb34774f20598aa288332f8da02c5aee85448a6\"\u003e\u003ccode\u003e6cb3477\u003c/code\u003e\u003c/a\u003e fix skip condition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/5ee8e3123d8ddece6c47eff9a7a7d4ca478c4f37\"\u003e\u003ccode\u003e5ee8e31\u003c/code\u003e\u003c/a\u003e fix I/O operation on closed file error with CliRunner and echo_via_pager (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3482\"\u003e#3482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/becbde5cf416441627f779e8dd34e57738ee1c1f\"\u003e\u003ccode\u003ebecbde5\u003c/code\u003e\u003c/a\u003e pager doesn't close std streams\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/a5f5aa6d4012d256ccca24638f2642fc371e9f77\"\u003e\u003ccode\u003ea5f5aa6\u003c/code\u003e\u003c/a\u003e Handle empty bytes in echo (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3493\"\u003e#3493\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/4d3db84b251518e97299a38a5ca4bab3d01873a2\"\u003e\u003ccode\u003e4d3db84\u003c/code\u003e\u003c/a\u003e handle empty bytes in echo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/d42f15b71757de791a5781fb179fd972da9169f5\"\u003e\u003ccode\u003ed42f15b\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eget_parameter_source()\u003c/code\u003e during type conversion and eager callbacks (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3484\"\u003e#3484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/0baa8db07736fc7ad3d3eed97d4c73b0059c63e1\"\u003e\u003ccode\u003e0baa8db\u003c/code\u003e\u003c/a\u003e Document ctx.params bypass with test and doc\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/click/compare/8.3.3...8.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `coverage` from 7.13.5 to 7.14.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst\"\u003ecoverage's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 7.14.1 — 2026-05-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the HTML report used typographic niceties to make file paths more\nreadable by adding a small amount of space around slashes. Those spaces\ninterfered with searching the page for file paths of interest. Now the report\nuses CSS to accomplish the same visual tweak so that searches with slashes\nwork correctly. Closes \u003ccode\u003eissue 2170\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eAdd a 3.16 PyPI classifier \u0026lt;hugo-316_\u0026gt;\u003c/code\u003e_ since we test on the 3.16 main\nbranch.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _issue 2170: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2170\"\u003ecoveragepy/coveragepy#2170\u003c/a\u003e\n.. _hugo-316: \u003ca href=\"https://mastodon.social/@hugovk/116588523571204490\"\u003ehttps://mastodon.social/@​hugovk/116588523571204490\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e.. _changes_7-14-0:\u003c/p\u003e\n\u003ch2\u003eVersion 7.14.0 — 2026-05-10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeature: now when running one of the reporting commands, if there are\nparallel data files that need combining, they will be implicitly combined\nbefore creating the report. There is no option to avoid the combination; let\nus know if you have a use case that requires it.  Thanks, \u003ccode\u003eTim Hatch \u0026lt;pull 2162_\u0026gt;\u003c/code\u003e\u003cem\u003e. Closes \u003ccode\u003eissue 1781\u003c/code\u003e\u003c/em\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the output from \u003ccode\u003ecombine\u003c/code\u003e was too verbose, listing each file\nconsidered. Now it shows a single line with the counts of files combined,\nfiles skipped, and files with errors. The \u003ccode\u003e-q\u003c/code\u003e flag suppresses this line.\nThe old detailed lines are available with the new \u003ccode\u003e--debug=combine\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: running a Python file through a symlink now sets the sys.path correctly,\nmatching regular Python behavior. Fixes \u003ccode\u003eissue 2157\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: \u003ccode\u003eCollector.flush_data\u003c/code\u003e could fail with \u0026quot;RuntimeError: Set changed\nsize during iteration\u0026quot; when a tracer in another thread added a line to the\nper-file set that \u003ccode\u003eadd_lines\u003c/code\u003e (or \u003ccode\u003eadd_arcs\u003c/code\u003e) was iterating. The values\npassed to \u003ccode\u003eCoverageData\u003c/code\u003e are now snapshotted via \u003ccode\u003edict.copy()\u003c/code\u003e and\n\u003ccode\u003eset.copy()\u003c/code\u003e, which are atomic under the GIL. Thanks, \u003ccode\u003eAlex Vandiver \u0026lt;pull 2165_\u0026gt;\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the soft keyword \u003ccode\u003elazy\u003c/code\u003e is now bolded in HTML reports.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWe are no longer testing eventlet support. Eventlet started issuing stern\ndeprecation warnings that break our tests. Our support code is still there.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _issue 1781: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/1781\"\u003ecoveragepy/coveragepy#1781\u003c/a\u003e\n.. _issue 2157: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2157\"\u003ecoveragepy/coveragepy#2157\u003c/a\u003e\n.. _pull 2162: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/pull/2162\"\u003ecoveragepy/coveragepy#2162\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/64d9b66fd852c1920ffe6cb8b58d7e4fdae90226\"\u003e\u003ccode\u003e64d9b66\u003c/code\u003e\u003c/a\u003e docs: correct the date for 7.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/6fa7dd44c25e1a660252faaf030dd8f2f1e20861\"\u003e\u003ccode\u003e6fa7dd4\u003c/code\u003e\u003c/a\u003e chore: bump actions/dependency-review-action (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2181\"\u003e#2181\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/078afae263597b004eb9a85d880b6a65008e75ed\"\u003e\u003ccode\u003e078afae\u003c/code\u003e\u003c/a\u003e docs: sample HTML for 7.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/cb4f028a36e008b664739d04f387b90ee5105044\"\u003e\u003ccode\u003ecb4f028\u003c/code\u003e\u003c/a\u003e docs: prep for 7.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/ae2d09f562271c6169534e1c242d015dd0823dda\"\u003e\u003ccode\u003eae2d09f\u003c/code\u003e\u003c/a\u003e Merge branch 'nedbat/classifire-316-kits'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/2c3568b2e041f2c0dbbc8eaa3919d46ee891b743\"\u003e\u003ccode\u003e2c3568b\u003c/code\u003e\u003c/a\u003e build: declare 3.16 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/faa68f8601cf098701b68976dbb73b9fc23c9297\"\u003e\u003ccode\u003efaa68f8\u003c/code\u003e\u003c/a\u003e chore: bump github/codeql-action in the action-dependencies group (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2173\"\u003e#2173\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/eb55feedf54b363e3d0b678f20abf3bfd3551a88\"\u003e\u003ccode\u003eeb55fee\u003c/code\u003e\u003c/a\u003e test: we don't need PyPy \u0026lt; 7.3.22 anymore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/ac168fe53c04cdb2ff5231c0c4e5045021ee339b\"\u003e\u003ccode\u003eac168fe\u003c/code\u003e\u003c/a\u003e test: the text summary should show missing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/fed4bd2db3c1cb2916a07791041da693fbf8e996\"\u003e\u003ccode\u003efed4bd2\u003c/code\u003e\u003c/a\u003e chore: upgrade virtualenv\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/coveragepy/coveragepy/compare/7.13.5...7.14.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `decorator` from 5.2.1 to 5.3.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micheles/decorator/blob/master/CHANGES.md\"\u003edecorator's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.1 (2026-05-18)\u003c/h2\u003e\n\u003cp\u003eAdded license SPDX identifier to pyproject.toml (reported by\nChristian Lackas).\u003c/p\u003e\n\u003ch2\u003e5.3.0 (2026-05-17)\u003c/h2\u003e\n\u003cp\u003eAdded official support for Python 3.14 (thanks to Hugo van Kemenade,\nDavid Cain and the GitHub user bersbersbers).\nFixed a bug with \u0026quot;return await\u0026quot; contributed by Kadir Can Ozden.\nMoved decorator.py to a package structure (\u003ccode\u003edecorator/__init__.py\u003c/code\u003e) and\nadded a stub file (\u003ccode\u003edecorator/__init__.pyi\u003c/code\u003e) contributed by Marco Gorelli.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/426e9e35d563ffe356e54bd0f970d153b8f25370\"\u003e\u003ccode\u003e426e9e3\u003c/code\u003e\u003c/a\u003e Bumped the version to 5.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/062ff0e0c33733f2148a5590d118a8570df846d5\"\u003e\u003ccode\u003e062ff0e\u003c/code\u003e\u003c/a\u003e Fixed the dependency on setuptools\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/086ff5d95d4dc550117c12647a4427d70bf8833d\"\u003e\u003ccode\u003e086ff5d\u003c/code\u003e\u003c/a\u003e Updated license\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/5807a83ead31f0de5303fa950ddea49d850d7355\"\u003e\u003ccode\u003e5807a83\u003c/code\u003e\u003c/a\u003e Updated license\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/093aced11439251e496b47a9a9369501075e8d1a\"\u003e\u003ccode\u003e093aced\u003c/code\u003e\u003c/a\u003e Updated changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/e9ced7e63ad9502b3e2a3e3db5f5f1ccc16c5fd6\"\u003e\u003ccode\u003ee9ced7e\u003c/code\u003e\u003c/a\u003e Added license SPDX\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/b3e82ddc04e8d0c18c51eecb30b4a59aee5aac1d\"\u003e\u003ccode\u003eb3e82dd\u003c/code\u003e\u003c/a\u003e Fixed CHANGES.md [ci skip]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/f1ce8da8522193421436c368849afe886666b4e5\"\u003e\u003ccode\u003ef1ce8da\u003c/code\u003e\u003c/a\u003e Doc fix [ci skip]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/c924d7c6aa2e47a0627706c385101ff8d558d091\"\u003e\u003ccode\u003ec924d7c\u003c/code\u003e\u003c/a\u003e Updated supported versions [ci skip]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/8b83e8cca35f5c773654ce4ae89b4e3f84f430d3\"\u003e\u003ccode\u003e8b83e8c\u003c/code\u003e\u003c/a\u003e Fixed CHANGES [ci skip]\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micheles/decorator/compare/5.2.1...5.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fonttools` from 4.62.1 to 4.63.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fonttools/fonttools/releases\"\u003efonttools's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.63.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[ttLib] Add support for Apple Color Emoji \u003ccode\u003ebgcl\u003c/code\u003e table (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4065\"\u003e#4065\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[ttLib] Add support for \u003ccode\u003eIFT\u003c/code\u003e and \u003ccode\u003eIFTX\u003c/code\u003e tables (Incremental Font Transfer, PatchMapFormat2) (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4070\"\u003e#4070\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4072\"\u003e#4072\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[otData] Introduce \u003ccode\u003eFieldSpec\u003c/code\u003e dataclass for OpenType table schema definitions, replacing raw tuples in \u003ccode\u003eotData.py\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4076\"\u003e#4076\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[Feat] Show \u003ccode\u003ename\u003c/code\u003e table strings as comments next to label IDs in TTX output, matching the convention used by \u003ccode\u003efvar\u003c/code\u003e, \u003ccode\u003eSTAT\u003c/code\u003e, \u003ccode\u003etrak\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4089\"\u003e#4089\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cu2qu] Fix Cython complex-division rounding difference in \u003ccode\u003esplit_cubic_into_three\u003c/code\u003e that could cause ±1 off-curve coordinate shifts (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/3928\"\u003e#3928\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4083\"\u003e#4083\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[designspaceLib] Fix \u003ccode\u003emap_backward\u003c/code\u003e\u003ccode\u003egooglefonts/ufo2ft#978\u003c/code\u003e\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4085\"\u003e#4085\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[OS/2] Fix \u003ccode\u003esetUnicodeRanges\u003c/code\u003e to accept reserved bits 123-127, restoring round-trip with \u003ccode\u003egetUnicodeRanges\u003c/code\u003e and fixing \u003ccode\u003erecalcUnicodeRanges\u003c/code\u003e crash in the subsetter (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4087\"\u003e#4087\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4088\"\u003e#4088\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cython] Declare Cython extensions as free-threading compatible on Python 3.13+, so that importing them on free-threaded Python no longer re-enables the GIL (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4073\"\u003e#4073\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4090\"\u003e#4090\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fonttools/fonttools/blob/main/NEWS.rst\"\u003efonttools's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.63.0 (released 2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[ttLib] Add support for Apple Color Emoji \u003ccode\u003ebgcl\u003c/code\u003e table (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4065\"\u003e#4065\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[ttLib] Add support for \u003ccode\u003eIFT\u003c/code\u003e and \u003ccode\u003eIFTX\u003c/code\u003e tables (Incremental Font Transfer,\nPatchMapFormat2) (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4070\"\u003e#4070\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4072\"\u003e#4072\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[otData] Introduce \u003ccode\u003eFieldSpec\u003c/code\u003e dataclass for OpenType table schema definitions,\nreplacing raw tuples in \u003ccode\u003eotData.py\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4076\"\u003e#4076\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[Feat] Show \u003ccode\u003ename\u003c/code\u003e table strings as comments next to label IDs in TTX output,\nmatching the convention used by \u003ccode\u003efvar\u003c/code\u003e, \u003ccode\u003eSTAT\u003c/code\u003e, \u003ccode\u003etrak\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4089\"\u003e#4089\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cu2qu] Fix Cython complex-division rounding difference in\n\u003ccode\u003esplit_cubic_into_three\u003c/code\u003e that could cause ±1 off-curve coordinate shifts\n(\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/3928\"\u003e#3928\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4083\"\u003e#4083\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[designspaceLib] Fix \u003ccode\u003emap_backward\u003c/code\u003e for many-to-one (flat-segment) axis maps\nthat silently dropped entries via dict comprehension\n\u003ccode\u003egooglefonts/ufo2ft#978\u003c/code\u003e\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4085\"\u003e#4085\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[OS/2] Fix \u003ccode\u003esetUnicodeRanges\u003c/code\u003e to accept reserved bits 123-127, restoring\nround-trip with \u003ccode\u003egetUnicodeRanges\u003c/code\u003e and fixing \u003ccode\u003erecalcUnicodeRanges\u003c/code\u003e crash\nin the subsetter (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4087\"\u003e#4087\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4088\"\u003e#4088\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cython] Declare Cython extensions as free-threading compatible on Python 3.13+,\nso that importing them on free-threaded Python no longer re-enables the GIL\n(\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4073\"\u003e#4073\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4090\"\u003e#4090\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/978d9edccb60ea0e5fbad7015cb11817c3532328\"\u003e\u003ccode\u003e978d9ed\u003c/code\u003e\u003c/a\u003e Release 4.63.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/6b40ecb6f13e076916044ecd8f0fc13ab5f957f6\"\u003e\u003ccode\u003e6b40ecb\u003c/code\u003e\u003c/a\u003e Add changelog entries for 4.63.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/382a35fb5e96c6ff38a1e7775a24e20bf122a66d\"\u003e\u003ccode\u003e382a35f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4090\"\u003e#4090\u003c/a\u003e from fonttools/fix-freethreading-compat\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/0e999b55f05ad0dd8423f389673a32de9c5199bb\"\u003e\u003ccode\u003e0e999b5\u003c/code\u003e\u003c/a\u003e Declare Cython extensions as free-threading compatible\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/9e55ea54c184b0d4c0830525f72e69c6c1a32691\"\u003e\u003ccode\u003e9e55ea5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4089\"\u003e#4089\u003c/a\u003e from fonttools/graphite-feat-labels\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/e84db3ab426a251256ebec7904c03dc73e25932b\"\u003e\u003ccode\u003ee84db3a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4088\"\u003e#4088\u003c/a\u003e from fonttools/fix-setUnicodeRanges-bits-123-127\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/d6eabd1edf7bfa950b6b85c393e4c185dee36d7f\"\u003e\u003ccode\u003ed6eabd1\u003c/code\u003e\u003c/a\u003e Feat: show name table strings as comments next to label IDs in ttx\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/7d0902b2e27ec1433b015b3b8a79391d7c8604cb\"\u003e\u003ccode\u003e7d0902b\u003c/code\u003e\u003c/a\u003e OS/2: fix setUnicodeRanges round-trip for reserved bits 123-127\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/06e266ce70ec578d549c2df0e180a84d9323baf2\"\u003e\u003ccode\u003e06e266c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4085\"\u003e#4085\u003c/a\u003e from fonttools/fix-map-backward-non-injective\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/6d64598a63f83bcd59d29cf3f22dd25343bd9688\"\u003e\u003ccode\u003e6d64598\u003c/code\u003e\u003c/a\u003e Add more tests for map_backward with many-to-one axis maps\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fonttools/fonttools/compare/4.62.1...4.63.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.13 to 3.17\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.17 (2026-05-28)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSubstantial 75% reduction in memory usage through new data\nstructures and some optimization in processing speed.\u003c/li\u003e\n\u003cli\u003eAdded a general 1024-character input length cap to the public\nvalidation, conversion, and codec entry points. This is well above\nany legitimate domain or label and guards against pathological\ninputs.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.16 (2026-05-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a command-line interface (\u003ccode\u003epython -m idna\u003c/code\u003e, also available as\nthe \u003ccode\u003eidna\u003c/code\u003e script). Encodes or decodes one or more domains supplied\nas arguments or on standard input, with options to select A-label\nor U-label output and control error handling.\u003c/li\u003e\n\u003cli\u003eRaise the minimum supported Python version to 3.9\u003c/li\u003e\n\u003cli\u003eVarious code quality improvements\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f48619c4cea6859b938d560fdd9feb898e678567\"\u003e\u003ccode\u003ef48619c\u003c/code\u003e\u003c/a\u003e Release 3.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/7421ba8003227f816142ab40178e3a7d204e6847\"\u003e\u003ccode\u003e7421ba8\u003c/code\u003e\u003c/a\u003e Pre-release 3.17rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/22ebb73b164081f209449b50162eb7ce086e96a4\"\u003e\u003ccode\u003e22ebb73\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/251\"\u003e#251\u003c/a\u003e from kjd/structure-optimizations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2a7ac0a58c788d50112a5003af545a83807fb108\"\u003e\u003ccode\u003e2a7ac0a\u003c/code\u003e\u003c/a\u003e Drop redundant parallel-arrays comment from uts46data\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/354eee9850a7b2962b65ae02010f7ebd9c99b7ed\"\u003e\u003ccode\u003e354eee9\u003c/code\u003e\u003c/a\u003e Apply ruff format to uts46data.py\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/8c34ffcab603b4a7a727d4e286b1f3342813281d\"\u003e\u003ccode\u003e8c34ffc\u003c/code\u003e\u003c/a\u003e Refactor uts46data into parallel arrays\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/1189629e8a319f7c2b4678b5716c180ebd97de03\"\u003e\u003ccode\u003e1189629\u003c/code\u003e\u003c/a\u003e Range-encode joining_types for compact representation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f90b87adc6b6b2a591dfc7fb3f8e47870dc81722\"\u003e\u003ccode\u003ef90b87a\u003c/code\u003e\u003c/a\u003e Generic length limit for functions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/d6ffd28be164dfbd3ebca8b3396e39d191f4909b\"\u003e\u003ccode\u003ed6ffd28\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/247\"\u003e#247\u003c/a\u003e from kjd/release-3.16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/6d1a0de52a8b4690f1b2a89829aa85ff1de3635a\"\u003e\u003ccode\u003e6d1a0de\u003c/code\u003e\u003c/a\u003e Release 3.16\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.13...v3.17\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `librt` from 0.10.0 to 0.11.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mypyc/librt/commit/862679a0492f4433a286b2d53965ec2603623be1\"\u003e\u003ccode\u003e862679a\u003c/code\u003e\u003c/a\u003e Sync mypy and bump version to 0.11.0 (\u003ca href=\"https://redirect.github.com/mypyc/librt/issues/40\"\u003e#40\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/mypyc/librt/compare/v0.10.0...v0.11.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `matplotlib-inline` from 0.2.1 to 0.2.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/e6e197523ecfabfff1d976e5b6958c3ede948ccb\"\u003e\u003ccode\u003ee6e1975\u003c/code\u003e\u003c/a\u003e release 0.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/0aac2e223483ffbfb5a6076d8c2ca83545cca440\"\u003e\u003ccode\u003e0aac2e2\u003c/code\u003e\u003c/a\u003e Bump the actions group across 1 directory with 2 updates (\u003ca href=\"https://redirect.github.com/ipython/matplotlib-inline/issues/65\"\u003e#65\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/6eb2bd89dc8d4d6678478c6b2ec15be7b20d3374\"\u003e\u003ccode\u003e6eb2bd8\u003c/code\u003e\u003c/a\u003e Bump the actions group across 1 directory with 2 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/631d7dd26be1287f64c5bd4bbb84888903e419b0\"\u003e\u003ccode\u003e631d7dd\u003c/code\u003e\u003c/a\u003e Zizmor hardening (\u003ca href=\"https://redirect.github.com/ipython/matplotlib-inline/issues/66\"\u003e#66\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/8d45c8fc427d39750751bdaa0ffe5abc8e30cd50\"\u003e\u003ccode\u003e8d45c8f\u003c/code\u003e\u003c/a\u003e Zizmor hardening\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/f830b37c728146dca4f947de6cbdb420ee9c69fb\"\u003e\u003ccode\u003ef830b37\u003c/code\u003e\u003c/a\u003e Specify BSD license and add license files (\u003ca href=\"https://redirect.github.com/ipython/matplotlib-inline/issues/62\"\u003e#62\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/e3b8bb10d275d5caa97d8d1b584d48797e494de4\"\u003e\u003ccode\u003ee3b8bb1\u003c/code\u003e\u003c/a\u003e Deprecate Python 3.9 in CI pipeline\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/c783ae72ed581f24fa136f34e6df4f6e99c3f785\"\u003e\u003ccode\u003ec783ae7\u003c/code\u003e\u003c/a\u003e Deprecate Python 3.9 in CI pipeline\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/8ac056c5730a6adbc9dd5e049b85163ba6a09a28\"\u003e\u003ccode\u003e8ac056c\u003c/code\u003e\u003c/a\u003e Update workflow to include matplotlib for tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/0cc8a2e91306c94e36f0a9cd8e31a38299b1c126\"\u003e\u003ccode\u003e0cc8a2e\u003c/code\u003e\u003c/a\u003e Use valid SPDX ID\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ipython/matplotlib-inline/compare/0.2.1...0.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mypy` from 2.0.0 to 2.1.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python/mypy/blob/master/CHANGELOG.md\"\u003emypy's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eMypy Release Notes\u003c/h1\u003e\n\u003ch2\u003eNext Release\u003c/h2\u003e\n\u003ch2\u003eMypy 2.1\u003c/h2\u003e\n\u003cp\u003eWe’ve just uploaded mypy 2.1.0 to the Python Package Index (\u003ca href=\"https://pypi.org/project/mypy/\"\u003ePyPI\u003c/a\u003e).\nMypy is a static type checker for Python. This release includes new features, performance\nimprovements and bug fixes. You can install it as follows:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epython3 -m pip install -U mypy\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eYou can read the full documentation for this release on \u003ca href=\"http://mypy.readthedocs.io\"\u003eRead the Docs\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003elibrt.vecs: Fast Growable Array Type for Mypyc\u003c/h3\u003e\n\u003cp\u003eThe new \u003ccode\u003elibrt.vecs\u003c/code\u003e module provides an efficient growable array type \u003ccode\u003evec\u003c/code\u003e that is\noptimized for mypyc use. It provides fast, packed arrays with integer and floating point\nvalue types, which can be \u003cstrong\u003eseveral times faster\u003c/strong\u003e than \u003ccode\u003elist\u003c/code\u003e, and tens of times faster\nthan \u003ccode\u003earray.array\u003c/code\u003e in code compiled using mypyc. It also supports nested \u003ccode\u003evec\u003c/code\u003e objects and\nnon-value-type items, such as \u003ccode\u003evec[vec[str]]\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eRefer to the \u003ca href=\"https://mypyc.readthedocs.io/en/latest/librt_vecs.html\"\u003edocumentation\u003c/a\u003e for\nthe details.\u003c/p\u003e\n\u003cp\u003eContributed by Jukka Lehtosalo.\u003c/p\u003e\n\u003ch3\u003elibrt.random: Fast Pseudo-Random Number Generation\u003c/h3\u003e\n\u003cp\u003eThe new \u003ccode\u003elibrt.random\u003c/code\u003e module provides fast pseudo-random number generation that is\noptimized for code compiled using mypyc. It can be 3x to 10x faster than the stdlib\n\u003ccode\u003erandom\u003c/code\u003e module in compiled code.\u003c/p\u003e\n\u003cp\u003eRefer to the \u003ca href=\"https://mypyc.readthedocs.io/en/latest/librt_random.html\"\u003edocumentation\u003c/a\u003e for\nthe details.\u003c/p\u003e\n\u003cp\u003eContributed by Jukka Lehtosalo (PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21433\"\u003e21433\u003c/a\u003e).\u003c/p\u003e\n\u003ch3\u003eMypyc Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMake compilation order with multiple files consistent (Piotr Sawicki, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21419\"\u003e21419\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash on accessing \u003ccode\u003eStopAsyncIteration\u003c/code\u003e (Piotr Sawicki, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21406\"\u003e21406\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix incremental compilation with \u003ccode\u003eseparate\u003c/code\u003e flag (Vaggelis Danias, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21299\"\u003e21299\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes to Crashes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix crash on partial type with \u003ccode\u003e--allow-redefinition\u003c/code\u003e and \u003ccode\u003eglobal\u003c/code\u003e declaration (Jukka Lehtosalo, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21428\"\u003e21428\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix broken awaitable generator patching (Ivan Levkivskyi, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21435\"\u003e21435\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges to Messages\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/c1c336d7e34eb313080c79b156518c58d27c7234\"\u003e\u003ccode\u003ec1c336d\u003c/code\u003e\u003c/a\u003e Remove +dev from version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/74df14b7cbf08140236aa45bbb7f42219b0b1df7\"\u003e\u003ccode\u003e74df14b\u003c/code\u003e\u003c/a\u003e Add changelog for mypy 2.1 (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21464\"\u003e#21464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/022d9bc96f86c40f338a5cf150f1806cc8f300ff\"\u003e\u003ccode\u003e022d9bc\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;TypeForm: Enable by default (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21262\"\u003e#21262\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/8826288214f1cb31496e610667481221e025359c\"\u003e\u003ccode\u003e8826288\u003c/code\u003e\u003c/a\u003e [mypyc] Document librt.random (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21463\"\u003e#21463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/3f4067b699dbe52d08e42ef3b3ebfdebdc06bd96\"\u003e\u003ccode\u003e3f4067b\u003c/code\u003e\u003c/a\u003e Bump librt version to 0.11.0 (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21458\"\u003e#21458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/2b1eb58a250c5f1eb4ef5fb1f312ff528c5a1d4e\"\u003e\u003ccode\u003e2b1eb58\u003c/code\u003e\u003c/a\u003e [mypyc] Enable incremental self-compilation (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21369\"\u003e#21369\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/8152f4af3f6c03beaf2660026240f0fdce7feecc\"\u003e\u003ccode\u003e8152f4a\u003c/code\u003e\u003c/a\u003e Respect file config comments for stale modules (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21444\"\u003e#21444\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/116d60bdd3fdfe8d97c6afe99370910db56f1b92\"\u003e\u003ccode\u003e116d60b\u003c/code\u003e\u003c/a\u003e Fix nondeterminism from nonassociativity of overload joins (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21455\"\u003e#21455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/6c4af8e42110cea3f84bc02add2ca7b89c268210\"\u003e\u003ccode\u003e6c4af8e\u003c/code\u003e\u003c/a\u003e Fix function call message change for small number of args (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21432\"\u003e#21432\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/4b8fdcaf24032592510e8f15421fb32d82a71800\"\u003e\u003ccode\u003e4b8fdca\u003c/code\u003e\u003c/a\u003e [mypyc] Add librt.random module (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21433\"\u003e#21433\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python/mypy/compare/v2.0.0...v2.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `platformdirs` from 4.9.6 to 4.10.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/platformdirs/releases\"\u003eplatformdirs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.10.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: improve platformdirs maintenance path by \u003ca href=\"https://github.com/lphuc2250gma\"\u003e\u003ccode\u003e@​lphuc2250gma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/platformdirs/pull/488\"\u003etox-dev/platformdirs#488\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e✨ feat: add user_projects_dir for $XDG_PROJECTS_DIR by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/platformdirs/pull/490\"\u003etox-dev/platformdirs#490\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e✨ feat: add user_publicshare_dir, user_templates_dir, user_fonts_dir, user_preference_dir by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/platformdirs/pull/491\"\u003etox-dev/platformdirs#491\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lphuc2250gma\"\u003e\u003ccode\u003e@​lphuc2250gma\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/platformdirs/pull/488\"\u003etox-dev/platformdirs#488\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/platformdirs/compare/4.9.6...4.10.0\"\u003ehttps://github.com/tox-dev/platformdirs/compare/4.9.6...4.10.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/platformdirs/blob/main/docs/changelog.rst\"\u003eplatformdirs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e###########\nChangelog\n###########\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003e4.10.0 (2026-05-28)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e✨ feat: add user_publicshare_dir, user_templates_dir, user_fonts_dir, user_preference_dir :pr:\u003ccode\u003e491\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e✨ feat: add user_projects_dir for $XDG_PROJECTS_DIR :pr:\u003ccode\u003e490\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003echore: improve platformdirs maintenance path :pr:\u003ccode\u003e488\u003c/code\u003e - by :user:\u003ccode\u003elphuc2250gma\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e4.9.6 (2026-04-09)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(release): use double quotes for tag variable expansion :pr:\u003ccode\u003e477\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e4.9.5 (2026-04-06)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e📝 docs(appauthor): clarify None vs False on Windows :pr:\u003ccode\u003e476\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eSeparates implementations of macOS dirs that share a default :pr:\u003ccode\u003e473\u003c/code\u003e - by :user:\u003ccode\u003eGoddesen\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRemove persist-credentials: false from release job :pr:\u003ccode\u003e472\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003efix: do not duplicate site dirs in Unix.iter_{config,site}_dirs() when use_site_for_root is active :pr:\u003ccode\u003e469\u003c/code\u003e - by\n:user:\u003ccode\u003eviccie30\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🔧 fix(type): resolve ty 0.0.25 type errors :pr:\u003ccode\u003e468\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🔒 ci(workflows): add zizmor security auditing :pr:\u003ccode\u003e467\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(release): generate docstrfmt-compatible changelog entries :pr:\u003ccode\u003e463\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e4.9.4 (2026-03-05)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e461\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md\u003c/li\u003e\n\u003cli\u003e📝 docs: add project logo to documentation :pr:\u003ccode\u003e459\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eStandardize .github files to .yaml suffix\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump the all group with 2 updates :pr:\u003ccode\u003e457\u003c/code\u003e - by :user:\u003ccode\u003edependabot[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMove SECURITY.md to .github/SECURITY.md\u003c/li\u003e\n\u003cli\u003eAdd permissions to workflows :pr:\u003ccode\u003e455\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd security policy\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e454\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e4.9.2 (2026-02-16)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e📝 docs: restructure following Diataxis framework :pr:\u003ccode\u003e448\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/platformdirs/commit/04cb1361a064132102612ab05053351196a62b40\"\u003e\u003ccode\u003e04cb136\u003c/code\u003e\u003c/a\u003e Release 4.10.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/platformdirs/commit/078bc61171e1a0cfbb3f210ff0fd30795a359664\"\u003e\u003ccode\u003e078bc61\u003c/code\u003e\u003c/a\u003e ✨ feat: add user_publicshare_dir, user_templates_dir, user_fonts_dir, user_pr...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/platformdirs/commit/d27974762005fa35cebcd4dd7236f8081e88ad75\"\u003e\u003ccode\u003ed279747\u003c/code\u003e\u003c/a\u003e ✨ feat: add user_projects_dir for $XDG_PROJECTS_DIR (\u003ca href=\"https://redirect.github.com/tox-dev/platformdirs/issues/490\"\u003e#490\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/platformdirs/commit/4116391f16178ee5c4b293761491519f9f3c9834\"\u003e\u003ccode\u003e4116391\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/platformdirs/issues/489\"\u003e#489\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/platformdirs/commit/dbc63f58261f1b109f2d75c7d35a485331dbbe6f\"\u003e\u003ccode\u003edbc63f5\u003c/code\u003e\u003c/a\u003e chore: improve platformdirs maintenance path (\u003ca href=\"https://redirect.github.com/tox-dev/platformdirs/issues/488\"\u003e#488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/platformdirs/commit/9265108d732233ce7fbb63a94cd389708ce5e102\"\u003e\u003ccode\u003e9265108\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/platformdirs/issues/487\"\u003e#487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/platformdirs/commit/9f857ec172a1a09a9c608c28cfe2c460c3baac8e\"\u003e\u003ccode\u003e9f857ec\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/platformdirs/issues/486\"\u003e#486\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/platformdirs/commit/a76e77756278566e414eebbc03f789b3a21ea2fa\"\u003e\u003ccode\u003ea76e777\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/platformdirs/issues/484\"\u003e#484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/platformdirs/commit/903fd9f321285c38d4741d2e5ea1881938405d16\"\u003e\u003ccode\u003e903fd9f\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/platformdirs/issues/483\"\u003e#483\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/platformdirs/commit/a5da35d0d57cbcb5f30b18203aa7fbb44be69978\"\u003e\u003ccode\u003ea5da35d\u003c/code\u003e\u003c/a\u003e build(deps): bump astral-sh/setup-uv from 8.0.0 to 8.1.0 in the all group (\u003ca href=\"https://redirect.github.com/tox-dev/platformdirs/issues/482\"\u003e#482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tox-dev/platformdirs/compare/4.9.6...4.10.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyjwt` from 2.12.1 to 2.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/releases\"\u003epyjwt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.13.0\u003c/h2\u003e\n\u003ch1\u003ePyJWT 2.13.0 — Security Release\u003c/h1\u003e\n\u003cp\u003eThis release bundles five security fixes plus three additional hardening / spec-compliance changes. We recommend all users upgrade.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\"\u003e\u003ccode\u003eGHSA-xgmm-8j9v-c9wx\u003c/code\u003e\u003c/a\u003e — JWK JSON accepted as HMAC secret (algorithm confusion).\u003c/strong\u003e \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e previously rejected PEM- and SSH-formatted asymmetric keys but did not catch a JWK passed as a raw JSON string. In a verifier configured with both symmetric and asymmetric algorithms in \u003ccode\u003ealgorithms=[…]\u003c/code\u003e and a raw-JSON JWK as the key, an attacker could forge HS256 tokens using the JWK text as the HMAC secret. The guard has been extended to reject any JWK-shaped JSON. \u003cem\u003eReported by \u003ca href=\"https://github.com/aradona91\"\u003e\u003ccode\u003e@​aradona91\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\"\u003e\u003ccode\u003eGHSA-jq35-7prp-9v3f\u003c/code\u003e\u003c/a\u003e — Algorithm allow-list bypass with \u003ccode\u003ePyJWK\u003c/code\u003e / \u003ccode\u003ePyJWKClient\u003c/code\u003e.\u003c/strong\u003e When verifying with a \u003ccode\u003ePyJWK\u003c/code\u003e, the caller's \u003ccode\u003ealgorithms=[…]\u003c/code\u003e allow-list was checked against the token header \u003ccode\u003ealg\u003c/code\u003e as a string only; actual verification used the algorithm bound to the \u003ccode\u003ePyJWK\u003c/code\u003e. An attacker who controlled a registered JWKS key could sign with one algorithm and advertise another on the header. PyJWT now requires the token header \u003ccode\u003ealg\u003c/code\u003e to match the \u003ccode\u003ePyJWK\u003c/code\u003e's algorithm before verification. \u003cem\u003eReported by \u003ca href=\"https://github.com/sushi-gif\"\u003e\u003ccode\u003e@​sushi-gif\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\"\u003e\u003ccode\u003eGHSA-w7vc-732c-9m39\u003c/code\u003e\u003c/a\u003e — DoS via base64 decode of unused payload segment when \u003ccode\u003eb64=false\u003c/code\u003e.\u003c/strong\u003e For detached-payload JWS (\u003ccode\u003eb64=false\u003c/code\u003e), the compact-form payload segment was base64-decoded before being discarded in favor of the caller-supplied \u003ccode\u003edetached_payload\u003c/code\u003e. An attacker could inflate the unused segment to force CPU + memory cost without holding a valid signature. The segment is now required to be empty per RFC 7515 Appendix F, and is no longer decoded. \u003cem\u003eReported by \u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\"\u003e\u003ccode\u003eGHSA-993g-76c3-p5m4\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e accepts non-HTTP(S) URIs.\u003c/strong\u003e \u003ccode\u003ePyJWKClient.fetch_data\u003c/code\u003e passed its URI to \u003ccode\u003eurllib.request.urlopen\u003c/code\u003e, which by default also handles \u003ccode\u003efile://\u003c/code\u003e, \u003ccode\u003eftp://\u003c/code\u003e, and \u003ccode\u003edata:\u003c/code\u003e schemes. An application that fed an attacker-influenced URI into \u003ccode\u003ePyJWKClient\u003c/code\u003e could be coerced into reading local files or reaching other unintended schemes. \u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects any URI whose scheme isn't \u003ccode\u003ehttp\u003c/code\u003e or \u003ccode\u003ehttps\u003c/code\u003e. \u003cem\u003eReported by \u003ca href=\"https://github.com/KEIJOT\"\u003e\u003ccode\u003e@​KEIJOT\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\"\u003e\u003ccode\u003eGHSA-fhv5-28vv-h8m8\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e cache wiped on fetch error.\u003c/strong\u003e A \u003ccode\u003efinally\u003c/code\u003e-block \u003ccode\u003eput(jwk_set=None)\u003c/code\u003e cleared the JWK Set cache whenever a fetch raised, turning a transient JWKS-endpoint outage into application-wide auth failure. The cache write was moved into the success path; transient errors no longer evict valid cached keys. \u003cem\u003eReported by \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReject empty HMAC keys outright in \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e with \u003ccode\u003eInvalidKeyError\u003c/code\u003e instead of accepting them with only a warning. Defends against the \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e footgun. \u003cem\u003eThanks to \u003ca href=\"https://github.com/SnailSploit\"\u003e\u003ccode\u003e@​SnailSploit\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/spartan8806\"\u003e\u003ccode\u003e@​spartan8806\u003c/code\u003e\u003c/a\u003e for the reports.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003eForward per-call \u003ccode\u003eoptions\u003c/code\u003e (including \u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e) from \u003ccode\u003ePyJWT.decode\u003c/code\u003e through to \u003ccode\u003ePyJWS._verify_signature\u003c/code\u003e. The option was previously silently dropped between the two layers, so it only took effect when set on the \u003ccode\u003ePyJWT\u003c/code\u003e instance. \u003cem\u003eThanks to \u003ca href=\"https://github.com/WLUB\"\u003e\u003ccode\u003e@​WLUB\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRFC 7797 §3 compliance for \u003ccode\u003eb64=false\u003c/code\u003e:\u003c/strong\u003e the encoder now auto-adds \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e to \u003ccode\u003ecrit\u003c/code\u003e, and the decoder rejects tokens that set \u003ccode\u003eb64=false\u003c/code\u003e without listing it in \u003ccode\u003ecrit\u003c/code\u003e. \u003cem\u003eThanks to \u003ca href=\"https://github.com/MachineLearning-Nerd\"\u003e\u003ccode\u003e@​MachineLearning-Nerd\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups, by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/pull/1152\"\u003e#1152\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUpgrade notes\u003c/h2\u003e\n\u003cp\u003eMost fixes are invisible to correctly-configured callers. A few behavioral changes you may encounter:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eEmpty HMAC keys now raise.\u003c/strong\u003e If your app passed \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e or \u003ccode\u003eb\u0026quot;\u0026quot;\u003c/code\u003e as a secret (often via a missing env var, e.g. \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e), \u003ccode\u003eencode\u003c/code\u003e/\u003ccode\u003edecode\u003c/code\u003e will now raise \u003ccode\u003eInvalidKeyError\u003c/code\u003e. This is the intended behavior — fix the configuration.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWK\u003c/code\u003e decoding now requires the token's \u003ccode\u003ealg\u003c/code\u003e to match the JWK's algorithm.\u003c/strong\u003e Previously a mismatch was silently honored if the header \u003ccode\u003ealg\u003c/code\u003e appeared in the allow-list. Tokens that relied on this mismatch will now fail with \u003ccode\u003eInvalidAlgorithmError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects non-HTTP(S) URIs at construction time.\u003c/strong\u003e Tests or dev environments that fetched JWKS from \u003ccode\u003efile://\u003c/code\u003e URIs need to switch to a local HTTP server or load the JWKS by other means (e.g. construct \u003ccode\u003ePyJWKSet.from_dict(...)\u003c/code\u003e directly).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eb64=false\u003c/code\u003e tokens are now strictly RFC 7515 / 7797 compliant.\u003c/strong\u003e Tokens with a non-empty compact-form payload segment, or that omit \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e from \u003ccode\u003ecrit\u003c/code\u003e, will be rejected. PyJWT-produced tokens always satisfy both invariants, so round-trips through PyJWT are unaffected.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e set per-call now takes effect.\u003c/strong\u003e Callers who passed \u003ccode\u003eoptions={\u0026quot;enforce_minimum_key_length\u0026quot;: True}\u003c/code\u003e to \u003ccode\u003ejwt.decode()\u003c/code\u003e previously got no enforcement; they will now get \u003ccode\u003eInvalidKeyError\u003c/code\u003e on undersized keys, as documented.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull changelog:\u003c/strong\u003e \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ehttps://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst\"\u003epyjwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003ev2.13.0 \u0026lt;https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u0026gt;\u003c/code\u003e__\u003c/h2\u003e\n\u003cp\u003eSecurity\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject JWK JSON documents passed as raw HMAC secrets in\n  ``HMACAlgorithm.prepare_key`` to close an algorithm-confusion gap that\n  the existing PEM/SSH guard did not cover. Reported by @aradona91 in\n  `GHSA-xgmm-8j9v-c9wx \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\u0026gt;`__.\n- Bind the JWT header ``alg`` to ``PyJWK.algorithm_name`` during\n  verification so the caller's ``algorithms=[...]`` allow-list cannot be\n  bypassed when decoding with a ``PyJWK`` / ``PyJWKClient`` key. Reported\n  by @sushi-gif in `GHSA-jq35-7prp-9v3f \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\u0026gt;`__.\n- Reject non-``http(s)`` URI schemes in ``PyJWKClient`` so attacker-\n  influenced URIs cannot read local files or reach unintended schemes via\n  urllib's default ``file://`` / ``ftp://`` / ``data:`` handlers. Reported\n  by @KEIJOT in `GHSA-993g-76c3-p5m4 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\u0026gt;`__.\n- Preserve the cached JWK Set on fetch errors in ``PyJWKClient.fetch_data``.\n  The previous ``finally``-block ``put(None)`` pattern cleared the cache\n  on any transient outage, turning one bad JWKS request into application-\n  wide auth failure. Reported by @eddieran in `GHSA-fhv5-28vv-h8m8 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\u0026gt;`__.\n- Skip the unconditional base64 decode of the compact-form payload segment\n  when ``b64=false`` is set in the protected header, and require that\n  segment to be empty (RFC 7515 Appendix F detached form). Closes an\n  unauthenticated DoS amplifier. Reported by @thesmartshadow in\n  `GHSA-w7vc-732c-9m39 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\u0026gt;`__.\n\u003cp\u003eFixed\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject empty HMAC keys outright in ``HMACAlgorithm.prepare_key`` with\n  ``InvalidKeyError`` instead of ...\n\n_Description has been truncated_","html_url":"https://github.com/tatsuki-washimi/gwexpy/pull/430","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/tatsuki-washimi%2Fgwexpy/issues/430","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/430/packages"},{"uuid":"4521535875","node_id":"PR_kwDOOLckwc7fRcG7","number":1138,"state":"open","title":"Bump the pip-deps group across 1 directory with 15 updates","user":"dependabot[bot]","labels":["dependencies","python","skip-changelog"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-26T05:09:42.000Z","updated_at":"2026-05-26T05:10:57.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip-deps","update_count":15,"packages":[{"name":"requests","old_version":"2.34.0","new_version":"2.34.2","repository_url":"https://github.com/psf/requests"},{"name":"click","old_version":"8.3.3","new_version":"8.4.1","repository_url":"https://github.com/pallets/click"},{"name":"python-ldap","old_version":"3.4.5","new_version":"3.4.7","repository_url":"https://github.com/python-ldap/python-ldap"},{"name":"opentelemetry-api","old_version":"1.41.1","new_version":"1.42.1","repository_url":"https://github.com/open-telemetry/opentelemetry-python"},{"name":"opentelemetry-sdk","old_version":"1.41.1","new_version":"1.42.1","repository_url":"https://github.com/open-telemetry/opentelemetry-python"},{"name":"black","old_version":"26.3.1","new_version":"26.5.1","repository_url":"https://github.com/psf/black"},{"name":"botocore","old_version":"1.43.6","new_version":"1.43.14","repository_url":"https://github.com/boto/botocore"},{"name":"boto3","old_version":"1.43.6","new_version":"1.43.14","repository_url":"https://github.com/boto/boto3"},{"name":"python-frontmatter","old_version":"1.1.0","new_version":"1.3.0","repository_url":"https://github.com/eyeseast/python-frontmatter"},{"name":"types-pyyaml","old_version":"6.0.12.20260510","new_version":"6.0.12.20260518","repository_url":"https://github.com/python/typeshed"},{"name":"types-pytz","old_version":"2026.2.0.20260506","new_version":"2026.2.0.20260518","repository_url":"https://github.com/python/typeshed"},{"name":"types-python-dateutil","old_version":"2.9.0.20260508","new_version":"2.9.0.20260518","repository_url":"https://github.com/python/typeshed"},{"name":"types-requests","old_version":"2.33.0.20260508","new_version":"2.33.0.20260518","repository_url":"https://github.com/python/typeshed"},{"name":"pytest-socket","old_version":"0.7.0","new_version":"0.8.0","repository_url":"https://github.com/miketheman/pytest-socket"},{"name":"pytest-rerunfailures","old_version":"16.1","new_version":"16.3","repository_url":"https://github.com/pytest-dev/pytest-rerunfailures"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip-deps group with 15 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.34.0` | `2.34.2` |\n| [click](https://github.com/pallets/click) | `8.3.3` | `8.4.1` |\n| [python-ldap](https://github.com/python-ldap/python-ldap) | `3.4.5` | `3.4.7` |\n| [opentelemetry-api](https://github.com/open-telemetry/opentelemetry-python) | `1.41.1` | `1.42.1` |\n| [opentelemetry-sdk](https://github.com/open-telemetry/opentelemetry-python) | `1.41.1` | `1.42.1` |\n| [black](https://github.com/psf/black) | `26.3.1` | `26.5.1` |\n| [botocore](https://github.com/boto/botocore) | `1.43.6` | `1.43.14` |\n| [boto3](https://github.com/boto/boto3) | `1.43.6` | `1.43.14` |\n| [python-frontmatter](https://github.com/eyeseast/python-frontmatter) | `1.1.0` | `1.3.0` |\n| [types-pyyaml](https://github.com/python/typeshed) | `6.0.12.20260510` | `6.0.12.20260518` |\n| [types-pytz](https://github.com/python/typeshed) | `2026.2.0.20260506` | `2026.2.0.20260518` |\n| [types-python-dateutil](https://github.com/python/typeshed) | `2.9.0.20260508` | `2.9.0.20260518` |\n| [types-requests](https://github.com/python/typeshed) | `2.33.0.20260508` | `2.33.0.20260518` |\n| [pytest-socket](https://github.com/miketheman/pytest-socket) | `0.7.0` | `0.8.0` |\n| [pytest-rerunfailures](https://github.com/pytest-dev/pytest-rerunfailures) | `16.1` | `16.3` |\n\n\nUpdates `requests` from 2.34.0 to 2.34.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.34.2\u003c/h2\u003e\n\u003ch2\u003e2.34.2 (2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMoved \u003ccode\u003eheaders\u003c/code\u003e input type back to \u003ccode\u003eMapping\u003c/code\u003e to avoid invariance issues with \u003ccode\u003eMutableMapping\u003c/code\u003e and inferred dict types. Users calling \u003ccode\u003eRequest.headers.update()\u003c/code\u003e may need to narrow typing in their code. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.34.1\u003c/h2\u003e\n\u003ch2\u003e2.34.1 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWidened \u003ccode\u003ejson\u003c/code\u003e input type from \u003ccode\u003edict\u003c/code\u003e and \u003ccode\u003elist\u003c/code\u003e to \u003ccode\u003eMapping\u003c/code\u003e\nand \u003ccode\u003eSequence\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanged \u003ccode\u003eheaders\u003c/code\u003e input type to MutableMapping and removed \u003ccode\u003eNone\u003c/code\u003e from\n\u003ccode\u003eRequest.headers\u003c/code\u003e typing to improve handling for users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.reason\u003c/code\u003e moved from \u003ccode\u003estr | None\u003c/code\u003e to \u003ccode\u003estr\u003c/code\u003e to improve handling\nfor users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where some bodies with custom \u003ccode\u003e__getattr__\u003c/code\u003e implementations\nweren't being properly detected as Iterables. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7433\"\u003e#7433\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/k223kim\"\u003e\u003ccode\u003e@​k223kim\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7433\"\u003epsf/requests#7433\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.34.2 (2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMoved \u003ccode\u003eheaders\u003c/code\u003e input type back to \u003ccode\u003eMapping\u003c/code\u003e to avoid invariance issues\nwith \u003ccode\u003eMutableMapping\u003c/code\u003e and inferred dict types. Users calling\n\u003ccode\u003eRequest.headers.update()\u003c/code\u003e may need to narrow typing in their code. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.34.1 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWidened \u003ccode\u003ejson\u003c/code\u003e input type from \u003ccode\u003edict\u003c/code\u003e and \u003ccode\u003elist\u003c/code\u003e to \u003ccode\u003eMapping\u003c/code\u003e\nand \u003ccode\u003eSequence\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanged \u003ccode\u003eheaders\u003c/code\u003e input type to MutableMapping and removed \u003ccode\u003eNone\u003c/code\u003e from\n\u003ccode\u003eRequest.headers\u003c/code\u003e typing to improve handling for users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.reason\u003c/code\u003e moved from \u003ccode\u003estr | None\u003c/code\u003e to \u003ccode\u003estr\u003c/code\u003e to improve handling\nfor users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where some bodies with custom \u003ccode\u003e__getattr__\u003c/code\u003e implementations\nweren't being properly detected as Iterables. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7433\"\u003e#7433\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/6e83187b8feb273ed4c6cdab5efd8d54901dfab3\"\u003e\u003ccode\u003e6e83187\u003c/code\u003e\u003c/a\u003e v2.34.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/84d10f0be83e8f6aeca8a05230c52216431c4d0b\"\u003e\u003ccode\u003e84d10f0\u003c/code\u003e\u003c/a\u003e Move Request.headers back to Mapping (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/b7b549b54571d03950b16afd2d01bc6ff0348224\"\u003e\u003ccode\u003eb7b549b\u003c/code\u003e\u003c/a\u003e v2.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e511bc72777a94c45d004e010c597925092e1efe\"\u003e\u003ccode\u003ee511bc7\u003c/code\u003e\u003c/a\u003e Fix mutability issues with headers input types (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/5691f596134c2feb121e595c77a0178921fcce61\"\u003e\u003ccode\u003e5691f59\u003c/code\u003e\u003c/a\u003e Update JsonType containers to read-based collections (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/2144213c307691710c9d665700860fc4993c3035\"\u003e\u003ccode\u003e2144213\u003c/code\u003e\u003c/a\u003e Constrain Response.reason to str (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/6404f345e562d962abe6700a1c357ec1e7e18232\"\u003e\u003ccode\u003e6404f34\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eprepare_body\u003c/code\u003e stream detection for \u003ccode\u003e__getattr__\u003c/code\u003e-based file wrappers (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7\"\u003e#7\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/psf/requests/compare/v2.34.0...v2.34.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `click` from 8.3.3 to 8.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/releases\"\u003eclick's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.4.1\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.4.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.4.1/\"\u003ehttps://pypi.org/project/click/8.4.1/\u003c/a\u003e\nChanges: \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-4-1\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-4-1\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/click/milestone/32?closed=1\"\u003ehttps://github.com/pallets/click/milestone/32?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eget_parameter_source()\u003c/code\u003e is available during eager callbacks and type conversion again. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3458\"\u003e#3458\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3484\"\u003e#3484\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eZsh completion scripts parse correctly on Windows. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3277\"\u003e#3277\u003c/a\u003e # 3466\u003c/li\u003e\n\u003cli\u003eShell completion of \u003ccode\u003eChoice\u003c/code\u003e \u003ccode\u003eEnum\u003c/code\u003e values produces a valid completion result. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3015\"\u003e#3015\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix empty byte-string handling in echo. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3487\"\u003e#3487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix closed file error with \u003ccode\u003eecho_via_pager\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3449\"\u003e#3449\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.0\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.4.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecation, or introduce potentially breaking changes.\u003c/p\u003e\n\u003cp\u003eWe encourage everyone to upgrade. You can read more about our \u003ca href=\"https://palletsprojects.com/versions\"\u003eVersion Support Policy\u003c/a\u003e on our website.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.4.0/\"\u003ehttps://pypi.org/project/click/8.4.0/\u003c/a\u003e\nChanges:  \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-4-0\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-4-0\u003c/a\u003e\nMilestone \u003ca href=\"https://github.com/pallets/click/milestone/30\"\u003ehttps://github.com/pallets/click/milestone/30\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eParamType\u003c/code\u003e typing improvements. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3371\"\u003e#3371\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e is now a generic abstract base class,\nparameterized by its converted value type.\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.convert\u003c/code\u003e return types are narrowed on all\nconcrete types (\u003ccode\u003estr\u003c/code\u003e for :class:\u003ccode\u003eSTRING\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e for\n:class:\u003ccode\u003eINT\u003c/code\u003e, etc.).\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.to_info_dict\u003c/code\u003e returns specific\n:class:\u003ccode\u003e~typing.TypedDict\u003c/code\u003e subclasses instead of\n\u003ccode\u003edict[str, Any]\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e:class:\u003ccode\u003eCompositeParamType\u003c/code\u003e and the number-range base are now\ngeneric with abstract methods.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor \u003ccode\u003econvert_type\u003c/code\u003e to extract type inference into a private\n\u003ccode\u003e_guess_type\u003c/code\u003e helper, and add :func:\u003ccode\u003etyping.overload\u003c/code\u003e signatures.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/3372\"\u003e#3372\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eParameter\u003c/code\u003e typing improvements. \u003ca href=\"https://redirect.github.com/pallets/click/issues/2805\"\u003e#2805\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e is now an abstract base class, making explicit\nthat it cannot be instantiated directly.\u003c/li\u003e\n\u003cli\u003e:attr:\u003ccode\u003eParameter.name\u003c/code\u003e is now \u003ccode\u003estr\u003c/code\u003e instead of \u003ccode\u003estr | None\u003c/code\u003e.\nWhen \u003ccode\u003eexpose_value=False\u003c/code\u003e, the name is set to \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e instead\nof \u003ccode\u003eNone\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ectx\u003c/code\u003e parameter of :meth:\u003ccode\u003eParameter.get_error_hint\u003c/code\u003e is now\ntyped as \u003ccode\u003eContext | None\u003c/code\u003e, matching the runtime behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSplit string values from \u003ccode\u003edefault_map\u003c/code\u003e for parameters with \u003ccode\u003enargs \u0026gt; 1\u003c/code\u003e\nor :class:\u003ccode\u003eTuple\u003c/code\u003e type, matching environment variable behavior.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/blob/main/CHANGES.rst\"\u003eclick's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 8.4.1\u003c/h2\u003e\n\u003cp\u003eReleased 2026-05-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eget_parameter_source()\u003c/code\u003e is available during eager callbacks and type\nconversion again. :issue:\u003ccode\u003e3458\u003c/code\u003e :issue:\u003ccode\u003e3484\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eZsh completion scripts parse correctly on Windows. :issue:\u003ccode\u003e3277\u003c/code\u003e :pr:\u003ccode\u003e3466\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eShell completion of \u003ccode\u003eChoice\u003c/code\u003e \u003ccode\u003eEnum\u003c/code\u003e values produces a valid completion\nresult. :issue:\u003ccode\u003e3015\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix empty byte-string handling in echo. :issue:\u003ccode\u003e3487\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix closed file error with \u003ccode\u003eecho_via_pager\u003c/code\u003e. :issue:\u003ccode\u003e3449\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 8.4.0\u003c/h2\u003e\n\u003cp\u003eReleased 2026-05-17\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e typing improvements. :pr:\u003ccode\u003e3371\u003c/code\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e is now a generic abstract base class,\nparameterized by its converted value type.\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.convert\u003c/code\u003e return types are narrowed on all\nconcrete types (\u003ccode\u003estr\u003c/code\u003e for :class:\u003ccode\u003eSTRING\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e for\n:class:\u003ccode\u003eINT\u003c/code\u003e, etc.).\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.to_info_dict\u003c/code\u003e returns specific\n:class:\u003ccode\u003e~typing.TypedDict\u003c/code\u003e subclasses instead of\n\u003ccode\u003edict[str, Any]\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e:class:\u003ccode\u003eCompositeParamType\u003c/code\u003e and the number-range base are now\ngeneric with abstract methods.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor \u003ccode\u003econvert_type\u003c/code\u003e to extract type inference into a private\n\u003ccode\u003e_guess_type\u003c/code\u003e helper, and add :func:\u003ccode\u003etyping.overload\u003c/code\u003e signatures.\n:pr:\u003ccode\u003e3372\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e typing improvements. :pr:\u003ccode\u003e2805\u003c/code\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e is now an abstract base class, making explicit\nthat it cannot be instantiated directly.\u003c/li\u003e\n\u003cli\u003e:attr:\u003ccode\u003eParameter.name\u003c/code\u003e is now \u003ccode\u003estr\u003c/code\u003e instead of \u003ccode\u003estr | None\u003c/code\u003e.\nWhen \u003ccode\u003eexpose_value=False\u003c/code\u003e, the name is set to \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e instead\nof \u003ccode\u003eNone\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ectx\u003c/code\u003e parameter of :meth:\u003ccode\u003eParameter.get_error_hint\u003c/code\u003e is now\ntyped as \u003ccode\u003eContext | None\u003c/code\u003e, matching the runtime behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSplit string values from \u003ccode\u003edefault_map\u003c/code\u003e for parameters with \u003ccode\u003enargs \u0026gt; 1\u003c/code\u003e\nor :class:\u003ccode\u003eTuple\u003c/code\u003e type, matching environment variable behavior.\n:issue:\u003ccode\u003e2745\u003c/code\u003e :pr:\u003ccode\u003e3364\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAuto-detect \u003ccode\u003etype=UNPROCESSED\u003c/code\u003e for \u003ccode\u003eflag_value\u003c/code\u003e of non-basic types\n(not \u003ccode\u003estr\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e, \u003ccode\u003efloat\u003c/code\u003e, or \u003ccode\u003ebool\u003c/code\u003e), so programmer-provided\nPython objects like classes and enum members are passed through unchanged\ninstead of being stringified. Previously \u003ccode\u003etype=click.UNPROCESSED\u003c/code\u003e had\nto be set explicitly. :issue:\u003ccode\u003e2012\u003c/code\u003e :pr:\u003ccode\u003e3363\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/6eeb50e948ea136db145280f6f5dd52eca3fa7e5\"\u003e\u003ccode\u003e6eeb50e\u003c/code\u003e\u003c/a\u003e release version 8.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/67921d5b71584112eebcbf89596b5f0e6d14c49f\"\u003e\u003ccode\u003e67921d5\u003c/code\u003e\u003c/a\u003e change log and doc fixes (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3495\"\u003e#3495\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/9c41f46a4015700489ad009266edf1f3893d01d1\"\u003e\u003ccode\u003e9c41f46\u003c/code\u003e\u003c/a\u003e Fix changelog and version admonitions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/6cb34774f20598aa288332f8da02c5aee85448a6\"\u003e\u003ccode\u003e6cb3477\u003c/code\u003e\u003c/a\u003e fix skip condition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/5ee8e3123d8ddece6c47eff9a7a7d4ca478c4f37\"\u003e\u003ccode\u003e5ee8e31\u003c/code\u003e\u003c/a\u003e fix I/O operation on closed file error with CliRunner and echo_via_pager (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3482\"\u003e#3482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/becbde5cf416441627f779e8dd34e57738ee1c1f\"\u003e\u003ccode\u003ebecbde5\u003c/code\u003e\u003c/a\u003e pager doesn't close std streams\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/a5f5aa6d4012d256ccca24638f2642fc371e9f77\"\u003e\u003ccode\u003ea5f5aa6\u003c/code\u003e\u003c/a\u003e Handle empty bytes in echo (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3493\"\u003e#3493\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/4d3db84b251518e97299a38a5ca4bab3d01873a2\"\u003e\u003ccode\u003e4d3db84\u003c/code\u003e\u003c/a\u003e handle empty bytes in echo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/d42f15b71757de791a5781fb179fd972da9169f5\"\u003e\u003ccode\u003ed42f15b\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eget_parameter_source()\u003c/code\u003e during type conversion and eager callbacks (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3484\"\u003e#3484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/0baa8db07736fc7ad3d3eed97d4c73b0059c63e1\"\u003e\u003ccode\u003e0baa8db\u003c/code\u003e\u003c/a\u003e Document ctx.params bypass with test and doc\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/click/compare/8.3.3...8.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-ldap` from 3.4.5 to 3.4.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-ldap/python-ldap/releases\"\u003epython-ldap's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.4.7\u003c/h2\u003e\n\u003cp\u003eNo code changes, correcting for the fact that the previous release artifacts\nuploaded to PyPI contained unintended files.\u003c/p\u003e\n\u003ch2\u003e3.4.6\u003c/h2\u003e\n\u003cp\u003eFixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eattrlist\u003c/code\u003e parameter is now properly checked before use, avoiding memory\nerrors due to type mismatches\u003c/li\u003e\n\u003cli\u003eFixed errors with requestName/requestValue in \u003ccode\u003eextop.dds\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eldif\u003c/code\u003e and \u003ccode\u003eldap.schema\u003c/code\u003e modules now actively close sockets as they're\nfinished with them\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eInfrastructure:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePackage no longer requires setuptools-scm\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-ldap/python-ldap/blob/python-ldap-3.4.7/CHANGES\"\u003epython-ldap's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eReleased 3.4.7 2026-05-19\u003c/p\u003e\n\u003cp\u003eNo code changes, correcting for the fact that the previous release artifacts\nuploaded to PyPI contained unintended files.\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003eReleased 3.4.6 2026-05-14\u003c/p\u003e\n\u003cp\u003eFixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eattrlist\u003c/code\u003e parameter is now properly checked before use, avoiding memory\nerrors due to type mismatches\u003c/li\u003e\n\u003cli\u003eFixed errors with requestName/requestValue in \u003ccode\u003eextop.dds\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eldif\u003c/code\u003e and \u003ccode\u003eldap.schema\u003c/code\u003e modules now actively close sockets as they're\nfinished with them\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eInfrastructure:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePackage no longer requires setuptools-scm\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003eReleased 3.4.5 2025-10-10\u003c/p\u003e\n\u003cp\u003eSecurity fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2025-61911 (GHSA-r7r6-cc7p-4v5m): Enforce \u003ccode\u003estr\u003c/code\u003e input in\n\u003ccode\u003eldap.filter.escape_filter_chars\u003c/code\u003e with \u003ccode\u003eescape_mode=1\u003c/code\u003e; ensure proper\nescaping. (thanks to lukas-eu)\u003c/li\u003e\n\u003cli\u003eCVE-2025-61912 (GHSA-p34h-wq7j-h5v6): Correct NUL escaping in\n\u003ccode\u003eldap.dn.escape_dn_chars\u003c/code\u003e to \u003ccode\u003e\\00\u003c/code\u003e per RFC 4514. (thanks to aradona91)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReconnectLDAPObject now properly reconnects on UNAVAILABLE, CONNECT_ERROR\nand TIMEOUT exceptions (previously only SERVER_DOWN), fixing reconnection\nissues especially during server restarts\u003c/li\u003e\n\u003cli\u003eFixed syncrepl.py to use named constants instead of raw decimal values\nfor result types\u003c/li\u003e\n\u003cli\u003eFixed error handling in SearchNoOpMixIn to prevent a undefined variable error\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eTests:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded comprehensive reconnection test cases including concurrent operation\nhandling and server restart scenarios\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDoc/\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated installation docs and fixed various documentation typos\u003c/li\u003e\n\u003cli\u003eAdded ReadTheDocs configuration file\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eInfrastructure:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd testing and document support for Python 3.13\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003eReleased 3.4.4 2022-11-17\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-ldap/python-ldap/commit/79f34cc398c5bdf202bdb4024a1bb2ec272ce26e\"\u003e\u003ccode\u003e79f34cc\u003c/code\u003e\u003c/a\u003e Prepare a new release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-ldap/python-ldap/commit/4472afd4dd00da71c6836377bad8e0c77702bb66\"\u003e\u003ccode\u003e4472afd\u003c/code\u003e\u003c/a\u003e Prepare a new release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-ldap/python-ldap/commit/f8aa2894212e6624b1b4aac3aa46517652dd5983\"\u003e\u003ccode\u003ef8aa289\u003c/code\u003e\u003c/a\u003e CI: Drop 3.8 from CI as no longer supported in current images\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-ldap/python-ldap/commit/311dbbab0a222238790a18246f0b5b63b895930c\"\u003e\u003ccode\u003e311dbba\u003c/code\u003e\u003c/a\u003e fix(LDAPObject): Prevent memory errors in attrs_from_List\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-ldap/python-ldap/commit/dee242c7015faf0d132eedc4d4235b791910bdd9\"\u003e\u003ccode\u003edee242c\u003c/code\u003e\u003c/a\u003e test: Test valid and invalid attrlist parameters\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-ldap/python-ldap/commit/9257c176ec7e428742dce0a89d5df27d4cb4c3df\"\u003e\u003ccode\u003e9257c17\u003c/code\u003e\u003c/a\u003e ci(github): update github actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-ldap/python-ldap/commit/2ecbc03ff87afa4aa95db84def620a0c514ccbbb\"\u003e\u003ccode\u003e2ecbc03\u003c/code\u003e\u003c/a\u003e fix(ldif): explicitly close sockets after fetching URLs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-ldap/python-ldap/commit/5b173c96c2ade8b7ea2e91a5d46bbefbbd56c5c5\"\u003e\u003ccode\u003e5b173c9\u003c/code\u003e\u003c/a\u003e fix(ldap.schema): Explicitly close url file to avoid ResourceWarning in Pytho...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-ldap/python-ldap/commit/1491b43ecf1856608fa401e66c9d3f89874c75d7\"\u003e\u003ccode\u003e1491b43\u003c/code\u003e\u003c/a\u003e remove superfluous dependency on setuptools-scm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-ldap/python-ldap/commit/7e93577c20207c12205db4e6724291483aed94da\"\u003e\u003ccode\u003e7e93577\u003c/code\u003e\u003c/a\u003e fix(extop.dds): make passing of requestName optional again\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-ldap/python-ldap/compare/python-ldap-3.4.5...python-ldap-3.4.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `opentelemetry-api` from 1.41.1 to 1.42.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/blob/main/CHANGELOG.md\"\u003eopentelemetry-api's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.42.1/0.63b1 (2026-05-21)\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve the random trace ID flag when creating child spans instead of always\nsetting the random trace id bit depending on the available trace id\ngenerator.\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/5241\"\u003e#5241\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.42.0/0.63b0 (2026-05-19)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-api\u003c/code\u003e, \u003ccode\u003eopentelemetry-sdk\u003c/code\u003e: add support for 'random-trace-id'\nflags in W3C traceparent header trace flags. Implementations of \u003ccode\u003eIdGenerator\u003c/code\u003e\nthat do randomly generate the 56 least significant bits, should also\nimplement a \u003ccode\u003eis_trace_id_random\u003c/code\u003e methods that returns \u003ccode\u003eTrue\u003c/code\u003e.\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/4854\"\u003e#4854\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elogs: add exception support to Logger emit and LogRecord attributes\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/4908\"\u003e#4908\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-exporter-otlp-proto-grpc\u003c/code\u003e: make retryable gRPC error codes\nconfigurable for gRPC exporters\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/4917\"\u003e#4917\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-sdk\u003c/code\u003e: Add \u003ccode\u003ecreate_logger_provider\u003c/code\u003e/\u003ccode\u003econfigure_logger_provider\u003c/code\u003e\nto declarative file configuration, enabling LoggerProvider instantiation from\nconfig files without reading env vars\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/4990\"\u003e#4990\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-exporter-otlp-json-common\u003c/code\u003e: add\n'opentelemetry-exporter-otlp-json-common' package for OTLP JSON exporters\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-sdk\u003c/code\u003e: Add \u003ccode\u003eservice\u003c/code\u003e resource detector support to declarative\nfile configuration via \u003ccode\u003edetection_development.detectors[].service\u003c/code\u003e\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/5003\"\u003e#5003\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-docker-tests\u003c/code\u003e: add docker-tests coverage of\n\u003ccode\u003eopentelemetry-exporter-otlp-proto-grpc\u003c/code\u003e and\n\u003ccode\u003eopentelemetry-exporter-otlp-proto-http\u003c/code\u003e metrics export\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/5030\"\u003e#5030\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eregistry\u003c/code\u003e keyword argument to \u003ccode\u003ePrometheusMetricReader\u003c/code\u003e to allow passing\na custom Prometheus registry\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/5055\"\u003e#5055\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd WeaverLiveCheck test util\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/5088\"\u003e#5088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-sdk\u003c/code\u003e: add \u003ccode\u003eload_entry_point\u003c/code\u003e shared utility to declarative\nfile configuration for loading plugins via entry points; refactor propagator\nloading to use it\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/5093\"\u003e#5093\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-sdk\u003c/code\u003e: add sampler plugin loading to declarative file\nconfiguration via the \u003ccode\u003eopentelemetry_sampler\u003c/code\u003e entry point group, matching the\nspec's PluginComponentProvider mechanism\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/5095\"\u003e#5095\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/367e14d01104785ac28b1c66ac32b2082f864a12\"\u003e\u003ccode\u003e367e14d\u003c/code\u003e\u003c/a\u003e Prepare release 1.42.1/0.63b1 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/issues/5243\"\u003e#5243\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/fd8e50410b1788d34b36173dea58d8e38dcc80bc\"\u003e\u003ccode\u003efd8e504\u003c/code\u003e\u003c/a\u003e Preserve random trace ID flag for child spans (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/issues/5241\"\u003e#5241\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/issues/5242\"\u003e#5242\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/013045e3787654123b08530059759842312325ab\"\u003e\u003ccode\u003e013045e\u003c/code\u003e\u003c/a\u003e [release/v1.42.x-0.63bx] Prepare release 1.42.0/0.63b0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/issues/5225\"\u003e#5225\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/1731583b4e7bc6ec6a33345aa19706fc83acc8d5\"\u003e\u003ccode\u003e1731583\u003c/code\u003e\u003c/a\u003e ci: Enable GitHub Merge Queue support (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/issues/5209\"\u003e#5209\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/7fab34d4f49c1cd67df07fa53471c0ae6c269008\"\u003e\u003ccode\u003e7fab34d\u003c/code\u003e\u003c/a\u003e fix(config): allow deflate for OTLP HTTP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/issues/5075\"\u003e#5075\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/0b690d2139f68dd42d2425c920aec882698443fa\"\u003e\u003ccode\u003e0b690d2\u003c/code\u003e\u003c/a\u003e ci: validate changelog fragment filenames (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/issues/5212\"\u003e#5212\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/d4fabb4d6d79812a6d38dd900212f6a0fdb1866b\"\u003e\u003ccode\u003ed4fabb4\u003c/code\u003e\u003c/a\u003e feat(config): exporter plugin loading via entry points for declarative config...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/e19d34600b177b97cf1d8320a77ff75133515012\"\u003e\u003ccode\u003ee19d346\u003c/code\u003e\u003c/a\u003e feat(config): generic resource detector plugin loading for declarative config...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/1d69bd2eaa02715ecf3877a8f391678be58f2f57\"\u003e\u003ccode\u003e1d69bd2\u003c/code\u003e\u003c/a\u003e sdk/metrics: copy attributes dict to prevent post-recording mutation (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/issues/5106\"\u003e#5106\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/990a6112a124e53cc0e3f66871ce8f8d00955d15\"\u003e\u003ccode\u003e990a611\u003c/code\u003e\u003c/a\u003e feat(config): propagator plugin loading via entry points for declarative conf...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/compare/v1.41.1...v1.42.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `opentelemetry-sdk` from 1.41.1 to 1.42.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/blob/main/CHANGELOG.md\"\u003eopentelemetry-sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.42.1/0.63b1 (2026-05-21)\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve the random trace ID flag when creating child spans instead of always\nsetting the random trace id bit depending on the available trace id\ngenerator.\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/5241\"\u003e#5241\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.42.0/0.63b0 (2026-05-19)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-api\u003c/code\u003e, \u003ccode\u003eopentelemetry-sdk\u003c/code\u003e: add support for 'random-trace-id'\nflags in W3C traceparent header trace flags. Implementations of \u003ccode\u003eIdGenerator\u003c/code\u003e\nthat do randomly generate the 56 least significant bits, should also\nimplement a \u003ccode\u003eis_trace_id_random\u003c/code\u003e methods that returns \u003ccode\u003eTrue\u003c/code\u003e.\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/4854\"\u003e#4854\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elogs: add exception support to Logger emit and LogRecord attributes\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/4908\"\u003e#4908\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-exporter-otlp-proto-grpc\u003c/code\u003e: make retryable gRPC error codes\nconfigurable for gRPC exporters\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/4917\"\u003e#4917\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-sdk\u003c/code\u003e: Add \u003ccode\u003ecreate_logger_provider\u003c/code\u003e/\u003ccode\u003econfigure_logger_provider\u003c/code\u003e\nto declarative file configuration, enabling LoggerProvider instantiation from\nconfig files without reading env vars\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/4990\"\u003e#4990\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-exporter-otlp-json-common\u003c/code\u003e: add\n'opentelemetry-exporter-otlp-json-common' package for OTLP JSON exporters\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-sdk\u003c/code\u003e: Add \u003ccode\u003eservice\u003c/code\u003e resource detector support to declarative\nfile configuration via \u003ccode\u003edetection_development.detectors[].service\u003c/code\u003e\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/5003\"\u003e#5003\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-docker-tests\u003c/code\u003e: add docker-tests coverage of\n\u003ccode\u003eopentelemetry-exporter-otlp-proto-grpc\u003c/code\u003e and\n\u003ccode\u003eopentelemetry-exporter-otlp-proto-http\u003c/code\u003e metrics export\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/5030\"\u003e#5030\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eregistry\u003c/code\u003e keyword argument to \u003ccode\u003ePrometheusMetricReader\u003c/code\u003e to allow passing\na custom Prometheus registry\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/5055\"\u003e#5055\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd WeaverLiveCheck test util\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/5088\"\u003e#5088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-sdk\u003c/code\u003e: add \u003ccode\u003eload_entry_point\u003c/code\u003e shared utility to declarative\nfile configuration for loading plugins via entry points; refactor propagator\nloading to use it\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/5093\"\u003e#5093\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-sdk\u003c/code\u003e: add sampler plugin loading to declarative file\nconfiguration via the \u003ccode\u003eopentelemetry_sampler\u003c/code\u003e entry point group, matching the\nspec's PluginComponentProvider mechanism\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/5095\"\u003e#5095\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/367e14d01104785ac28b1c66ac32b2082f864a12\"\u003e\u003ccode\u003e367e14d\u003c/code\u003e\u003c/a\u003e Prepare release 1.42.1/0.63b1 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/issues/5243\"\u003e#5243\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/fd8e50410b1788d34b36173dea58d8e38dcc80bc\"\u003e\u003ccode\u003efd8e504\u003c/code\u003e\u003c/a\u003e Preserve random trace ID flag for child spans (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/issues/5241\"\u003e#5241\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/issues/5242\"\u003e#5242\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/013045e3787654123b08530059759842312325ab\"\u003e\u003ccode\u003e013045e\u003c/code\u003e\u003c/a\u003e [release/v1.42.x-0.63bx] Prepare release 1.42.0/0.63b0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/issues/5225\"\u003e#5225\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/1731583b4e7bc6ec6a33345aa19706fc83acc8d5\"\u003e\u003ccode\u003e1731583\u003c/code\u003e\u003c/a\u003e ci: Enable GitHub Merge Queue support (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/issues/5209\"\u003e#5209\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/7fab34d4f49c1cd67df07fa53471c0ae6c269008\"\u003e\u003ccode\u003e7fab34d\u003c/code\u003e\u003c/a\u003e fix(config): allow deflate for OTLP HTTP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/issues/5075\"\u003e#5075\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/0b690d2139f68dd42d2425c920aec882698443fa\"\u003e\u003ccode\u003e0b690d2\u003c/code\u003e\u003c/a\u003e ci: validate changelog fragment filenames (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/issues/5212\"\u003e#5212\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/d4fabb4d6d79812a6d38dd900212f6a0fdb1866b\"\u003e\u003ccode\u003ed4fabb4\u003c/code\u003e\u003c/a\u003e feat(config): exporter plugin loading via entry points for declarative config...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/e19d34600b177b97cf1d8320a77ff75133515012\"\u003e\u003ccode\u003ee19d346\u003c/code\u003e\u003c/a\u003e feat(config): generic resource detector plugin loading for declarative config...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/1d69bd2eaa02715ecf3877a8f391678be58f2f57\"\u003e\u003ccode\u003e1d69bd2\u003c/code\u003e\u003c/a\u003e sdk/metrics: copy attributes dict to prevent post-recording mutation (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/issues/5106\"\u003e#5106\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/990a6112a124e53cc0e3f66871ce8f8d00955d15\"\u003e\u003ccode\u003e990a611\u003c/code\u003e\u003c/a\u003e feat(config): propagator plugin loading via entry points for declarative conf...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/compare/v1.41.1...v1.42.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `black` from 26.3.1 to 26.5.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/releases\"\u003eblack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.5.1\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix unstable formatting of annotated assignments whose subscript annotation contains\nan inline comment (e.g. \u003ccode\u003ex: list[  # pyright: ignore[...]\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/psf/black/issues/5130\"\u003e#5130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve inline comments (including \u003ccode\u003e# type: ignore\u003c/code\u003e) immediately before a\n\u003ccode\u003e# fmt: skip\u003c/code\u003e line, avoiding AST equivalence failures (\u003ca href=\"https://redirect.github.com/psf/black/issues/5139\"\u003e#5139\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect the version in the published executables (\u003ca href=\"https://redirect.github.com/psf/black/issues/5137\"\u003e#5137\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Neovim integration guide covering conform.nvim, ALE, and simple command approaches\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/5124\"\u003e#5124\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e26.5.0\u003c/h2\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for unpacking in comprehensions (PEP 798) and for lazy imports (PEP 810),\nboth new syntactic features in Python 3.15 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5048\"\u003e#5048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePython 3.15 is now supported. Compiled wheels are not yet provided for Python 3.15, so\nperformance may be slower than on existing Python versions. Wheels will be provided\nonce Python 3.15 is later in its release cycle. (\u003ca href=\"https://redirect.github.com/psf/black/issues/5127\"\u003e#5127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003e# fmt: skip\u003c/code\u003e being ignored in nested \u003ccode\u003eif\u003c/code\u003e expressions with parenthesized \u003ccode\u003ein\u003c/code\u003e\nclauses (\u003ca href=\"https://redirect.github.com/psf/black/issues/4903\"\u003e#4903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd syntactic support for Python 3.15 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5048\"\u003e#5048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash when an f-string follows a \u003ccode\u003e# fmt: off\u003c/code\u003e comment inside brackets (\u003ca href=\"https://redirect.github.com/psf/black/issues/5097\"\u003e#5097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve multiline compound statement headers when \u003ccode\u003e# fmt: skip\u003c/code\u003e is placed on the\ncolon line (\u003ca href=\"https://redirect.github.com/psf/black/issues/5117\"\u003e#5117\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove heuristics around whether blank lines should appear before, within and after\ngroups of same-name decorated functions (such as \u003ccode\u003e@overload\u003c/code\u003e groups) in \u003ccode\u003e.pyi\u003c/code\u003e stub\nfiles (\u003ca href=\"https://redirect.github.com/psf/black/issues/5021\"\u003e#5021\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix blank lines being removed between a function and a decorated class in \u003ccode\u003e.pyi\u003c/code\u003e stub\nfiles (\u003ca href=\"https://redirect.github.com/psf/black/issues/5092\"\u003e#5092\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent string merger from creating unsplittable long lines when a pragma comment\n(e.g. \u003ccode\u003e# type: ignore\u003c/code\u003e) follows the closing bracket (\u003ca href=\"https://redirect.github.com/psf/black/issues/5096\"\u003e#5096\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRun CI on 3.15 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5127\"\u003e#5127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOutput\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/blob/main/CHANGES.md\"\u003eblack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 26.5.1\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix unstable formatting of annotated assignments whose subscript annotation contains\nan inline comment (e.g. \u003ccode\u003ex: list[  # pyright: ignore[...]\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/psf/black/issues/5130\"\u003e#5130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve inline comments (including \u003ccode\u003e# type: ignore\u003c/code\u003e) immediately before a\n\u003ccode\u003e# fmt: skip\u003c/code\u003e line, avoiding AST equivalence failures (\u003ca href=\"https://redirect.github.com/psf/black/issues/5139\"\u003e#5139\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect the version in the published executables (\u003ca href=\"https://redirect.github.com/psf/black/issues/5137\"\u003e#5137\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Neovim integration guide covering conform.nvim, ALE, and simple command approaches\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/5124\"\u003e#5124\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 26.5.0\u003c/h2\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for unpacking in comprehensions (PEP 798) and for lazy imports (PEP 810),\nboth new syntactic features in Python 3.15 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5048\"\u003e#5048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePython 3.15 is now supported. Compiled wheels are not yet provided for Python 3.15, so\nperformance may be slower than on existing Python versions. Wheels will be provided\nonce Python 3.15 is later in its release cycle. (\u003ca href=\"https://redirect.github.com/psf/black/issues/5127\"\u003e#5127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003e# fmt: skip\u003c/code\u003e being ignored in nested \u003ccode\u003eif\u003c/code\u003e expressions with parenthesized \u003ccode\u003ein\u003c/code\u003e\nclauses (\u003ca href=\"https://redirect.github.com/psf/black/issues/4903\"\u003e#4903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd syntactic support for Python 3.15 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5048\"\u003e#5048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash when an f-string follows a \u003ccode\u003e# fmt: off\u003c/code\u003e comment inside brackets (\u003ca href=\"https://redirect.github.com/psf/black/issues/5097\"\u003e#5097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve multiline compound statement headers when \u003ccode\u003e# fmt: skip\u003c/code\u003e is placed on the\ncolon line (\u003ca href=\"https://redirect.github.com/psf/black/issues/5117\"\u003e#5117\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove heuristics around whether blank lines should appear before, within and after\ngroups of same-name decorated functions (such as \u003ccode\u003e@overload\u003c/code\u003e groups) in \u003ccode\u003e.pyi\u003c/code\u003e stub\nfiles (\u003ca href=\"https://redirect.github.com/psf/black/issues/5021\"\u003e#5021\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix blank lines being removed between a function and a decorated class in \u003ccode\u003e.pyi\u003c/code\u003e stub\nfiles (\u003ca href=\"https://redirect.github.com/psf/black/issues/5092\"\u003e#5092\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent string merger from creating unsplittable long lines when a pragma comment\n(e.g. \u003ccode\u003e# type: ignore\u003c/code\u003e) follows the closing bracket (\u003ca href=\"https://redirect.github.com/psf/black/issues/5096\"\u003e#5096\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRun CI on 3.15 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5127\"\u003e#5127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/87928e6d6761a4a6d22250e1fee5601b3998086e\"\u003e\u003ccode\u003e87928e6\u003c/code\u003e\u003c/a\u003e Prepare release 26.5.1 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5140\"\u003e#5140\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c970a49702488739add6c728122deb3a99900803\"\u003e\u003ccode\u003ec970a49\u003c/code\u003e\u003c/a\u003e Preserve comments before fmt: skip lines (\u003ca href=\"https://redirect.github.com/psf/black/issues/5139\"\u003e#5139\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/5809338fd5f92d50e80c2ad312292ae6d428a480\"\u003e\u003ccode\u003e5809338\u003c/code\u003e\u003c/a\u003e Preserve inline comments inside annotation subscripts (\u003ca href=\"https://redirect.github.com/psf/black/issues/5130\"\u003e#5130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/61361b71995f6ea44ce01915bacd3ecc50642507\"\u003e\u003ccode\u003e61361b7\u003c/code\u003e\u003c/a\u003e docs: add Neovim integration guide and fix http link (\u003ca href=\"https://redirect.github.com/psf/black/issues/5124\"\u003e#5124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/ebe6018e3254629788376e619207719fbe34a849\"\u003e\u003ccode\u003eebe6018\u003c/code\u003e\u003c/a\u003e CI Hotfixes (\u003ca href=\"https://redirect.github.com/psf/black/issues/5136\"\u003e#5136\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/9cbd95f80e97c1ab4d690d1d41b81579a13bf75c\"\u003e\u003ccode\u003e9cbd95f\u003c/code\u003e\u003c/a\u003e Fix publish binaries again on Windows (\u003ca href=\"https://redirect.github.com/psf/black/issues/5134\"\u003e#5134\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/3dc8e6c41911bdaedb4bac8d633979c34a112b78\"\u003e\u003ccode\u003e3dc8e6c\u003c/code\u003e\u003c/a\u003e Add new changelog (\u003ca href=\"https://redirect.github.com/psf/black/issues/5132\"\u003e#5132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/6d0fff0d5a965b9d0d3dbd7c5738d835fd574130\"\u003e\u003ccode\u003e6d0fff0\u003c/code\u003e\u003c/a\u003e Fix publish binaries workflow (\u003ca href=\"https://redirect.github.com/psf/black/issues/5133\"\u003e#5133\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/d2490e24dad33b8f68c77602ee29160de0fea24b\"\u003e\u003ccode\u003ed2490e2\u003c/code\u003e\u003c/a\u003e Prepare release 26.5.0 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5131\"\u003e#5131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/2b13ea76fa69d4923381df65deb1a5c896ca27ad\"\u003e\u003ccode\u003e2b13ea7\u003c/code\u003e\u003c/a\u003e Preserve multiline headers with fmt skip (\u003ca href=\"https://redirect.github.com/psf/black/issues/5117\"\u003e#5117\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/black/compare/26.3.1...26.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `botocore` from 1.43.6 to 1.43.14\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/f23ff3b6696ff40edf962921f5e42299f32bbe94\"\u003e\u003ccode\u003ef23ff3b\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.14'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/7feaf2f7e052799cee88cebedec295422dd9ae33\"\u003e\u003ccode\u003e7feaf2f\u003c/code\u003e\u003c/a\u003e Bumping version to 1.43.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/d3e43934fe477630185bf6fd31c5ac7c87f4c8c5\"\u003e\u003ccode\u003ed3e4393\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/5204755d6cc055a11d660f5021e84aa1dcf86600\"\u003e\u003ccode\u003e5204755\u003c/code\u003e\u003c/a\u003e Update to latest models\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/89a5ca07e8c76117201d53fce33777c2c9fc704c\"\u003e\u003ccode\u003e89a5ca0\u003c/code\u003e\u003c/a\u003e Improving caching of S3 endpoints by omitting unused parameters (\u003ca href=\"https://redirect.github.com/boto/botocore/issues/3692\"\u003e#3692\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/8bd61f7918034e9c9d5013c8422dd3e9e56b050e\"\u003e\u003ccode\u003e8bd61f7\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.13'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/b6f2c74a6dea7272da8a2cf88dc777fbc133c2d7\"\u003e\u003ccode\u003eb6f2c74\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.13' into develop\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/9cfdcaf4baecbc6ad542bd9aeaa116bcf502024a\"\u003e\u003ccode\u003e9cfdcaf\u003c/code\u003e\u003c/a\u003e Bumping version to 1.43.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/656fd57082823142d4a7584a8d09fc53aa419614\"\u003e\u003ccode\u003e656fd57\u003c/code\u003e\u003c/a\u003e Update to latest models\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/280497b9d5ebc5b1a85c1911a069c7452041fa42\"\u003e\u003ccode\u003e280497b\u003c/code\u003e\u003c/a\u003e Merge customizations for Bedrock AgentCore Control\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/boto/botocore/compare/1.43.6...1.43.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `boto3` from 1.43.6 to 1.43.14\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/07953b03a1c6fc86660852ee65a21c3ceae3f437\"\u003e\u003ccode\u003e07953b0\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.14'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/25c77c306c3efba0d44bebec97ab882ddd6f0958\"\u003e\u003ccode\u003e25c77c3\u003c/code\u003e\u003c/a\u003e Bumping version to 1.43.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/5e64afcd4172f04cd4b62a40050bd6088e316316\"\u003e\u003ccode\u003e5e64afc\u003c/code\u003e\u003c/a\u003e Add changelog entries from botocore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/97921f4babf469d1c1fbbb27746bbaece6008122\"\u003e\u003ccode\u003e97921f4\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.13'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/4e58a354db37897d65024fca50e9f9b4e4845068\"\u003e\u003ccode\u003e4e58a35\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.13' into develop\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/1307ac2642ed8e53aca983b1c89e952309a0c66d\"\u003e\u003ccode\u003e1307ac2\u003c/code\u003e\u003c/a\u003e Bumping version to 1.43.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/c75c901f5be45cce8e8f46733ee0562d06110c81\"\u003e\u003ccode\u003ec75c901\u003c/code\u003e\u003c/a\u003e Add changelog entries from botocore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/d3f2433ff49062a75426c406e606625b69a32eb6\"\u003e\u003ccode\u003ed3f2433\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.12'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/d5eddf97fcacb8e8aecf0ff043501ff97454f105\"\u003e\u003ccode\u003ed5eddf9\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.12' into develop\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/93f3a42377b288934f08416a9c3b63920d8163c6\"\u003e\u003ccode\u003e93f3a42\u003c/code\u003e\u003c/a\u003e Bumping version to 1.43.12\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/boto/boto3/compare/1.43.6...1.43.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-frontmatter` from 1.1.0 to 1.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/eyeseast/python-frontmatter/releases\"\u003epython-frontmatter's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.3.0 - Now using uv\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTest on Python 3.14 and upgrade actions by \u003ca href=\"https://github.com/eyeseast\"\u003e\u003ccode\u003e@​eyeseast\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/eyeseast/python-frontmatter/pull/128\"\u003eeyeseast/python-frontmatter#128\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove codecs from tests by \u003ca href=\"https://github.com/eyeseast\"\u003e\u003ccode\u003e@​eyeseast\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/eyeseast/python-frontmatter/pull/129\"\u003eeyeseast/python-frontmatter#129\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMigrate to uv and pyproject.toml by \u003ca href=\"https://github.com/eyeseast\"\u003e\u003ccode\u003e@​eyeseast\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/eyeseast/python-frontmatter/pull/131\"\u003eeyeseast/python-frontmatter#131\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/eyeseast/python-frontmatter/compare/v1.2.0...v1.3.0\"\u003ehttps://github.com/eyeseast/python-frontmatter/compare/v1.2.0...v1.3.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.2.0 - Fix type issues and support newer Python versions\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSolve all the type issues by \u003ca href=\"https://github.com/eyeseast\"\u003e\u003ccode\u003e@​eyeseast\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/eyeseast/python-frontmatter/pull/120\"\u003eeyeseast/python-frontmatter#120\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInclude py.typed marker in package distribution by \u003ca href=\"https://github.com/giuse-boccia\"\u003e\u003ccode\u003e@​giuse-boccia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/eyeseast/python-frontmatter/pull/125\"\u003eeyeseast/python-frontmatter#125\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/giuse-boccia\"\u003e\u003ccode\u003e@​giuse-boccia\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/eyeseast/python-frontmatter/pull/125\"\u003eeyeseast/python-frontmatter#125\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThis version drops support for Python 3.9.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/eyeseast/python-frontmatter/compare/v1.1.0...v1.2.0\"\u003ehttps://github.com/eyeseast/python-frontmatter/compare/v1.1.0...v1.2.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eyeseast/python-frontmatter/commit/dc7c0af5466b104e0ba01ae3c5b2cd77edc27292\"\u003e\u003ccode\u003edc7c0af\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/eyeseast/python-frontmatter/issues/131\"\u003e#131\u003c/a\u003e from eyeseast/123-uv\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eyeseast/python-frontmatter/commit/1e787d8db0b426a6f28a449497bb5ab43d9f3d49\"\u003e\u003ccode\u003e1e787d8\u003c/code\u003e\u003c/a\u003e Migrate to uv and pyproject.toml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eyeseast/python-frontmatter/commit/36224327b9506ffaf5a62ffced1818934ff5278c\"\u003e\u003ccode\u003e3622432\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/eyeseast/python-frontmatter/issues/129\"\u003e#129\u003c/a\u003e from eyeseast/126-remove-codecs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eyeseast/python-frontmatter/commit/c4fdd50f3f8785f8f794e8f9ca5d1833824cb9eb\"\u003e\u003ccode\u003ec4fdd50\u003c/code\u003e\u003c/a\u003e Encoding is a kwarg\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eyeseast/python-frontmatter/commit/6fa3a9a630b2a15096101531884c5e55e90dd189\"\u003e\u003ccode\u003e6fa3a9a\u003c/code\u003e\u003c/a\u003e Remove codecs from tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eyeseast/python-frontmatter/commit/3a8c60009a5456c821e81458bcc47b369cd5db99\"\u003e\u003ccode\u003e3a8c600\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/eyeseast/python-frontmatter/issues/128\"\u003e#128\u003c/a\u003e from eyeseast/upgrade-actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eyeseast/python-frontmatter/commit/8243f83b628785910e21f6a75bc1152c1bd9263c\"\u003e\u003ccode\u003e8243f83\u003c/code\u003e\u003c/a\u003e Test on Python 3.14 and upgrade actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eyeseast/python-frontmatter/commit/55bcc679d0af970a40b5a97de92c73466e1de07e\"\u003e\u003ccode\u003e55bcc67\u003c/code\u003e\u003c/a\u003e v1.2.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eyeseast/python-frontmatter/commit/949826fe6fbb1513cf5d820abcf57deab216ff35\"\u003e\u003ccode\u003e949826f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/eyeseast/python-frontmatter/issues/125\"\u003e#125\u003c/a\u003e from giuse-boccia/fix/include-py-typed-marker\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eyeseast/python-frontmatter/commit/b12a13bc05f2362b1c21b6e1053d945aeebf497d\"\u003e\u003ccode\u003eb12a13b\u003c/code\u003e\u003c/a\u003e Include py.typed marker in package distribution\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/eyeseast/python-frontmatter/compare/v1.1.0...v1.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-pyyaml` from 6.0.12.20260510 to 6.0.12.20260518\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-pytz` from 2026.2.0.20260506 to 2026.2.0.20260518\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-python-dateutil` from 2.9.0.20260508 to 2.9.0.20260518\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-requests` from 2.33.0.20260508 to 2.33.0.20260518\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest-socket` from 0.7.0 to 0.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/miketheman/pytest-socket/releases\"\u003epytest-socket's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.8.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eEnhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBlock DNS resolution (\u003ccode\u003egetaddrinfo\u003c/code\u003e, \u003ccode\u003egethostbyname\u003c/code\u003e) when sockets are disabled \u003ca href=\"https://redirect.github.com/miketheman/pytest-socket/issues/482\"\u003e#482\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport CIDR network ranges in \u003ccode\u003eallow_hosts\u003c/code\u003e \u003ca href=\"https://redirect.github.com/miketheman/pytest-socket/issues/479\"\u003e#479\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWarn before raising on a blocked socket call \u003ca href=\"https://redirect.github.com/miketheman/pytest-socket/issues/468\"\u003e#468\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCache hostname resolutions during a test run \u003ca href=\"https://redirect.github.com/miketheman/pytest-socket/issues/369\"\u003e#369\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRemoved support for Python 3.8 and 3.9.\u003c/strong\u003e Python 3.10 is now the minimum.\u003c/li\u003e\n\u003cli\u003eTest against Python 3.13, 3.14, and free-threaded 3.13t/3.14t\u003c/li\u003e\n\u003cli\u003eReplaced Poetry with uv \u003ca href=\"https://redirect.github.com/miketheman/pytest-socket/issues/429\"\u003e#429\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded type hints \u003ca href=\"https://redirect.github.com/miketheman/pytest-socket/issues/465\"\u003e#465\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwapped \u003ccode\u003epytest-httpbin\u003c/code\u003e for a local test fixture \u003ca href=\"https://redirect.github.com/miketheman/pytest-socket/issues/467\"\u003e#467\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency, CI, and development updates\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/twm\"\u003e\u003ccode\u003e@​twm\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/miketheman/pytest-socket/pull/369\"\u003emiketheman/pytest-socket#369\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/miketheman/pytest-socket/compare/0.7.0...0.8.0\"\u003ehttps://github.com/miketheman/pytest-socket/compare/0.7.0...0.8.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/miketheman/pytest-socket/blob/main/CHANGELOG.md\"\u003epytest-socket's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[0.8.0][] (2026-05-21)\u003c/h2\u003e\n\u003cp\u003eEnhancements:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eBlock DNS resolution (\u003ccode\u003egetaddrinfo\u003c/code\u003e, \u003ccode\u003egethostbyname\u003c/code\u003e) when sockets are disabled \u003ca href=\"https://redirect.github.com/miketheman/pytest-socket/issues/482\"\u003e#482\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport CIDR network ranges in \u003ccode\u003eallow_hosts\u003c/code\u003e \u003ca href=\"https://redirect.github.com/miketheman/pytest-socket/issues/479\"\u003e#479\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWarn before raising on a blocked socket call \u003ca href=\"https://redirect.github.com/miketheman/pytest-socket/issues/468\"\u003e#468\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCache hostname resolutions during a test run \u003ca href=\"https://redirect.github.com/miketheman/pytest-socket/issues/369\"\u003e#369\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eChanges:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRemoved support for Python 3.8 and 3.9.\u003c/strong\u003e Python 3.10 is now the minimum.\u003c/li\u003e\n\u003cli\u003eTest against Python 3.13, 3.14, and free-threaded 3.13t/3.14t\u003c/li\u003e\n\u003cli\u003eReplaced Poetry with uv \u003ca href=\"https://redirect.github.com/miketheman/pytest-socket/issues/429\"\u003e#429\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded type hints \u003ca href=\"https://redirect.github.com/miketheman/pytest-socket/issues/465\"\u003e#465\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwapped \u003ccode\u003epytest-httpbin\u003c/code\u003e for a local test fixture \u003ca href=\"https://redirect.github.com/miketheman/pytest-socket/issues/467\"\u003e#467\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency, CI, and development updates\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/miketheman/pytest-socket/commit/f9ec1395f4b060c095d6cb28dc1d03d6ca4e0f47\"\u003e\u003ccode\u003ef9ec139\u003c/code\u003e\u003c/a\u003e pytest-socket, v0.8.0 (\u003ca href=\"https://redirect.github.com/miketheman/pytest-socket/issues/484\"\u003e#484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/miketheman/pytest-socket/commit/3930df85c15d93ad3d56ccf21dd81fafcc3e107f\"\u003e\u003ccode\u003e3930df8\u003c/code\u003e\u003c/a\u003e chore(ci): add publish workflow, update others (\u003ca href=\"https://redirect.github.com/miketheman/pytest-socket/issues/483\"\u003e#483\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/miketheman/pytest-socket/commit/aae7f44b24475f2fbdc49fac8f2fa6d63b67f48b\"\u003e\u003ccode\u003eaae7f44\u003c/code\u003e\u003c/a\u003e feat: also block DNS resolution (\u003ca href=\"https://redirect.github.com/miketheman/pytest-socket/issues/482\"\u003e#482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/miketheman/pytest-socket/commit/f0700d23791fafc2aefa92bfd0b3e49d99de4582\"\u003e\u003ccode\u003ef0700d2\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/miketheman/pytest-socket/issues/481\"\u003e#481\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/miketheman/pytest-socket/commit/09ba021cd3c276ba75d6cb726ef355d75c68c13d\"\u003e\u003ccode\u003e09ba021\u003c/code\u003e\u003c/a\u003e chore(deps): full sweep of all dependency upgrades (\u003ca href=\"https://redirect.github.com/miketheman/pytest-socket/issues/480\"\u003e#480\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/miketheman/pytest-socket/commit/8dc62860f3d0cf2104f50acee8ac91d42dd29950\"\u003e\u003ccode\u003e8dc6286\u003c/code\u003e\u003c/a\u003e feat(allow_hosts): support CIDR network entries (\u003ca href=\"https://redirect.github.com/miketheman/pytest-socket/issues/479\"\u003e#479\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/miketheman/pytest-socket/commit/06ed8a1562be753238bcf7c35d960816b7e9fa62\"\u003e\u003ccode\u003e06ed8a1\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump starlette from 0.49.1 to 1.0.0 (\u003ca href=\"https://redirect.github.com/miketheman/pytest-socket/issues/478\"\u003e#478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/miketheman/pytest-socket/commit/b3132108f9ba20f8e1c3a8a5caa6f8e66a7ce6cc\"\u003e\u003ccode\u003eb313210\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump mypy from 1.20.0 to 1.20.2 (\u003ca href=\"https://redirect.github.com/miketheman/pytest-socket/issues/477\"\u003e#477\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/miketheman/pytest-socket/commit/f7e85f788b5db0a7cb832414f5d04ea6124305a2\"\u003e\u003ccode\u003ef7e85f7\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump pytest-randomly from 3.16.0 to 4.0.1 (\u003ca href=\"https://redirect.github.com/miketheman/pytest-socket/issues/476\"\u003e#476\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/miketheman/pytest-socket/commit/89690a6c31d200c9463c7e41e7ba51139de67c29\"\u003e\u003ccode\u003e89690a6\u003c/code\u003e\u003c/a\u003e chore: dependabot config (\u003ca href=\"https://redirect.github.com/miketheman/pytest-socket/issues/475\"\u003e#475\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/miketheman/pytest-socket/compare/0.7.0...0.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest-rerunfailures` from 16.1 to 16.3\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest-rerunfailures/blob/master/CHANGES.rst\"\u003epytest-rerunfailures's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e16.3 (2026-05-22)\u003c/h2\u003e\n\u003cp\u003eFeatures\n++++++++\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAdd \u003ccode\u003e--reruns-mode\u003c/code\u003e option (\u003ccode\u003estrict\u003c/code\u003e or \u003ccode\u003eappend\u003c/code\u003e). With \u003ccode\u003eappend\u003c/code\u003e,\nmarker reruns and the global \u003ccode\u003e--reruns\u003c/code\u003e / \u003ccode\u003ereruns\u003c/code\u003e ini setting are summed\ninstead of the marker taking strict priority. Default is \u003ccode\u003estrict\u003c/code\u003e so\nexisting behaviour is unchanged.\nFixes \u003ccode\u003e[#321](https://github.com/pytest-dev/pytest-rerunfailures/issues/321) \u0026lt;https://github.com/pytest-dev/pytest-rerunfailures/issues/321\u0026gt;\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd \u003ccode\u003e--rerun-show-tracebacks\u003c/code\u003e option to display tracebacks from failed\nattempts that were retried, including tests that eventually passed. The\nrerun summary section is emitted automatically when the flag is set, so\n\u003ccode\u003e-rR\u003c/code\u003e is no longer required to see the tracebacks.\nFixes \u003ccode\u003e[#156](https://github.com/pytest-dev/pytest-rerunfailures/issues/156) \u0026lt;https://github.com/pytest-dev/pytest-rerunfailures/issues/156\u0026gt;\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e16.2 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003eBreaking changes\n++++++++++++++++\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for pytest 8.0. Minimum pytest version is now 8.1.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFeatures\n++++++++\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for pytest 9.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes\n+++++++++\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix missing teardown for session and module scoped fixtures when fixture teardown fails.\nFixes \u003ccode\u003e[#314](https://github.com/pytest-dev/pytest-rerunfailures/issues/314) \u0026lt;https://github.com/pytest-dev/pytest-rerunfailures/issues/314\u0026gt;\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eClear fixture finalizers when removing cached results from failed fixtures\nto fix compatibility with pytest \u0026gt;= 9, which asserts that \u003ccode\u003e_finalizers\u003c/code\u003e is\nempty before executing a fixture.\nFixes \u003ccode\u003e[#323](https://github.com/pytest-dev/pytest-rerunfailures/issues/323) \u0026lt;https://github.com/pytest-dev/pytest-rerunfailures/issues/323\u0026gt;\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAccept exception classes (not only regex strings) in the \u003ccode\u003eonly_rerun\u003c/code\u003e and\n\u003ccode\u003ererun_except\u003c/code\u003e marker keyword arguments instead of crashing with an\ninternal error.\nFixes \u003ccode\u003e[#275](https://github.com/pytest-dev/pytest-rerunfailures/issues/275) \u0026lt;https://github.com/pytest-dev/pytest-rerunfailures/issues/275\u0026gt;\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-rerunfailures/commit/4b3a2200b07b357cecfe192f4997f35764869c6f\"\u003e\u003ccode\u003e4b3a220\u003c/code\u003e\u003c/a\u003e Preparing release 16.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-rerunfailures/commit/d17f3be1c8cc257c29cd7d7e815d3c52867b1276\"\u003e\u003ccode\u003ed17f3be\u003c/code\u003e\u003c/a\u003e feat: add --reruns-mode option to sum marker and global reruns (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest-rerunfailures/issues/321\"\u003e#321\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest-rerunfailures/issues/328\"\u003e#328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-rerunfailures/commit/4a00facae37246c00801390039286d322df6e322\"\u003e\u003ccode\u003e4a00fac\u003c/code\u003e\u003c/a\u003e Add --rerun-show-tracebacks to surface retried failures (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest-rerunfailures/issues/329\"\u003e#329\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-rerunfailures/commit/9f792d9efe6bf0218e7ba2734257af2d5165ca3f\"\u003e\u003ccode\u003e9f792d9\u003c/code\u003e\u003c/a\u003e Back to development: 16.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-rerunfailures/commit/88a84d8471219ae517dfd3752a181b22e51a2b8c\"\u003e\u003ccode\u003e88a84d8\u003c/code\u003e\u003c/a\u003e Preparing release 16.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-rerunfailures/commit/5e0ad6a3080d778f2d3de8975aceafed0c843b12\"\u003e\u003ccode\u003e5e0ad6a\u003c/code\u003e\u003c/a\u003e fix: accept exception classes in only_rerun and rerun_except markers (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest-rerunfailures/issues/327\"\u003e#327\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-rerunfailures/commit/928aa2bb654b18157e6614c15f22091e9997d540\"\u003e\u003ccode\u003e928aa2b\u003c/code\u003e\u003c/a\u003e Update minimum pytest version to 8.1 and add support for pytest 9.0 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest-rerunfailures/issues/325\"\u003e#325\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-rerunfailures/commit/b53ef720219427c569bddee7e37d92cc3423e2c9\"\u003e\u003ccode\u003eb53ef72\u003c/code\u003e\u003c/a\u003e Fix support for pytest-main. (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest-rerunfailures/issues/324\"\u003e#324\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-rerunfailures/commit/d9ef70e5451f604dcc764861f4b0a65dc9dfd202\"\u003e\u003ccode\u003ed9ef70e\u003c/code\u003e\u003c/a\u003e Preserve session and module teardown when fixture teardown fails (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest-rerunfailures/issues/319\"\u003e#319\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-rerunfailures/commit/a22edc3de88eeb17f3dcdf482b3f5a13ea9af874\"\u003e\u003ccode\u003ea22edc3\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4 to 5 in the actions group (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest-rerunfailures/issues/317\"\u003e#317\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest-rerunfailures/compare/16.1...16.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this grou...\n\n_Description has been truncated_","html_url":"https://github.com/mongodb/mongodb-kubernetes/pull/1138","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/mongodb%2Fmongodb-kubernetes/issues/1138","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1138/packages"},{"uuid":"4510383985","node_id":"PR_kwDOPi-pts7euQYz","number":1808,"state":"open","title":"deps(deps-dev): bump types-pyyaml from 6.0.12.20260510 to 6.0.12.20260518","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":["Katsiarynakavaleuskaya"],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-24T03:38:07.000Z","updated_at":"2026-05-24T03:38:26.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(deps-dev)","packages":[{"name":"types-pyyaml","old_version":"6.0.12.20260510","new_version":"6.0.12.20260518","repository_url":"https://github.com/python/typeshed"}],"path":null,"ecosystem":"pip"},"body":"Bumps [types-pyyaml](https://github.com/python/typeshed) from 6.0.12.20260510 to 6.0.12.20260518.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=types-pyyaml\u0026package-manager=pip\u0026previous-version=6.0.12.20260510\u0026new-version=6.0.12.20260518)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e\n\n\u003c!-- This is an auto-generated description by cubic. --\u003e\n---\n## Summary by cubic\nUpdate `types-pyyaml` to 6.0.12.20260518 to keep YAML typing stubs current and maintain reliable type checking. Also pins `pip` in dev requirements for reproducible tooling.\n\n- **Dependencies**\n  - Bump `types-pyyaml` from 6.0.12.20260510 to 6.0.12.20260518.\n  - Pin `pip` to 26.1.1 (used by `pip-tools`/`pip-api`).\n\n\u003csup\u003eWritten for commit 3e254baae1c749d9b4f43901b463fcc4caa44485. Summary will update on new commits. \u003ca href=\"https://cubic.dev/pr/Katsiarynakavaleuskaya/PulsePlate/pull/1808?utm_source=github\"\u003eReview in cubic\u003c/a\u003e\u003c/sup\u003e\n\n\u003c!-- End of auto-generated description by cubic. --\u003e\n\n","html_url":"https://github.com/Katsiarynakavaleuskaya/PulsePlate/pull/1808","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Katsiarynakavaleuskaya%2FPulsePlate/issues/1808","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1808/packages"},{"uuid":"4500177100","node_id":"PR_kwDOSCxzCs7eODvo","number":9,"state":"open","title":"Update types-pyyaml requirement from \u003e=6.0.12 to \u003e=6.0.12.20260518","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-22T05:43:31.000Z","updated_at":"2026-05-22T05:44:44.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Update","packages":[{"name":"types-pyyaml","old_version":"\u003e=6.0.12","new_version":"\u003e=6.0.12.20260518","repository_url":"https://github.com/python/typeshed"}],"path":null,"ecosystem":"pip"},"body":"Updates the requirements on [types-pyyaml](https://github.com/python/typeshed) to permit the latest version.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/pointmatic/learningfoundry/pull/9","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/pointmatic%2Flearningfoundry/issues/9","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9/packages"},{"uuid":"4500080464","node_id":"PR_kwDOLzxzKM7eNvd4","number":342,"state":"open","title":"chore(deps): bump the dependencies group across 1 directory with 45 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":["matmair"],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-22T05:26:07.000Z","updated_at":"2026-05-22T05:28:54.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"dependencies","update_count":45,"packages":[{"name":"bleach","old_version":"4.1.0","new_version":"6.3.0","repository_url":"https://github.com/mozilla/bleach"},{"name":"blessed","old_version":"1.38.0","new_version":"1.39.0","repository_url":"https://github.com/jquast/blessed"},{"name":"boto3","old_version":"1.42.96","new_version":"1.43.8","repository_url":"https://github.com/boto/boto3"},{"name":"botocore","old_version":"1.42.96","new_version":"1.43.8","repository_url":"https://github.com/boto/botocore"},{"name":"cryptography","old_version":"47.0.0","new_version":"48.0.0","repository_url":"https://github.com/pyca/cryptography"},{"name":"django","old_version":"5.2.13","new_version":"6.0.5","repository_url":"https://github.com/django/django"},{"name":"django-allauth","old_version":"65.14.3","new_version":"65.16.1","repository_url":"https://github.com/sponsors/pennersr"},{"name":"django-otp","old_version":"1.3.0","new_version":"1.7.0","repository_url":"https://github.com/django-otp/django-otp"},{"name":"django-q2","old_version":"1.9.0","new_version":"1.10.0","repository_url":"https://github.com/GDay/django-q2"},{"name":"dulwich","old_version":"1.2.0","new_version":"1.2.1","repository_url":"https://github.com/dulwich/dulwich"},{"name":"fonttools","old_version":"4.62.1","new_version":"4.63.0","repository_url":"https://github.com/fonttools/fonttools"},{"name":"googleapis-common-protos","old_version":"1.74.0","new_version":"1.75.0","repository_url":"https://github.com/googleapis/google-cloud-python"},{"name":"gunicorn","old_version":"25.3.0","new_version":"26.0.0","repository_url":"https://github.com/benoitc/gunicorn"},{"name":"icalendar","old_version":"7.0.3","new_version":"7.1.0","repository_url":"https://github.com/collective/icalendar"},{"name":"idna","old_version":"3.13","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"importlib-metadata","old_version":"8.7.1","new_version":"9.0.0","repository_url":"https://github.com/python/importlib_metadata"},{"name":"nh3","old_version":"0.3.4","new_version":"0.3.5","repository_url":"https://github.com/messense/nh3"},{"name":"opentelemetry-exporter-otlp-proto-common","old_version":"1.40.0","new_version":"1.41.1","repository_url":"https://github.com/open-telemetry/opentelemetry-python"},{"name":"opentelemetry-exporter-otlp-proto-grpc","old_version":"1.40.0","new_version":"1.41.1","repository_url":"https://github.com/open-telemetry/opentelemetry-python"},{"name":"opentelemetry-exporter-otlp-proto-http","old_version":"1.40.0","new_version":"1.41.1","repository_url":"https://github.com/open-telemetry/opentelemetry-python"},{"name":"opentelemetry-instrumentation","old_version":"0.61b0","new_version":"0.62b1","repository_url":"https://github.com/open-telemetry/opentelemetry-python-contrib"},{"name":"opentelemetry-instrumentation-dbapi","old_version":"0.61b0","new_version":"0.62b1","repository_url":"https://github.com/open-telemetry/opentelemetry-python-contrib"},{"name":"opentelemetry-proto","old_version":"1.40.0","new_version":"1.41.1","repository_url":"https://github.com/open-telemetry/opentelemetry-python"},{"name":"opentelemetry-semantic-conventions","old_version":"0.61b0","new_version":"0.62b1","repository_url":"https://github.com/open-telemetry/opentelemetry-python"},{"name":"opentelemetry-util-http","old_version":"0.61b0","new_version":"0.62b1","repository_url":"https://github.com/open-telemetry/opentelemetry-python-contrib"},{"name":"paramiko","old_version":"4.0.0","new_version":"5.0.0","repository_url":"https://github.com/paramiko/paramiko"},{"name":"protobuf","old_version":"6.33.6","new_version":"7.34.1","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"pypdf","old_version":"6.10.2","new_version":"6.11.0","repository_url":"https://github.com/py-pdf/pypdf"},{"name":"requests","old_version":"2.33.1","new_version":"2.34.2","repository_url":"https://github.com/psf/requests"},{"name":"s3transfer","old_version":"0.16.1","new_version":"0.17.0","repository_url":"https://github.com/boto/s3transfer"},{"name":"sentry-sdk","old_version":"2.58.0","new_version":"2.60.0","repository_url":"https://github.com/getsentry/sentry-python"},{"name":"urllib3","old_version":"2.6.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"wcwidth","old_version":"0.6.0","new_version":"0.7.0","repository_url":"https://github.com/jquast/wcwidth"},{"name":"wrapt","old_version":"1.17.3","new_version":"2.1.2","repository_url":"https://github.com/GrahamDumpleton/wrapt"},{"name":"coverage","old_version":"7.13.5","new_version":"7.14.0","repository_url":"https://github.com/coveragepy/coveragepy"},{"name":"django-stubs","old_version":"6.0.3","new_version":"6.0.4","repository_url":"https://github.com/typeddjango/django-stubs"},{"name":"django-stubs-ext","old_version":"6.0.3","new_version":"6.0.4","repository_url":"https://github.com/typeddjango/django-stubs"},{"name":"markdown-it-py","old_version":"4.0.0","new_version":"4.2.0","repository_url":"https://github.com/executablebooks/markdown-it-py"},{"name":"pip","old_version":"26.1","new_version":"26.1.1","repository_url":"https://github.com/pypa/pip"},{"name":"pytest-codspeed","old_version":"4.4.0","new_version":"5.0.2","repository_url":"https://github.com/CodSpeedHQ/pytest-codspeed"},{"name":"python-discovery","old_version":"1.2.2","new_version":"1.3.1","repository_url":"https://github.com/tox-dev/python-discovery"},{"name":"ty","old_version":"0.0.1a21","new_version":"0.0.35","repository_url":"https://github.com/astral-sh/ty"},{"name":"types-psycopg2","old_version":"2.9.21.20260422","new_version":"2.9.21.20260509","repository_url":"https://github.com/python/typeshed"},{"name":"types-pyyaml","old_version":"6.0.12.20260408","new_version":"6.0.12.20260510","repository_url":"https://github.com/python/typeshed"},{"name":"virtualenv","old_version":"21.2.4","new_version":"21.3.3","repository_url":"https://github.com/pypa/virtualenv"}],"path":null,"ecosystem":"pip"},"body":"Bumps the dependencies group with 45 updates in the /src/backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [bleach](https://github.com/mozilla/bleach) | `4.1.0` | `6.3.0` |\n| [blessed](https://github.com/jquast/blessed) | `1.38.0` | `1.39.0` |\n| [boto3](https://github.com/boto/boto3) | `1.42.96` | `1.43.8` |\n| [botocore](https://github.com/boto/botocore) | `1.42.96` | `1.43.8` |\n| [cryptography](https://github.com/pyca/cryptography) | `47.0.0` | `48.0.0` |\n| [django](https://github.com/django/django) | `5.2.13` | `6.0.5` |\n| [django-allauth](https://github.com/sponsors/pennersr) | `65.14.3` | `65.16.1` |\n| [django-otp](https://github.com/django-otp/django-otp) | `1.3.0` | `1.7.0` |\n| [django-q2](https://github.com/GDay/django-q2) | `1.9.0` | `1.10.0` |\n| [dulwich](https://github.com/dulwich/dulwich) | `1.2.0` | `1.2.1` |\n| [fonttools](https://github.com/fonttools/fonttools) | `4.62.1` | `4.63.0` |\n| [googleapis-common-protos](https://github.com/googleapis/google-cloud-python) | `1.74.0` | `1.75.0` |\n| [gunicorn](https://github.com/benoitc/gunicorn) | `25.3.0` | `26.0.0` |\n| [icalendar](https://github.com/collective/icalendar) | `7.0.3` | `7.1.0` |\n| [idna](https://github.com/kjd/idna) | `3.13` | `3.15` |\n| [importlib-metadata](https://github.com/python/importlib_metadata) | `8.7.1` | `9.0.0` |\n| [nh3](https://github.com/messense/nh3) | `0.3.4` | `0.3.5` |\n| [opentelemetry-exporter-otlp-proto-common](https://github.com/open-telemetry/opentelemetry-python) | `1.40.0` | `1.41.1` |\n| [opentelemetry-exporter-otlp-proto-grpc](https://github.com/open-telemetry/opentelemetry-python) | `1.40.0` | `1.41.1` |\n| [opentelemetry-exporter-otlp-proto-http](https://github.com/open-telemetry/opentelemetry-python) | `1.40.0` | `1.41.1` |\n| [opentelemetry-instrumentation](https://github.com/open-telemetry/opentelemetry-python-contrib) | `0.61b0` | `0.62b1` |\n| [opentelemetry-instrumentation-dbapi](https://github.com/open-telemetry/opentelemetry-python-contrib) | `0.61b0` | `0.62b1` |\n| [opentelemetry-proto](https://github.com/open-telemetry/opentelemetry-python) | `1.40.0` | `1.41.1` |\n| [opentelemetry-semantic-conventions](https://github.com/open-telemetry/opentelemetry-python) | `0.61b0` | `0.62b1` |\n| [opentelemetry-util-http](https://github.com/open-telemetry/opentelemetry-python-contrib) | `0.61b0` | `0.62b1` |\n| [paramiko](https://github.com/paramiko/paramiko) | `4.0.0` | `5.0.0` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `6.33.6` | `7.34.1` |\n| [pypdf](https://github.com/py-pdf/pypdf) | `6.10.2` | `6.11.0` |\n| [requests](https://github.com/psf/requests) | `2.33.1` | `2.34.2` |\n| [s3transfer](https://github.com/boto/s3transfer) | `0.16.1` | `0.17.0` |\n| [sentry-sdk](https://github.com/getsentry/sentry-python) | `2.58.0` | `2.60.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.6.3` | `2.7.0` |\n| [wcwidth](https://github.com/jquast/wcwidth) | `0.6.0` | `0.7.0` |\n| [wrapt](https://github.com/GrahamDumpleton/wrapt) | `1.17.3` | `2.1.2` |\n| [coverage](https://github.com/coveragepy/coveragepy) | `7.13.5` | `7.14.0` |\n| [django-stubs](https://github.com/typeddjango/django-stubs) | `6.0.3` | `6.0.4` |\n| [django-stubs-ext](https://github.com/typeddjango/django-stubs) | `6.0.3` | `6.0.4` |\n| [markdown-it-py](https://github.com/executablebooks/markdown-it-py) | `4.0.0` | `4.2.0` |\n| [pip](https://github.com/pypa/pip) | `26.1` | `26.1.1` |\n| [pytest-codspeed](https://github.com/CodSpeedHQ/pytest-codspeed) | `4.4.0` | `5.0.2` |\n| [python-discovery](https://github.com/tox-dev/python-discovery) | `1.2.2` | `1.3.1` |\n| [ty](https://github.com/astral-sh/ty) | `0.0.1a21` | `0.0.35` |\n| [types-psycopg2](https://github.com/python/typeshed) | `2.9.21.20260422` | `2.9.21.20260509` |\n| [types-pyyaml](https://github.com/python/typeshed) | `6.0.12.20260408` | `6.0.12.20260510` |\n| [virtualenv](https://github.com/pypa/virtualenv) | `21.2.4` | `21.3.3` |\n\n\nUpdates `bleach` from 4.1.0 to 6.3.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mozilla/bleach/blob/main/CHANGES\"\u003ebleach's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.3.0 (October 27th, 2025)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBackwards incompatible changes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/756\"\u003e#756\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity fixes\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eNone\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eBug fixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.14. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/758\"\u003e#758\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix wbr handling. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/488\"\u003e#488\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 6.2.0 (October 29th, 2024)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBackwards incompatible changes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.8. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/737\"\u003e#737\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity fixes\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eNone\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eBug fixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.13. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/736\"\u003e#736\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove six depdenncy. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/618\"\u003e#618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate known-good versions for tinycss2. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/732\"\u003e#732\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix additional \u0026lt; followed by characters and EOF issues. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/728\"\u003e#728\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 6.1.0 (October 6th, 2023)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBackwards incompatible changes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.7. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/709\"\u003e#709\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity fixes\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eNone\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eBug fixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.12. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/710\"\u003e#710\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/5546d5dbce60d08ccb99d981778d74044d646d4e\"\u003e\u003ccode\u003e5546d5d\u003c/code\u003e\u003c/a\u003e chore: prep for 6.3.0 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/88df3ff23fb2a43e174b3fdfe9191ef516de868a\"\u003e\u003ccode\u003e88df3ff\u003c/code\u003e\u003c/a\u003e chore: fix readthedocs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/d8b2fb45b2606515c58787c223d6605c6c70868f\"\u003e\u003ccode\u003ed8b2fb4\u003c/code\u003e\u003c/a\u003e fix: fix wbr handling (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/488\"\u003e#488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/55e48cedb20bda23940ab34753a1fb378d5d30b9\"\u003e\u003ccode\u003e55e48ce\u003c/code\u003e\u003c/a\u003e chore: add support for Python 3.14 (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/758\"\u003e#758\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/a4d6cddac6e338c3d6f84c755a5fcb32e9e18fba\"\u003e\u003ccode\u003ea4d6cdd\u003c/code\u003e\u003c/a\u003e chore: drop support for Python 3.9 (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/756\"\u003e#756\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/172d92faef543a83c6760c63c32749586cdd564b\"\u003e\u003ccode\u003e172d92f\u003c/code\u003e\u003c/a\u003e Bump actions/setup-python from 5.6.0 to 6.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/df88612f2e9daf8f4ee23cf0e29b712d9d9147b6\"\u003e\u003ccode\u003edf88612\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4.2.2 to 5.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/cbcf6b18d19aeb7777699f9385013d0a04052b68\"\u003e\u003ccode\u003ecbcf6b1\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4.2.3 to 4.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/d9aa7ef592d57dda56e26ba31d06e1b279c58eca\"\u003e\u003ccode\u003ed9aa7ef\u003c/code\u003e\u003c/a\u003e Switch from dependabot reviewers to CODEOWNERS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/06f0f76cc68112bda3fa101d1730d5ba914d54a1\"\u003e\u003ccode\u003e06f0f76\u003c/code\u003e\u003c/a\u003e Update setuptools, wheel, and twine for devs\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/mozilla/bleach/compare/v4.1.0...v6.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `blessed` from 1.38.0 to 1.39.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jquast/blessed/releases\"\u003eblessed's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.17.9: Initial support for Python 3.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebugfix: Now imports on 3.10+\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.15.0: Disable various integration tests, support python 3.7\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003e1.14.0: bugfix term.wrap for text containing newlines\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebugfix: term.wrap misbehaved for text containing newlines, \u003ca href=\"https://redirect.github.com/jquast/blessed/issues/74\"\u003e#74\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.13.0: new Terminal.split_seqs() function, speed enhancement\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eenhancement: method \u003ccode\u003eTerminal.split_seqs\u003c/code\u003e introduced, and 4x cost reduction in related sequence-aware functions, \u003ca href=\"https://redirect.github.com/jquast/blessed/issues/29\"\u003e#29\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003edeprecated: function \u003ccode\u003eblessed.sequences.measure_length\u003c/code\u003e superseded by \u003ccode\u003eblessed.sequences.iter_parse\u003c/code\u003e if necessary.\u003c/li\u003e\n\u003cli\u003edeprecated: warnings about \u0026quot;binary-packed capabilities\u0026quot; are no longer emitted on strange terminal types, making best effort.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.12.0: add Terminal.get_location() method\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eenhancement: method Terminal.get_location\u003ccode\u003ereturns the\u003c/code\u003e(row, col)`` position of the cursor at the time of call for attached terminal.\u003c/li\u003e\n\u003cli\u003eenhancement: a keyboard now detected as \u003cem\u003estdin\u003c/em\u003e when \u003ccode\u003estream\u003c/code\u003e is \u003ccode\u003esys.stderr\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jquast/blessed/blob/master/docs/history.rst\"\u003eblessed's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e.. py:currentmodule:: blessed.terminal\u003c/p\u003e\n\u003ch1\u003eVersion History\u003c/h1\u003e\n\u003cp\u003e1.42\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebugfix: regression in :meth:\u003ccode\u003e~.Terminal.cbreak\u003c/code\u003e and :meth:\u003ccode\u003e~.Terminal.raw\u003c/code\u003e were not thread-safe\nbroken in versions 1.40 and 1.41, remove signal ignore of SIGTTOU :ghissue:\u003ccode\u003e380\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e1.41\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebugfix: :meth:\u003ccode\u003e~.Terminal.get_location\u003c/code\u003e broken in 1.40, returned a generator instead of a tuple.\n:ghissue:\u003ccode\u003e378\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e1.40\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eimproved: jinxed_ is \u003cstrong\u003enow required on all platforms\u003c/strong\u003e, providing a curses-free and\n\u003ccode\u003esingleton-free \u0026lt;https://jinxed.readthedocs.io/en/stable/capabilities.html#singleton-free\u0026gt;\u003c/code\u003e_\nimplementation of the subset of curses_ used by blessed.  The jinxed_ 1.5.0 release provides a\nterminal \u003ccode\u003ecapability database \u0026lt;https://jinxed.readthedocs.io/en/stable/capabilities.html#database\u0026gt;\u003c/code\u003e of 45 terminals and their\ncommon aliases.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eimproved: Class initialization of :class:\u003ccode\u003e~.Terminal()\u003c/code\u003e now uses \u003ccode\u003eXTGETTCAP\u003c/code\u003e_ to determine\npreferred terminal name \u003ccode\u003eTN\u003c/code\u003e, 24-bit color support \u003ccode\u003eRGB\u003c/code\u003e, number of colors \u003ccode\u003eCo\u003c/code\u003e, \u003ccode\u003eitalic\u003c/code\u003e,\nand \u003ccode\u003eblink\u003c/code\u003e capabilities.\u003c/p\u003e\n\u003cp\u003eThis improves detection of Terminal \u003ccode\u003ekind\u003c/code\u003e and \u003ccode\u003enumber_of_colors\u003c/code\u003e over protocols like serial\nthat cannot forward any environment variables or ssh that do not forward \u003ccode\u003eCOLORTERM\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eintroduced: A :exc:\u003ccode\u003eUserWarning\u003c/code\u003e is emitted when :meth:\u003ccode\u003e~.Terminal.__getattr__\u003c/code\u003e resolves an\nunknown terminal capability name, helping developers catch typos like \u003ccode\u003eterm.bld\u003c/code\u003e\n(missing \u003ccode\u003ebold\u003c/code\u003e).  The warning can be suppressed by setting the environment variable\n\u003ccode\u003eBLESSED_NOWARN_UNKNOWN_CAPS\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ebugfix: Fixed internal typo \u003ccode\u003esusimpleript\u003c/code\u003e to the correct terminfo name \u003ccode\u003essubm\u003c/code\u003e for the\n\u003ccode\u003eenter_susimpleript_mode\u003c/code\u003e capability.  This was previously masked by curses_ returning\nan empty string for unknown capabilities.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e1.39\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eintroduced: :meth:\u003ccode\u003e~.Terminal.progress_bar\u003c/code\u003e for \u003ccode\u003eOSC 9;4 sequence \u0026lt;https://ghostty.org/docs/vt/osc/conemu#change-progress-state-(osc-94)\u0026gt;\u003c/code\u003e_.\u003c/li\u003e\n\u003cli\u003eintroduced: :meth:\u003ccode\u003e~.Terminal.text_sized\u003c/code\u003e -- wrap text in Kitty text sizing protocol (OSC 66)\nescape sequences, with graceful fallback to plain text when the terminal does not support\nthe protocol.\u003c/li\u003e\n\u003cli\u003eintroduced: :class:\u003ccode\u003e~.Keystroke\u003c/code\u003e of name \u003ccode\u003eCPR_RESPONSE\u003c/code\u003e for asynchronous capture of Cursor\nPosition Report responses via :meth:\u003ccode\u003e~.Terminal.inkey\u003c/code\u003e.  New argument\n\u003ccode\u003ecapture_cpr=True\u003c/code\u003e resolves the legacy F3 key ambiguity and matches against\n\u003ccode\u003eCPR_RESPONSE\u003c/code\u003e.  New properties :attr:\u003ccode\u003e~.Keystroke.cpr_yx\u003c/code\u003e and :attr:\u003ccode\u003e~.Keystroke.cpr_xy\u003c/code\u003e\nreturn the decoded cursor coordinates.  :ghpull:\u003ccode\u003e369\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eimproved: :meth:\u003ccode\u003e~.Terminal.inkey\u003c/code\u003e raises :exc:\u003ccode\u003eEOFError\u003c/code\u003e when keyboard fd is at EOF, rather\nthan returning an empty :class:\u003ccode\u003e~.Keystroke\u003c/code\u003e.  :ghpull:\u003ccode\u003e371\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eimproved: :meth:\u003ccode\u003e~.Terminal.ljust\u003c/code\u003e, :meth:\u003ccode\u003e~.Terminal.rjust\u003c/code\u003e, and :meth:\u003ccode\u003e~.Terminal.center\u003c/code\u003e\nnow measure text containing hyperlinks, Kitty text sizing protocol sequences, and overtyping\n(backspace/cursor-left with painter's algorithm), introduced by wcwidth_ 0.7.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jquast/blessed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `boto3` from 1.42.96 to 1.43.8\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/7a82579873d86998d560b8d06b3564c743918cd8\"\u003e\u003ccode\u003e7a82579\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.8'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/06a1d63a58620d394cc26a5e8582ed67eed3cb62\"\u003e\u003ccode\u003e06a1d63\u003c/code\u003e\u003c/a\u003e Bumping version to 1.43.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/2b6e7bd9d0d24c20f02df91f161ef2214fb53628\"\u003e\u003ccode\u003e2b6e7bd\u003c/code\u003e\u003c/a\u003e Add changelog entries from botocore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/e6aee5dccd2169966814e328eaebdd14b742a0e2\"\u003e\u003ccode\u003ee6aee5d\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.7'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/05566d2cd7e3d191a37a663c842eb849418ae7e9\"\u003e\u003ccode\u003e05566d2\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.7' into develop\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/37e8136684e7107a6f7343770873a3630d347731\"\u003e\u003ccode\u003e37e8136\u003c/code\u003e\u003c/a\u003e Bumping version to 1.43.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/4418d43f69ee005bf066dc5401b7cda83458c750\"\u003e\u003ccode\u003e4418d43\u003c/code\u003e\u003c/a\u003e Add changelog entries from botocore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/5e2df6190560507ab8ff05b4ea7712d0c4bfaf48\"\u003e\u003ccode\u003e5e2df61\u003c/code\u003e\u003c/a\u003e Bump urllib3 from 2.6.3 to 2.7.0 (\u003ca href=\"https://redirect.github.com/boto/boto3/issues/4787\"\u003e#4787\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/81a86c9b8923634ee3e9f887c3f7f5e1e312d693\"\u003e\u003ccode\u003e81a86c9\u003c/code\u003e\u003c/a\u003e Add CI for 3.14t (\u003ca href=\"https://redirect.github.com/boto/boto3/issues/4786\"\u003e#4786\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/f2ccf9f3738028afa9d5a6545e52f8520a31afe1\"\u003e\u003ccode\u003ef2ccf9f\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.6'\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/boto/boto3/compare/1.42.96...1.43.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `botocore` from 1.42.96 to 1.43.8\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/bd1fb2372c4cecbc93a44be838bb4a38fd23c3ee\"\u003e\u003ccode\u003ebd1fb23\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.8'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/d15b1246894c2be8ccaa8084abff4b6be9269f54\"\u003e\u003ccode\u003ed15b124\u003c/code\u003e\u003c/a\u003e Bumping version to 1.43.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/b9f0f7fc6f0dc0541b14d8aadec4d92c64dc585f\"\u003e\u003ccode\u003eb9f0f7f\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/ec174c1f3b8580736cbd783c9f79ed70cf9eb4c7\"\u003e\u003ccode\u003eec174c1\u003c/code\u003e\u003c/a\u003e Update to latest models\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/74501ceccf44a7def602007d2a870a17b7b742ec\"\u003e\u003ccode\u003e74501ce\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.7'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/d6831a55afbdfa2dc51314e73997ce89dc533836\"\u003e\u003ccode\u003ed6831a5\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.7' into develop\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/0e63dbed5a6270383200219af4a55e41f08ae72d\"\u003e\u003ccode\u003e0e63dbe\u003c/code\u003e\u003c/a\u003e Bumping version to 1.43.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/840e09fa3d9c0bd4b84601bdd1bb34e1ea2beb57\"\u003e\u003ccode\u003e840e09f\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/8228777f8858256515a6875366425acdc74b1c41\"\u003e\u003ccode\u003e8228777\u003c/code\u003e\u003c/a\u003e Update to latest models\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/b63fa4bfc0587ca55a8684d18a82b86904ab234e\"\u003e\u003ccode\u003eb63fa4b\u003c/code\u003e\u003c/a\u003e Bump urllib3 from 2.6.3 to 2.7.0 (\u003ca href=\"https://redirect.github.com/boto/botocore/issues/3702\"\u003e#3702\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/boto/botocore/compare/1.42.96...1.43.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 47.0.0 to 48.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e48.0.0 - 2026-05-04\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **BACKWARDS INCOMPATIBLE:** Support for Python 3.8 has been removed.\n  ``cryptography`` now requires Python 3.9 or later.\n* **BACKWARDS INCOMPATIBLE:** Loading an X.509 CRL whose inner\n  ``TBSCertList.signature`` algorithm does not match the outer\n  ``signatureAlgorithm`` now raises ``ValueError``. Previously, such CRLs\n  were parsed successfully and only rejected during signature validation.\n* Added support for :doc:`/hazmat/primitives/asymmetric/mlkem` and\n  :doc:`/hazmat/primitives/asymmetric/mldsa` when using OpenSSL 3.5.0 or\n  later, in addition to the existing AWS-LC and BoringSSL support. This means\n  post-quantum algorithms are now available to users of our wheels.\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Going forward, we do not guarantee that all functionality\u003cbr /\u003e\nin \u003ccode\u003ecryptography\u003c/code\u003e will be available when building against\u003cbr /\u003e\nOpenSSL. See :doc:\u003ccode\u003e/statements/state-of-openssl\u003c/code\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v47-0-0:\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/8e03e30e3aae01632a697e903e3593c924f0139d\"\u003e\u003ccode\u003e8e03e30\u003c/code\u003e\u003c/a\u003e bump for 48.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14796\"\u003e#14796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/295e0d254ef31ab864730aa41312ec355416ee71\"\u003e\u003ccode\u003e295e0d2\u003c/code\u003e\u003c/a\u003e Add AGENTS.md with CLAUDE.md symlink (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14794\"\u003e#14794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/104a2de19e268a433e6da92be9cb872dcf0003c8\"\u003e\u003ccode\u003e104a2de\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14793\"\u003e#14793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/67ec1e51988195e17993d2edef5258b27509b926\"\u003e\u003ccode\u003e67ec1e5\u003c/code\u003e\u003c/a\u003e call check_length early on AesSiv::encrypt (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14792\"\u003e#14792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/b2da57a0d9e4bfd2b95364299091a18f74127b26\"\u003e\u003ccode\u003eb2da57a\u003c/code\u003e\u003c/a\u003e changelog for mldsa/mlkem for openssl (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14791\"\u003e#14791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/3cf44adee25c368d4a136e072fa9f80465d91eb0\"\u003e\u003ccode\u003e3cf44ad\u003c/code\u003e\u003c/a\u003e ML-KEM OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14781\"\u003e#14781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e31639666766f846fbab2c605879db0fa64fe83\"\u003e\u003ccode\u003e2e31639\u003c/code\u003e\u003c/a\u003e ML-DSA OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14773\"\u003e#14773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/5affe5a286a986fdf512c4a5cb280d28a96c10e3\"\u003e\u003ccode\u003e5affe5a\u003c/code\u003e\u003c/a\u003e fix rust nightly clippy (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14790\"\u003e#14790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e73ca448eaf64b6f0d4ffbb794cf96170cef5ec\"\u003e\u003ccode\u003e2e73ca4\u003c/code\u003e\u003c/a\u003e bump rust-openssl dep and update EcPoint::mul_generator to mul_generator2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/82ebd3b9f49d49ad5fd8b4b1f1dd02487b6e1466\"\u003e\u003ccode\u003e82ebd3b\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14785\"\u003e#14785\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/47.0.0...48.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `django` from 5.2.13 to 6.0.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/8f8ad09659d728423a00e0a3b5f16da5c3a38e24\"\u003e\u003ccode\u003e8f8ad09\u003c/code\u003e\u003c/a\u003e [6.0.x] Bumped version for 6.0.5 release.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/44ad76efcbe3c4ca0f08bb9dabe916f6374596c9\"\u003e\u003ccode\u003e44ad76e\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed CVE-2026-6907 -- Prevented caching of requests when Vary header...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/1b0184aa657bc3f5859aeb0206e7c1e94e48b103\"\u003e\u003ccode\u003e1b0184a\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed CVE-2026-35192 -- Ensured Vary header is sent when setting sess...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/ad8f9e19e0897ea45ded7c046ff28daf6f773e92\"\u003e\u003ccode\u003ead8f9e1\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed CVE-2026-5766 -- Enforced DATA_UPLOAD_MAX_MEMORY_SIZE in Memory...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/990ab01e70fd8f55e867b4a234c0ee242fd33fec\"\u003e\u003ccode\u003e990ab01\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed \u003ca href=\"https://redirect.github.com/django/django/issues/37039\"\u003e#37039\u003c/a\u003e -- Removed outdated note from QuerySet.iterator() docs.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/f0c269f285ab58bfb4a120141d7dd41ff4f42b45\"\u003e\u003ccode\u003ef0c269f\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed typo in stub release notes for 5.2.14.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/8bcd15beeff6542acc381b83f50b061d62284c2b\"\u003e\u003ccode\u003e8bcd15b\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed \u003ca href=\"https://redirect.github.com/django/django/issues/37067\"\u003e#37067\u003c/a\u003e -- Added trailing slash in django_file_prefixes().\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/3cdec6454fb86e8d03a06944c0c68025733ed93f\"\u003e\u003ccode\u003e3cdec64\u003c/code\u003e\u003c/a\u003e [6.0.x] Refs CVE-2026-25674 -- Clarified role of umask in upload permissions.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/5dd5c70cf1056e8e04badb687f773e8f16bba257\"\u003e\u003ccode\u003e5dd5c70\u003c/code\u003e\u003c/a\u003e [6.0.x] Added stub release notes and release date for 6.0.5 and 5.2.14.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/8ee73415270a1a54daaec9bb529ad82c6f7a6d4c\"\u003e\u003ccode\u003e8ee7341\u003c/code\u003e\u003c/a\u003e [6.0.x] Refs \u003ca href=\"https://redirect.github.com/django/django/issues/373\"\u003e#373\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/django/django/issues/34122\"\u003e#34122\u003c/a\u003e -- Removed warning that ForeignObject is an interna...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/django/django/compare/5.2.13...6.0.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `django-allauth` from 65.14.3 to 65.16.1\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sponsors/pennersr/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `django-otp` from 1.3.0 to 1.7.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/django-otp/django-otp/blob/master/CHANGES.rst\"\u003edjango-otp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.7.0 - January 07, 2026 - Async support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[#185](https://github.com/django-otp/django-otp/issues/185)\u003c/code\u003e_: Make OTPMiddleware async capable\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Aljosha Papsch.\u003c/p\u003e\n\u003cp\u003e.. _\u003ca href=\"https://redirect.github.com/django-otp/django-otp/issues/185\"\u003e#185\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/django-otp/django-otp/pull/185\"\u003edjango-otp/django-otp#185\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.6.3 - October 25, 2025 - Spanish update\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[#182](https://github.com/django-otp/django-otp/issues/182)\u003c/code\u003e_: Correct missing Spanish translations\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[#181](https://github.com/django-otp/django-otp/issues/181)\u003c/code\u003e_: Wrong :rtype: in StaticToken.random_token docstring\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _\u003ca href=\"https://redirect.github.com/django-otp/django-otp/issues/181\"\u003e#181\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/django-otp/django-otp/issues/181\"\u003edjango-otp/django-otp#181\u003c/a\u003e\n.. _\u003ca href=\"https://redirect.github.com/django-otp/django-otp/issues/182\"\u003e#182\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/django-otp/django-otp/pull/182\"\u003edjango-otp/django-otp#182\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.6.2 - October 21, 2025 - Cleanup\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[#179](https://github.com/django-otp/django-otp/issues/179)\u003c/code\u003e_: Add missing gettext strings\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[#180](https://github.com/django-otp/django-otp/issues/180)\u003c/code\u003e_: Remove tests from wheels\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _\u003ca href=\"https://redirect.github.com/django-otp/django-otp/issues/179\"\u003e#179\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/django-otp/django-otp/pull/179\"\u003edjango-otp/django-otp#179\u003c/a\u003e\n.. _\u003ca href=\"https://redirect.github.com/django-otp/django-otp/issues/180\"\u003e#180\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/django-otp/django-otp/pull/180\"\u003edjango-otp/django-otp#180\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.6.1 - July 08, 2025 - Small improvements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAllow a {token} placeholder in :setting:\u003ccode\u003eOTP_EMAIL_SUBJECT\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.0 - April 02, 2025 - Django 5.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate test matrix for Django 5.2.\u003c/li\u003e\n\u003cli\u003eRemove support for Django 3.2.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.5.4 - September 06, 2024 - Ignore proxy models when enumerating device classes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[#161](https://github.com/django-otp/django-otp/issues/161)\u003c/code\u003e_: Discard proxied models when iterating device models\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _\u003ca href=\"https://redirect.github.com/django-otp/django-otp/issues/161\"\u003e#161\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/django-otp/django-otp/pull/161\"\u003edjango-otp/django-otp#161\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/fc0d50b6f66da10fad250ce1640f0385f3229f48\"\u003e\u003ccode\u003efc0d50b\u003c/code\u003e\u003c/a\u003e Version 1.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/56e4ce3b5618de5d5a8a24c9eb709b51802ad06b\"\u003e\u003ccode\u003e56e4ce3\u003c/code\u003e\u003c/a\u003e Refactor test utilities\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/8c4d4c23649316c55dad6a79fb06fa975e5e4702\"\u003e\u003ccode\u003e8c4d4c2\u003c/code\u003e\u003c/a\u003e Update test matrix for Django 6.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/0ac4ff33aa88fa73c12aa60713881481116a6d5f\"\u003e\u003ccode\u003e0ac4ff3\u003c/code\u003e\u003c/a\u003e Cleanup and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/b10df0d8cb94c8242ca48bbcea3d307b553808a5\"\u003e\u003ccode\u003eb10df0d\u003c/code\u003e\u003c/a\u003e Make OTPMiddleware async capable. (\u003ca href=\"https://redirect.github.com/django-otp/django-otp/issues/185\"\u003e#185\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/81211794b8cc9c8befc6c8330b6652d3c4e78fd5\"\u003e\u003ccode\u003e8121179\u003c/code\u003e\u003c/a\u003e Raise requires-python to 3.8.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/38b7ebabd7b4817aec92f884d448eeb462e82108\"\u003e\u003ccode\u003e38b7eba\u003c/code\u003e\u003c/a\u003e Version 1.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/b9026d7025da45b0144c99e91b5286c734448012\"\u003e\u003ccode\u003eb9026d7\u003c/code\u003e\u003c/a\u003e Correct Missing Spanish Translations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/ae18ba95bd03534e15583d456572f86ea2f41442\"\u003e\u003ccode\u003eae18ba9\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/django-otp/django-otp/issues/181\"\u003e#181\u003c/a\u003e: misdocumented return type.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/c9eef89240985293e0c9f197d0257a5352cfb62d\"\u003e\u003ccode\u003ec9eef89\u003c/code\u003e\u003c/a\u003e Version 1.6.2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/django-otp/django-otp/compare/v1.3.0...v1.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `django-q2` from 1.9.0 to 1.10.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/GDay/django-q2/releases\"\u003edjango-q2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.10.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Fix incorrect signal import by \u003ca href=\"https://github.com/noHairMan\"\u003e\u003ccode\u003e@​noHairMan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/308\"\u003edjango-q2/django-q2#308\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd worker-process post-execute signal by \u003ca href=\"https://github.com/prollings\"\u003e\u003ccode\u003e@​prollings\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/309\"\u003edjango-q2/django-q2#309\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003easync_iter: fix BadSignature after the default Django cache expires by \u003ca href=\"https://github.com/mbachry\"\u003e\u003ccode\u003e@​mbachry\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/311\"\u003edjango-q2/django-q2#311\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat:add Simplified Chinese Translation by \u003ca href=\"https://github.com/lybcyd\"\u003e\u003ccode\u003e@​lybcyd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/314\"\u003edjango-q2/django-q2#314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocs: Update Django Q2 compatibility information by \u003ca href=\"https://github.com/nikodunk\"\u003e\u003ccode\u003e@​nikodunk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/316\"\u003edjango-q2/django-q2#316\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDon't close DB connection if async_task was called with \u003ccode\u003esync=True\u003c/code\u003e by \u003ca href=\"https://github.com/Eroica\"\u003e\u003ccode\u003e@​Eroica\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/301\"\u003edjango-q2/django-q2#301\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix: qmonitor crash when passing int values to term.center by \u003ca href=\"https://github.com/thesophile\"\u003e\u003ccode\u003e@​thesophile\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/319\"\u003edjango-q2/django-q2#319\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix unbounded growth of Broker.set_stat cluster master list by \u003ca href=\"https://github.com/Nick-Yawn\"\u003e\u003ccode\u003e@​Nick-Yawn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/322\"\u003edjango-q2/django-q2#322\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Python base image to 3.9-slim-bookworm by \u003ca href=\"https://github.com/7576457\"\u003e\u003ccode\u003e@​7576457\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/325\"\u003edjango-q2/django-q2#325\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add \u003ccode\u003eru\u003c/code\u003e locale and improve translations by \u003ca href=\"https://github.com/7576457\"\u003e\u003ccode\u003e@​7576457\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/320\"\u003edjango-q2/django-q2#320\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/noHairMan\"\u003e\u003ccode\u003e@​noHairMan\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/308\"\u003edjango-q2/django-q2#308\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prollings\"\u003e\u003ccode\u003e@​prollings\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/309\"\u003edjango-q2/django-q2#309\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mbachry\"\u003e\u003ccode\u003e@​mbachry\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/311\"\u003edjango-q2/django-q2#311\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lybcyd\"\u003e\u003ccode\u003e@​lybcyd\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/314\"\u003edjango-q2/django-q2#314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nikodunk\"\u003e\u003ccode\u003e@​nikodunk\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/316\"\u003edjango-q2/django-q2#316\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Eroica\"\u003e\u003ccode\u003e@​Eroica\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/301\"\u003edjango-q2/django-q2#301\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thesophile\"\u003e\u003ccode\u003e@​thesophile\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/319\"\u003edjango-q2/django-q2#319\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Nick-Yawn\"\u003e\u003ccode\u003e@​Nick-Yawn\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/322\"\u003edjango-q2/django-q2#322\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/7576457\"\u003e\u003ccode\u003e@​7576457\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/325\"\u003edjango-q2/django-q2#325\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/django-q2/django-q2/compare/v1.9.0...v1.10.0\"\u003ehttps://github.com/django-q2/django-q2/compare/v1.9.0...v1.10.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/django-q2/django-q2/blob/master/CHANGELOG.md\"\u003edjango-q2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/django-q2/django-q2/tree/v1.10.0\"\u003ev1.10.0\u003c/a\u003e (2026-05-01)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Fix incorrect signal import (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/308\"\u003e#308\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/308\"\u003edjango-q2/django-q2#308\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd post_execute_in_worker signal (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/309\"\u003e#309\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/309\"\u003edjango-q2/django-q2#309\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix BadSignature after the default Django cache expires (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/311\"\u003e#311\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/311\"\u003edjango-q2/django-q2#311\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat:add Simplified Chinese Translation (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/314\"\u003e#314\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/314\"\u003edjango-q2/django-q2#314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Django Q2 compatibility information (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/316\"\u003e#316\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/316\"\u003edjango-q2/django-q2#316\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDon't close DB connection if async_task was called with sync=True (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/301\"\u003e#301\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/301\"\u003edjango-q2/django-q2#301\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConvert queue size and count to string in monitor (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/319\"\u003e#319\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/319\"\u003edjango-q2/django-q2#319\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix unbounded growth of Broker.set_stat cluster master list (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/322\"\u003e#322\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/322\"\u003edjango-q2/django-q2#322\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Python base image to 3.9-slim-bookworm (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/325\"\u003e#325\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/325\"\u003edjango-q2/django-q2#325\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add ru locale and improve translations (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/320\"\u003e#320\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/320\"\u003edjango-q2/django-q2#320\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/a699578c345f78b5f7faa5e34b6ccaf886ae7fd8\"\u003e\u003ccode\u003ea699578\u003c/code\u003e\u003c/a\u003e Release v1.10.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/5975a2d081db4fd6582f829e0df0dd9263ca4e28\"\u003e\u003ccode\u003e5975a2d\u003c/code\u003e\u003c/a\u003e feat: add \u003ccode\u003eru\u003c/code\u003e locale and improve translations (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/320\"\u003e#320\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/936fdd10b134dca4c5de020ca74b178742fd923e\"\u003e\u003ccode\u003e936fdd1\u003c/code\u003e\u003c/a\u003e Update Python base image to 3.9-slim-bookworm (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/325\"\u003e#325\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/fab97463c2e724e46204fe8eab92a1a9bb8aebb2\"\u003e\u003ccode\u003efab9746\u003c/code\u003e\u003c/a\u003e Fix unbounded growth of Broker.set_stat cluster master list (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/322\"\u003e#322\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/1abdc5b653d9d5c362a6fb4a73df2d08acdc642e\"\u003e\u003ccode\u003e1abdc5b\u003c/code\u003e\u003c/a\u003e Convert queue size and count to string in monitor (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/319\"\u003e#319\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/01df35c92332801c21d8f12351e6b02c72608490\"\u003e\u003ccode\u003e01df35c\u003c/code\u003e\u003c/a\u003e Don't close DB connection if async_task was called with \u003ccode\u003esync=True\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/301\"\u003e#301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/573b8da528c00a1fe8accf959d14e3af4a8f4e2a\"\u003e\u003ccode\u003e573b8da\u003c/code\u003e\u003c/a\u003e Update Django Q2 compatibility information (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/316\"\u003e#316\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/8a563d289dc63f587d23237437f84af0f611d049\"\u003e\u003ccode\u003e8a563d2\u003c/code\u003e\u003c/a\u003e feat:add Simplified Chinese Translation (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/314\"\u003e#314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/1b0f71a39b80c49f0fcbb9a41b54b5dfaff0c175\"\u003e\u003ccode\u003e1b0f71a\u003c/code\u003e\u003c/a\u003e Fix BadSignature after the default Django cache expires (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/311\"\u003e#311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/b51575a4b03dfd4c22da6b948dddb35e2a243bef\"\u003e\u003ccode\u003eb51575a\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003epost_execute_in_worker\u003c/code\u003e signal (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/309\"\u003e#309\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/GDay/django-q2/compare/v1.9.0...v1.10.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dulwich` from 1.2.0 to 1.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dulwich/dulwich/releases\"\u003edulwich's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003edulwich-1.2.1\u003c/h2\u003e\n\u003ch2\u003eChanges since 1.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDerive the LFS endpoint as the remote's on-disk LFS store\n(\u003ccode\u003e\u0026lt;remote\u0026gt;/.git/lfs\u003c/code\u003e for worktrees, \u003ccode\u003e\u0026lt;remote\u0026gt;/lfs\u003c/code\u003e for bare repos)\nwhen \u003ccode\u003eremote.origin.url\u003c/code\u003e points at a local filesystem path or\n\u003ccode\u003efile://\u003c/code\u003e URL, matching git-lfs behaviour. Previously the built-in\nsmudge filter constructed an HTTP-style \u003ccode\u003e\u0026lt;remote\u0026gt;.git/info/lfs\u003c/code\u003e path\nthat did not exist on disk, leaving LFS-tracked files as pointers\nwhen cloning from a local repo.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeduplicate objects when writing a multi-pack-index. Objects present\nin multiple packs (e.g. after \u003ccode\u003egit gc\u003c/code\u003e creates a cruft pack) would\notherwise produce an OIDL chunk with repeated SHAs, causing\n\u003ccode\u003egit multi-pack-index verify\u003c/code\u003e to fail with \u0026quot;oid lookup out of order\u0026quot;.\n(\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2152\"\u003e#2152\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eExtend ignorecase and precomposeunicode support to index lookups.\n(\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/1807\"\u003e#1807\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jelmer/dulwich/blob/main/NEWS\"\u003edulwich's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e1.2.1\t2026-04-29\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRecover from concurrent pack removals (e.g. a racing \u003ccode\u003egit repack\u003c/code\u003e or\n\u003ccode\u003egit gc --auto\u003c/code\u003e) instead of raising spurious \u003ccode\u003eKeyError\u003c/code\u003e /\n\u003ccode\u003eFileNotFoundError\u003c/code\u003e. \u003ccode\u003ePack.index\u003c/code\u003e and \u003ccode\u003ePack.data\u003c/code\u003e now translate\n\u003ccode\u003eFileNotFoundError\u003c/code\u003e during lazy load into \u003ccode\u003ePackFileDisappeared\u003c/code\u003e,\nand \u003ccode\u003ePackBasedObjectStore\u003c/code\u003e evicts the stale pack and rescans the\npack directory before retrying — equivalent to git's\n\u003ccode\u003ereprepare_packed_git()\u003c/code\u003e. (Jelmer Vernooij, \u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2159\"\u003e#2159\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDerive the LFS endpoint as the remote's on-disk LFS store\n(\u003ccode\u003e\u0026lt;remote\u0026gt;/.git/lfs\u003c/code\u003e for worktrees, \u003ccode\u003e\u0026lt;remote\u0026gt;/lfs\u003c/code\u003e for bare repos)\nwhen \u003ccode\u003eremote.origin.url\u003c/code\u003e points at a local filesystem path or\n\u003ccode\u003efile://\u003c/code\u003e URL, matching git-lfs behaviour. Previously the built-in\nsmudge filter constructed an HTTP-style \u003ccode\u003e\u0026lt;remote\u0026gt;.git/info/lfs\u003c/code\u003e path\nthat did not exist on disk, leaving LFS-tracked files as pointers when\ncloning from a local repo. (Jelmer Vernooij)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeduplicate objects when writing a multi-pack-index. Objects present\nin multiple packs (e.g. after \u003ccode\u003egit gc\u003c/code\u003e creates a cruft pack) would\notherwise produce an OIDL chunk with repeated SHAs, causing \u003ccode\u003egit multi-pack-index verify\u003c/code\u003e to fail with \u0026quot;oid lookup out of order\u0026quot;.\n(Jelmer Vernooij, \u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2152\"\u003e#2152\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eExtend ignorecase and precomposeunicode support to index lookups.\n(Jelmer Vernooij, \u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/1807\"\u003e#1807\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/57806b8a4d041cd18bf84ba8d715f4dd0bc5e200\"\u003e\u003ccode\u003e57806b8\u003c/code\u003e\u003c/a\u003e Release 1.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/a127d330de1ef497935146bcd978211d9894787f\"\u003e\u003ccode\u003ea127d33\u003c/code\u003e\u003c/a\u003e Honor GIT_PROTOCOL env var when picking default protocol version (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/1862\"\u003e#1862\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2149\"\u003e#2149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/6c1697a108757766aba71624422a93900f2a867a\"\u003e\u003ccode\u003e6c1697a\u003c/code\u003e\u003c/a\u003e lfs: derive correct file:// LFS endpoint from local remote URL (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2161\"\u003e#2161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/6685fde81a717d91d747953c2f9277939ea5ab6b\"\u003e\u003ccode\u003e6685fde\u003c/code\u003e\u003c/a\u003e lfs: use pathlib.Path.as_uri() for portable file:// URLs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/0d0b9f8d205eb45660d81d1efc5b7ff1fc579e61\"\u003e\u003ccode\u003e0d0b9f8\u003c/code\u003e\u003c/a\u003e Migrate from testrepository to inquest (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2160\"\u003e#2160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/a0dac57db7ba8a6d9fe67d1cf4303cef306647a2\"\u003e\u003ccode\u003ea0dac57\u003c/code\u003e\u003c/a\u003e Migrate from testrepository to inquest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/cd6ebd90fc8f2f1b267db29c418c12c7ebb971a3\"\u003e\u003ccode\u003ecd6ebd9\u003c/code\u003e\u003c/a\u003e lfs: derive correct file:// LFS endpoint from local remote URL\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/bfaf192aaba90df54e4e7b07bba11a28cf36012b\"\u003e\u003ccode\u003ebfaf192\u003c/code\u003e\u003c/a\u003e Disable background processes to prevent issues with races (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2158\"\u003e#2158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/06d7afdeb87f742bdfff93563fd0acd042473b0a\"\u003e\u003ccode\u003e06d7afd\u003c/code\u003e\u003c/a\u003e Move GIT_SSH/GIT_SSH_COMMAND env lookup from client.py to cli.py (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2156\"\u003e#2156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/e60e0c1a4d44441d2f6edfc01ba5098d2ed24cf0\"\u003e\u003ccode\u003ee60e0c1\u003c/code\u003e\u003c/a\u003e Disable background processes to prevent issues with races\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/dulwich/dulwich/compare/dulwich-1.2.0...dulwich-1.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fonttools` from 4.62.1 to 4.63.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fonttools/fonttools/releases\"\u003efonttools's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.63.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[ttLib] Add support for Apple Color Emoji \u003ccode\u003ebgcl\u003c/code\u003e table (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4065\"\u003e#4065\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[ttLib] Add support for \u003ccode\u003eIFT\u003c/code\u003e and \u003ccode\u003eIFTX\u003c/code\u003e tables (Incremental Font Transfer, PatchMapFormat2) (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4070\"\u003e#4070\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4072\"\u003e#4072\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[otData] Introduce \u003ccode\u003eFieldSpec\u003c/code\u003e dataclass for OpenType table schema definitions, replacing raw tuples in \u003ccode\u003eotData.py\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4076\"\u003e#4076\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[Feat] Show \u003ccode\u003ename\u003c/code\u003e table strings as comments next to label IDs in TTX output, matching the convention used by \u003ccode\u003efvar\u003c/code\u003e, \u003ccode\u003eSTAT\u003c/code\u003e, \u003ccode\u003etrak\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4089\"\u003e#4089\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cu2qu] Fix Cython complex-division rounding difference in \u003ccode\u003esplit_cubic_into_three\u003c/code\u003e that could cause ±1 off-curve coordinate shifts (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/3928\"\u003e#3928\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4083\"\u003e#4083\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[designspaceLib] Fix \u003ccode\u003emap_backward\u003c/code\u003e\u003ccode\u003egooglefonts/ufo2ft#978\u003c/code\u003e\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4085\"\u003e#4085\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[OS/2] Fix \u003ccode\u003esetUnicodeRanges\u003c/code\u003e to accept reserved bits 123-127, restoring round-trip with \u003ccode\u003egetUnicodeRanges\u003c/code\u003e and fixing \u003ccode\u003erecalcUnicodeRanges\u003c/code\u003e crash in the subsetter (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4087\"\u003e#4087\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4088\"\u003e#4088\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cython] Declare Cython extensions as free-threading compatible on Python 3.13+, so that importing them on free-threaded Python no longer re-enables the GIL (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4073\"\u003e#4073\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4090\"\u003e#4090\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fonttools/fonttools/blob/main/NEWS.rst\"\u003efonttools's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.63.0 (released 2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[ttLib] Add support for Apple Color Emoji \u003ccode\u003ebgcl\u003c/code\u003e table (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4065\"\u003e#4065\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[ttLib] Add support for \u003ccode\u003eIFT\u003c/code\u003e and \u003ccode\u003eIFTX\u003c/code\u003e tables (Incremental Font Transfer,\nPatchMapFormat2) (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4070\"\u003e#4070\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4072\"\u003e#4072\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[otData] Introduce \u003ccode\u003eFieldSpec\u003c/code\u003e dataclass for OpenType table schema definitions,\nreplacing raw tuples in \u003ccode\u003eotData.py\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4076\"\u003e#4076\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[Feat] Show \u003ccode\u003ename\u003c/code\u003e table strings as comments next to label IDs in TTX output,\nmatching the convention used by \u003ccode\u003efvar\u003c/code\u003e, \u003ccode\u003eSTAT\u003c/code\u003e, \u003ccode\u003etrak\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4089\"\u003e#4089\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cu2qu] Fix Cython complex-division rounding difference in\n\u003ccode\u003esplit_cubic_into_three\u003c/code\u003e that could cause ±1 off-curve coordinate shifts\n(\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/3928\"\u003e#3928\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4083\"\u003e#4083\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[designspaceLib] Fix \u003ccode\u003emap_backward\u003c/code\u003e for many-to-one (flat-segment) axis maps\nthat silently dropped entries via dict comprehension\n\u003ccode\u003egooglefonts/ufo2ft#978\u003c/code\u003e\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4085\"\u003e#4085\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[OS/2] Fix \u003ccode\u003esetUnicodeRanges\u003c/code\u003e to accept reserved bits 123-127, restoring\nround-trip with \u003ccode\u003egetUnicodeRanges\u003c/code\u003e and fixing \u003ccode\u003erecalcUnicodeRanges\u003c/code\u003e crash\nin the subsetter (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4087\"\u003e#4087\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4088\"\u003e#4088\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cython] Declare Cython extensions as free-threading compatible on Python 3.13+,\nso that importing them on free-threaded Python no longer re-enables the GIL\n(\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4073\"\u003e#4073\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4090\"\u003e#4090\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/978d9edccb60ea0e5fbad7015cb11817c3532328\"\u003e\u003ccode\u003e978d9ed\u003c/code\u003e\u003c/a\u003e Release 4.63.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/6b40ecb6f13e076916044ecd8f0fc13ab5f957f6\"\u003e\u003ccode\u003e6b40ecb\u003c/code\u003e\u003c/a\u003e Add changelog entries for 4.63.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/382a35fb5e96c6ff38a1e7775a24e20bf122a66d\"\u003e\u003ccode\u003e382a35f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4090\"\u003e#4090\u003c/a\u003e from fonttools/fix-freethreading-compat\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/0e999b55f05ad0dd8423f389673a32de9c5199bb\"\u003e\u003ccode\u003e0e999b5\u003c/code\u003e\u003c/a\u003e Declare Cython extensions as free-threading compatible\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/9e55ea54c184b0d4c0830525f72e69c6c1a32691\"\u003e\u003ccode\u003e9e55ea5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4089\"\u003e#4089\u003c/a\u003e from fonttools/graphite-feat-labels\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/e84db3ab426a251256ebec7904c03dc73e25932b\"\u003e\u003ccode\u003ee84db3a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4088\"\u003e#4088\u003c/a\u003e from fonttools/fix-setUnicodeRanges-bits-123-127\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/d6eabd1edf7bfa950b6b85c393e4c185dee36d7f\"\u003e\u003ccode\u003ed6eabd1\u003c/code\u003e\u003c/a\u003e Feat: show name table strings as comments next to label IDs in ttx\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/7d0902b2e27ec1433b015b3b8a79391d7c8604cb\"\u003e\u003ccode\u003e7d0902b\u003c/code\u003e\u003c/a\u003e OS/2: fix setUnicodeRanges round-trip for reserved bits 123-127\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/06e266ce70ec578d549c2df0e180a84d9323baf2\"\u003e\u003ccode\u003e06e266c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4085\"\u003e#4085\u003c/a\u003e from fonttools/fix-map-backward-non-injective\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/6d64598a63f83bcd59d29cf3f22dd25343bd9688\"\u003e\u003ccode\u003e6d64598\u003c/code\u003e\u003c/a\u003e Add more tests for map_backward with many-to-one axis maps\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fonttools/fonttools/compare/4.62.1...4.63.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `googleapis-common-protos` from 1.74.0 to 1.75.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/google-cloud-python/releases\"\u003egoogleapis-common-protos's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003egoogleapis-common-protos: v1.75.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/compare/googleapis-common-protos-v1.74.0...googleapis-common-protos-v1.75.0\"\u003ev1.75.0\u003c/a\u003e (2026-05-06)\u003c/h2\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/3997a108c45e1c1df8e844746eb2af4b1a77e154\"\u003e\u003ccode\u003e3997a10\u003c/code\u003e\u003c/a\u003e chore: librarian release pull request: 20260506T163115Z (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16964\"\u003e#16964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/f655e492c0879684b60a7d06e90501dd49e96252\"\u003e\u003ccode\u003ef655e49\u003c/code\u003e\u003c/a\u003e chore: add type annotation to SYNCPOINTS (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16973\"\u003e#16973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/f149bd7dd30489c3165bf03a2343dc9f75875451\"\u003e\u003ccode\u003ef149bd7\u003c/code\u003e\u003c/a\u003e refactor(bigframes): Modularize compiler routing as proxy executor (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16907\"\u003e#16907\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/19db82f5cb033215531e5b65239e45275e3ed568\"\u003e\u003ccode\u003e19db82f\u003c/code\u003e\u003c/a\u003e chore(bigframes): remove leftover support for Python \u0026lt;= 3.9 (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16961\"\u003e#16961\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/2dedaacf0666ade39ae89194ad8dbc34761bd1df\"\u003e\u003ccode\u003e2dedaac\u003c/code\u003e\u003c/a\u003e chore: test CommonResource resource name alias (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16965\"\u003e#16965\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/9652a08cb89441fac779eb4fa4d6f48f33b55d3b\"\u003e\u003ccode\u003e9652a08\u003c/code\u003e\u003c/a\u003e fix: pass resource aliases to file-level CommonResources (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16945\"\u003e#16945\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/78a48b040a2abc0bf19ebe267aba0a1f410df2e6\"\u003e\u003ccode\u003e78a48b0\u003c/code\u003e\u003c/a\u003e fix(google-cloud-core): Drop support for Python 3.9 (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16953\"\u003e#16953\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/5975c48186dd8798b172ac442fd55bc7fece1612\"\u003e\u003ccode\u003e5975c48\u003c/code\u003e\u003c/a\u003e fix(dns): Drop support for Python 3.9 (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16954\"\u003e#16954\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/d5bea2e99b435b8b3d75321679072db092001de6\"\u003e\u003ccode\u003ed5bea2e\u003c/code\u003e\u003c/a\u003e fix(crc32c): Drop support for Python 3.8 and 3.9 (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16955\"\u003e#16955\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/63f6d96c1c5569b5fdaea85dfe995ce280907b98\"\u003e\u003ccode\u003e63f6d96\u003c/code\u003e\u003c/a\u003e fix(sqlalchemy-bigquery): Drop support for Python 3.8 and 3.9 (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16956\"\u003e#16956\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/googleapis/google-cloud-python/compare/googleapis-common-protos-v1.74.0...googleapis-common-protos-v1.75.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `gunicorn` from 25.3.0 to 26.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/benoitc/gunicorn/releases\"\u003egunicorn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.0.0\u003c/h2\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eEventlet worker removed\u003c/strong\u003e: The \u003ccode\u003eeventlet\u003c/code\u003e worker class has been dropped. Migrate to \u003ccode\u003egevent\u003c/code\u003e, \u003ccode\u003egthread\u003c/code\u003e, or \u003ccode\u003etornado\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eASGI Framework Compatibility Suite\u003c/strong\u003e: New end-to-end compatibility test harness covering Starlette, FastAPI, Litestar, Quart, Sanic, and BlackSheep. Current grid passes 438/444 tests (98%).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eASGI Test Suite Expansion\u003c/strong\u003e: 134 additional ASGI unit tests covering protocol semantics, lifespan, websockets, and chunked framing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP/1.1 Request-Target Validation\u003c/strong\u003e (RFC 9112 sections 3.2.3, 3.2.4):\n\u003cul\u003e\n\u003cli\u003eReject \u003ccode\u003eauthority-form\u003c/code\u003e request-target outside \u003ccode\u003eCONNECT\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eReject \u003ccode\u003easterisk-form\u003c/code\u003e request-target outside \u003ccode\u003eOPTIONS\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eReject \u003ccode\u003erelative-reference\u003c/code\u003e request-targets\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHeader Field Hardening\u003c/strong\u003e (RFC 9110):\n\u003cul\u003e\n\u003cli\u003eReject control characters in header field-value (section 5.5)\u003c/li\u003e\n\u003cli\u003eReject forbidden trailer field-names (section 6.5.1)\u003c/li\u003e\n\u003cli\u003eReject \u003ccode\u003eContent-Length\u003c/code\u003e list form (RFC 9112 section 6.3)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRequest Smuggling Hardening\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eTighten keepalive gate and scope \u003ccode\u003efinish_body\u003c/code\u003e byte cap\u003c/li\u003e\n\u003cli\u003eKeep \u003ccode\u003e_body_receiver\u003c/code\u003e alive across the keepalive smuggling gate so pipelined requests cannot re-enter a closed body\u003c/li\u003e\n\u003cli\u003eAddress parser/protocol findings from a six-point WSGI/ASGI audit\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePROXY Protocol (ASGI)\u003c/strong\u003e: Enforce \u003ccode\u003eproxy_allow_ips\u003c/code\u003e and tighten v1/v2 parsing in the ASGI callback parser.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eConnection Draining\u003c/strong\u003e: Drain the connection on close per RFC 9112 section 9.6 to prevent reset-on-close truncation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBody Framing on HEAD/204/304\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eKeep \u003ccode\u003eContent-Length\u003c/code\u003e on HEAD and 304 responses (\u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3621\"\u003e#3621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop body framing on HEAD/204/304 even when the framework set it\u003c/li\u003e\n\u003cli\u003eWarn once when an ASGI app emits a body for a no-body response\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP/2 ASGI\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003e_handle_stream_ended\u003c/code\u003e to set \u003ccode\u003e_body_complete\u003c/code\u003e in the async HTTP/2 handler so request bodies finalize correctly on stream end\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eInvalidChunkExtension\u003c/code\u003e mapping and fast-parser support in ASGI tests (\u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3565\"\u003e#3565\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP/1.1 100-Continue\u003c/strong\u003e: Stop adding \u003ccode\u003eTransfer-Encoding: chunked\u003c/code\u003e to 100-Continue interim responses.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eWebSocket Close Handshake\u003c/strong\u003e (RFC 6455):\n\u003cul\u003e\n\u003cli\u003eComply with the close handshake state machine\u003c/li\u003e\n\u003cli\u003eClose the transport after the close handshake completes\u003c/li\u003e\n\u003cli\u003eFix binary send when the \u003ccode\u003etext\u003c/code\u003e key is \u003ccode\u003eNone\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eEarly Hints\u003c/strong\u003e: Validate headers in the \u003ccode\u003eearly_hints\u003c/code\u003e callback to match \u003ccode\u003eprocess_headers\u003c/code\u003e; pass only the header name to \u003ccode\u003eInvalidHeader\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3588\"\u003e#3588\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eASGI Framework Fixes\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eFix ASGI disconnect handling for Django-style apps\u003c/li\u003e\n\u003cli\u003eFix Litestar request handling (use raw ASGI receive for body/headers)\u003c/li\u003e\n\u003cli\u003eFix Litestar HTTP endpoints for compatibility tests\u003c/li\u003e\n\u003cli\u003eFix Quart headers endpoint to normalize keys to lowercase\u003c/li\u003e\n\u003cli\u003eFix Quart WebSocket close test app (missing \u003ccode\u003eaccept()\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eFix duplicate \u003ccode\u003eTransfer-Encoding\u003c/code\u003e header for BlackSheep streaming\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/5d819cf36040f6cc6175fcc804d703fb899509dd\"\u003e\u003ccode\u003e5d819cf\u003c/code\u003e\u003c/a\u003e release: 26.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/b45c70df105f7d5dcbc5abfb732804d6464edc21\"\u003e\u003ccode\u003eb45c70d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3611\"\u003e#3611\u003c/a\u003e from zc-mattcen/docs-typo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/99c8d48acf453deb5c49fe12e195dbc00d888d1e\"\u003e\u003ccode\u003e99c8d48\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3623\"\u003e#3623\u003c/a\u003e from benoitc/chore/drop-eventlet-add-h2-uvloop-test-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/5a655af50f20e005dd9e32e6078dc82fa45f3d4b\"\u003e\u003ccode\u003e5a655af\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3622\"\u003e#3622\u003c/a\u003e from benoitc/test/docker-port-and-ipv4-fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/201df19a8011c0a1d6a0e75ebe22e89d48eb935e\"\u003e\u003ccode\u003e201df19\u003c/code\u003e\u003c/a\u003e chore: remove eventlet worker; add h2 and uvloop to test deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/f4ac8e1f1bf1d365e77f41915da55bec31873f84\"\u003e\u003ccode\u003ef4ac8e1\u003c/code\u003e\u003c/a\u003e test: pass action name to dirty client and stabilize after TTOU spam\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/54d38afddf1f0db0c15b5f4ff63f3c7bfad96961\"\u003e\u003ccode\u003e54d38af\u003c/code\u003e\u003c/a\u003e test: unblock docker fixtures on macOS hosts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/68843c8893dd938456f0a2da62085ab5776f8871\"\u003e\u003ccode\u003e68843c8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3621\"\u003e#3621\u003c/a\u003e from benoitc/fix/asgi-preserve-content-length-on-hea...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/31f2618f733cc0c78690df63f4e344aaf3f56b20\"\u003e\u003ccode\u003e31f2618\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3620\"\u003e#3620\u003c/a\u003e from benoitc/fix/asgi-proxy-protocol-trust-and-parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/41ec7527dbd8a9e52728477700707ad40e41d9dc\"\u003e\u003ccode\u003e41ec752\u003c/code\u003e\u003c/a\u003e fix: keep Content-Length on HEAD and 304 responses\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/benoitc/gunicorn/compare/25.3.0...26.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `icalendar` from 7.0.3 to 7.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/collective/icalendar/releases\"\u003eicalendar's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.1.0\u003c/h2\u003e\n\u003cp\u003eTo view the changes, please see the \u003ca href=\"https://icalendar.readthedocs.io/en/latest/changelog.html\"\u003eChangelog\u003c/a\u003e. This release can be installed from \u003ca href=\"https://pypi.org/project/icalendar/#history\"\u003ePyPI\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/collective/icalendar/blob/main/CHANGES.rst\"\u003eicalendar's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e7.1.0 (2026-04-30)\u003c/h2\u003e\n\u003cp\u003eMinor changes\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Deprecate ``icalendar.parser.escape_string`` and ``icalendar.parser.unescape_string`` for icalendar version 8. Use ``_escape_string`` and ``_unescape_string`` internally. :issue:`1011`\n- Added behavioral tests for :class:`~icalendar.cal.lazy.LazyCalendar` covering serialization round-trips, ``.todos``, ``.journals``, forward timezone references, and ``with_uid()`` substring false-positives. :issue:`1050`\n- Added edge case tests for :class:`~icalendar.prop.conference.Conference` parameter normalization covering string passthrough, empty list filtering, and ``None`` omission. :issue:`925`\n- Make icalendar an explicit editable install for clarity. :pr:`1268`\n- Do not run some tests until a pull request is approved. :pr:`1246`\n- Mark skipped CI tasks as skipped instead of running them. :issue:`1286`\n- Created an :meth:`~icalendar.prop.boolean.vBoolean.ical_value` property for the :class:`~icalendar.prop.boolean.vBoolean` component. :issue:`876`\n- Created an :meth:`~icalendar.prop.float.vFloat.ical_value` property for the :class:`~icalendar.prop.float.vFloat` component. :issue:`876`\n- Created an :meth:`~icalendar.prop.integer.vInt.ical_value` property for the :class:`~icalendar.prop.integer.vInt` component. :issue:`876`\n- Created an :meth:`~icalendar.prop.binary.vBinary.ical_value` property for the :class:`~icalendar.prop.binary.vBinary` component. :issue:`876`\n- Put the link check as the last documentation CI task, allowing the documentation build and Vale to run first and fail faster. :pr:`1295`\n- Extended :func:`~icalendar.timezone.tzp.TZP.localize` to support localizing both :class:`datetime.datetime` and :class:`datetime.time` objects, returning timezone-aware :class:`datetime.time` objects for the latter. :issue:`1142`\n- Add type hints to tests directory functions. :issue:`938`\n- Update to Contributor Covenant 3.0 Code of Conduct, hosted at https://pycal.org/code-of-conduct/.\n\u003cp\u003eNew features\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Added :class:`~icalendar.cal.lazy.LazyCalendar` for lazy parsing of subcomponents. :issue:`158`, :issue:`1050`\n- Updated :func:`icalendar.prop.dt.time.vTime.from_ical` to support parsing time values with TZID parameters, returning timezone-aware :class:`datetime.time` objects. :issue:`1142`\n- Added ``subcomponents`` parameter to :meth:`Component.new \u0026amp;lt;icalendar.cal.component.Component.new\u0026amp;gt;`, :meth:`Event.new \u0026amp;lt;icalendar.cal.event.Event.new\u0026amp;gt;`, :meth:`Todo.new \u0026amp;lt;icalendar.cal.todo.Todo.new\u0026amp;gt;`, and :meth:`Availability.new \u0026amp;lt;icalendar.cal.availability.Availability.new\u0026amp;gt;`. :issue:`1065`\n- Switch to uv for development. :issue:`1102`\n\nBug fixes\n~~~~~~~~~\n\n- Allow lenient parsing of content lines with optional whitespace around property and parameter delimiters (for example, ``REFRESH - INTERVAL; VALUE = DURATION:PT48H``) when parsing calendars with ``strict=False``. :issue:`351`\n- X-properties with a ``VALUE`` parameter are now parsed using the correct type instead of falling back to :class:`~icalendar.prop.unkown.vUnkno...\n\n_Description has been truncated_","html_url":"https://github.com/invenhost/InvenTree/pull/342","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/invenhost%2FInvenTree/issues/342","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/342/packages"},{"uuid":"4498714060","node_id":"PR_kwDOF71pj87eJaX7","number":4587,"state":"closed","title":"build(deps): bump the dependencies group across 2 directories with 8 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-27T02:59:26.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-22T00:02:19.000Z","updated_at":"2026-05-27T02:59:29.000Z","time_to_close":442627,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"dependencies","update_count":8,"packages":[{"name":"pyjwt","old_version":"2.12.1","new_version":"2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"},{"name":"envoy-base-utils","old_version":"0.6.4","new_version":"0.6.5","repository_url":"https://github.com/envoyproxy/toolshed"},{"name":"protobuf","old_version":"7.34.1","new_version":"7.35.0","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"types-aiofiles","old_version":"25.1.0.20260508","new_version":"25.1.0.20260518","repository_url":"https://github.com/python/typeshed"},{"name":"types-protobuf","old_version":"7.34.1.20260508","new_version":"7.34.1.20260518","repository_url":"https://github.com/python/typeshed"},{"name":"types-pygments","old_version":"2.20.0.20260508","new_version":"2.20.0.20260518","repository_url":"https://github.com/python/typeshed"},{"name":"types-pyyaml","old_version":"6.0.12.20260508","new_version":"6.0.12.20260518","repository_url":"https://github.com/python/typeshed"}],"path":null,"ecosystem":"pip"},"body":"Bumps the dependencies group with 2 updates in the /ci directory: [envoy-code-check](https://github.com/envoyproxy/toolshed) and [pyjwt](https://github.com/jpadilla/pyjwt).\nBumps the dependencies group with 7 updates in the /py/deps directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.12.1` | `2.13.0` |\n| [envoy-base-utils](https://github.com/envoyproxy/toolshed) | `0.6.4` | `0.6.5` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `7.34.1` | `7.35.0` |\n| [types-aiofiles](https://github.com/python/typeshed) | `25.1.0.20260508` | `25.1.0.20260518` |\n| [types-protobuf](https://github.com/python/typeshed) | `7.34.1.20260508` | `7.34.1.20260518` |\n| [types-pygments](https://github.com/python/typeshed) | `2.20.0.20260508` | `2.20.0.20260518` |\n| [types-pyyaml](https://github.com/python/typeshed) | `6.0.12.20260508` | `6.0.12.20260518` |\n\n\nUpdates `envoy-code-check` from 0.5.14 to 0.6.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/envoyproxy/toolshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyjwt` from 2.12.1 to 2.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/releases\"\u003epyjwt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.13.0\u003c/h2\u003e\n\u003ch1\u003ePyJWT 2.13.0 — Security Release\u003c/h1\u003e\n\u003cp\u003eThis release bundles five security fixes plus three additional hardening / spec-compliance changes. We recommend all users upgrade.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\"\u003e\u003ccode\u003eGHSA-xgmm-8j9v-c9wx\u003c/code\u003e\u003c/a\u003e — JWK JSON accepted as HMAC secret (algorithm confusion).\u003c/strong\u003e \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e previously rejected PEM- and SSH-formatted asymmetric keys but did not catch a JWK passed as a raw JSON string. In a verifier configured with both symmetric and asymmetric algorithms in \u003ccode\u003ealgorithms=[…]\u003c/code\u003e and a raw-JSON JWK as the key, an attacker could forge HS256 tokens using the JWK text as the HMAC secret. The guard has been extended to reject any JWK-shaped JSON. \u003cem\u003eReported by \u003ca href=\"https://github.com/aradona91\"\u003e\u003ccode\u003e@​aradona91\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\"\u003e\u003ccode\u003eGHSA-jq35-7prp-9v3f\u003c/code\u003e\u003c/a\u003e — Algorithm allow-list bypass with \u003ccode\u003ePyJWK\u003c/code\u003e / \u003ccode\u003ePyJWKClient\u003c/code\u003e.\u003c/strong\u003e When verifying with a \u003ccode\u003ePyJWK\u003c/code\u003e, the caller's \u003ccode\u003ealgorithms=[…]\u003c/code\u003e allow-list was checked against the token header \u003ccode\u003ealg\u003c/code\u003e as a string only; actual verification used the algorithm bound to the \u003ccode\u003ePyJWK\u003c/code\u003e. An attacker who controlled a registered JWKS key could sign with one algorithm and advertise another on the header. PyJWT now requires the token header \u003ccode\u003ealg\u003c/code\u003e to match the \u003ccode\u003ePyJWK\u003c/code\u003e's algorithm before verification. \u003cem\u003eReported by \u003ca href=\"https://github.com/sushi-gif\"\u003e\u003ccode\u003e@​sushi-gif\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\"\u003e\u003ccode\u003eGHSA-w7vc-732c-9m39\u003c/code\u003e\u003c/a\u003e — DoS via base64 decode of unused payload segment when \u003ccode\u003eb64=false\u003c/code\u003e.\u003c/strong\u003e For detached-payload JWS (\u003ccode\u003eb64=false\u003c/code\u003e), the compact-form payload segment was base64-decoded before being discarded in favor of the caller-supplied \u003ccode\u003edetached_payload\u003c/code\u003e. An attacker could inflate the unused segment to force CPU + memory cost without holding a valid signature. The segment is now required to be empty per RFC 7515 Appendix F, and is no longer decoded. \u003cem\u003eReported by \u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\"\u003e\u003ccode\u003eGHSA-993g-76c3-p5m4\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e accepts non-HTTP(S) URIs.\u003c/strong\u003e \u003ccode\u003ePyJWKClient.fetch_data\u003c/code\u003e passed its URI to \u003ccode\u003eurllib.request.urlopen\u003c/code\u003e, which by default also handles \u003ccode\u003efile://\u003c/code\u003e, \u003ccode\u003eftp://\u003c/code\u003e, and \u003ccode\u003edata:\u003c/code\u003e schemes. An application that fed an attacker-influenced URI into \u003ccode\u003ePyJWKClient\u003c/code\u003e could be coerced into reading local files or reaching other unintended schemes. \u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects any URI whose scheme isn't \u003ccode\u003ehttp\u003c/code\u003e or \u003ccode\u003ehttps\u003c/code\u003e. \u003cem\u003eReported by \u003ca href=\"https://github.com/KEIJOT\"\u003e\u003ccode\u003e@​KEIJOT\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\"\u003e\u003ccode\u003eGHSA-fhv5-28vv-h8m8\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e cache wiped on fetch error.\u003c/strong\u003e A \u003ccode\u003efinally\u003c/code\u003e-block \u003ccode\u003eput(jwk_set=None)\u003c/code\u003e cleared the JWK Set cache whenever a fetch raised, turning a transient JWKS-endpoint outage into application-wide auth failure. The cache write was moved into the success path; transient errors no longer evict valid cached keys. \u003cem\u003eReported by \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReject empty HMAC keys outright in \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e with \u003ccode\u003eInvalidKeyError\u003c/code\u003e instead of accepting them with only a warning. Defends against the \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e footgun. \u003cem\u003eThanks to \u003ca href=\"https://github.com/SnailSploit\"\u003e\u003ccode\u003e@​SnailSploit\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/spartan8806\"\u003e\u003ccode\u003e@​spartan8806\u003c/code\u003e\u003c/a\u003e for the reports.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003eForward per-call \u003ccode\u003eoptions\u003c/code\u003e (including \u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e) from \u003ccode\u003ePyJWT.decode\u003c/code\u003e through to \u003ccode\u003ePyJWS._verify_signature\u003c/code\u003e. The option was previously silently dropped between the two layers, so it only took effect when set on the \u003ccode\u003ePyJWT\u003c/code\u003e instance. \u003cem\u003eThanks to \u003ca href=\"https://github.com/WLUB\"\u003e\u003ccode\u003e@​WLUB\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRFC 7797 §3 compliance for \u003ccode\u003eb64=false\u003c/code\u003e:\u003c/strong\u003e the encoder now auto-adds \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e to \u003ccode\u003ecrit\u003c/code\u003e, and the decoder rejects tokens that set \u003ccode\u003eb64=false\u003c/code\u003e without listing it in \u003ccode\u003ecrit\u003c/code\u003e. \u003cem\u003eThanks to \u003ca href=\"https://github.com/MachineLearning-Nerd\"\u003e\u003ccode\u003e@​MachineLearning-Nerd\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups, by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/pull/1152\"\u003e#1152\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUpgrade notes\u003c/h2\u003e\n\u003cp\u003eMost fixes are invisible to correctly-configured callers. A few behavioral changes you may encounter:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eEmpty HMAC keys now raise.\u003c/strong\u003e If your app passed \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e or \u003ccode\u003eb\u0026quot;\u0026quot;\u003c/code\u003e as a secret (often via a missing env var, e.g. \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e), \u003ccode\u003eencode\u003c/code\u003e/\u003ccode\u003edecode\u003c/code\u003e will now raise \u003ccode\u003eInvalidKeyError\u003c/code\u003e. This is the intended behavior — fix the configuration.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWK\u003c/code\u003e decoding now requires the token's \u003ccode\u003ealg\u003c/code\u003e to match the JWK's algorithm.\u003c/strong\u003e Previously a mismatch was silently honored if the header \u003ccode\u003ealg\u003c/code\u003e appeared in the allow-list. Tokens that relied on this mismatch will now fail with \u003ccode\u003eInvalidAlgorithmError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects non-HTTP(S) URIs at construction time.\u003c/strong\u003e Tests or dev environments that fetched JWKS from \u003ccode\u003efile://\u003c/code\u003e URIs need to switch to a local HTTP server or load the JWKS by other means (e.g. construct \u003ccode\u003ePyJWKSet.from_dict(...)\u003c/code\u003e directly).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eb64=false\u003c/code\u003e tokens are now strictly RFC 7515 / 7797 compliant.\u003c/strong\u003e Tokens with a non-empty compact-form payload segment, or that omit \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e from \u003ccode\u003ecrit\u003c/code\u003e, will be rejected. PyJWT-produced tokens always satisfy both invariants, so round-trips through PyJWT are unaffected.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e set per-call now takes effect.\u003c/strong\u003e Callers who passed \u003ccode\u003eoptions={\u0026quot;enforce_minimum_key_length\u0026quot;: True}\u003c/code\u003e to \u003ccode\u003ejwt.decode()\u003c/code\u003e previously got no enforcement; they will now get \u003ccode\u003eInvalidKeyError\u003c/code\u003e on undersized keys, as documented.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull changelog:\u003c/strong\u003e \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ehttps://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst\"\u003epyjwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003ev2.13.0 \u0026lt;https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u0026gt;\u003c/code\u003e__\u003c/h2\u003e\n\u003cp\u003eSecurity\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject JWK JSON documents passed as raw HMAC secrets in\n  ``HMACAlgorithm.prepare_key`` to close an algorithm-confusion gap that\n  the existing PEM/SSH guard did not cover. Reported by @aradona91 in\n  `GHSA-xgmm-8j9v-c9wx \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\u0026gt;`__.\n- Bind the JWT header ``alg`` to ``PyJWK.algorithm_name`` during\n  verification so the caller's ``algorithms=[...]`` allow-list cannot be\n  bypassed when decoding with a ``PyJWK`` / ``PyJWKClient`` key. Reported\n  by @sushi-gif in `GHSA-jq35-7prp-9v3f \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\u0026gt;`__.\n- Reject non-``http(s)`` URI schemes in ``PyJWKClient`` so attacker-\n  influenced URIs cannot read local files or reach unintended schemes via\n  urllib's default ``file://`` / ``ftp://`` / ``data:`` handlers. Reported\n  by @KEIJOT in `GHSA-993g-76c3-p5m4 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\u0026gt;`__.\n- Preserve the cached JWK Set on fetch errors in ``PyJWKClient.fetch_data``.\n  The previous ``finally``-block ``put(None)`` pattern cleared the cache\n  on any transient outage, turning one bad JWKS request into application-\n  wide auth failure. Reported by @eddieran in `GHSA-fhv5-28vv-h8m8 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\u0026gt;`__.\n- Skip the unconditional base64 decode of the compact-form payload segment\n  when ``b64=false`` is set in the protected header, and require that\n  segment to be empty (RFC 7515 Appendix F detached form). Closes an\n  unauthenticated DoS amplifier. Reported by @thesmartshadow in\n  `GHSA-w7vc-732c-9m39 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\u0026gt;`__.\n\u003cp\u003eFixed\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject empty HMAC keys outright in ``HMACAlgorithm.prepare_key`` with\n  ``InvalidKeyError`` instead of accepting them with only a warning.\n  Thanks to @SnailSploit and @spartan8806 for independently flagging the\n  footgun.\n- Forward per-call ``options`` (including ``enforce_minimum_key_length``)\n  from ``PyJWT.decode`` through to ``PyJWS._verify_signature`` so the\n  option actually takes effect when set at the call site rather than only\n  on the ``PyJWT`` instance. Thanks to @WLUB for the report.\n- RFC 7797 §3 compliance for ``b64=false``: the encoder now auto-adds\n  ``\u0026amp;quot;b64\u0026amp;quot;`` to the ``crit`` header parameter, and the decoder rejects\n  tokens that set ``b64=false`` without listing it in ``crit``. Thanks to\n  @MachineLearning-Nerd for the report.\n\nChanged\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ccode\u003e[#1152](https://github.com/jpadilla/pyjwt/issues/1152) \u0026amp;lt;https://github.com/jpadilla/pyjwt/pull/1152\u0026amp;gt;\u003c/code\u003e__\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/7144e4534c34810f4525dc4578a32addd8212cff\"\u003e\u003ccode\u003e7144e45\u003c/code\u003e\u003c/a\u003e Apply ruff format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/d2f4bec4963897c0ef96ef64a875894f2c8542ab\"\u003e\u003ccode\u003ed2f4bec\u003c/code\u003e\u003c/a\u003e Restore \u003ccode\u003ecast()\u003c/code\u003e calls with cross-version \u003ccode\u003etype: ignore\u003c/code\u003e for \u003ccode\u003eprepare_key\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/22f478cebddd8294259c30f037ecb92b0b348774\"\u003e\u003ccode\u003e22f478c\u003c/code\u003e\u003c/a\u003e Remove redundant casts in \u003ccode\u003eRSAAlgorithm.prepare_key\u003c/code\u003e and `ECAlgorithm.prepare...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/95791b1759b8aa4f2203575d344d5c78564cdc81\"\u003e\u003ccode\u003e95791b1\u003c/code\u003e\u003c/a\u003e Bundle security fixes and hardening into 2.13.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/dcc27a9d3182a2349c30b160758785c6ce7a6508\"\u003e\u003ccode\u003edcc27a9\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1155\"\u003e#1155\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/9d08a9a1896845ed8eaf88e6f6ac61e5800c3e7a\"\u003e\u003ccode\u003e9d08a9a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1146\"\u003e#1146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/b87c10014d4109f0214fea188d00faaaf8a80e64\"\u003e\u003ccode\u003eb87c100\u003c/code\u003e\u003c/a\u003e Bump codecov/codecov-action from 5 to 6 (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1154\"\u003e#1154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/40e3147eb5f790d8d041772e5fc00728a176c812\"\u003e\u003ccode\u003e40e3147\u003c/code\u003e\u003c/a\u003e Migrate development extras to dependency groups (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1152\"\u003e#1152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyjwt` from 2.12.1 to 2.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/releases\"\u003epyjwt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.13.0\u003c/h2\u003e\n\u003ch1\u003ePyJWT 2.13.0 — Security Release\u003c/h1\u003e\n\u003cp\u003eThis release bundles five security fixes plus three additional hardening / spec-compliance changes. We recommend all users upgrade.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\"\u003e\u003ccode\u003eGHSA-xgmm-8j9v-c9wx\u003c/code\u003e\u003c/a\u003e — JWK JSON accepted as HMAC secret (algorithm confusion).\u003c/strong\u003e \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e previously rejected PEM- and SSH-formatted asymmetric keys but did not catch a JWK passed as a raw JSON string. In a verifier configured with both symmetric and asymmetric algorithms in \u003ccode\u003ealgorithms=[…]\u003c/code\u003e and a raw-JSON JWK as the key, an attacker could forge HS256 tokens using the JWK text as the HMAC secret. The guard has been extended to reject any JWK-shaped JSON. \u003cem\u003eReported by \u003ca href=\"https://github.com/aradona91\"\u003e\u003ccode\u003e@​aradona91\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\"\u003e\u003ccode\u003eGHSA-jq35-7prp-9v3f\u003c/code\u003e\u003c/a\u003e — Algorithm allow-list bypass with \u003ccode\u003ePyJWK\u003c/code\u003e / \u003ccode\u003ePyJWKClient\u003c/code\u003e.\u003c/strong\u003e When verifying with a \u003ccode\u003ePyJWK\u003c/code\u003e, the caller's \u003ccode\u003ealgorithms=[…]\u003c/code\u003e allow-list was checked against the token header \u003ccode\u003ealg\u003c/code\u003e as a string only; actual verification used the algorithm bound to the \u003ccode\u003ePyJWK\u003c/code\u003e. An attacker who controlled a registered JWKS key could sign with one algorithm and advertise another on the header. PyJWT now requires the token header \u003ccode\u003ealg\u003c/code\u003e to match the \u003ccode\u003ePyJWK\u003c/code\u003e's algorithm before verification. \u003cem\u003eReported by \u003ca href=\"https://github.com/sushi-gif\"\u003e\u003ccode\u003e@​sushi-gif\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\"\u003e\u003ccode\u003eGHSA-w7vc-732c-9m39\u003c/code\u003e\u003c/a\u003e — DoS via base64 decode of unused payload segment when \u003ccode\u003eb64=false\u003c/code\u003e.\u003c/strong\u003e For detached-payload JWS (\u003ccode\u003eb64=false\u003c/code\u003e), the compact-form payload segment was base64-decoded before being discarded in favor of the caller-supplied \u003ccode\u003edetached_payload\u003c/code\u003e. An attacker could inflate the unused segment to force CPU + memory cost without holding a valid signature. The segment is now required to be empty per RFC 7515 Appendix F, and is no longer decoded. \u003cem\u003eReported by \u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\"\u003e\u003ccode\u003eGHSA-993g-76c3-p5m4\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e accepts non-HTTP(S) URIs.\u003c/strong\u003e \u003ccode\u003ePyJWKClient.fetch_data\u003c/code\u003e passed its URI to \u003ccode\u003eurllib.request.urlopen\u003c/code\u003e, which by default also handles \u003ccode\u003efile://\u003c/code\u003e, \u003ccode\u003eftp://\u003c/code\u003e, and \u003ccode\u003edata:\u003c/code\u003e schemes. An application that fed an attacker-influenced URI into \u003ccode\u003ePyJWKClient\u003c/code\u003e could be coerced into reading local files or reaching other unintended schemes. \u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects any URI whose scheme isn't \u003ccode\u003ehttp\u003c/code\u003e or \u003ccode\u003ehttps\u003c/code\u003e. \u003cem\u003eReported by \u003ca href=\"https://github.com/KEIJOT\"\u003e\u003ccode\u003e@​KEIJOT\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\"\u003e\u003ccode\u003eGHSA-fhv5-28vv-h8m8\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e cache wiped on fetch error.\u003c/strong\u003e A \u003ccode\u003efinally\u003c/code\u003e-block \u003ccode\u003eput(jwk_set=None)\u003c/code\u003e cleared the JWK Set cache whenever a fetch raised, turning a transient JWKS-endpoint outage into application-wide auth failure. The cache write was moved into the success path; transient errors no longer evict valid cached keys. \u003cem\u003eReported by \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReject empty HMAC keys outright in \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e with \u003ccode\u003eInvalidKeyError\u003c/code\u003e instead of accepting them with only a warning. Defends against the \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e footgun. \u003cem\u003eThanks to \u003ca href=\"https://github.com/SnailSploit\"\u003e\u003ccode\u003e@​SnailSploit\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/spartan8806\"\u003e\u003ccode\u003e@​spartan8806\u003c/code\u003e\u003c/a\u003e for the reports.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003eForward per-call \u003ccode\u003eoptions\u003c/code\u003e (including \u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e) from \u003ccode\u003ePyJWT.decode\u003c/code\u003e through to \u003ccode\u003ePyJWS._verify_signature\u003c/code\u003e. The option was previously silently dropped between the two layers, so it only took effect when set on the \u003ccode\u003ePyJWT\u003c/code\u003e instance. \u003cem\u003eThanks to \u003ca href=\"https://github.com/WLUB\"\u003e\u003ccode\u003e@​WLUB\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRFC 7797 §3 compliance for \u003ccode\u003eb64=false\u003c/code\u003e:\u003c/strong\u003e the encoder now auto-adds \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e to \u003ccode\u003ecrit\u003c/code\u003e, and the decoder rejects tokens that set \u003ccode\u003eb64=false\u003c/code\u003e without listing it in \u003ccode\u003ecrit\u003c/code\u003e. \u003cem\u003eThanks to \u003ca href=\"https://github.com/MachineLearning-Nerd\"\u003e\u003ccode\u003e@​MachineLearning-Nerd\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups, by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/pull/1152\"\u003e#1152\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUpgrade notes\u003c/h2\u003e\n\u003cp\u003eMost fixes are invisible to correctly-configured callers. A few behavioral changes you may encounter:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eEmpty HMAC keys now raise.\u003c/strong\u003e If your app passed \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e or \u003ccode\u003eb\u0026quot;\u0026quot;\u003c/code\u003e as a secret (often via a missing env var, e.g. \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e), \u003ccode\u003eencode\u003c/code\u003e/\u003ccode\u003edecode\u003c/code\u003e will now raise \u003ccode\u003eInvalidKeyError\u003c/code\u003e. This is the intended behavior — fix the configuration.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWK\u003c/code\u003e decoding now requires the token's \u003ccode\u003ealg\u003c/code\u003e to match the JWK's algorithm.\u003c/strong\u003e Previously a mismatch was silently honored if the header \u003ccode\u003ealg\u003c/code\u003e appeared in the allow-list. Tokens that relied on this mismatch will now fail with \u003ccode\u003eInvalidAlgorithmError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects non-HTTP(S) URIs at construction time.\u003c/strong\u003e Tests or dev environments that fetched JWKS from \u003ccode\u003efile://\u003c/code\u003e URIs need to switch to a local HTTP server or load the JWKS by other means (e.g. construct \u003ccode\u003ePyJWKSet.from_dict(...)\u003c/code\u003e directly).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eb64=false\u003c/code\u003e tokens are now strictly RFC 7515 / 7797 compliant.\u003c/strong\u003e Tokens with a non-empty compact-form payload segment, or that omit \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e from \u003ccode\u003ecrit\u003c/code\u003e, will be rejected. PyJWT-produced tokens always satisfy both invariants, so round-trips through PyJWT are unaffected.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e set per-call now takes effect.\u003c/strong\u003e Callers who passed \u003ccode\u003eoptions={\u0026quot;enforce_minimum_key_length\u0026quot;: True}\u003c/code\u003e to \u003ccode\u003ejwt.decode()\u003c/code\u003e previously got no enforcement; they will now get \u003ccode\u003eInvalidKeyError\u003c/code\u003e on undersized keys, as documented.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull changelog:\u003c/strong\u003e \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ehttps://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst\"\u003epyjwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003ev2.13.0 \u0026lt;https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u0026gt;\u003c/code\u003e__\u003c/h2\u003e\n\u003cp\u003eSecurity\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject JWK JSON documents passed as raw HMAC secrets in\n  ``HMACAlgorithm.prepare_key`` to close an algorithm-confusion gap that\n  the existing PEM/SSH guard did not cover. Reported by @aradona91 in\n  `GHSA-xgmm-8j9v-c9wx \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\u0026gt;`__.\n- Bind the JWT header ``alg`` to ``PyJWK.algorithm_name`` during\n  verification so the caller's ``algorithms=[...]`` allow-list cannot be\n  bypassed when decoding with a ``PyJWK`` / ``PyJWKClient`` key. Reported\n  by @sushi-gif in `GHSA-jq35-7prp-9v3f \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\u0026gt;`__.\n- Reject non-``http(s)`` URI schemes in ``PyJWKClient`` so attacker-\n  influenced URIs cannot read local files or reach unintended schemes via\n  urllib's default ``file://`` / ``ftp://`` / ``data:`` handlers. Reported\n  by @KEIJOT in `GHSA-993g-76c3-p5m4 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\u0026gt;`__.\n- Preserve the cached JWK Set on fetch errors in ``PyJWKClient.fetch_data``.\n  The previous ``finally``-block ``put(None)`` pattern cleared the cache\n  on any transient outage, turning one bad JWKS request into application-\n  wide auth failure. Reported by @eddieran in `GHSA-fhv5-28vv-h8m8 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\u0026gt;`__.\n- Skip the unconditional base64 decode of the compact-form payload segment\n  when ``b64=false`` is set in the protected header, and require that\n  segment to be empty (RFC 7515 Appendix F detached form). Closes an\n  unauthenticated DoS amplifier. Reported by @thesmartshadow in\n  `GHSA-w7vc-732c-9m39 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\u0026gt;`__.\n\u003cp\u003eFixed\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject empty HMAC keys outright in ``HMACAlgorithm.prepare_key`` with\n  ``InvalidKeyError`` instead of accepting them with only a warning.\n  Thanks to @SnailSploit and @spartan8806 for independently flagging the\n  footgun.\n- Forward per-call ``options`` (including ``enforce_minimum_key_length``)\n  from ``PyJWT.decode`` through to ``PyJWS._verify_signature`` so the\n  option actually takes effect when set at the call site rather than only\n  on the ``PyJWT`` instance. Thanks to @WLUB for the report.\n- RFC 7797 §3 compliance for ``b64=false``: the encoder now auto-adds\n  ``\u0026amp;quot;b64\u0026amp;quot;`` to the ``crit`` header parameter, and the decoder rejects\n  tokens that set ``b64=false`` without listing it in ``crit``. Thanks to\n  @MachineLearning-Nerd for the report.\n\nChanged\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ccode\u003e[#1152](https://github.com/jpadilla/pyjwt/issues/1152) \u0026amp;lt;https://github.com/jpadilla/pyjwt/pull/1152\u0026amp;gt;\u003c/code\u003e__\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/7144e4534c34810f4525dc4578a32addd8212cff\"\u003e\u003ccode\u003e7144e45\u003c/code\u003e\u003c/a\u003e Apply ruff format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/d2f4bec4963897c0ef96ef64a875894f2c8542ab\"\u003e\u003ccode\u003ed2f4bec\u003c/code\u003e\u003c/a\u003e Restore \u003ccode\u003ecast()\u003c/code\u003e calls with cross-version \u003ccode\u003etype: ignore\u003c/code\u003e for \u003ccode\u003eprepare_key\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/22f478cebddd8294259c30f037ecb92b0b348774\"\u003e\u003ccode\u003e22f478c\u003c/code\u003e\u003c/a\u003e Remove redundant casts in \u003ccode\u003eRSAAlgorithm.prepare_key\u003c/code\u003e and `ECAlgorithm.prepare...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/95791b1759b8aa4f2203575d344d5c78564cdc81\"\u003e\u003ccode\u003e95791b1\u003c/code\u003e\u003c/a\u003e Bundle security fixes and hardening into 2.13.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/dcc27a9d3182a2349c30b160758785c6ce7a6508\"\u003e\u003ccode\u003edcc27a9\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1155\"\u003e#1155\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/9d08a9a1896845ed8eaf88e6f6ac61e5800c3e7a\"\u003e\u003ccode\u003e9d08a9a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1146\"\u003e#1146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/b87c10014d4109f0214fea188d00faaaf8a80e64\"\u003e\u003ccode\u003eb87c100\u003c/code\u003e\u003c/a\u003e Bump codecov/codecov-action from 5 to 6 (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1154\"\u003e#1154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/40e3147eb5f790d8d041772e5fc00728a176c812\"\u003e\u003ccode\u003e40e3147\u003c/code\u003e\u003c/a\u003e Migrate development extras to dependency groups (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1152\"\u003e#1152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyjwt` from 2.12.1 to 2.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/releases\"\u003epyjwt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.13.0\u003c/h2\u003e\n\u003ch1\u003ePyJWT 2.13.0 — Security Release\u003c/h1\u003e\n\u003cp\u003eThis release bundles five security fixes plus three additional hardening / spec-compliance changes. We recommend all users upgrade.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\"\u003e\u003ccode\u003eGHSA-xgmm-8j9v-c9wx\u003c/code\u003e\u003c/a\u003e — JWK JSON accepted as HMAC secret (algorithm confusion).\u003c/strong\u003e \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e previously rejected PEM- and SSH-formatted asymmetric keys but did not catch a JWK passed as a raw JSON string. In a verifier configured with both symmetric and asymmetric algorithms in \u003ccode\u003ealgorithms=[…]\u003c/code\u003e and a raw-JSON JWK as the key, an attacker could forge HS256 tokens using the JWK text as the HMAC secret. The guard has been extended to reject any JWK-shaped JSON. \u003cem\u003eReported by \u003ca href=\"https://github.com/aradona91\"\u003e\u003ccode\u003e@​aradona91\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\"\u003e\u003ccode\u003eGHSA-jq35-7prp-9v3f\u003c/code\u003e\u003c/a\u003e — Algorithm allow-list bypass with \u003ccode\u003ePyJWK\u003c/code\u003e / \u003ccode\u003ePyJWKClient\u003c/code\u003e.\u003c/strong\u003e When verifying with a \u003ccode\u003ePyJWK\u003c/code\u003e, the caller's \u003ccode\u003ealgorithms=[…]\u003c/code\u003e allow-list was checked against the token header \u003ccode\u003ealg\u003c/code\u003e as a string only; actual verification used the algorithm bound to the \u003ccode\u003ePyJWK\u003c/code\u003e. An attacker who controlled a registered JWKS key could sign with one algorithm and advertise another on the header. PyJWT now requires the token header \u003ccode\u003ealg\u003c/code\u003e to match the \u003ccode\u003ePyJWK\u003c/code\u003e's algorithm before verification. \u003cem\u003eReported by \u003ca href=\"https://github.com/sushi-gif\"\u003e\u003ccode\u003e@​sushi-gif\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\"\u003e\u003ccode\u003eGHSA-w7vc-732c-9m39\u003c/code\u003e\u003c/a\u003e — DoS via base64 decode of unused payload segment when \u003ccode\u003eb64=false\u003c/code\u003e.\u003c/strong\u003e For detached-payload JWS (\u003ccode\u003eb64=false\u003c/code\u003e), the compact-form payload segment was base64-decoded before being discarded in favor of the caller-supplied \u003ccode\u003edetached_payload\u003c/code\u003e. An attacker could inflate the unused segment to force CPU + memory cost without holding a valid signature. The segment is now required to be empty per RFC 7515 Appendix F, and is no longer decoded. \u003cem\u003eReported by \u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\"\u003e\u003ccode\u003eGHSA-993g-76c3-p5m4\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e accepts non-HTTP(S) URIs.\u003c/strong\u003e \u003ccode\u003ePyJWKClient.fetch_data\u003c/code\u003e passed its URI to \u003ccode\u003eurllib.request.urlopen\u003c/code\u003e, which by default also handles \u003ccode\u003efile://\u003c/code\u003e, \u003ccode\u003eftp://\u003c/code\u003e, and \u003ccode\u003edata:\u003c/code\u003e schemes. An application that fed an attacker-influenced URI into \u003ccode\u003ePyJWKClient\u003c/code\u003e could be coerced into reading local files or reaching other unintended schemes. \u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects any URI whose scheme isn't \u003ccode\u003ehttp\u003c/code\u003e or \u003ccode\u003ehttps\u003c/code\u003e. \u003cem\u003eReported by \u003ca href=\"https://github.com/KEIJOT\"\u003e\u003ccode\u003e@​KEIJOT\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\"\u003e\u003ccode\u003eGHSA-fhv5-28vv-h8m8\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e cache wiped on fetch error.\u003c/strong\u003e A \u003ccode\u003efinally\u003c/code\u003e-block \u003ccode\u003eput(jwk_set=None)\u003c/code\u003e cleared the JWK Set cache whenever a fetch raised, turning a transient JWKS-endpoint outage into application-wide auth failure. The cache write was moved into the success path; transient errors no longer evict valid cached keys. \u003cem\u003eReported by \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReject empty HMAC keys outright in \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e with \u003ccode\u003eInvalidKeyError\u003c/code\u003e instead of accepting them with only a warning. Defends against the \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e footgun. \u003cem\u003eThanks to \u003ca href=\"https://github.com/SnailSploit\"\u003e\u003ccode\u003e@​SnailSploit\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/spartan8806\"\u003e\u003ccode\u003e@​spartan8806\u003c/code\u003e\u003c/a\u003e for the reports.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003eForward per-call \u003ccode\u003eoptions\u003c/code\u003e (including \u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e) from \u003ccode\u003ePyJWT.decode\u003c/code\u003e through to \u003ccode\u003ePyJWS._verify_signature\u003c/code\u003e. The option was previously silently dropped between the two layers, so it only took effect when set on the \u003ccode\u003ePyJWT\u003c/code\u003e instance. \u003cem\u003eThanks to \u003ca href=\"https://github.com/WLUB\"\u003e\u003ccode\u003e@​WLUB\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRFC 7797 §3 compliance for \u003ccode\u003eb64=false\u003c/code\u003e:\u003c/strong\u003e the encoder now auto-adds \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e to \u003ccode\u003ecrit\u003c/code\u003e, and the decoder rejects tokens that set \u003ccode\u003eb64=false\u003c/code\u003e without listing it in \u003ccode\u003ecrit\u003c/code\u003e. \u003cem\u003eThanks to \u003ca href=\"https://github.com/MachineLearning-Nerd\"\u003e\u003ccode\u003e@​MachineLearning-Nerd\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups, by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/pull/1152\"\u003e#1152\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUpgrade notes\u003c/h2\u003e\n\u003cp\u003eMost fixes are invisible to correctly-configured callers. A few behavioral changes you may encounter:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eEmpty HMAC keys now raise.\u003c/strong\u003e If your app passed \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e or \u003ccode\u003eb\u0026quot;\u0026quot;\u003c/code\u003e as a secret (often via a missing env var, e.g. \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e), \u003ccode\u003eencode\u003c/code\u003e/\u003ccode\u003edecode\u003c/code\u003e will now raise \u003ccode\u003eInvalidKeyError\u003c/code\u003e. This is the intended behavior — fix the configuration.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWK\u003c/code\u003e decoding now requires the token's \u003ccode\u003ealg\u003c/code\u003e to match the JWK's algorithm.\u003c/strong\u003e Previously a mismatch was silently honored if the header \u003ccode\u003ealg\u003c/code\u003e appeared in the allow-list. Tokens that relied on this mismatch will now fail with \u003ccode\u003eInvalidAlgorithmError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects non-HTTP(S) URIs at construction time.\u003c/strong\u003e Tests or dev environments that fetched JWKS from \u003ccode\u003efile://\u003c/code\u003e URIs need to switch to a local HTTP server or load the JWKS by other means (e.g. construct \u003ccode\u003ePyJWKSet.from_dict(...)\u003c/code\u003e directly).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eb64=false\u003c/code\u003e tokens are now strictly RFC 7515 / 7797 compliant.\u003c/strong\u003e Tokens with a non-empty compact-form payload segment, or that omit \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e from \u003ccode\u003ecrit\u003c/code\u003e, will be rejected. PyJWT-produced tokens always satisfy both invariants, so round-trips through PyJWT are unaffected.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e set per-call now takes effect.\u003c/strong\u003e Callers who passed \u003ccode\u003eoptions={\u0026quot;enforce_minimum_key_length\u0026quot;: True}\u003c/code\u003e to \u003ccode\u003ejwt.decode()\u003c/code\u003e previously got no enforcement; they will now get \u003ccode\u003eInvalidKeyError\u003c/code\u003e on undersized keys, as documented.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull changelog:\u003c/strong\u003e \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ehttps://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst\"\u003epyjwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003ev2.13.0 \u0026lt;https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u0026gt;\u003c/code\u003e__\u003c/h2\u003e\n\u003cp\u003eSecurity\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject JWK JSON documents passed as raw HMAC secrets in\n  ``HMACAlgorithm.prepare_key`` to close an algorithm-confusion gap that\n  the existing PEM/SSH guard did not cover. Reported by @aradona91 in\n  `GHSA-xgmm-8j9v-c9wx \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\u0026gt;`__.\n- Bind the JWT header ``alg`` to ``PyJWK.algorithm_name`` during\n  verification so the caller's ``algorithms=[...]`` allow-list cannot be\n  bypassed when decoding with a ``PyJWK`` / ``PyJWKClient`` key. Reported\n  by @sushi-gif in `GHSA-jq35-7prp-9v3f \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\u0026gt;`__.\n- Reject non-``http(s)`` URI schemes in ``PyJWKClient`` so attacker-\n  influenced URIs cannot read local files or reach unintended schemes via\n  urllib's default ``file://`` / ``ftp://`` / ``data:`` handlers. Reported\n  by @KEIJOT in `GHSA-993g-76c3-p5m4 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\u0026gt;`__.\n- Preserve the cached JWK Set on fetch errors in ``PyJWKClient.fetch_data``.\n  The previous ``finally``-block ``put(None)`` pattern cleared the cache\n  on any transient outage, turning one bad JWKS request into application-\n  wide auth failure. Reported by @eddieran in `GHSA-fhv5-28vv-h8m8 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\u0026gt;`__.\n- Skip the unconditional base64 decode of the compact-form payload segment\n  when ``b64=false`` is set in the protected header, and require that\n  segment to be empty (RFC 7515 Appendix F detached form). Closes an\n  unauthenticated DoS amplifier. Reported by @thesmartshadow in\n  `GHSA-w7vc-732c-9m39 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\u0026gt;`__.\n\u003cp\u003eFixed\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject empty HMAC keys outright in ``HMACAlgorithm.prepare_key`` with\n  ``InvalidKeyError`` instead of accepting them with only a warning.\n  Thanks to @SnailSploit and @spartan8806 for independently flagging the\n  footgun.\n- Forward per-call ``options`` (including ``enforce_minimum_key_length``)\n  from ``PyJWT.decode`` through to ``PyJWS._verify_signature`` so the\n  option actually takes effect when set at the call site rather than only\n  on the ``PyJWT`` instance. Thanks to @WLUB for the report.\n- RFC 7797 §3 compliance for ``b64=false``: the encoder now auto-adds\n  ``\u0026amp;quot;b64\u0026amp;quot;`` to the ``crit`` header parameter, and the decoder rejects\n  tokens that set ``b64=false`` without listing it in ``crit``. Thanks to\n  @MachineLearning-Nerd for the report.\n\nChanged\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ccode\u003e[#1152](https://github.com/jpadilla/pyjwt/issues/1152) \u0026amp;lt;https://github.com/jpadilla/pyjwt/pull/1152\u0026amp;gt;\u003c/code\u003e__\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/7144e4534c34810f4525dc4578a32addd8212cff\"\u003e\u003ccode\u003e7144e45\u003c/code\u003e\u003c/a\u003e Apply ruff format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/d2f4bec4963897c0ef96ef64a875894f2c8542ab\"\u003e\u003ccode\u003ed2f4bec\u003c/code\u003e\u003c/a\u003e Restore \u003ccode\u003ecast()\u003c/code\u003e calls with cross-version \u003ccode\u003etype: ignore\u003c/code\u003e for \u003ccode\u003eprepare_key\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/22f478cebddd8294259c30f037ecb92b0b348774\"\u003e\u003ccode\u003e22f478c\u003c/code\u003e\u003c/a\u003e Remove redundant casts in \u003ccode\u003eRSAAlgorithm.prepare_key\u003c/code\u003e and `ECAlgorithm.prepare...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/95791b1759b8aa4f2203575d344d5c78564cdc81\"\u003e\u003ccode\u003e95791b1\u003c/code\u003e\u003c/a\u003e Bundle security fixes and hardening into 2.13.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/dcc27a9d3182a2349c30b160758785c6ce7a6508\"\u003e\u003ccode\u003edcc27a9\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1155\"\u003e#1155\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/9d08a9a1896845ed8eaf88e6f6ac61e5800c3e7a\"\u003e\u003ccode\u003e9d08a9a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1146\"\u003e#1146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/b87c10014d4109f0214fea188d00faaaf8a80e64\"\u003e\u003ccode\u003eb87c100\u003c/code\u003e\u003c/a\u003e Bump codecov/codecov-action from 5 to 6 (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1154\"\u003e#1154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/40e3147eb5f790d8d041772e5fc00728a176c812\"\u003e\u003ccode\u003e40e3147\u003c/code\u003e\u003c/a\u003e Migrate development extras to dependency groups (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1152\"\u003e#1152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `envoy-base-utils` from 0.6.4 to 0.6.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/envoyproxy/toolshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobuf` from 7.34.1 to 7.35.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make generator headers private (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add [[nodiscard]] to many APIs. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make the arena-enabled constructors of \u003ccode\u003eRepeatedField\u003c/code\u003e, \u003ccode\u003eRepeatedPtrField\u003c/code\u003e, and \u003ccode\u003eMap\u003c/code\u003e private. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() \u0026amp;\u0026amp; !is_repeated()) instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] All entity names have length limit (2afb0dc)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003egenerate_minimal_imports\u003c/code\u003e generation option warning (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Fix nullability annotations on some \u003ccode\u003eGPB*Dictionary\u003c/code\u003e types. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003e-[GPBFieldDescriptor optional]\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Other] Remove deprecated flag for enabling MSVC support (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  Add PHP typehints for setters and remove redundant GPBUtil checks (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25296\"\u003eprotocolbuffers/protobuf#25296\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  support default values for editions/proto2 (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25161\"\u003eprotocolbuffers/protobuf#25161\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_format/double_format from python proto text_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_precision from python proto json_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor.label (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/news/\"\u003eProtobuf News\u003c/a\u003e may include additional announcements or pre-announcements for upcoming changes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/support/migration/\"\u003eMigration Guide\u003c/a\u003e may include additional guidance for breaking changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBazel\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/25168\"\u003e#25168\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBreaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFeat(bazel): wire up prebuilt protoc toolchain (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/24115\"\u003e#24115\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrate \u003ccode\u003eproto_descriptor_set\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/23369\"\u003e#23369\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eCompiler\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRuby codegen: support generation of rbs files (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/15633\"\u003e#15633\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid collision name problems between a message named \u003ccode\u003eXyz\u003c/code\u003e and a direct sibling enum named \u003ccode\u003eXyzView\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneralizing and implementing ValidateFeatureSupport for both Options and Features during proto parsing (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug with custom features outside of the \u003ccode\u003epb\u003c/code\u003e package. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix import option handling when include_imports isn't set. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug in STRICT check of namespaced enums to properly check for 'reserved 1 to max' (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent accidental stripping of \u003ccode\u003edebug_redact\u003c/code\u003e options via import option. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eC++\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd EnumerateEnumValues function. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyjwt` from 2.12.1 to 2.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/releases\"\u003epyjwt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.13.0\u003c/h2\u003e\n\u003ch1\u003ePyJWT 2.13.0 — Security Release\u003c/h1\u003e\n\u003cp\u003eThis release bundles five security fixes plus three additional hardening / spec-compliance changes. We recommend all users upgrade.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\"\u003e\u003ccode\u003eGHSA-xgmm-8j9v-c9wx\u003c/code\u003e\u003c/a\u003e — JWK JSON accepted as HMAC secret (algorithm confusion).\u003c/strong\u003e \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e previously rejected PEM- and SSH-formatted asymmetric keys but did not catch a JWK passed as a raw JSON string. In a verifier configured with both symmetric and asymmetric algorithms in \u003ccode\u003ealgorithms=[…]\u003c/code\u003e and a raw-JSON JWK as the key, an attacker could forge HS256 tokens using the JWK text as the HMAC secret. The guard has been extended to reject any JWK-shaped JSON. \u003cem\u003eReported by \u003ca href=\"https://github.com/aradona91\"\u003e\u003ccode\u003e@​aradona91\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\"\u003e\u003ccode\u003eGHSA-jq35-7prp-9v3f\u003c/code\u003e\u003c/a\u003e — Algorithm allow-list bypass with \u003ccode\u003ePyJWK\u003c/code\u003e / \u003ccode\u003ePyJWKClient\u003c/code\u003e.\u003c/strong\u003e When verifying with a \u003ccode\u003ePyJWK\u003c/code\u003e, the caller's \u003ccode\u003ealgorithms=[…]\u003c/code\u003e allow-list was checked against the token header \u003ccode\u003ealg\u003c/code\u003e as a string only; actual verification used the algorithm bound to the \u003ccode\u003ePyJWK\u003c/code\u003e. An attacker who controlled a registered JWKS key could sign with one algorithm and advertise another on the header. PyJWT now requires the token header \u003ccode\u003ealg\u003c/code\u003e to match the \u003ccode\u003ePyJWK\u003c/code\u003e's algorithm before verification. \u003cem\u003eReported by \u003ca href=\"https://github.com/sushi-gif\"\u003e\u003ccode\u003e@​sushi-gif\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\"\u003e\u003ccode\u003eGHSA-w7vc-732c-9m39\u003c/code\u003e\u003c/a\u003e — DoS via base64 decode of unused payload segment when \u003ccode\u003eb64=false\u003c/code\u003e.\u003c/strong\u003e For detached-payload JWS (\u003ccode\u003eb64=false\u003c/code\u003e), the compact-form payload segment was base64-decoded before being discarded in favor of the caller-supplied \u003ccode\u003edetached_payload\u003c/code\u003e. An attacker could inflate the unused segment to force CPU + memory cost without holding a valid signature. The segment is now required to be empty per RFC 7515 Appendix F, and is no longer decoded. \u003cem\u003eReported by \u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\"\u003e\u003ccode\u003eGHSA-993g-76c3-p5m4\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e accepts non-HTTP(S) URIs.\u003c/strong\u003e \u003ccode\u003ePyJWKClient.fetch_data\u003c/code\u003e passed its URI to \u003ccode\u003eurllib.request.urlopen\u003c/code\u003e, which by default also handles \u003ccode\u003efile://\u003c/code\u003e, \u003ccode\u003eftp://\u003c/code\u003e, and \u003ccode\u003edata:\u003c/code\u003e schemes. An application that fed an attacker-influenced URI into \u003ccode\u003ePyJWKClient\u003c/code\u003e could be coerced into reading local files or reaching other unintended schemes. \u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects any URI whose scheme isn't \u003ccode\u003ehttp\u003c/code\u003e or \u003ccode\u003ehttps\u003c/code\u003e. \u003cem\u003eReported by \u003ca href=\"https://github.com/KEIJOT\"\u003e\u003ccode\u003e@​KEIJOT\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\"\u003e\u003ccode\u003eGHSA-fhv5-28vv-h8m8\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e cache wiped on fetch error.\u003c/strong\u003e A \u003ccode\u003efinally\u003c/code\u003e-block \u003ccode\u003eput(jwk_set=None)\u003c/code\u003e cleared the JWK Set cache whenever a fetch raised, turning a transient JWKS-endpoint outage into application-wide auth failure. The cache write was moved into the success path; transient errors no longer evict valid cached keys. \u003cem\u003eReported by \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReject empty HMAC keys outright in \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e with \u003ccode\u003eInvalidKeyError\u003c/code\u003e instead of accepting them with only a warning. Defends against the \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e footgun. \u003cem\u003eThanks to \u003ca href=\"https://github.com/SnailSploit\"\u003e\u003ccode\u003e@​SnailSploit\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/spartan8806\"\u003e\u003ccode\u003e@​spartan8806\u003c/code\u003e\u003c/a\u003e for the reports.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003eForward per-call \u003ccode\u003eoptions\u003c/code\u003e (including \u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e) from \u003ccode\u003ePyJWT.decode\u003c/code\u003e through to \u003ccode\u003ePyJWS._verify_signature\u003c/code\u003e. The option was previously silently dropped between the two layers, so it only took effect when set on the \u003ccode\u003ePyJWT\u003c/code\u003e instance. \u003cem\u003eThanks to \u003ca href=\"https://github.com/WLUB\"\u003e\u003ccode\u003e@​WLUB\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRFC 7797 §3 compliance for \u003ccode\u003eb64=false\u003c/code\u003e:\u003c/strong\u003e the encoder now auto-adds \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e to \u003ccode\u003ecrit\u003c/code\u003e, and the decoder rejects tokens that set \u003ccode\u003eb64=false\u003c/code\u003e without listing it in \u003ccode\u003ecrit\u003c/code\u003e. \u003cem\u003eThanks to \u003ca href=\"https://github.com/MachineLearning-Nerd\"\u003e\u003ccode\u003e@​MachineLearning-Nerd\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups, by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/pull/1152\"\u003e#1152\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUpgrade notes\u003c/h2\u003e\n\u003cp\u003eMost fixes are invisible to correctly-configured callers. A few behavioral changes you may encounter:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eEmpty HMAC keys now raise.\u003c/strong\u003e If your app passed \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e or \u003ccode\u003eb\u0026quot;\u0026quot;\u003c/code\u003e as a secret (often via a missing env var, e.g. \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e), \u003ccode\u003eencode\u003c/code\u003e/\u003ccode\u003edecode\u003c/code\u003e will now raise \u003ccode\u003eInvalidKeyError\u003c/code\u003e. This is the intended behavior — fix the configuration.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWK\u003c/code\u003e decoding now requires the token's \u003ccode\u003ealg\u003c/code\u003e to match the JWK's algorithm.\u003c/strong\u003e Previously a mismatch was silently honored if the header \u003ccode\u003ealg\u003c/code\u003e appeared in the allow-list. Tokens that relied on this mismatch will now fail with \u003ccode\u003eInvalidAlgorithmError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects non-HTTP(S) URIs at construction time.\u003c/strong\u003e Tests or dev environments that fetched JWKS from \u003ccode\u003efile://\u003c/code\u003e URIs need to switch to a local HTTP server or load the JWKS by other means (e.g. construct \u003ccode\u003ePyJWKSet.from_dict(...)\u003c/code\u003e directly).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eb64=false\u003c/code\u003e tokens are now strictly RFC 7515 / 7797 compliant.\u003c/strong\u003e Tokens with a non-empty compact-form payload segment, or that omit \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e from \u003ccode\u003ecrit\u003c/code\u003e, will be rejected. PyJWT-produced tokens always satisfy both invariants, so round-trips through PyJWT are unaffected.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e set per-call now takes effect.\u003c/strong\u003e Callers who passed \u003ccode\u003eoptions={\u0026quot;enforce_minimum_key_length\u0026quot;: True}\u003c/code\u003e to \u003ccode\u003ejwt.decode()\u003c/code\u003e previously got no enforcement; they will now get \u003ccode\u003eInvalidKeyError\u003c/code\u003e on undersized keys, as documented.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull changelog:\u003c/strong\u003e \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ehttps://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst\"\u003epyjwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003ev2.13.0 \u0026lt;https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u0026gt;\u003c/code\u003e__\u003c/h2\u003e\n\u003cp\u003eSecurity\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject JWK JSON documents passed as raw HMAC secrets in\n  ``HMACAlgorithm.prepare_key`` to close an algorithm-confusion gap that\n  the existing PEM/SSH guard did not cover. Reported by @aradona91 in\n  `GHSA-xgmm-8j9v-c9wx \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\u0026gt;`__.\n- Bind the JWT header ``alg`` to ``PyJWK.algorithm_name`` during\n  verification so the caller's ``algorithms=[...]`` allow-list cannot be\n  bypassed when decoding with a ``PyJWK`` / ``PyJWKClient`` key. Reported\n  by @sushi-gif in `GHSA-jq35-7prp-9v3f \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\u0026gt;`__.\n- Reject non-``http(s)`` URI schemes in ``PyJWKClient`` so attacker-\n  influenced URIs cannot read local files or reach unintended schemes via\n  urllib's default ``file://`` / ``ftp://`` / ``data:`` handlers. Reported\n  by @KEIJOT in `GHSA-993g-76c3-p5m4 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\u0026gt;`__.\n- Preserve the cached JWK Set on fetch errors in ``PyJWKClient.fetch_data``.\n  The previous ``finally``-block ``put(None)`` pattern cleared the cache\n  on any transient outage, turning one bad JWKS request into application-\n  wide auth failure. Reported by @eddieran in `GHSA-fhv5-28vv-h8m8 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\u0026gt;`__.\n- Skip the unconditional base64 decode of the compact-form payload segment\n  when ``b64=false`` is set in the protected header, and require that\n  segment to be empty (RFC 7515 Appendix F detached form). Closes an\n  unauthenticated DoS amplifier. Reported by @thesmartshadow in\n  `GHSA-w7vc-732c-9m39 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\u0026gt;`__.\n\u003cp\u003eFixed\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject empty HMAC keys outright in ``HMACAlgorithm.prepare_key`` with\n  ``InvalidKeyError`` instead of accepting them with only a warning.\n  Thanks to @SnailSploit and @spartan8806 for independently flagging the\n  footgun.\n- Forward per-call ``options`` (including ``enforce_minimum_key_length``)\n  from ``PyJWT.decode`` through to ``PyJWS._verify_signature`` so the\n  option actually takes effect when set at the call site rather than only\n  on the ``PyJWT`` instance. Thanks to @WLUB for the report.\n- RFC 7797 §3 compliance for ``b64=false``: the encoder now auto-adds\n  ``\u0026amp;quot;b64\u0026amp;quot;`` to the ``crit`` header parameter, and the decoder rejects\n  tokens that set ``b64=false`` without listing it in ``crit``. Thanks to\n  @MachineLearning-Nerd for the report.\n\nChanged\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ccode\u003e[#1152](https://github.com/jpadilla/pyjwt/issues/1152) \u0026amp;lt;https://github.com/jpadilla/pyjwt/pull/1152\u0026amp;gt;\u003c/code\u003e__\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/7144e4534c34810f4525dc4578a32addd8212cff\"\u003e\u003ccode\u003e7144e45\u003c/code\u003e\u003c/a\u003e Apply ruff format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/d2f4bec4963897c0ef96ef64a875894f2c8542ab\"\u003e\u003ccode\u003ed2f4bec\u003c/code\u003e\u003c/a\u003e Restore \u003ccode\u003ecast()\u003c/code\u003e calls with cross-version \u003ccode\u003etype: ignore\u003c/code\u003e for \u003ccode\u003eprepare_key\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/22f478cebddd8294259c30f037ecb92b0b348774\"\u003e\u003ccode\u003e22f478c\u003c/code\u003e\u003c/a\u003e Remove redundant casts in \u003ccode\u003eRSAAlgorithm.prepare_key\u003c/code\u003e and `ECAlgorithm.prepare...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/95791b1759b8aa4f2203575d344d5c78564cdc81\"\u003e\u003ccode\u003e95791b1\u003c/code\u003e\u003c/a\u003e Bundle security fixes and hardening into 2.13.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/dcc27a9d3182a2349c30b160758785c6ce7a6508\"\u003e\u003ccode\u003edcc27a9\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1155\"\u003e#1155\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/9d08a9a1896845ed8eaf88e6f6ac61e5800c3e7a\"\u003e\u003ccode\u003e9d08a9a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1146\"\u003e#1146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/b87c10014d4109f0214fea188d00faaaf8a80e64\"\u003e\u003ccode\u003eb87c100\u003c/code\u003e\u003c/a\u003e Bump codecov/codecov-action from 5 to 6 (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1154\"\u003e#1154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/40e3147eb5f790d8d041772e5fc00728a176c812\"\u003e\u003ccode\u003e40e3147\u003c/code\u003e\u003c/a\u003e Migrate development extras to dependency groups (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1152\"\u003e#1152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-aiofiles` from 25.1.0.20260508 to 25.1.0.20260518\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eS...\n\n_Description has been truncated_","html_url":"https://github.com/envoyproxy/toolshed/pull/4587","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/envoyproxy%2Ftoolshed/issues/4587","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/4587/packages"},{"uuid":"4498540037","node_id":"PR_kwDOQqG8is7eI1ly","number":422,"state":"closed","title":"chore(deps): bump the python-dependencies group across 1 directory with 18 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-05-28T23:56:03.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-21T23:21:28.000Z","updated_at":"2026-05-28T23:56:05.000Z","time_to_close":606875,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"python-dependencies","update_count":18,"packages":[{"name":"numpy","old_version":"2.4.4","new_version":"2.4.6","repository_url":"https://github.com/numpy/numpy"},{"name":"pandas","old_version":"3.0.2","new_version":"3.0.3","repository_url":"https://github.com/pandas-dev/pandas"},{"name":"astropy-iers-data","old_version":"0.2026.5.4.1.4.54","new_version":"0.2026.5.18.1.11.28","repository_url":"https://github.com/astropy/astropy-iers-data"},{"name":"certifi","old_version":"2026.4.22","new_version":"2026.5.20","repository_url":"https://github.com/certifi/python-certifi"},{"name":"click","old_version":"8.3.3","new_version":"8.4.0","repository_url":"https://github.com/pallets/click"},{"name":"coverage","old_version":"7.13.5","new_version":"7.14.0","repository_url":"https://github.com/coveragepy/coveragepy"},{"name":"decorator","old_version":"5.2.1","new_version":"5.3.1","repository_url":"https://github.com/micheles/decorator"},{"name":"fonttools","old_version":"4.62.1","new_version":"4.63.0","repository_url":"https://github.com/fonttools/fonttools"},{"name":"idna","old_version":"3.13","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"librt","old_version":"0.10.0","new_version":"0.11.0","repository_url":"https://github.com/mypyc/librt"},{"name":"matplotlib-inline","old_version":"0.2.1","new_version":"0.2.2","repository_url":"https://github.com/ipython/matplotlib-inline"},{"name":"mypy","old_version":"2.0.0","new_version":"2.1.0","repository_url":"https://github.com/python/mypy"},{"name":"pyjwt","old_version":"2.12.1","new_version":"2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"},{"name":"regex","old_version":"2026.4.4","new_version":"2026.5.9","repository_url":"https://github.com/mrabarnett/mrab-regex"},{"name":"requests","old_version":"2.33.1","new_version":"2.34.2","repository_url":"https://github.com/psf/requests"},{"name":"ruff","old_version":"0.15.12","new_version":"0.15.14","repository_url":"https://github.com/astral-sh/ruff"},{"name":"types-pyyaml","old_version":"6.0.12.20260408","new_version":"6.0.12.20260518","repository_url":"https://github.com/python/typeshed"},{"name":"types-requests","old_version":"2.33.0.20260503","new_version":"2.33.0.20260518","repository_url":"https://github.com/python/typeshed"}],"path":null,"ecosystem":"pip"},"body":"Bumps the python-dependencies group with 18 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [numpy](https://github.com/numpy/numpy) | `2.4.4` | `2.4.6` |\n| [pandas](https://github.com/pandas-dev/pandas) | `3.0.2` | `3.0.3` |\n| [astropy-iers-data](https://github.com/astropy/astropy-iers-data) | `0.2026.5.4.1.4.54` | `0.2026.5.18.1.11.28` |\n| [certifi](https://github.com/certifi/python-certifi) | `2026.4.22` | `2026.5.20` |\n| [click](https://github.com/pallets/click) | `8.3.3` | `8.4.0` |\n| [coverage](https://github.com/coveragepy/coveragepy) | `7.13.5` | `7.14.0` |\n| [decorator](https://github.com/micheles/decorator) | `5.2.1` | `5.3.1` |\n| [fonttools](https://github.com/fonttools/fonttools) | `4.62.1` | `4.63.0` |\n| [idna](https://github.com/kjd/idna) | `3.13` | `3.15` |\n| [librt](https://github.com/mypyc/librt) | `0.10.0` | `0.11.0` |\n| [matplotlib-inline](https://github.com/ipython/matplotlib-inline) | `0.2.1` | `0.2.2` |\n| [mypy](https://github.com/python/mypy) | `2.0.0` | `2.1.0` |\n| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.12.1` | `2.13.0` |\n| [regex](https://github.com/mrabarnett/mrab-regex) | `2026.4.4` | `2026.5.9` |\n| [requests](https://github.com/psf/requests) | `2.33.1` | `2.34.2` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.15.12` | `0.15.14` |\n| [types-pyyaml](https://github.com/python/typeshed) | `6.0.12.20260408` | `6.0.12.20260518` |\n| [types-requests](https://github.com/python/typeshed) | `2.33.0.20260503` | `2.33.0.20260518` |\n\n\nUpdates `numpy` from 2.4.4 to 2.4.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/numpy/numpy/releases\"\u003enumpy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.4.6 (May 18, 2026)\u003c/h2\u003e\n\u003ch1\u003eNumPy 2.4.6 Release Notes\u003c/h1\u003e\n\u003cp\u003eNumPy 2.4.6 is a quick release that fixes a regression discovered in the 2.4.5\nrelease.\u003c/p\u003e\n\u003cp\u003eThis release supports Python versions 3.11-3.14\u003c/p\u003e\n\u003ch2\u003eContributors\u003c/h2\u003e\n\u003cp\u003eA total of 4 people contributed to this release. People with a \u0026quot;+\u0026quot; by their\nnames contributed a patch for the first time.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e!EarlMilktea\u003c/li\u003e\n\u003cli\u003eCharles Harris\u003c/li\u003e\n\u003cli\u003eSebastian Berg\u003c/li\u003e\n\u003cli\u003eWarren Weckesser\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ePull requests merged\u003c/h2\u003e\n\u003cp\u003eA total of 4 pull requests were merged for this release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31444\"\u003e#31444\u003c/a\u003e: MAINT: Prepare 2.4.x for further development\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31453\"\u003e#31453\u003c/a\u003e: BUG: Fix regression in \u003ccode\u003earr.conj()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31459\"\u003e#31459\u003c/a\u003e: BUG: \u003ccode\u003enp.linalg.svd(..., hermitian=True)\u003c/code\u003e returns non-unitary...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31460\"\u003e#31460\u003c/a\u003e: BUG: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator...\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.4.5 (May 15, 2026)\u003c/h2\u003e\n\u003ch1\u003eNumPy 2.4.5 Release Notes\u003c/h1\u003e\n\u003cp\u003eNumPy 2.4.5 is a patch release that fixes bugs discovered after the 2.4.4\nrelease, has some typing improvements, and maintains infrastructure.\u003c/p\u003e\n\u003cp\u003eThis release supports Python versions 3.11-3.14\u003c/p\u003e\n\u003ch2\u003eContributors\u003c/h2\u003e\n\u003cp\u003eA total of 17 people contributed to this release. People with a \u0026quot;+\u0026quot; by their\nnames contributed a patch for the first time.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAleksei Nikiforov\u003c/li\u003e\n\u003cli\u003eAnarion Zuo +\u003c/li\u003e\n\u003cli\u003eAnkit Ahlawat\u003c/li\u003e\n\u003cli\u003eBreno Favaretto +\u003c/li\u003e\n\u003cli\u003eCharles Harris\u003c/li\u003e\n\u003cli\u003eIgor Krivenko +\u003c/li\u003e\n\u003cli\u003eIjtihed Kilani +\u003c/li\u003e\n\u003cli\u003eJoren Hammudoglu\u003c/li\u003e\n\u003cli\u003eMaarten Baert +\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/b832a09cf2a169c833dd2371e7c07aa00b293242\"\u003e\u003ccode\u003eb832a09\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31462\"\u003e#31462\u003c/a\u003e from charris/prepare-2.4.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/57cc147d2ceacffc6534642bfbdebb3a80428e1e\"\u003e\u003ccode\u003e57cc147\u003c/code\u003e\u003c/a\u003e REL: Prepare for the NumPy 2.4.6 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/0c72b0b53b6b83c004e434b2c7855e73c000d21e\"\u003e\u003ccode\u003e0c72b0b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31459\"\u003e#31459\u003c/a\u003e from charris/backport-31347\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/9778d26e0475d381ccb7817c3b4dd8cacef2b9eb\"\u003e\u003ccode\u003e9778d26\u003c/code\u003e\u003c/a\u003e BUG: core: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator. (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/e0e38767d5d0f848ab44befeedcad71e8ef589c7\"\u003e\u003ccode\u003ee0e3876\u003c/code\u003e\u003c/a\u003e BUG: core: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator. (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/d1bffeb9ec4ec0bf029c94ea35abffa92d5c30f2\"\u003e\u003ccode\u003ed1bffeb\u003c/code\u003e\u003c/a\u003e BUG: \u003ccode\u003enp.linalg.svd(..., hermitian=True)\u003c/code\u003e returns non-unitary \u003ccode\u003evh\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31347\"\u003e#31347\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/8d8d7e5a14a1da0bfb0faf609a7a7610c431e6e9\"\u003e\u003ccode\u003e8d8d7e5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31453\"\u003e#31453\u003c/a\u003e from seberg/issue-31452\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/bddaab7ace45f90148d8f2bb6e67daab2d45ec76\"\u003e\u003ccode\u003ebddaab7\u003c/code\u003e\u003c/a\u003e BUG: Fix regression in \u003ccode\u003earr.conj()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/37a1ecca8dff09b2c579a991194ac55b9971f3a7\"\u003e\u003ccode\u003e37a1ecc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31444\"\u003e#31444\u003c/a\u003e from charris/begin-2.4.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/3c0e043217a759a8a948ade158fec14348c3b459\"\u003e\u003ccode\u003e3c0e043\u003c/code\u003e\u003c/a\u003e MAINT: Prepare 2.4.x for further development\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/numpy/numpy/compare/v2.4.4...v2.4.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pandas` from 3.0.2 to 3.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pandas-dev/pandas/releases\"\u003epandas's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003epandas 3.0.3\u003c/h2\u003e\n\u003cp\u003eWe are pleased to announce the release of pandas 3.0.3.\nThis is a patch release in the 3.0.x series and includes some regression fixes and bug fixes. We recommend that all users of the 3.0.x series upgrade to this version.\u003c/p\u003e\n\u003cp\u003eSee the \u003ca href=\"https://pandas.pydata.org/docs/whatsnew/v3.0.3.html\"\u003efull whatsnew\u003c/a\u003e for a list of all the changes.\u003c/p\u003e\n\u003cp\u003ePandas 3.0 supports Python 3.11 and higher.\nThe release can be installed from PyPI:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epython -m pip install --upgrade pandas==3.0.*\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eOr from conda-forge\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge pandas=3.0\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003ePlease report any issues with the release on the \u003ca href=\"https://github.com/pandas-dev/pandas/issues\"\u003epandas issue tracker\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThanks to all the contributors who made this release possible.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/72f2fea91530b5abb3cf2100cb22d84e504695c0\"\u003e\u003ccode\u003e72f2fea\u003c/code\u003e\u003c/a\u003e RLS: 3.0.3 (\u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/65590\"\u003e#65590\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/2897590094c2b6e3962d01a82665936f30be563d\"\u003e\u003ccode\u003e2897590\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/65436\"\u003e#65436\u003c/a\u003e on branch 3.0.x (Account for privatization of matplotlib `...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/49894b5b6037c50f6444504070d9b1e8e514001a\"\u003e\u003ccode\u003e49894b5\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/65499\"\u003e#65499\u003c/a\u003e on branch 3.0.x (BUG: fix check if pyarrow is installed in...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/1c6d1e30cc4b80bedb769a8b3731b0788f69c9dc\"\u003e\u003ccode\u003e1c6d1e3\u003c/code\u003e\u003c/a\u003e [backport 3.0.x] PERF: remove special casing for zoneinfo in tz_localize_to_u...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/2a547116afc46d88d4e6584670fd793949222a1e\"\u003e\u003ccode\u003e2a54711\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/64379\"\u003e#64379\u003c/a\u003e on branch 3.0.x (PERF: improve performance with ZoneInfo t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/036bb7c0e7160b9d5a7f6bd26a9fc00921fa6977\"\u003e\u003ccode\u003e036bb7c\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/65482\"\u003e#65482\u003c/a\u003e on branch 3.0.x (PERF: don't call unique on dtypes for che...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/bf4c182b09251f5b469e8e246ae3ea3e1ae07164\"\u003e\u003ccode\u003ebf4c182\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/65410\"\u003e#65410\u003c/a\u003e on branch 3.0.x (TST: also convert str index to object in ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/dd02d75ce219135f9f3f65c13644d4be35585d42\"\u003e\u003ccode\u003edd02d75\u003c/code\u003e\u003c/a\u003e [backport 3.0.x] BUG: keep fsspec OpenFile alive for chained URL reads (\u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/6547\"\u003e#6547\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/aef3d0f6698667262c6d6ffc69180b280b0fa86a\"\u003e\u003ccode\u003eaef3d0f\u003c/code\u003e\u003c/a\u003e [backport 3.0.x] CI: lowercase types-pymysql/types-pyyaml to fix mamba 2.6.0 ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/bb8e24876273a14322047f4b89e648f6a4abebae\"\u003e\u003ccode\u003ebb8e248\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/65399\"\u003e#65399\u003c/a\u003e on branch 3.0.x (DOC: fix source link for classes in the r...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pandas-dev/pandas/compare/v3.0.2...v3.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `astropy-iers-data` from 0.2026.5.4.1.4.54 to 0.2026.5.18.1.11.28\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astropy/astropy-iers-data/releases\"\u003eastropy-iers-data's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.2026.5.18.1.11.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/astropy/astropy-iers-data/compare/v0.2026.5.11.1.8.52...v0.2026.5.18.1.11.28\"\u003ehttps://github.com/astropy/astropy-iers-data/compare/v0.2026.5.11.1.8.52...v0.2026.5.18.1.11.28\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.2026.5.11.1.8.52\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/astropy/astropy-iers-data/compare/v0.2026.5.4.1.4.54...v0.2026.5.11.1.8.52\"\u003ehttps://github.com/astropy/astropy-iers-data/compare/v0.2026.5.4.1.4.54...v0.2026.5.11.1.8.52\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astropy/astropy-iers-data/commit/6fa1a100b2560cef129bbde0c274bacbbac60ce5\"\u003e\u003ccode\u003e6fa1a10\u003c/code\u003e\u003c/a\u003e Update IERS Earth rotation and leap second tables\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astropy/astropy-iers-data/commit/f21a227f08b656a5dd03d7244f14c1c57a0737c1\"\u003e\u003ccode\u003ef21a227\u003c/code\u003e\u003c/a\u003e Update IERS Earth rotation and leap second tables\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/astropy/astropy-iers-data/compare/v0.2026.5.4.1.4.54...v0.2026.5.18.1.11.28\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `certifi` from 2026.4.22 to 2026.5.20\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/d7ea151afc2ce6bef0555b9349902bd867e928dd\"\u003e\u003ccode\u003ed7ea151\u003c/code\u003e\u003c/a\u003e 2026.05.20 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/413\"\u003e#413\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/certifi/python-certifi/compare/2026.04.22...2026.05.20\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `click` from 8.3.3 to 8.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/releases\"\u003eclick's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.4.0\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.4.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecation, or introduce potentially breaking changes.\u003c/p\u003e\n\u003cp\u003eWe encourage everyone to upgrade. You can read more about our \u003ca href=\"https://palletsprojects.com/versions\"\u003eVersion Support Policy\u003c/a\u003e on our website.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.4.0/\"\u003ehttps://pypi.org/project/click/8.4.0/\u003c/a\u003e\nChanges:  \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-4-0\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-4-0\u003c/a\u003e\nMilestone \u003ca href=\"https://github.com/pallets/click/milestone/30\"\u003ehttps://github.com/pallets/click/milestone/30\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eParamType\u003c/code\u003e typing improvements. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3371\"\u003e#3371\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e is now a generic abstract base class,\nparameterized by its converted value type.\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.convert\u003c/code\u003e return types are narrowed on all\nconcrete types (\u003ccode\u003estr\u003c/code\u003e for :class:\u003ccode\u003eSTRING\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e for\n:class:\u003ccode\u003eINT\u003c/code\u003e, etc.).\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.to_info_dict\u003c/code\u003e returns specific\n:class:\u003ccode\u003e~typing.TypedDict\u003c/code\u003e subclasses instead of\n\u003ccode\u003edict[str, Any]\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e:class:\u003ccode\u003eCompositeParamType\u003c/code\u003e and the number-range base are now\ngeneric with abstract methods.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor \u003ccode\u003econvert_type\u003c/code\u003e to extract type inference into a private\n\u003ccode\u003e_guess_type\u003c/code\u003e helper, and add :func:\u003ccode\u003etyping.overload\u003c/code\u003e signatures.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/3372\"\u003e#3372\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eParameter\u003c/code\u003e typing improvements. \u003ca href=\"https://redirect.github.com/pallets/click/issues/2805\"\u003e#2805\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e is now an abstract base class, making explicit\nthat it cannot be instantiated directly.\u003c/li\u003e\n\u003cli\u003e:attr:\u003ccode\u003eParameter.name\u003c/code\u003e is now \u003ccode\u003estr\u003c/code\u003e instead of \u003ccode\u003estr | None\u003c/code\u003e.\nWhen \u003ccode\u003eexpose_value=False\u003c/code\u003e, the name is set to \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e instead\nof \u003ccode\u003eNone\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ectx\u003c/code\u003e parameter of :meth:\u003ccode\u003eParameter.get_error_hint\u003c/code\u003e is now\ntyped as \u003ccode\u003eContext | None\u003c/code\u003e, matching the runtime behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSplit string values from \u003ccode\u003edefault_map\u003c/code\u003e for parameters with \u003ccode\u003enargs \u0026gt; 1\u003c/code\u003e\nor :class:\u003ccode\u003eTuple\u003c/code\u003e type, matching environment variable behavior.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/2745\"\u003e#2745\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3364\"\u003e#3364\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAuto-detect \u003ccode\u003etype=UNPROCESSED\u003c/code\u003e for \u003ccode\u003eflag_value\u003c/code\u003e of non-basic types\n(not \u003ccode\u003estr\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e, \u003ccode\u003efloat\u003c/code\u003e, or \u003ccode\u003ebool\u003c/code\u003e), so programmer-provided\nPython objects like classes and enum members are passed through unchanged\ninstead of being stringified. Previously \u003ccode\u003etype=click.UNPROCESSED\u003c/code\u003e had\nto be set explicitly. \u003ca href=\"https://redirect.github.com/pallets/click/issues/2012\"\u003e#2012\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3363\"\u003e#3363\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe error hint now uses \u003ccode\u003eCommand.get_help_option_names\u003c/code\u003e to pick\nnon-shadowed help option names, so \u003ccode\u003eTry '... -h'\u003c/code\u003e no longer points to a\nsubcommand option that shadows \u003ccode\u003e-h\u003c/code\u003e. All surviving names are shown\n(\u003ccode\u003e-h/--help\u003c/code\u003e). \u003ca href=\"https://redirect.github.com/pallets/click/issues/2790\"\u003e#2790\u003c/a\u003e  \u003ca href=\"https://redirect.github.com/pallets/click/issues/3208\"\u003e#3208\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix readline functionality on non-Windows platforms. Prompt text is now\npassed directly to readline instead of being printed separately, allowing\nproper backspace, line editing, and line wrapping behavior. \u003ca href=\"https://redirect.github.com/pallets/click/issues/2968\"\u003e#2968\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/blob/main/CHANGES.rst\"\u003eclick's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 8.4.0\u003c/h2\u003e\n\u003cp\u003eReleased 2026-05-17\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e typing improvements. :pr:\u003ccode\u003e3371\u003c/code\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e is now a generic abstract base class,\nparameterized by its converted value type.\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.convert\u003c/code\u003e return types are narrowed on all\nconcrete types (\u003ccode\u003estr\u003c/code\u003e for :class:\u003ccode\u003eSTRING\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e for\n:class:\u003ccode\u003eINT\u003c/code\u003e, etc.).\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.to_info_dict\u003c/code\u003e returns specific\n:class:\u003ccode\u003e~typing.TypedDict\u003c/code\u003e subclasses instead of\n\u003ccode\u003edict[str, Any]\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e:class:\u003ccode\u003eCompositeParamType\u003c/code\u003e and the number-range base are now\ngeneric with abstract methods.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor \u003ccode\u003econvert_type\u003c/code\u003e to extract type inference into a private\n\u003ccode\u003e_guess_type\u003c/code\u003e helper, and add :func:\u003ccode\u003etyping.overload\u003c/code\u003e signatures.\n:pr:\u003ccode\u003e3372\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e typing improvements. :pr:\u003ccode\u003e2805\u003c/code\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e is now an abstract base class, making explicit\nthat it cannot be instantiated directly.\u003c/li\u003e\n\u003cli\u003e:attr:\u003ccode\u003eParameter.name\u003c/code\u003e is now \u003ccode\u003estr\u003c/code\u003e instead of \u003ccode\u003estr | None\u003c/code\u003e.\nWhen \u003ccode\u003eexpose_value=False\u003c/code\u003e, the name is set to \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e instead\nof \u003ccode\u003eNone\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ectx\u003c/code\u003e parameter of :meth:\u003ccode\u003eParameter.get_error_hint\u003c/code\u003e is now\ntyped as \u003ccode\u003eContext | None\u003c/code\u003e, matching the runtime behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSplit string values from \u003ccode\u003edefault_map\u003c/code\u003e for parameters with \u003ccode\u003enargs \u0026gt; 1\u003c/code\u003e\nor :class:\u003ccode\u003eTuple\u003c/code\u003e type, matching environment variable behavior.\n:issue:\u003ccode\u003e2745\u003c/code\u003e :pr:\u003ccode\u003e3364\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAuto-detect \u003ccode\u003etype=UNPROCESSED\u003c/code\u003e for \u003ccode\u003eflag_value\u003c/code\u003e of non-basic types\n(not \u003ccode\u003estr\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e, \u003ccode\u003efloat\u003c/code\u003e, or \u003ccode\u003ebool\u003c/code\u003e), so programmer-provided\nPython objects like classes and enum members are passed through unchanged\ninstead of being stringified. Previously \u003ccode\u003etype=click.UNPROCESSED\u003c/code\u003e had\nto be set explicitly. :issue:\u003ccode\u003e2012\u003c/code\u003e :pr:\u003ccode\u003e3363\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe error hint now uses :meth:\u003ccode\u003eCommand.get_help_option_names\u003c/code\u003e to pick\nnon-shadowed help option names, so \u003ccode\u003eTry '... -h'\u003c/code\u003e no longer points to a\nsubcommand option that shadows \u003ccode\u003e-h\u003c/code\u003e. All surviving names are shown\n(\u003ccode\u003e-h/--help\u003c/code\u003e). :issue:\u003ccode\u003e2790\u003c/code\u003e :pr:\u003ccode\u003e3208\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix readline functionality on non-Windows platforms. Prompt text is now\npassed directly to readline instead of being printed separately, allowing\nproper backspace, line editing, and line wrapping behavior. :issue:\u003ccode\u003e2968\u003c/code\u003e\n:pr:\u003ccode\u003e2969\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse :func:\u003ccode\u003eos.startfile\u003c/code\u003e on Windows to open URLs in :func:\u003ccode\u003eopen_url\u003c/code\u003e,\nreplacing the \u003ccode\u003estart\u003c/code\u003e built-in which cannot be invoked without\n\u003ccode\u003eshell=True\u003c/code\u003e. :issue:\u003ccode\u003e3164\u003c/code\u003e :pr:\u003ccode\u003e3186\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix Fish shell completion errors when option help text contains newlines.\n:issue:\u003ccode\u003e3043\u003c/code\u003e :pr:\u003ccode\u003e3126\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/41f410fb7528305d7e87c8cfa704f6c2456f57fc\"\u003e\u003ccode\u003e41f410f\u003c/code\u003e\u003c/a\u003e Release 8.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/e3e69e3bf8d749ac1a632f2ece4d38ec7f6588f5\"\u003e\u003ccode\u003ee3e69e3\u003c/code\u003e\u003c/a\u003e Add type annotations for instance attributes in \u003ccode\u003eutils\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3422\"\u003e#3422\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/3bb230dcd5d751f8605b46e9df5a541639d5fd4e\"\u003e\u003ccode\u003e3bb230d\u003c/code\u003e\u003c/a\u003e WIP: Fix \u003ccode\u003eHelpFormatter.write_usage\u003c/code\u003e producing spurious characters (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3434\"\u003e#3434\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/63274a79d08fdc5c19220696144489f7144a8547\"\u003e\u003ccode\u003e63274a7\u003c/code\u003e\u003c/a\u003e \u003ccode\u003eclick.get_pager_file\u003c/code\u003e: add tests (\u003ca href=\"https://redirect.github.com/pallets/click/issues/1572\"\u003e#1572\u003c/a\u003e followup) (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3405\"\u003e#3405\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/0551bf53588ae87f462d336f24f853a156fefe3a\"\u003e\u003ccode\u003e0551bf5\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eHelpFormatter.write_usage\u003c/code\u003e producing spurious characters\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/fc41aa1d0b62494eb93e92ff3929601221e3abf4\"\u003e\u003ccode\u003efc41aa1\u003c/code\u003e\u003c/a\u003e Apply class-body annotations to \u003ccode\u003eKeepOpenFile\u003c/code\u003e for consistency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/b761eda3bad977ec2f485451d85fd8ec365f0bf4\"\u003e\u003ccode\u003eb761eda\u003c/code\u003e\u003c/a\u003e Skip some tests on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/98302ac4f49e443a48abd3fbb95c86202b89547d\"\u003e\u003ccode\u003e98302ac\u003c/code\u003e\u003c/a\u003e Check \u003ccode\u003ePAGER\u003c/code\u003e usage, color preservation and edge-cases\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/dbdae170879d460e78963f8af35c5cb9c5b86e89\"\u003e\u003ccode\u003edbdae17\u003c/code\u003e\u003c/a\u003e Fix documentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/1aa2d53d63ff68bf14b35931177aac9270e39713\"\u003e\u003ccode\u003e1aa2d53\u003c/code\u003e\u003c/a\u003e Redesigned tests and get_pager_file branching to be more clear and not set color\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/click/compare/8.3.3...8.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `coverage` from 7.13.5 to 7.14.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst\"\u003ecoverage's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 7.14.0 — 2026-05-10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeature: now when running one of the reporting commands, if there are\nparallel data files that need combining, they will be implicitly combined\nbefore creating the report. There is no option to avoid the combination; let\nus know if you have a use case that requires it.  Thanks, \u003ccode\u003eTim Hatch \u0026lt;pull 2162_\u0026gt;\u003c/code\u003e\u003cem\u003e. Closes \u003ccode\u003eissue 1781\u003c/code\u003e\u003c/em\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the output from \u003ccode\u003ecombine\u003c/code\u003e was too verbose, listing each file\nconsidered. Now it shows a single line with the counts of files combined,\nfiles skipped, and files with errors. The \u003ccode\u003e-q\u003c/code\u003e flag suppresses this line.\nThe old detailed lines are available with the new \u003ccode\u003e--debug=combine\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: running a Python file through a symlink now sets the sys.path correctly,\nmatching regular Python behavior. Fixes \u003ccode\u003eissue 2157\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: \u003ccode\u003eCollector.flush_data\u003c/code\u003e could fail with \u0026quot;RuntimeError: Set changed\nsize during iteration\u0026quot; when a tracer in another thread added a line to the\nper-file set that \u003ccode\u003eadd_lines\u003c/code\u003e (or \u003ccode\u003eadd_arcs\u003c/code\u003e) was iterating. The values\npassed to \u003ccode\u003eCoverageData\u003c/code\u003e are now snapshotted via \u003ccode\u003edict.copy()\u003c/code\u003e and\n\u003ccode\u003eset.copy()\u003c/code\u003e, which are atomic under the GIL. Thanks, \u003ccode\u003eAlex Vandiver \u0026lt;pull 2165_\u0026gt;\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the soft keyword \u003ccode\u003elazy\u003c/code\u003e is now bolded in HTML reports.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWe are no longer testing eventlet support. Eventlet started issuing stern\ndeprecation warnings that break our tests. Our support code is still there.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _issue 1781: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/1781\"\u003ecoveragepy/coveragepy#1781\u003c/a\u003e\n.. _issue 2157: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2157\"\u003ecoveragepy/coveragepy#2157\u003c/a\u003e\n.. _pull 2162: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/pull/2162\"\u003ecoveragepy/coveragepy#2162\u003c/a\u003e\n.. _pull 2165: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/pull/2165\"\u003ecoveragepy/coveragepy#2165\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e.. _changes_7-13-5:\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/646351b60429f1b5760af6c1b97b28483244a955\"\u003e\u003ccode\u003e646351b\u003c/code\u003e\u003c/a\u003e docs: sample HTML for 7.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/39cd015505c8b04369c5b06e34fc22449a697370\"\u003e\u003ccode\u003e39cd015\u003c/code\u003e\u003c/a\u003e docs: prep for 7.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/649e8aa34af7d80c386ae82e8a3a6c9a3acb0dab\"\u003e\u003ccode\u003e649e8aa\u003c/code\u003e\u003c/a\u003e docs: thanks Alex Vandiver for \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2165\"\u003e#2165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/8cd392e3b5c4bc15d534aaec0c21714f9f518469\"\u003e\u003ccode\u003e8cd392e\u003c/code\u003e\u003c/a\u003e fix: snapshot data in Collector.flush_data to avoid threading race (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2165\"\u003e#2165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/c48e0edc2ebe44621b0053176e90f77b0c79bec1\"\u003e\u003ccode\u003ec48e0ed\u003c/code\u003e\u003c/a\u003e fix: less output for combining\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/c2a3a284078556c911e0d9b6c6af1b7082a363ea\"\u003e\u003ccode\u003ec2a3a28\u003c/code\u003e\u003c/a\u003e docs: explain the change from \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2162\"\u003e#2162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/1cd47aa6ac1da4e150da44055295d4e4f3a014e8\"\u003e\u003ccode\u003e1cd47aa\u003c/code\u003e\u003c/a\u003e fix: implicit combine-during-report now removes the combined data files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/2d99fd7696e0bccec8037479a4e45c1ecccb8058\"\u003e\u003ccode\u003e2d99fd7\u003c/code\u003e\u003c/a\u003e feat: automatically combine coverage in report, thanks Tim Hatch (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2162\"\u003e#2162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/9fbdcdfee1c122fac43f1bf9a5e2d1f4d835f21c\"\u003e\u003ccode\u003e9fbdcdf\u003c/code\u003e\u003c/a\u003e fix: lazy soft keywords are bolded\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/5de7d0267b9466d59995aaae1a7e707c8c6f66e7\"\u003e\u003ccode\u003e5de7d02\u003c/code\u003e\u003c/a\u003e build: oops, misplaced quote\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/coveragepy/coveragepy/compare/7.13.5...7.14.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `decorator` from 5.2.1 to 5.3.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micheles/decorator/blob/master/CHANGES.md\"\u003edecorator's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.1 (2026-05-18)\u003c/h2\u003e\n\u003cp\u003eAdded license SPDX identifier to pyproject.toml (reported by\nChristian Lackas).\u003c/p\u003e\n\u003ch2\u003e5.3.0 (2026-05-17)\u003c/h2\u003e\n\u003cp\u003eAdded official support for Python 3.14 (thanks to Hugo van Kemenade,\nDavid Cain and the GitHub user bersbersbers).\nFixed a bug with \u0026quot;return await\u0026quot; contributed by Kadir Can Ozden.\nMoved decorator.py to a package structure (\u003ccode\u003edecorator/__init__.py\u003c/code\u003e) and\nadded a stub file (\u003ccode\u003edecorator/__init__.pyi\u003c/code\u003e) contributed by Marco Gorelli.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/426e9e35d563ffe356e54bd0f970d153b8f25370\"\u003e\u003ccode\u003e426e9e3\u003c/code\u003e\u003c/a\u003e Bumped the version to 5.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/062ff0e0c33733f2148a5590d118a8570df846d5\"\u003e\u003ccode\u003e062ff0e\u003c/code\u003e\u003c/a\u003e Fixed the dependency on setuptools\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/086ff5d95d4dc550117c12647a4427d70bf8833d\"\u003e\u003ccode\u003e086ff5d\u003c/code\u003e\u003c/a\u003e Updated license\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/5807a83ead31f0de5303fa950ddea49d850d7355\"\u003e\u003ccode\u003e5807a83\u003c/code\u003e\u003c/a\u003e Updated license\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/093aced11439251e496b47a9a9369501075e8d1a\"\u003e\u003ccode\u003e093aced\u003c/code\u003e\u003c/a\u003e Updated changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/e9ced7e63ad9502b3e2a3e3db5f5f1ccc16c5fd6\"\u003e\u003ccode\u003ee9ced7e\u003c/code\u003e\u003c/a\u003e Added license SPDX\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/b3e82ddc04e8d0c18c51eecb30b4a59aee5aac1d\"\u003e\u003ccode\u003eb3e82dd\u003c/code\u003e\u003c/a\u003e Fixed CHANGES.md [ci skip]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/f1ce8da8522193421436c368849afe886666b4e5\"\u003e\u003ccode\u003ef1ce8da\u003c/code\u003e\u003c/a\u003e Doc fix [ci skip]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/c924d7c6aa2e47a0627706c385101ff8d558d091\"\u003e\u003ccode\u003ec924d7c\u003c/code\u003e\u003c/a\u003e Updated supported versions [ci skip]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/8b83e8cca35f5c773654ce4ae89b4e3f84f430d3\"\u003e\u003ccode\u003e8b83e8c\u003c/code\u003e\u003c/a\u003e Fixed CHANGES [ci skip]\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micheles/decorator/compare/5.2.1...5.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fonttools` from 4.62.1 to 4.63.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fonttools/fonttools/releases\"\u003efonttools's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.63.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[ttLib] Add support for Apple Color Emoji \u003ccode\u003ebgcl\u003c/code\u003e table (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4065\"\u003e#4065\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[ttLib] Add support for \u003ccode\u003eIFT\u003c/code\u003e and \u003ccode\u003eIFTX\u003c/code\u003e tables (Incremental Font Transfer, PatchMapFormat2) (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4070\"\u003e#4070\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4072\"\u003e#4072\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[otData] Introduce \u003ccode\u003eFieldSpec\u003c/code\u003e dataclass for OpenType table schema definitions, replacing raw tuples in \u003ccode\u003eotData.py\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4076\"\u003e#4076\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[Feat] Show \u003ccode\u003ename\u003c/code\u003e table strings as comments next to label IDs in TTX output, matching the convention used by \u003ccode\u003efvar\u003c/code\u003e, \u003ccode\u003eSTAT\u003c/code\u003e, \u003ccode\u003etrak\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4089\"\u003e#4089\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cu2qu] Fix Cython complex-division rounding difference in \u003ccode\u003esplit_cubic_into_three\u003c/code\u003e that could cause ±1 off-curve coordinate shifts (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/3928\"\u003e#3928\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4083\"\u003e#4083\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[designspaceLib] Fix \u003ccode\u003emap_backward\u003c/code\u003e\u003ccode\u003egooglefonts/ufo2ft#978\u003c/code\u003e\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4085\"\u003e#4085\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[OS/2] Fix \u003ccode\u003esetUnicodeRanges\u003c/code\u003e to accept reserved bits 123-127, restoring round-trip with \u003ccode\u003egetUnicodeRanges\u003c/code\u003e and fixing \u003ccode\u003erecalcUnicodeRanges\u003c/code\u003e crash in the subsetter (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4087\"\u003e#4087\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4088\"\u003e#4088\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cython] Declare Cython extensions as free-threading compatible on Python 3.13+, so that importing them on free-threaded Python no longer re-enables the GIL (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4073\"\u003e#4073\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4090\"\u003e#4090\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fonttools/fonttools/blob/main/NEWS.rst\"\u003efonttools's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.63.0 (released 2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[ttLib] Add support for Apple Color Emoji \u003ccode\u003ebgcl\u003c/code\u003e table (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4065\"\u003e#4065\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[ttLib] Add support for \u003ccode\u003eIFT\u003c/code\u003e and \u003ccode\u003eIFTX\u003c/code\u003e tables (Incremental Font Transfer,\nPatchMapFormat2) (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4070\"\u003e#4070\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4072\"\u003e#4072\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[otData] Introduce \u003ccode\u003eFieldSpec\u003c/code\u003e dataclass for OpenType table schema definitions,\nreplacing raw tuples in \u003ccode\u003eotData.py\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4076\"\u003e#4076\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[Feat] Show \u003ccode\u003ename\u003c/code\u003e table strings as comments next to label IDs in TTX output,\nmatching the convention used by \u003ccode\u003efvar\u003c/code\u003e, \u003ccode\u003eSTAT\u003c/code\u003e, \u003ccode\u003etrak\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4089\"\u003e#4089\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cu2qu] Fix Cython complex-division rounding difference in\n\u003ccode\u003esplit_cubic_into_three\u003c/code\u003e that could cause ±1 off-curve coordinate shifts\n(\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/3928\"\u003e#3928\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4083\"\u003e#4083\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[designspaceLib] Fix \u003ccode\u003emap_backward\u003c/code\u003e for many-to-one (flat-segment) axis maps\nthat silently dropped entries via dict comprehension\n\u003ccode\u003egooglefonts/ufo2ft#978\u003c/code\u003e\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4085\"\u003e#4085\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[OS/2] Fix \u003ccode\u003esetUnicodeRanges\u003c/code\u003e to accept reserved bits 123-127, restoring\nround-trip with \u003ccode\u003egetUnicodeRanges\u003c/code\u003e and fixing \u003ccode\u003erecalcUnicodeRanges\u003c/code\u003e crash\nin the subsetter (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4087\"\u003e#4087\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4088\"\u003e#4088\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cython] Declare Cython extensions as free-threading compatible on Python 3.13+,\nso that importing them on free-threaded Python no longer re-enables the GIL\n(\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4073\"\u003e#4073\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4090\"\u003e#4090\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/978d9edccb60ea0e5fbad7015cb11817c3532328\"\u003e\u003ccode\u003e978d9ed\u003c/code\u003e\u003c/a\u003e Release 4.63.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/6b40ecb6f13e076916044ecd8f0fc13ab5f957f6\"\u003e\u003ccode\u003e6b40ecb\u003c/code\u003e\u003c/a\u003e Add changelog entries for 4.63.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/382a35fb5e96c6ff38a1e7775a24e20bf122a66d\"\u003e\u003ccode\u003e382a35f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4090\"\u003e#4090\u003c/a\u003e from fonttools/fix-freethreading-compat\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/0e999b55f05ad0dd8423f389673a32de9c5199bb\"\u003e\u003ccode\u003e0e999b5\u003c/code\u003e\u003c/a\u003e Declare Cython extensions as free-threading compatible\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/9e55ea54c184b0d4c0830525f72e69c6c1a32691\"\u003e\u003ccode\u003e9e55ea5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4089\"\u003e#4089\u003c/a\u003e from fonttools/graphite-feat-labels\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/e84db3ab426a251256ebec7904c03dc73e25932b\"\u003e\u003ccode\u003ee84db3a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4088\"\u003e#4088\u003c/a\u003e from fonttools/fix-setUnicodeRanges-bits-123-127\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/d6eabd1edf7bfa950b6b85c393e4c185dee36d7f\"\u003e\u003ccode\u003ed6eabd1\u003c/code\u003e\u003c/a\u003e Feat: show name table strings as comments next to label IDs in ttx\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/7d0902b2e27ec1433b015b3b8a79391d7c8604cb\"\u003e\u003ccode\u003e7d0902b\u003c/code\u003e\u003c/a\u003e OS/2: fix setUnicodeRanges round-trip for reserved bits 123-127\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/06e266ce70ec578d549c2df0e180a84d9323baf2\"\u003e\u003ccode\u003e06e266c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4085\"\u003e#4085\u003c/a\u003e from fonttools/fix-map-backward-non-injective\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/6d64598a63f83bcd59d29cf3f22dd25343bd9688\"\u003e\u003ccode\u003e6d64598\u003c/code\u003e\u003c/a\u003e Add more tests for map_backward with many-to-one axis maps\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fonttools/fonttools/compare/4.62.1...4.63.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.13 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.13...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `librt` from 0.10.0 to 0.11.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mypyc/librt/commit/862679a0492f4433a286b2d53965ec2603623be1\"\u003e\u003ccode\u003e862679a\u003c/code\u003e\u003c/a\u003e Sync mypy and bump version to 0.11.0 (\u003ca href=\"https://redirect.github.com/mypyc/librt/issues/40\"\u003e#40\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/mypyc/librt/compare/v0.10.0...v0.11.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `matplotlib-inline` from 0.2.1 to 0.2.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/e6e197523ecfabfff1d976e5b6958c3ede948ccb\"\u003e\u003ccode\u003ee6e1975\u003c/code\u003e\u003c/a\u003e release 0.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/0aac2e223483ffbfb5a6076d8c2ca83545cca440\"\u003e\u003ccode\u003e0aac2e2\u003c/code\u003e\u003c/a\u003e Bump the actions group across 1 directory with 2 updates (\u003ca href=\"https://redirect.github.com/ipython/matplotlib-inline/issues/65\"\u003e#65\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/6eb2bd89dc8d4d6678478c6b2ec15be7b20d3374\"\u003e\u003ccode\u003e6eb2bd8\u003c/code\u003e\u003c/a\u003e Bump the actions group across 1 directory with 2 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/631d7dd26be1287f64c5bd4bbb84888903e419b0\"\u003e\u003ccode\u003e631d7dd\u003c/code\u003e\u003c/a\u003e Zizmor hardening (\u003ca href=\"https://redirect.github.com/ipython/matplotlib-inline/issues/66\"\u003e#66\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/8d45c8fc427d39750751bdaa0ffe5abc8e30cd50\"\u003e\u003ccode\u003e8d45c8f\u003c/code\u003e\u003c/a\u003e Zizmor hardening\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/f830b37c728146dca4f947de6cbdb420ee9c69fb\"\u003e\u003ccode\u003ef830b37\u003c/code\u003e\u003c/a\u003e Specify BSD license and add license files (\u003ca href=\"https://redirect.github.com/ipython/matplotlib-inline/issues/62\"\u003e#62\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/e3b8bb10d275d5caa97d8d1b584d48797e494de4\"\u003e\u003ccode\u003ee3b8bb1\u003c/code\u003e\u003c/a\u003e Deprecate Python 3.9 in CI pipeline\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/c783ae72ed581f24fa136f34e6df4f6e99c3f785\"\u003e\u003ccode\u003ec783ae7\u003c/code\u003e\u003c/a\u003e Deprecate Python 3.9 in CI pipeline\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/8ac056c5730a6adbc9dd5e049b85163ba6a09a28\"\u003e\u003ccode\u003e8ac056c\u003c/code\u003e\u003c/a\u003e Update workflow to include matplotlib for tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/0cc8a2e91306c94e36f0a9cd8e31a38299b1c126\"\u003e\u003ccode\u003e0cc8a2e\u003c/code\u003e\u003c/a\u003e Use valid SPDX ID\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ipython/matplotlib-inline/compare/0.2.1...0.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mypy` from 2.0.0 to 2.1.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python/mypy/blob/master/CHANGELOG.md\"\u003emypy's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eMypy Release Notes\u003c/h1\u003e\n\u003ch2\u003eNext Release\u003c/h2\u003e\n\u003ch2\u003eMypy 2.1\u003c/h2\u003e\n\u003cp\u003eWe’ve just uploaded mypy 2.1.0 to the Python Package Index (\u003ca href=\"https://pypi.org/project/mypy/\"\u003ePyPI\u003c/a\u003e).\nMypy is a static type checker for Python. This release includes new features, performance\nimprovements and bug fixes. You can install it as follows:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epython3 -m pip install -U mypy\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eYou can read the full documentation for this release on \u003ca href=\"http://mypy.readthedocs.io\"\u003eRead the Docs\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003elibrt.vecs: Fast Growable Array Type for Mypyc\u003c/h3\u003e\n\u003cp\u003eThe new \u003ccode\u003elibrt.vecs\u003c/code\u003e module provides an efficient growable array type \u003ccode\u003evec\u003c/code\u003e that is\noptimized for mypyc use. It provides fast, packed arrays with integer and floating point\nvalue types, which can be \u003cstrong\u003eseveral times faster\u003c/strong\u003e than \u003ccode\u003elist\u003c/code\u003e, and tens of times faster\nthan \u003ccode\u003earray.array\u003c/code\u003e in code compiled using mypyc. It also supports nested \u003ccode\u003evec\u003c/code\u003e objects and\nnon-value-type items, such as \u003ccode\u003evec[vec[str]]\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eRefer to the \u003ca href=\"https://mypyc.readthedocs.io/en/latest/librt_vecs.html\"\u003edocumentation\u003c/a\u003e for\nthe details.\u003c/p\u003e\n\u003cp\u003eContributed by Jukka Lehtosalo.\u003c/p\u003e\n\u003ch3\u003elibrt.random: Fast Pseudo-Random Number Generation\u003c/h3\u003e\n\u003cp\u003eThe new \u003ccode\u003elibrt.random\u003c/code\u003e module provides fast pseudo-random number generation that is\noptimized for code compiled using mypyc. It can be 3x to 10x faster than the stdlib\n\u003ccode\u003erandom\u003c/code\u003e module in compiled code.\u003c/p\u003e\n\u003cp\u003eRefer to the \u003ca href=\"https://mypyc.readthedocs.io/en/latest/librt_random.html\"\u003edocumentation\u003c/a\u003e for\nthe details.\u003c/p\u003e\n\u003cp\u003eContributed by Jukka Lehtosalo (PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21433\"\u003e21433\u003c/a\u003e).\u003c/p\u003e\n\u003ch3\u003eMypyc Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMake compilation order with multiple files consistent (Piotr Sawicki, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21419\"\u003e21419\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash on accessing \u003ccode\u003eStopAsyncIteration\u003c/code\u003e (Piotr Sawicki, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21406\"\u003e21406\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix incremental compilation with \u003ccode\u003eseparate\u003c/code\u003e flag (Vaggelis Danias, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21299\"\u003e21299\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes to Crashes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix crash on partial type with \u003ccode\u003e--allow-redefinition\u003c/code\u003e and \u003ccode\u003eglobal\u003c/code\u003e declaration (Jukka Lehtosalo, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21428\"\u003e21428\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix broken awaitable generator patching (Ivan Levkivskyi, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21435\"\u003e21435\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges to Messages\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/c1c336d7e34eb313080c79b156518c58d27c7234\"\u003e\u003ccode\u003ec1c336d\u003c/code\u003e\u003c/a\u003e Remove +dev from version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/74df14b7cbf08140236aa45bbb7f42219b0b1df7\"\u003e\u003ccode\u003e74df14b\u003c/code\u003e\u003c/a\u003e Add changelog for mypy 2.1 (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21464\"\u003e#21464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/022d9bc96f86c40f338a5cf150f1806cc8f300ff\"\u003e\u003ccode\u003e022d9bc\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;TypeForm: Enable by default (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21262\"\u003e#21262\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/8826288214f1cb31496e610667481221e025359c\"\u003e\u003ccode\u003e8826288\u003c/code\u003e\u003c/a\u003e [mypyc] Document librt.random (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21463\"\u003e#21463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/3f4067b699dbe52d08e42ef3b3ebfdebdc06bd96\"\u003e\u003ccode\u003e3f4067b\u003c/code\u003e\u003c/a\u003e Bump librt version to 0.11.0 (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21458\"\u003e#21458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/2b1eb58a250c5f1eb4ef5fb1f312ff528c5a1d4e\"\u003e\u003ccode\u003e2b1eb58\u003c/code\u003e\u003c/a\u003e [mypyc] Enable incremental self-compilation (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21369\"\u003e#21369\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/8152f4af3f6c03beaf2660026240f0fdce7feecc\"\u003e\u003ccode\u003e8152f4a\u003c/code\u003e\u003c/a\u003e Respect file config comments for stale modules (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21444\"\u003e#21444\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/116d60bdd3fdfe8d97c6afe99370910db56f1b92\"\u003e\u003ccode\u003e116d60b\u003c/code\u003e\u003c/a\u003e Fix nondeterminism from nonassociativity of overload joins (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21455\"\u003e#21455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/6c4af8e42110cea3f84bc02add2ca7b89c268210\"\u003e\u003ccode\u003e6c4af8e\u003c/code\u003e\u003c/a\u003e Fix function call message change for small number of args (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21432\"\u003e#21432\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/4b8fdcaf24032592510e8f15421fb32d82a71800\"\u003e\u003ccode\u003e4b8fdca\u003c/code\u003e\u003c/a\u003e [mypyc] Add librt.random module (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21433\"\u003e#21433\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python/mypy/compare/v2.0.0...v2.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyjwt` from 2.12.1 to 2.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/releases\"\u003epyjwt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.13.0\u003c/h2\u003e\n\u003ch1\u003ePyJWT 2.13.0 — Security Release\u003c/h1\u003e\n\u003cp\u003eThis release bundles five security fixes plus three additional hardening / spec-compliance changes. We recommend all users upgrade.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\"\u003e\u003ccode\u003eGHSA-xgmm-8j9v-c9wx\u003c/code\u003e\u003c/a\u003e — JWK JSON accepted as HMAC secret (algorithm confusion).\u003c/strong\u003e \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e previously rejected PEM- and SSH-formatted asymmetric keys but did not catch a JWK passed as a raw JSON string. In a verifier configured with both symmetric and asymmetric algorithms in \u003ccode\u003ealgorithms=[…]\u003c/code\u003e and a raw-JSON JWK as the key, an attacker could forge HS256 tokens using the JWK text as the HMAC secret. The guard has been extended to reject any JWK-shaped JSON. \u003cem\u003eReported by \u003ca href=\"https://github.com/aradona91\"\u003e\u003ccode\u003e@​aradona91\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\"\u003e\u003ccode\u003eGHSA-jq35-7prp-9v3f\u003c/code\u003e\u003c/a\u003e — Algorithm allow-list bypass with \u003ccode\u003ePyJWK\u003c/code\u003e / \u003ccode\u003ePyJWKClient\u003c/code\u003e.\u003c/strong\u003e When verifying with a \u003ccode\u003ePyJWK\u003c/code\u003e, the caller's \u003ccode\u003ealgorithms=[…]\u003c/code\u003e allow-list was checked against the token header \u003ccode\u003ealg\u003c/code\u003e as a string only; actual verification used the algorithm bound to the \u003ccode\u003ePyJWK\u003c/code\u003e. An attacker who controlled a registered JWKS key could sign with one algorithm and advertise another on the header. PyJWT now requires the token header \u003ccode\u003ealg\u003c/code\u003e to match the \u003ccode\u003ePyJWK\u003c/code\u003e's algorithm before verification. \u003cem\u003eReported by \u003ca href=\"https://github.com/sushi-gif\"\u003e\u003ccode\u003e@​sushi-gif\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\"\u003e\u003ccode\u003eGHSA-w7vc-732c-9m39\u003c/code\u003e\u003c/a\u003e — DoS via base64 decode of unused payload segment when \u003ccode\u003eb64=false\u003c/code\u003e.\u003c/strong\u003e For detached-payload JWS (\u003ccode\u003eb64=false\u003c/code\u003e), the compact-form payload segment was base64-decoded before being discarded in favor of the caller-supplied \u003ccode\u003edetached_payload\u003c/code\u003e. An attacker could inflate the unused segment to force CPU + memory cost without holding a valid signature. The segment is now required to be empty per RFC 7515 Appendix F, and is no longer decoded. \u003cem\u003eReported by \u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\"\u003e\u003ccode\u003eGHSA-993g-76c3-p5m4\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e accepts non-HTTP(S) URIs.\u003c/strong\u003e \u003ccode\u003ePyJWKClient.fetch_data\u003c/code\u003e passed its URI to \u003ccode\u003eurllib.request.urlopen\u003c/code\u003e, which by default also handles \u003ccode\u003efile://\u003c/code\u003e, \u003ccode\u003eftp://\u003c/code\u003e, and \u003ccode\u003edata:\u003c/code\u003e schemes. An application that fed an attacker-influenced URI into \u003ccode\u003ePyJWKClient\u003c/code\u003e could be coerced into reading local files or reaching other unintended schemes. \u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects any URI whose scheme isn't \u003ccode\u003ehttp\u003c/code\u003e or \u003ccode\u003ehttps\u003c/code\u003e. \u003cem\u003eReported by \u003ca href=\"https://github.com/KEIJOT\"\u003e\u003ccode\u003e@​KEIJOT\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\"\u003e\u003ccode\u003eGHSA-fhv5-28vv-h8m8\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e cache wiped on fetch error.\u003c/strong\u003e A \u003ccode\u003efinally\u003c/code\u003e-block \u003ccode\u003eput(jwk_set=None)\u003c/code\u003e cleared the JWK Set cache whenever a fetch raised, turning a transient JWKS-endpoint outage into application-wide auth failure. The cache write was moved into the success path; transient errors no longer evict valid cached keys. \u003cem\u003eReported by \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReject empty HMAC keys outright in \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e with \u003ccode\u003eInvalidKeyError\u003c/code\u003e instead of accepting them with only a warning. Defends against the \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e footgun. \u003cem\u003eThanks to \u003ca href=\"https://github.com/SnailSploit\"\u003e\u003ccode\u003e@​SnailSploit\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/spartan8806\"\u003e\u003ccode\u003e@​spartan8806\u003c/code\u003e\u003c/a\u003e for the reports.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003eForward per-call \u003ccode\u003eoptions\u003c/code\u003e (including \u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e) from \u003ccode\u003ePyJWT.decode\u003c/code\u003e through to \u003ccode\u003ePyJWS._verify_signature\u003c/code\u003e. The option was previously silently dropped between the two layers, so it only took effect when set on the \u003ccode\u003ePyJWT\u003c/code\u003e instance. \u003cem\u003eThanks to \u003ca href=\"https://github.com/WLUB\"\u003e\u003ccode\u003e@​WLUB\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRFC 7797 §3 compliance for \u003ccode\u003eb64=false\u003c/code\u003e:\u003c/strong\u003e the encoder now auto-adds \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e to \u003ccode\u003ecrit\u003c/code\u003e, and the decoder rejects tokens that set \u003ccode\u003eb64=false\u003c/code\u003e without listing it in \u003ccode\u003ecrit\u003c/code\u003e. \u003cem\u003eThanks to \u003ca href=\"https://github.com/MachineLearning-Nerd\"\u003e\u003ccode\u003e@​MachineLearning-Nerd\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups, by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/pull/1152\"\u003e#1152\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUpgrade notes\u003c/h2\u003e\n\u003cp\u003eMost fixes are invisible to correctly-configured callers. A few behavioral changes you may encounter:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eEmpty HMAC keys now raise.\u003c/strong\u003e If your app passed \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e or \u003ccode\u003eb\u0026quot;\u0026quot;\u003c/code\u003e as a secret (often via a missing env var, e.g. \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e), \u003ccode\u003eencode\u003c/code\u003e/\u003ccode\u003edecode\u003c/code\u003e will now raise \u003ccode\u003eInvalidKeyError\u003c/code\u003e. This is the intended behavior — fix the configuration.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWK\u003c/code\u003e decoding now requires the token's \u003ccode\u003ealg\u003c/code\u003e to match the JWK's algorithm.\u003c/strong\u003e Previously a mismatch was silently honored if the header \u003ccode\u003ealg\u003c/code\u003e appeared in the allow-list. Tokens that relied on this mismatch will now fail with \u003ccode\u003eInvalidAlgorithmError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects non-HTTP(S) URIs at construction time.\u003c/strong\u003e Tests or dev environments that fetched JWKS from \u003ccode\u003efile://\u003c/code\u003e URIs need to switch to a local HTTP server or load the JWKS by other means (e.g. construct \u003ccode\u003ePyJWKSet.from_dict(...)\u003c/code\u003e directly).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eb64=false\u003c/code\u003e tokens are now strictly RFC 7515 / 7797 compliant.\u003c/strong\u003e Tokens with a non-empty compact-form payload segment, or that omit \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e from \u003ccode\u003ecrit\u003c/code\u003e, will be rejected. PyJWT-produced tokens always satisfy both invariants, so round-trips through PyJWT are unaffected.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e set per-call now takes effect.\u003c/strong\u003e Callers who passed \u003ccode\u003eoptions={\u0026quot;enforce_minimum_key_length\u0026quot;: True}\u003c/code\u003e to \u003ccode\u003ejwt.decode()\u003c/code\u003e previously got no enforcement; they will now get \u003ccode\u003eInvalidKeyError\u003c/code\u003e on undersized keys, as documented.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull changelog:\u003c/strong\u003e \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ehttps://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst\"\u003epyjwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003ev2.13.0 \u0026lt;https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u0026gt;\u003c/code\u003e__\u003c/h2\u003e\n\u003cp\u003eSecurity\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject JWK JSON documents passed as raw HMAC secrets in\n  ``HMACAlgorithm.prepare_key`` to close an algorithm-confusion gap that\n  the existing PEM/SSH guard did not cover. Reported by @aradona91 in\n  `GHSA-xgmm-8j9v-c9wx \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\u0026gt;`__.\n- Bind the JWT header ``alg`` to ``PyJWK.algorithm_name`` during\n  verification so the caller's ``algorithms=[...]`` allow-list cannot be\n  bypassed when decoding with a ``PyJWK`` / ``PyJWKClient`` key. Reported\n  by @sushi-gif in `GHSA-jq35-7prp-9v3f \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\u0026gt;`__.\n- Reject non-``http(s)`` URI schemes in ``PyJWKClient`` so attacker-\n  influenced URIs cannot read local files or reach unintended schemes via\n  urllib's default ``file://`` / ``ftp://`` / ``data:`` handlers. Reported\n  by @KEIJOT in `GHSA-993g-76c3-p5m4 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\u0026gt;`__.\n- Preserve the cached JWK Set on fetch errors in ``PyJWKClient.fetch_data``.\n  The previous ``finally``-block ``put(None)`` pattern cleared the cache\n  on any transient outage, turning one bad JWKS request into application-\n  wide auth failure. Reported by @eddieran in `GHSA-fhv5-28vv-h8m8 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\u0026gt;`__.\n- Skip the unconditional base64 decode of the compact-form payload segment\n  when ``b64=false`` is set in the protected header, and require that\n  segment to be empty (RFC 7515 Appendix F detached form). Closes an\n  unauthenticated DoS amplifier. Reported by @thesmartshadow in\n  `GHSA-w7vc-732c-9m39 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\u0026gt;`__.\n\u003cp\u003eFixed\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject empty HMAC keys outright in ``HMACAlgorithm.prepare_key`` with\n  ``InvalidKeyError`` instead of accepting them with only a warning.\n  Thanks to @SnailSploit and @spartan8806 for independently flagging the\n  footgun.\n- Forward per-call ``options`` (including ``enforce_minimum_key_length``)\n  from ``PyJWT.decode`` through to ``PyJWS._verify_signature`` so the\n  option actually takes effect when set at the call site rather than only\n  on the ``PyJWT`` instance. Thanks to @WLUB for the report.\n- RFC 7797 §3 compliance for ``b64=false``: the encoder now auto-adds\n  ``\u0026amp;quot;b64\u0026amp;quot;`` to the ``crit`` header parameter, and the decoder rejects\n  tokens that set ``b64=false`` without listing it in ``crit``. Thanks to\n  @MachineLearning-Nerd for the report.\n\nChanged\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ccode\u003e[#1152](https://github.com/jpadilla/pyjwt/issues/1152) \u0026amp;lt;https://github.com/jpadilla/pyjwt/pull/1152\u0026amp;gt;\u003c/code\u003e__\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/7144e4534c34810f4525dc4578a32addd8212cff\"\u003e\u003ccode\u003e7144e45\u003c/code\u003e\u003c/a\u003e Apply ruff format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/d2f4bec4963897c0ef96ef64a875894f2c8542ab\"\u003e\u003ccode\u003ed2f4bec\u003c/code\u003e\u003c/a\u003e Restore \u003ccode\u003ecast()\u003c/code\u003e calls with cross-version \u003ccode\u003etype: ignore\u003c/code\u003e for \u003ccode\u003eprepare_key\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/22f478cebddd8294259c30f037ecb92b0b348774\"\u003e\u003ccode\u003e22f478c\u003c/code\u003e\u003c/a\u003e Remove redundant casts in \u003ccode\u003eRSAAlgorithm.prepare_key\u003c/code\u003e and `ECAlgorithm.prepare...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/95791b1759b8aa4f2203575d344d5c78564cdc81\"\u003e\u003ccode\u003e95791b1\u003c/code\u003e\u003c/a\u003e Bundle security fixes and hardening into 2.13.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/dcc27a9d3182a2349c30b160758785c6ce7a6508\"\u003e\u003ccode\u003edcc27a9\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1155\"\u003e#1155\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/9d08a9a1896845ed8eaf88e6f6ac61e5800c3e7a\"\u003e\u003ccode\u003e9d08a9a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1146\"\u003e#1146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/b87c10014d4109f0214fea188d00faaaf8a80e64\"\u003e\u003ccode\u003eb87c100\u003c/code\u003e\u003c/a\u003e Bump codecov/codecov-action from 5 to 6 (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1154\"\u003e#1154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/40e3147eb5f790d8d041772e5fc00728a176c812\"\u003e\u003ccode\u003e40e3147\u003c/code\u003e\u003c/a\u003e Migrate development extras to dependency groups (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1152\"\u003e#1152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `regex` from 2026.4.4 to 2026.5.9\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mrabarnett/mrab-regex/blob/hg/changelog.txt\"\u003eregex's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eVersion: 2026.5.9\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eReverse matching with full unicode casefolding could lead to out-of-range string indexes.\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eVersion: 2026.4.4\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eA fix for older Python versions before free-threading was  supported.\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eVersion: 2026.4.3\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eMore fixes for free-threading.\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eVersion: 2026.3.32\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eFixed segfault.\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eVersion: 2026.3.31\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eFixed bug again.\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eVersion: 2026.3.30\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eFixed bug.\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eVersion: 2026.3.28\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eFixed version.\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eVersion: 2026.3.27\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eVarious fixes, including ones to improve free-threading support.\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eVersion: 2026.2.28\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eReplaced atomic operations with mutex on pattern object for free-threaded Python.\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eVersion: 2026.2.26\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003ePR [#598](https://github.com/mrabarnett/mrab-regex/issues/598): Fix race condition in storage caching with atomic operations.\n\u003cp\u003eReplaced use of PyUnicode_GET_LENGTH with PyUnicode_GetLength.\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eVersion: 2026.2.19\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eAdded \\z as alias of \\Z, like in re module.\n\u003cp\u003eAdded prefixmatch as alias of match, like in re module.\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eVersion: 2026.1.15\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mrabarnett/mrab-regex/commit/e57d185bb711729091907b23edac5dcba0426243\"\u003e\u003ccode\u003ee57d185\u003c/code\u003e\u003c/a\u003e Reverse matching with full unicode casefolding lead to out-of-range string in...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/mrabarnett/mrab-regex/compare/2026.4.4...2026.5.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.33.1 to 2.34.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.34.2\u003c/h2\u003e\n\u003ch2\u003e2.34.2 (2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMoved \u003ccode\u003eheaders\u003c/code\u003e input type back to \u003ccode\u003eMapping\u003c/code\u003e to avoid invariance issues with \u003ccode\u003eMutableMapping\u003c/code\u003e and inferred dict types. Users calling \u003ccode\u003eRequest.headers.update()\u003c/code\u003e may need to narrow typing in their code. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.34.1\u003c/h2\u003e\n\u003ch2\u003e2.34.1 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWidened \u003ccode\u003ejson\u003c/code\u003e input type from \u003ccode\u003edict\u003c/code\u003e and \u003ccode\u003elist\u003c/code\u003e to \u003ccode\u003eMapping\u003c/code\u003e\nand \u003ccode\u003eSequence\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanged \u003ccode\u003eheaders\u003c/code\u003e input type to MutableMapping and removed \u003ccode\u003eNone\u003c/code\u003e from\n\u003ccode\u003eRequest.headers\u003c/code\u003e typing to improve handling for users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.reason\u003c/code\u003e moved from \u003ccode\u003estr | None\u003c/code\u003e to \u003ccode\u003estr\u003c/code\u003e to improve handling\nfor users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where some bodies with custom \u003ccode\u003e__getattr__\u003c/code\u003e implementations\nweren't being properly detected as Iterables. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7433\"\u003e#7433\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/k223kim\"\u003e\u003ccode\u003e@​k223kim\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7433\"\u003epsf/requests#7433\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.34.0\u003c/h2\u003e\n\u003ch2\u003e2.34.0 (2026-05-11)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRequests 2.34.0 introduces inline types, replacing those provided by\ntypeshed. Public API types should be fully compatible with mypy, pyright,\nand ty. \u003cstrong\u003eWe believe types are comprehensive but if you find issues, please\nreport them to the \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003epinned tracking issue\u003c/a\u003e.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eSpecial thanks to \u003ca href=\"https://github.com/bastimeyer\"\u003e\u003ccode\u003e@​bastimeyer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/ct...\n\n_Description has been truncated_","html_url":"https://github.com/tatsuki-washimi/gwexpy/pull/422","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/tatsuki-washimi%2Fgwexpy/issues/422","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/422/packages"},{"uuid":"4490934272","node_id":"PR_kwDOF71pj87dwCD0","number":4583,"state":"open","title":"build(deps): bump the dependencies group across 2 directories with 7 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-21T01:13:46.000Z","updated_at":"2026-05-21T01:14:07.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"dependencies","update_count":7,"packages":[{"name":"envoy-base-utils","old_version":"0.6.4","new_version":"0.6.5","repository_url":"https://github.com/envoyproxy/toolshed"},{"name":"protobuf","old_version":"7.34.1","new_version":"7.35.0","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"types-aiofiles","old_version":"25.1.0.20260508","new_version":"25.1.0.20260518","repository_url":"https://github.com/python/typeshed"},{"name":"types-protobuf","old_version":"7.34.1.20260508","new_version":"7.34.1.20260518","repository_url":"https://github.com/python/typeshed"},{"name":"types-pygments","old_version":"2.20.0.20260508","new_version":"2.20.0.20260518","repository_url":"https://github.com/python/typeshed"},{"name":"types-pyyaml","old_version":"6.0.12.20260508","new_version":"6.0.12.20260518","repository_url":"https://github.com/python/typeshed"}],"path":null,"ecosystem":"pip"},"body":"Bumps the dependencies group with 1 update in the /ci directory: [envoy-code-check](https://github.com/envoyproxy/toolshed).\nBumps the dependencies group with 6 updates in the /py/deps directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [envoy-base-utils](https://github.com/envoyproxy/toolshed) | `0.6.4` | `0.6.5` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `7.34.1` | `7.35.0` |\n| [types-aiofiles](https://github.com/python/typeshed) | `25.1.0.20260508` | `25.1.0.20260518` |\n| [types-protobuf](https://github.com/python/typeshed) | `7.34.1.20260508` | `7.34.1.20260518` |\n| [types-pygments](https://github.com/python/typeshed) | `2.20.0.20260508` | `2.20.0.20260518` |\n| [types-pyyaml](https://github.com/python/typeshed) | `6.0.12.20260508` | `6.0.12.20260518` |\n\n\nUpdates `envoy-code-check` from 0.5.14 to 0.6.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/envoyproxy/toolshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `envoy-base-utils` from 0.6.4 to 0.6.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/envoyproxy/toolshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobuf` from 7.34.1 to 7.35.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make generator headers private (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add [[nodiscard]] to many APIs. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make the arena-enabled constructors of \u003ccode\u003eRepeatedField\u003c/code\u003e, \u003ccode\u003eRepeatedPtrField\u003c/code\u003e, and \u003ccode\u003eMap\u003c/code\u003e private. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() \u0026amp;\u0026amp; !is_repeated()) instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] All entity names have length limit (2afb0dc)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003egenerate_minimal_imports\u003c/code\u003e generation option warning (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Fix nullability annotations on some \u003ccode\u003eGPB*Dictionary\u003c/code\u003e types. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003e-[GPBFieldDescriptor optional]\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Other] Remove deprecated flag for enabling MSVC support (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  Add PHP typehints for setters and remove redundant GPBUtil checks (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25296\"\u003eprotocolbuffers/protobuf#25296\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  support default values for editions/proto2 (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25161\"\u003eprotocolbuffers/protobuf#25161\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_format/double_format from python proto text_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_precision from python proto json_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor.label (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/news/\"\u003eProtobuf News\u003c/a\u003e may include additional announcements or pre-announcements for upcoming changes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/support/migration/\"\u003eMigration Guide\u003c/a\u003e may include additional guidance for breaking changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBazel\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/25168\"\u003e#25168\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBreaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFeat(bazel): wire up prebuilt protoc toolchain (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/24115\"\u003e#24115\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrate \u003ccode\u003eproto_descriptor_set\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/23369\"\u003e#23369\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eCompiler\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRuby codegen: support generation of rbs files (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/15633\"\u003e#15633\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid collision name problems between a message named \u003ccode\u003eXyz\u003c/code\u003e and a direct sibling enum named \u003ccode\u003eXyzView\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneralizing and implementing ValidateFeatureSupport for both Options and Features during proto parsing (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug with custom features outside of the \u003ccode\u003epb\u003c/code\u003e package. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix import option handling when include_imports isn't set. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug in STRICT check of namespaced enums to properly check for 'reserved 1 to max' (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent accidental stripping of \u003ccode\u003edebug_redact\u003c/code\u003e options via import option. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eC++\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd EnumerateEnumValues function. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-aiofiles` from 25.1.0.20260508 to 25.1.0.20260518\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-protobuf` from 7.34.1.20260508 to 7.34.1.20260518\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-pygments` from 2.20.0.20260508 to 2.20.0.20260518\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-pyyaml` from 6.0.12.20260508 to 6.0.12.20260518\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/envoyproxy/toolshed/pull/4583","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/envoyproxy%2Ftoolshed/issues/4583","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/4583/packages"},{"uuid":"4483400513","node_id":"PR_kwDOF71pj87dXrY0","number":4573,"state":"closed","title":"build(deps): bump the dependencies group across 2 directories with 6 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-21T01:13:26.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-20T05:22:09.000Z","updated_at":"2026-05-21T01:13:28.000Z","time_to_close":71477,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"dependencies","update_count":6,"packages":[{"name":"protobuf","old_version":"7.34.1","new_version":"7.35.0","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"types-aiofiles","old_version":"25.1.0.20260508","new_version":"25.1.0.20260518","repository_url":"https://github.com/python/typeshed"},{"name":"types-protobuf","old_version":"7.34.1.20260508","new_version":"7.34.1.20260518","repository_url":"https://github.com/python/typeshed"},{"name":"types-pygments","old_version":"2.20.0.20260508","new_version":"2.20.0.20260518","repository_url":"https://github.com/python/typeshed"},{"name":"types-pyyaml","old_version":"6.0.12.20260508","new_version":"6.0.12.20260518","repository_url":"https://github.com/python/typeshed"}],"path":null,"ecosystem":"pip"},"body":"Bumps the dependencies group with 1 update in the /ci directory: [envoy-code-check](https://github.com/envoyproxy/toolshed).\nBumps the dependencies group with 5 updates in the /py/deps directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `7.34.1` | `7.35.0` |\n| [types-aiofiles](https://github.com/python/typeshed) | `25.1.0.20260508` | `25.1.0.20260518` |\n| [types-protobuf](https://github.com/python/typeshed) | `7.34.1.20260508` | `7.34.1.20260518` |\n| [types-pygments](https://github.com/python/typeshed) | `2.20.0.20260508` | `2.20.0.20260518` |\n| [types-pyyaml](https://github.com/python/typeshed) | `6.0.12.20260508` | `6.0.12.20260518` |\n\n\nUpdates `envoy-code-check` from 0.5.14 to 0.6.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/envoyproxy/toolshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobuf` from 7.34.1 to 7.35.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make generator headers private (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add [[nodiscard]] to many APIs. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make the arena-enabled constructors of \u003ccode\u003eRepeatedField\u003c/code\u003e, \u003ccode\u003eRepeatedPtrField\u003c/code\u003e, and \u003ccode\u003eMap\u003c/code\u003e private. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() \u0026amp;\u0026amp; !is_repeated()) instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] All entity names have length limit (2afb0dc)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003egenerate_minimal_imports\u003c/code\u003e generation option warning (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Fix nullability annotations on some \u003ccode\u003eGPB*Dictionary\u003c/code\u003e types. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003e-[GPBFieldDescriptor optional]\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Other] Remove deprecated flag for enabling MSVC support (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  Add PHP typehints for setters and remove redundant GPBUtil checks (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25296\"\u003eprotocolbuffers/protobuf#25296\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  support default values for editions/proto2 (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25161\"\u003eprotocolbuffers/protobuf#25161\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_format/double_format from python proto text_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_precision from python proto json_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor.label (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/news/\"\u003eProtobuf News\u003c/a\u003e may include additional announcements or pre-announcements for upcoming changes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/support/migration/\"\u003eMigration Guide\u003c/a\u003e may include additional guidance for breaking changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBazel\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/25168\"\u003e#25168\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBreaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFeat(bazel): wire up prebuilt protoc toolchain (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/24115\"\u003e#24115\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrate \u003ccode\u003eproto_descriptor_set\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/23369\"\u003e#23369\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eCompiler\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRuby codegen: support generation of rbs files (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/15633\"\u003e#15633\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid collision name problems between a message named \u003ccode\u003eXyz\u003c/code\u003e and a direct sibling enum named \u003ccode\u003eXyzView\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneralizing and implementing ValidateFeatureSupport for both Options and Features during proto parsing (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug with custom features outside of the \u003ccode\u003epb\u003c/code\u003e package. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix import option handling when include_imports isn't set. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug in STRICT check of namespaced enums to properly check for 'reserved 1 to max' (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent accidental stripping of \u003ccode\u003edebug_redact\u003c/code\u003e options via import option. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eC++\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd EnumerateEnumValues function. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-aiofiles` from 25.1.0.20260508 to 25.1.0.20260518\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-protobuf` from 7.34.1.20260508 to 7.34.1.20260518\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-pygments` from 2.20.0.20260508 to 2.20.0.20260518\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-pyyaml` from 6.0.12.20260508 to 6.0.12.20260518\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/envoyproxy/toolshed/pull/4573","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/envoyproxy%2Ftoolshed/issues/4573","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/4573/packages"},{"uuid":"4478068786","node_id":"PR_kwDONdBYDM7dGeL0","number":456,"state":"open","title":"Bump types-pyyaml from 6.0.12.20260408 to 6.0.12.20260518","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-19T14:06:45.000Z","updated_at":"2026-05-22T06:34:52.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"types-pyyaml","old_version":"6.0.12.20260408","new_version":"6.0.12.20260518","repository_url":"https://github.com/python/typeshed"}],"path":null,"ecosystem":"pip"},"body":"[//]: # (dependabot-start)\n⚠️  **Dependabot is rebasing this PR** ⚠️ \n\nRebasing might not happen immediately, so don't worry if this takes some time.\n\nNote: if you make any changes to this PR yourself, they will take precedence over the rebase.\n\n---\n\n[//]: # (dependabot-end)\n\nBumps [types-pyyaml](https://github.com/python/typeshed) from 6.0.12.20260408 to 6.0.12.20260518.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=types-pyyaml\u0026package-manager=pip\u0026previous-version=6.0.12.20260408\u0026new-version=6.0.12.20260518)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/neuro-inc/app-types/pull/456","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/neuro-inc%2Fapp-types/issues/456","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/456/packages"},{"uuid":"4475021954","node_id":"PR_kwDOCSpQdM7c8nMU","number":556,"state":"closed","title":"build(deps-dev): Bump the python-dev group with 8 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-22T04:58:44.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-19T06:39:30.000Z","updated_at":"2026-05-22T04:58:46.000Z","time_to_close":253154,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps-dev): Bump","group_name":"python-dev","update_count":8,"packages":[{"name":"basedpyright","old_version":"1.39.4","new_version":"1.39.5","repository_url":"https://github.com/detachhead/basedpyright"},{"name":"ruff","old_version":"0.15.12","new_version":"0.15.13","repository_url":"https://github.com/astral-sh/ruff"},{"name":"types-cffi","old_version":"2.0.0.20260508","new_version":"2.0.0.20260518","repository_url":"https://github.com/python/typeshed"},{"name":"types-markdown","old_version":"3.10.2.20260508","new_version":"3.10.2.20260518","repository_url":"https://github.com/python/typeshed"},{"name":"types-pexpect","old_version":"4.9.0.20260508","new_version":"4.9.0.20260518","repository_url":"https://github.com/python/typeshed"},{"name":"types-pygments","old_version":"2.20.0.20260508","new_version":"2.20.0.20260518","repository_url":"https://github.com/python/typeshed"},{"name":"types-pyyaml","old_version":"6.0.12.20260510","new_version":"6.0.12.20260518","repository_url":"https://github.com/python/typeshed"},{"name":"types-setuptools","old_version":"82.0.0.20260508","new_version":"82.0.0.20260518","repository_url":"https://github.com/python/typeshed"}],"path":null,"ecosystem":"pip"},"body":"Bumps the python-dev group with 8 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [basedpyright](https://github.com/detachhead/basedpyright) | `1.39.4` | `1.39.5` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.15.12` | `0.15.13` |\n| [types-cffi](https://github.com/python/typeshed) | `2.0.0.20260508` | `2.0.0.20260518` |\n| [types-markdown](https://github.com/python/typeshed) | `3.10.2.20260508` | `3.10.2.20260518` |\n| [types-pexpect](https://github.com/python/typeshed) | `4.9.0.20260508` | `4.9.0.20260518` |\n| [types-pygments](https://github.com/python/typeshed) | `2.20.0.20260508` | `2.20.0.20260518` |\n| [types-pyyaml](https://github.com/python/typeshed) | `6.0.12.20260510` | `6.0.12.20260518` |\n| [types-setuptools](https://github.com/python/typeshed) | `82.0.0.20260508` | `82.0.0.20260518` |\n\nUpdates `basedpyright` from 1.39.4 to 1.39.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/a511b786acd28e190b1a8ba5e683de31e2a690e7\"\u003e\u003ccode\u003ea511b78\u003c/code\u003e\u003c/a\u003e 1.39.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/009e953c1d1e880bc07ce926282627e8f33519e4\"\u003e\u003ccode\u003e009e953\u003c/code\u003e\u003c/a\u003e fix error attempting to baseline diagnostics from the new `string.templatelib...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/9ff98486dfd844968a46d7cb13e6e5b32345dceb\"\u003e\u003ccode\u003e9ff9848\u003c/code\u003e\u003c/a\u003e fix \u0026quot;Pyright current file\u0026quot; vscode launch config when node isn't installed glo...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/detachhead/basedpyright/compare/v1.39.4...v1.39.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ruff` from 0.15.12 to 0.15.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/releases\"\u003eruff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.13\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-14.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a rule to flag lazy imports that are eagerly evaluated (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25016\"\u003e#25016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Standardize diagnostic message (\u003ccode\u003ePLR0914\u003c/code\u003e, \u003ccode\u003ePLR0917\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24996\"\u003e#24996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eF811\u003c/code\u003e false positive for class methods (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24933\"\u003e#24933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix setting selection for multi-folder workspace (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24819\"\u003e#24819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eeradicate\u003c/code\u003e] Fix false positive for lines with leading whitespace (\u003ccode\u003eERA001\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25122\"\u003e#25122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-pyi\u003c/code\u003e] Fix false positive for f-string debug specifier (\u003ccode\u003ePYI016\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24098\"\u003e#24098\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways include panic payload in panic diagnostic message (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24873\"\u003e#24873\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRestrict \u003ccode\u003ePYI034\u003c/code\u003e for in-place operations to enclosing class (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24511\"\u003e#24511\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove error message for parameters that are declared \u003ccode\u003eglobal\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24902\"\u003e#24902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate known stdlib (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25103\"\u003e#25103\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eisort\u003c/code\u003e] Avoid constructing \u003ccode\u003eglob::Pattern\u003c/code\u003es for literal known modules (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25123\"\u003e#25123\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCLI\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd TOML examples to \u003ccode\u003e--config\u003c/code\u003e help text (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25013\"\u003e#25013\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eColorize ruff check 'All checks passed' (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25085\"\u003e#25085\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIncrease max allowed value of \u003ccode\u003eline-length\u003c/code\u003e setting (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24962\"\u003e#24962\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eD203\u003c/code\u003e to rules that conflict with the formatter (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25044\"\u003e#25044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClarify \u003ccode\u003eCOM819\u003c/code\u003e and formatter interaction (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25045\"\u003e#25045\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClarify that \u003ccode\u003eNotImplemented\u003c/code\u003e is a value, not an exception (\u003ccode\u003eF901\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25054\"\u003e#25054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate number of lint rules supported (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24942\"\u003e#24942\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSimplify the playground's markdown template (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24924\"\u003e#24924\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md\"\u003eruff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.13\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-14.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a rule to flag lazy imports that are eagerly evaluated (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25016\"\u003e#25016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Standardize diagnostic message (\u003ccode\u003ePLR0914\u003c/code\u003e, \u003ccode\u003ePLR0917\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24996\"\u003e#24996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eF811\u003c/code\u003e false positive for class methods (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24933\"\u003e#24933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix setting selection for multi-folder workspace (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24819\"\u003e#24819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eeradicate\u003c/code\u003e] Fix false positive for lines with leading whitespace (\u003ccode\u003eERA001\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25122\"\u003e#25122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-pyi\u003c/code\u003e] Fix false positive for f-string debug specifier (\u003ccode\u003ePYI016\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24098\"\u003e#24098\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways include panic payload in panic diagnostic message (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24873\"\u003e#24873\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRestrict \u003ccode\u003ePYI034\u003c/code\u003e for in-place operations to enclosing class (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24511\"\u003e#24511\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove error message for parameters that are declared \u003ccode\u003eglobal\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24902\"\u003e#24902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate known stdlib (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25103\"\u003e#25103\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eisort\u003c/code\u003e] Avoid constructing \u003ccode\u003eglob::Pattern\u003c/code\u003es for literal known modules (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25123\"\u003e#25123\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCLI\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd TOML examples to \u003ccode\u003e--config\u003c/code\u003e help text (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25013\"\u003e#25013\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eColorize ruff check 'All checks passed' (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25085\"\u003e#25085\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIncrease max allowed value of \u003ccode\u003eline-length\u003c/code\u003e setting (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24962\"\u003e#24962\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eD203\u003c/code\u003e to rules that conflict with the formatter (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25044\"\u003e#25044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClarify \u003ccode\u003eCOM819\u003c/code\u003e and formatter interaction (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25045\"\u003e#25045\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClarify that \u003ccode\u003eNotImplemented\u003c/code\u003e is a value, not an exception (\u003ccode\u003eF901\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25054\"\u003e#25054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate number of lint rules supported (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24942\"\u003e#24942\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSimplify the playground's markdown template (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24924\"\u003e#24924\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MichaReiser\"\u003e\u003ccode\u003e@​MichaReiser\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/2afb467ce397e4a89c13a0a814c62cfecb0e9e49\"\u003e\u003ccode\u003e2afb467\u003c/code\u003e\u003c/a\u003e Bump 0.15.13 (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25157\"\u003e#25157\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/300879600fa3af7cde1e675c63de6ad9d0797d1b\"\u003e\u003ccode\u003e3008796\u003c/code\u003e\u003c/a\u003e [ty] classify TypeVar semantic tokens as type parameters (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24891\"\u003e#24891\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/79470e31877acb6074f3bbff2a49e508822ae4e8\"\u003e\u003ccode\u003e79470e3\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003eisort\u003c/code\u003e] Avoid constructing \u003ccode\u003eglob::Pattern\u003c/code\u003es for literal known modules (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25123\"\u003e#25123\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/2522549901d50f18775999f0fb802b19229417f0\"\u003e\u003ccode\u003e2522549\u003c/code\u003e\u003c/a\u003e Remove shellcheck from prek (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25154\"\u003e#25154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/7db7170020f539d6d2bc01dbd0b0c09fab91dc06\"\u003e\u003ccode\u003e7db7170\u003c/code\u003e\u003c/a\u003e [ty] Support TypedDict key completions in incomplete, anonymous contexts (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25\"\u003e#25\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/bb3dd535f1c5a83e2e56ac93a771fadbeeceebd0\"\u003e\u003ccode\u003ebb3dd53\u003c/code\u003e\u003c/a\u003e [ty] Run full iteration analysis on narrowed typevars (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25143\"\u003e#25143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/828cdb7732efcb16a53f4ee5f011cf653b834d1a\"\u003e\u003ccode\u003e828cdb7\u003c/code\u003e\u003c/a\u003e [ty] Isolate file-watching test environment (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25151\"\u003e#25151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/89e1d8670ea4d3af60c8143ee552dc750200718d\"\u003e\u003ccode\u003e89e1d86\u003c/code\u003e\u003c/a\u003e [ty] Preserve TypedDict keys through dict unpacking (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24523\"\u003e#24523\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/86f3064d6fffa5697d174f26b840bd6857b381da\"\u003e\u003ccode\u003e86f3064\u003c/code\u003e\u003c/a\u003e [ty] Avoid accessing \u003ccode\u003eargs[0]\u003c/code\u003e for \u003ccode\u003estatic_assert\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25149\"\u003e#25149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/ed819f947dc27e36eac8bb3134153c4668d76a3a\"\u003e\u003ccode\u003eed819f9\u003c/code\u003e\u003c/a\u003e [ty] Treat custom enum \u003ccode\u003e__new__\u003c/code\u003e values as dynamic (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25136\"\u003e#25136\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/astral-sh/ruff/compare/0.15.12...0.15.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-cffi` from 2.0.0.20260508 to 2.0.0.20260518\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-markdown` from 3.10.2.20260508 to 3.10.2.20260518\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-pexpect` from 4.9.0.20260508 to 4.9.0.20260518\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-pygments` from 2.20.0.20260508 to 2.20.0.20260518\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-pyyaml` from 6.0.12.20260510 to 6.0.12.20260518\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-setuptools` from 82.0.0.20260508 to 82.0.0.20260518\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/Nadock/rileychase.net/pull/556","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Nadock%2Frileychase.net/issues/556","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/556/packages"},{"uuid":"4473563058","node_id":"PR_kwDOL_1trs7c3-Q4","number":203,"state":"open","title":"fix(deps): bump the python-packages group across 1 directory with 11 updates","user":"dependabot[bot]","labels":["bug","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-19T00:43:14.000Z","updated_at":"2026-05-19T00:44:17.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"fix(deps): bump","group_name":"python-packages","update_count":11,"packages":[{"name":"click","old_version":"8.3.3","new_version":"8.4.0","repository_url":"https://github.com/pallets/click"},{"name":"ruff","old_version":"0.15.12","new_version":"0.15.13","repository_url":"https://github.com/astral-sh/ruff"},{"name":"mypy","old_version":"1.20.2","new_version":"2.1.0","repository_url":"https://github.com/python/mypy"},{"name":"yamllint","old_version":"1.37.1","new_version":"1.38.0","repository_url":"https://github.com/adrienverge/yamllint"},{"name":"conventional-pre-commit","old_version":"4.3.0","new_version":"4.4.0","repository_url":"https://github.com/compilerla/conventional-pre-commit"},{"name":"coverage","old_version":"7.13.1","new_version":"7.14.0","repository_url":"https://github.com/coveragepy/coveragepy"},{"name":"tox","old_version":"4.33.0","new_version":"4.54.0","repository_url":"https://github.com/tox-dev/tox"},{"name":"types-pyyaml","old_version":"6.0.12.20250915","new_version":"6.0.12.20260518","repository_url":"https://github.com/python/typeshed"},{"name":"types-toml","old_version":"0.10.8.20240310","new_version":"0.10.8.20260518","repository_url":"https://github.com/python/typeshed"},{"name":"types-colorama","old_version":"0.4.15.20250801","new_version":"0.4.15.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"commitizen","old_version":"4.13.10","new_version":"4.16.2","repository_url":"https://github.com/commitizen-tools/commitizen"}],"path":null,"ecosystem":"pip"},"body":"Bumps the python-packages group with 11 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [click](https://github.com/pallets/click) | `8.3.3` | `8.4.0` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.15.12` | `0.15.13` |\n| [mypy](https://github.com/python/mypy) | `1.20.2` | `2.1.0` |\n| [yamllint](https://github.com/adrienverge/yamllint) | `1.37.1` | `1.38.0` |\n| [conventional-pre-commit](https://github.com/compilerla/conventional-pre-commit) | `4.3.0` | `4.4.0` |\n| [coverage](https://github.com/coveragepy/coveragepy) | `7.13.1` | `7.14.0` |\n| [tox](https://github.com/tox-dev/tox) | `4.33.0` | `4.54.0` |\n| [types-pyyaml](https://github.com/python/typeshed) | `6.0.12.20250915` | `6.0.12.20260518` |\n| [types-toml](https://github.com/python/typeshed) | `0.10.8.20240310` | `0.10.8.20260518` |\n| [types-colorama](https://github.com/python/typeshed) | `0.4.15.20250801` | `0.4.15.20260508` |\n| [commitizen](https://github.com/commitizen-tools/commitizen) | `4.13.10` | `4.16.2` |\n\n\nUpdates `click` from 8.3.3 to 8.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/releases\"\u003eclick's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.4.0\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.4.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecation, or introduce potentially breaking changes.\u003c/p\u003e\n\u003cp\u003eWe encourage everyone to upgrade. You can read more about our \u003ca href=\"https://palletsprojects.com/versions\"\u003eVersion Support Policy\u003c/a\u003e on our website.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.4.0/\"\u003ehttps://pypi.org/project/click/8.4.0/\u003c/a\u003e\nChanges:  \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-4-0\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-4-0\u003c/a\u003e\nMilestone \u003ca href=\"https://github.com/pallets/click/milestone/30\"\u003ehttps://github.com/pallets/click/milestone/30\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eParamType\u003c/code\u003e typing improvements. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3371\"\u003e#3371\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e is now a generic abstract base class,\nparameterized by its converted value type.\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.convert\u003c/code\u003e return types are narrowed on all\nconcrete types (\u003ccode\u003estr\u003c/code\u003e for :class:\u003ccode\u003eSTRING\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e for\n:class:\u003ccode\u003eINT\u003c/code\u003e, etc.).\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.to_info_dict\u003c/code\u003e returns specific\n:class:\u003ccode\u003e~typing.TypedDict\u003c/code\u003e subclasses instead of\n\u003ccode\u003edict[str, Any]\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e:class:\u003ccode\u003eCompositeParamType\u003c/code\u003e and the number-range base are now\ngeneric with abstract methods.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor \u003ccode\u003econvert_type\u003c/code\u003e to extract type inference into a private\n\u003ccode\u003e_guess_type\u003c/code\u003e helper, and add :func:\u003ccode\u003etyping.overload\u003c/code\u003e signatures.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/3372\"\u003e#3372\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eParameter\u003c/code\u003e typing improvements. \u003ca href=\"https://redirect.github.com/pallets/click/issues/2805\"\u003e#2805\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e is now an abstract base class, making explicit\nthat it cannot be instantiated directly.\u003c/li\u003e\n\u003cli\u003e:attr:\u003ccode\u003eParameter.name\u003c/code\u003e is now \u003ccode\u003estr\u003c/code\u003e instead of \u003ccode\u003estr | None\u003c/code\u003e.\nWhen \u003ccode\u003eexpose_value=False\u003c/code\u003e, the name is set to \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e instead\nof \u003ccode\u003eNone\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ectx\u003c/code\u003e parameter of :meth:\u003ccode\u003eParameter.get_error_hint\u003c/code\u003e is now\ntyped as \u003ccode\u003eContext | None\u003c/code\u003e, matching the runtime behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSplit string values from \u003ccode\u003edefault_map\u003c/code\u003e for parameters with \u003ccode\u003enargs \u0026gt; 1\u003c/code\u003e\nor :class:\u003ccode\u003eTuple\u003c/code\u003e type, matching environment variable behavior.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/2745\"\u003e#2745\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3364\"\u003e#3364\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAuto-detect \u003ccode\u003etype=UNPROCESSED\u003c/code\u003e for \u003ccode\u003eflag_value\u003c/code\u003e of non-basic types\n(not \u003ccode\u003estr\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e, \u003ccode\u003efloat\u003c/code\u003e, or \u003ccode\u003ebool\u003c/code\u003e), so programmer-provided\nPython objects like classes and enum members are passed through unchanged\ninstead of being stringified. Previously \u003ccode\u003etype=click.UNPROCESSED\u003c/code\u003e had\nto be set explicitly. \u003ca href=\"https://redirect.github.com/pallets/click/issues/2012\"\u003e#2012\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3363\"\u003e#3363\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe error hint now uses \u003ccode\u003eCommand.get_help_option_names\u003c/code\u003e to pick\nnon-shadowed help option names, so \u003ccode\u003eTry '... -h'\u003c/code\u003e no longer points to a\nsubcommand option that shadows \u003ccode\u003e-h\u003c/code\u003e. All surviving names are shown\n(\u003ccode\u003e-h/--help\u003c/code\u003e). \u003ca href=\"https://redirect.github.com/pallets/click/issues/2790\"\u003e#2790\u003c/a\u003e  \u003ca href=\"https://redirect.github.com/pallets/click/issues/3208\"\u003e#3208\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix readline functionality on non-Windows platforms. Prompt text is now\npassed directly to readline instead of being printed separately, allowing\nproper backspace, line editing, and line wrapping behavior. \u003ca href=\"https://redirect.github.com/pallets/click/issues/2968\"\u003e#2968\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/blob/main/CHANGES.rst\"\u003eclick's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 8.4.0\u003c/h2\u003e\n\u003cp\u003eReleased 2026-05-17\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e typing improvements. :pr:\u003ccode\u003e3371\u003c/code\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e is now a generic abstract base class,\nparameterized by its converted value type.\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.convert\u003c/code\u003e return types are narrowed on all\nconcrete types (\u003ccode\u003estr\u003c/code\u003e for :class:\u003ccode\u003eSTRING\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e for\n:class:\u003ccode\u003eINT\u003c/code\u003e, etc.).\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.to_info_dict\u003c/code\u003e returns specific\n:class:\u003ccode\u003e~typing.TypedDict\u003c/code\u003e subclasses instead of\n\u003ccode\u003edict[str, Any]\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e:class:\u003ccode\u003eCompositeParamType\u003c/code\u003e and the number-range base are now\ngeneric with abstract methods.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor \u003ccode\u003econvert_type\u003c/code\u003e to extract type inference into a private\n\u003ccode\u003e_guess_type\u003c/code\u003e helper, and add :func:\u003ccode\u003etyping.overload\u003c/code\u003e signatures.\n:pr:\u003ccode\u003e3372\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e typing improvements. :pr:\u003ccode\u003e2805\u003c/code\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e is now an abstract base class, making explicit\nthat it cannot be instantiated directly.\u003c/li\u003e\n\u003cli\u003e:attr:\u003ccode\u003eParameter.name\u003c/code\u003e is now \u003ccode\u003estr\u003c/code\u003e instead of \u003ccode\u003estr | None\u003c/code\u003e.\nWhen \u003ccode\u003eexpose_value=False\u003c/code\u003e, the name is set to \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e instead\nof \u003ccode\u003eNone\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ectx\u003c/code\u003e parameter of :meth:\u003ccode\u003eParameter.get_error_hint\u003c/code\u003e is now\ntyped as \u003ccode\u003eContext | None\u003c/code\u003e, matching the runtime behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSplit string values from \u003ccode\u003edefault_map\u003c/code\u003e for parameters with \u003ccode\u003enargs \u0026gt; 1\u003c/code\u003e\nor :class:\u003ccode\u003eTuple\u003c/code\u003e type, matching environment variable behavior.\n:issue:\u003ccode\u003e2745\u003c/code\u003e :pr:\u003ccode\u003e3364\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAuto-detect \u003ccode\u003etype=UNPROCESSED\u003c/code\u003e for \u003ccode\u003eflag_value\u003c/code\u003e of non-basic types\n(not \u003ccode\u003estr\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e, \u003ccode\u003efloat\u003c/code\u003e, or \u003ccode\u003ebool\u003c/code\u003e), so programmer-provided\nPython objects like classes and enum members are passed through unchanged\ninstead of being stringified. Previously \u003ccode\u003etype=click.UNPROCESSED\u003c/code\u003e had\nto be set explicitly. :issue:\u003ccode\u003e2012\u003c/code\u003e :pr:\u003ccode\u003e3363\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe error hint now uses :meth:\u003ccode\u003eCommand.get_help_option_names\u003c/code\u003e to pick\nnon-shadowed help option names, so \u003ccode\u003eTry '... -h'\u003c/code\u003e no longer points to a\nsubcommand option that shadows \u003ccode\u003e-h\u003c/code\u003e. All surviving names are shown\n(\u003ccode\u003e-h/--help\u003c/code\u003e). :issue:\u003ccode\u003e2790\u003c/code\u003e :pr:\u003ccode\u003e3208\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix readline functionality on non-Windows platforms. Prompt text is now\npassed directly to readline instead of being printed separately, allowing\nproper backspace, line editing, and line wrapping behavior. :issue:\u003ccode\u003e2968\u003c/code\u003e\n:pr:\u003ccode\u003e2969\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse :func:\u003ccode\u003eos.startfile\u003c/code\u003e on Windows to open URLs in :func:\u003ccode\u003eopen_url\u003c/code\u003e,\nreplacing the \u003ccode\u003estart\u003c/code\u003e built-in which cannot be invoked without\n\u003ccode\u003eshell=True\u003c/code\u003e. :issue:\u003ccode\u003e3164\u003c/code\u003e :pr:\u003ccode\u003e3186\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix Fish shell completion errors when option help text contains newlines.\n:issue:\u003ccode\u003e3043\u003c/code\u003e :pr:\u003ccode\u003e3126\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/41f410fb7528305d7e87c8cfa704f6c2456f57fc\"\u003e\u003ccode\u003e41f410f\u003c/code\u003e\u003c/a\u003e Release 8.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/e3e69e3bf8d749ac1a632f2ece4d38ec7f6588f5\"\u003e\u003ccode\u003ee3e69e3\u003c/code\u003e\u003c/a\u003e Add type annotations for instance attributes in \u003ccode\u003eutils\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3422\"\u003e#3422\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/3bb230dcd5d751f8605b46e9df5a541639d5fd4e\"\u003e\u003ccode\u003e3bb230d\u003c/code\u003e\u003c/a\u003e WIP: Fix \u003ccode\u003eHelpFormatter.write_usage\u003c/code\u003e producing spurious characters (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3434\"\u003e#3434\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/63274a79d08fdc5c19220696144489f7144a8547\"\u003e\u003ccode\u003e63274a7\u003c/code\u003e\u003c/a\u003e \u003ccode\u003eclick.get_pager_file\u003c/code\u003e: add tests (\u003ca href=\"https://redirect.github.com/pallets/click/issues/1572\"\u003e#1572\u003c/a\u003e followup) (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3405\"\u003e#3405\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/0551bf53588ae87f462d336f24f853a156fefe3a\"\u003e\u003ccode\u003e0551bf5\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eHelpFormatter.write_usage\u003c/code\u003e producing spurious characters\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/fc41aa1d0b62494eb93e92ff3929601221e3abf4\"\u003e\u003ccode\u003efc41aa1\u003c/code\u003e\u003c/a\u003e Apply class-body annotations to \u003ccode\u003eKeepOpenFile\u003c/code\u003e for consistency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/b761eda3bad977ec2f485451d85fd8ec365f0bf4\"\u003e\u003ccode\u003eb761eda\u003c/code\u003e\u003c/a\u003e Skip some tests on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/98302ac4f49e443a48abd3fbb95c86202b89547d\"\u003e\u003ccode\u003e98302ac\u003c/code\u003e\u003c/a\u003e Check \u003ccode\u003ePAGER\u003c/code\u003e usage, color preservation and edge-cases\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/dbdae170879d460e78963f8af35c5cb9c5b86e89\"\u003e\u003ccode\u003edbdae17\u003c/code\u003e\u003c/a\u003e Fix documentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/1aa2d53d63ff68bf14b35931177aac9270e39713\"\u003e\u003ccode\u003e1aa2d53\u003c/code\u003e\u003c/a\u003e Redesigned tests and get_pager_file branching to be more clear and not set color\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/click/compare/8.3.3...8.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ruff` from 0.15.12 to 0.15.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/releases\"\u003eruff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.13\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-14.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a rule to flag lazy imports that are eagerly evaluated (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25016\"\u003e#25016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Standardize diagnostic message (\u003ccode\u003ePLR0914\u003c/code\u003e, \u003ccode\u003ePLR0917\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24996\"\u003e#24996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eF811\u003c/code\u003e false positive for class methods (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24933\"\u003e#24933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix setting selection for multi-folder workspace (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24819\"\u003e#24819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eeradicate\u003c/code\u003e] Fix false positive for lines with leading whitespace (\u003ccode\u003eERA001\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25122\"\u003e#25122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-pyi\u003c/code\u003e] Fix false positive for f-string debug specifier (\u003ccode\u003ePYI016\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24098\"\u003e#24098\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways include panic payload in panic diagnostic message (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24873\"\u003e#24873\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRestrict \u003ccode\u003ePYI034\u003c/code\u003e for in-place operations to enclosing class (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24511\"\u003e#24511\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove error message for parameters that are declared \u003ccode\u003eglobal\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24902\"\u003e#24902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate known stdlib (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25103\"\u003e#25103\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eisort\u003c/code\u003e] Avoid constructing \u003ccode\u003eglob::Pattern\u003c/code\u003es for literal known modules (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25123\"\u003e#25123\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCLI\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd TOML examples to \u003ccode\u003e--config\u003c/code\u003e help text (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25013\"\u003e#25013\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eColorize ruff check 'All checks passed' (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25085\"\u003e#25085\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIncrease max allowed value of \u003ccode\u003eline-length\u003c/code\u003e setting (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24962\"\u003e#24962\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eD203\u003c/code\u003e to rules that conflict with the formatter (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25044\"\u003e#25044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClarify \u003ccode\u003eCOM819\u003c/code\u003e and formatter interaction (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25045\"\u003e#25045\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClarify that \u003ccode\u003eNotImplemented\u003c/code\u003e is a value, not an exception (\u003ccode\u003eF901\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25054\"\u003e#25054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate number of lint rules supported (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24942\"\u003e#24942\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSimplify the playground's markdown template (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24924\"\u003e#24924\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md\"\u003eruff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.13\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-14.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a rule to flag lazy imports that are eagerly evaluated (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25016\"\u003e#25016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Standardize diagnostic message (\u003ccode\u003ePLR0914\u003c/code\u003e, \u003ccode\u003ePLR0917\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24996\"\u003e#24996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eF811\u003c/code\u003e false positive for class methods (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24933\"\u003e#24933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix setting selection for multi-folder workspace (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24819\"\u003e#24819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eeradicate\u003c/code\u003e] Fix false positive for lines with leading whitespace (\u003ccode\u003eERA001\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25122\"\u003e#25122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-pyi\u003c/code\u003e] Fix false positive for f-string debug specifier (\u003ccode\u003ePYI016\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24098\"\u003e#24098\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways include panic payload in panic diagnostic message (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24873\"\u003e#24873\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRestrict \u003ccode\u003ePYI034\u003c/code\u003e for in-place operations to enclosing class (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24511\"\u003e#24511\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove error message for parameters that are declared \u003ccode\u003eglobal\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24902\"\u003e#24902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate known stdlib (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25103\"\u003e#25103\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eisort\u003c/code\u003e] Avoid constructing \u003ccode\u003eglob::Pattern\u003c/code\u003es for literal known modules (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25123\"\u003e#25123\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCLI\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd TOML examples to \u003ccode\u003e--config\u003c/code\u003e help text (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25013\"\u003e#25013\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eColorize ruff check 'All checks passed' (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25085\"\u003e#25085\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIncrease max allowed value of \u003ccode\u003eline-length\u003c/code\u003e setting (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24962\"\u003e#24962\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eD203\u003c/code\u003e to rules that conflict with the formatter (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25044\"\u003e#25044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClarify \u003ccode\u003eCOM819\u003c/code\u003e and formatter interaction (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25045\"\u003e#25045\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClarify that \u003ccode\u003eNotImplemented\u003c/code\u003e is a value, not an exception (\u003ccode\u003eF901\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25054\"\u003e#25054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate number of lint rules supported (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24942\"\u003e#24942\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSimplify the playground's markdown template (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24924\"\u003e#24924\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MichaReiser\"\u003e\u003ccode\u003e@​MichaReiser\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/2afb467ce397e4a89c13a0a814c62cfecb0e9e49\"\u003e\u003ccode\u003e2afb467\u003c/code\u003e\u003c/a\u003e Bump 0.15.13 (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25157\"\u003e#25157\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/300879600fa3af7cde1e675c63de6ad9d0797d1b\"\u003e\u003ccode\u003e3008796\u003c/code\u003e\u003c/a\u003e [ty] classify TypeVar semantic tokens as type parameters (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24891\"\u003e#24891\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/79470e31877acb6074f3bbff2a49e508822ae4e8\"\u003e\u003ccode\u003e79470e3\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003eisort\u003c/code\u003e] Avoid constructing \u003ccode\u003eglob::Pattern\u003c/code\u003es for literal known modules (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25123\"\u003e#25123\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/2522549901d50f18775999f0fb802b19229417f0\"\u003e\u003ccode\u003e2522549\u003c/code\u003e\u003c/a\u003e Remove shellcheck from prek (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25154\"\u003e#25154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/7db7170020f539d6d2bc01dbd0b0c09fab91dc06\"\u003e\u003ccode\u003e7db7170\u003c/code\u003e\u003c/a\u003e [ty] Support TypedDict key completions in incomplete, anonymous contexts (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25\"\u003e#25\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/bb3dd535f1c5a83e2e56ac93a771fadbeeceebd0\"\u003e\u003ccode\u003ebb3dd53\u003c/code\u003e\u003c/a\u003e [ty] Run full iteration analysis on narrowed typevars (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25143\"\u003e#25143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/828cdb7732efcb16a53f4ee5f011cf653b834d1a\"\u003e\u003ccode\u003e828cdb7\u003c/code\u003e\u003c/a\u003e [ty] Isolate file-watching test environment (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25151\"\u003e#25151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/89e1d8670ea4d3af60c8143ee552dc750200718d\"\u003e\u003ccode\u003e89e1d86\u003c/code\u003e\u003c/a\u003e [ty] Preserve TypedDict keys through dict unpacking (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24523\"\u003e#24523\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/86f3064d6fffa5697d174f26b840bd6857b381da\"\u003e\u003ccode\u003e86f3064\u003c/code\u003e\u003c/a\u003e [ty] Avoid accessing \u003ccode\u003eargs[0]\u003c/code\u003e for \u003ccode\u003estatic_assert\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25149\"\u003e#25149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/ed819f947dc27e36eac8bb3134153c4668d76a3a\"\u003e\u003ccode\u003eed819f9\u003c/code\u003e\u003c/a\u003e [ty] Treat custom enum \u003ccode\u003e__new__\u003c/code\u003e values as dynamic (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25136\"\u003e#25136\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/astral-sh/ruff/compare/0.15.12...0.15.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mypy` from 1.20.2 to 2.1.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python/mypy/blob/master/CHANGELOG.md\"\u003emypy's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eMypy Release Notes\u003c/h1\u003e\n\u003ch2\u003eNext Release\u003c/h2\u003e\n\u003ch2\u003eMypy 2.1\u003c/h2\u003e\n\u003cp\u003eWe’ve just uploaded mypy 2.1.0 to the Python Package Index (\u003ca href=\"https://pypi.org/project/mypy/\"\u003ePyPI\u003c/a\u003e).\nMypy is a static type checker for Python. This release includes new features, performance\nimprovements and bug fixes. You can install it as follows:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epython3 -m pip install -U mypy\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eYou can read the full documentation for this release on \u003ca href=\"http://mypy.readthedocs.io\"\u003eRead the Docs\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003elibrt.vecs: Fast Growable Array Type for Mypyc\u003c/h3\u003e\n\u003cp\u003eThe new \u003ccode\u003elibrt.vecs\u003c/code\u003e module provides an efficient growable array type \u003ccode\u003evec\u003c/code\u003e that is\noptimized for mypyc use. It provides fast, packed arrays with integer and floating point\nvalue types, which can be \u003cstrong\u003eseveral times faster\u003c/strong\u003e than \u003ccode\u003elist\u003c/code\u003e, and tens of times faster\nthan \u003ccode\u003earray.array\u003c/code\u003e in code compiled using mypyc. It also supports nested \u003ccode\u003evec\u003c/code\u003e objects and\nnon-value-type items, such as \u003ccode\u003evec[vec[str]]\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eRefer to the \u003ca href=\"https://mypyc.readthedocs.io/en/latest/librt_vecs.html\"\u003edocumentation\u003c/a\u003e for\nthe details.\u003c/p\u003e\n\u003cp\u003eContributed by Jukka Lehtosalo.\u003c/p\u003e\n\u003ch3\u003elibrt.random: Fast Pseudo-Random Number Generation\u003c/h3\u003e\n\u003cp\u003eThe new \u003ccode\u003elibrt.random\u003c/code\u003e module provides fast pseudo-random number generation that is\noptimized for code compiled using mypyc. It can be 3x to 10x faster than the stdlib\n\u003ccode\u003erandom\u003c/code\u003e module in compiled code.\u003c/p\u003e\n\u003cp\u003eRefer to the \u003ca href=\"https://mypyc.readthedocs.io/en/latest/librt_random.html\"\u003edocumentation\u003c/a\u003e for\nthe details.\u003c/p\u003e\n\u003cp\u003eContributed by Jukka Lehtosalo (PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21433\"\u003e21433\u003c/a\u003e).\u003c/p\u003e\n\u003ch3\u003eMypyc Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMake compilation order with multiple files consistent (Piotr Sawicki, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21419\"\u003e21419\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash on accessing \u003ccode\u003eStopAsyncIteration\u003c/code\u003e (Piotr Sawicki, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21406\"\u003e21406\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix incremental compilation with \u003ccode\u003eseparate\u003c/code\u003e flag (Vaggelis Danias, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21299\"\u003e21299\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes to Crashes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix crash on partial type with \u003ccode\u003e--allow-redefinition\u003c/code\u003e and \u003ccode\u003eglobal\u003c/code\u003e declaration (Jukka Lehtosalo, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21428\"\u003e21428\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix broken awaitable generator patching (Ivan Levkivskyi, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21435\"\u003e21435\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges to Messages\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/c1c336d7e34eb313080c79b156518c58d27c7234\"\u003e\u003ccode\u003ec1c336d\u003c/code\u003e\u003c/a\u003e Remove +dev from version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/74df14b7cbf08140236aa45bbb7f42219b0b1df7\"\u003e\u003ccode\u003e74df14b\u003c/code\u003e\u003c/a\u003e Add changelog for mypy 2.1 (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21464\"\u003e#21464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/022d9bc96f86c40f338a5cf150f1806cc8f300ff\"\u003e\u003ccode\u003e022d9bc\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;TypeForm: Enable by default (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21262\"\u003e#21262\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/8826288214f1cb31496e610667481221e025359c\"\u003e\u003ccode\u003e8826288\u003c/code\u003e\u003c/a\u003e [mypyc] Document librt.random (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21463\"\u003e#21463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/3f4067b699dbe52d08e42ef3b3ebfdebdc06bd96\"\u003e\u003ccode\u003e3f4067b\u003c/code\u003e\u003c/a\u003e Bump librt version to 0.11.0 (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21458\"\u003e#21458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/2b1eb58a250c5f1eb4ef5fb1f312ff528c5a1d4e\"\u003e\u003ccode\u003e2b1eb58\u003c/code\u003e\u003c/a\u003e [mypyc] Enable incremental self-compilation (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21369\"\u003e#21369\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/8152f4af3f6c03beaf2660026240f0fdce7feecc\"\u003e\u003ccode\u003e8152f4a\u003c/code\u003e\u003c/a\u003e Respect file config comments for stale modules (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21444\"\u003e#21444\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/116d60bdd3fdfe8d97c6afe99370910db56f1b92\"\u003e\u003ccode\u003e116d60b\u003c/code\u003e\u003c/a\u003e Fix nondeterminism from nonassociativity of overload joins (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21455\"\u003e#21455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/6c4af8e42110cea3f84bc02add2ca7b89c268210\"\u003e\u003ccode\u003e6c4af8e\u003c/code\u003e\u003c/a\u003e Fix function call message change for small number of args (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21432\"\u003e#21432\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/4b8fdcaf24032592510e8f15421fb32d82a71800\"\u003e\u003ccode\u003e4b8fdca\u003c/code\u003e\u003c/a\u003e [mypyc] Add librt.random module (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21433\"\u003e#21433\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python/mypy/compare/v1.20.2...v2.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `yamllint` from 1.37.1 to 1.38.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/adrienverge/yamllint/blob/master/CHANGELOG.rst\"\u003eyamllint's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.38.0 (2026-01-13)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.14, drop support for Python 3.9\u003c/li\u003e\n\u003cli\u003eRequire pathspec ≥ 1.0.0\u003c/li\u003e\n\u003cli\u003eConfig: Follow gitignore implementation in \u003ccode\u003eyaml-files\u003c/code\u003e and \u003ccode\u003eignore\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eConfig: Use \u0026quot;mapping\u0026quot; instead of \u0026quot;dict\u0026quot; for user-facing errors\u003c/li\u003e\n\u003cli\u003eRule \u003ccode\u003eindentation\u003c/code\u003e: Fix error message for \u003ccode\u003echeck-multi-line-strings\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRule \u003ccode\u003equoted-strings\u003c/code\u003e: Add \u003ccode\u003equote-type: consistent\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDocs: Update the name of BSD ports\u003c/li\u003e\n\u003cli\u003eDocs: Enhance wording of recursive directory lint in README\u003c/li\u003e\n\u003cli\u003eDocs: Add Alpine Linux installation instructions in README\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adrienverge/yamllint/commit/cba56bcde1fdd01c1deb3f945e69764c291a6530\"\u003e\u003ccode\u003ecba56bc\u003c/code\u003e\u003c/a\u003e yamllint version 1.38.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adrienverge/yamllint/commit/9dc506b5a1e22a728a95321a7cdb829ba17de0e0\"\u003e\u003ccode\u003e9dc506b\u003c/code\u003e\u003c/a\u003e Require pathspec ≥ 1.0.0 and follow Git's gitignore implementation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adrienverge/yamllint/commit/73b9c0b54270076e2c76e2e6bfd428aa4203ed3a\"\u003e\u003ccode\u003e73b9c0b\u003c/code\u003e\u003c/a\u003e Drop support for Python 3.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adrienverge/yamllint/commit/22d07edd4903c71c4ea63d2e2e3880adde4604d6\"\u003e\u003ccode\u003e22d07ed\u003c/code\u003e\u003c/a\u003e indentation: Fix error message for check-multi-line-strings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adrienverge/yamllint/commit/cfbfe9b076b877fb9276a22ffb3d2726ead5866d\"\u003e\u003ccode\u003ecfbfe9b\u003c/code\u003e\u003c/a\u003e README: Add Alpine Linux installation instructions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adrienverge/yamllint/commit/a3b3bb31bb0e79fb6c43676314c89de00c667334\"\u003e\u003ccode\u003ea3b3bb3\u003c/code\u003e\u003c/a\u003e README: Enhance wording of recursive directory lint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adrienverge/yamllint/commit/e3b72f585b1bf8c779b7bae2f773b11a5fb80eb1\"\u003e\u003ccode\u003ee3b72f5\u003c/code\u003e\u003c/a\u003e quoted-strings: Add missing quote-type: consistent docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adrienverge/yamllint/commit/e3d54cc100f892fe79eac820ce35cfd633603e37\"\u003e\u003ccode\u003ee3d54cc\u003c/code\u003e\u003c/a\u003e quoted-strings: Add quote-type: consistent\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adrienverge/yamllint/commit/0b4ddc88c05ab3f20e3f8e5ffca7d04eccd290d6\"\u003e\u003ccode\u003e0b4ddc8\u003c/code\u003e\u003c/a\u003e CI: Update GitHub Actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adrienverge/yamllint/commit/866f805cbfaa4c89de8b92c3839eb80d46001eda\"\u003e\u003ccode\u003e866f805\u003c/code\u003e\u003c/a\u003e build: Remove license-files from pyproject.toml\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/adrienverge/yamllint/compare/v1.37.1...v1.38.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `conventional-pre-commit` from 4.3.0 to 4.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/compilerla/conventional-pre-commit/releases\"\u003econventional-pre-commit's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore(pre-commit): autoupdate hooks by \u003ca href=\"https://github.com/pre-commit-ci\"\u003e\u003ccode\u003e@​pre-commit-ci\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/compilerla/conventional-pre-commit/pull/141\"\u003ecompilerla/conventional-pre-commit#141\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: allow # in scope by \u003ca href=\"https://github.com/aeyoll\"\u003e\u003ccode\u003e@​aeyoll\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/compilerla/conventional-pre-commit/pull/148\"\u003ecompilerla/conventional-pre-commit#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(pre-commit): autoupdate hooks by \u003ca href=\"https://github.com/pre-commit-ci\"\u003e\u003ccode\u003e@​pre-commit-ci\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/compilerla/conventional-pre-commit/pull/144\"\u003ecompilerla/conventional-pre-commit#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/compilerla/conventional-pre-commit/pull/143\"\u003ecompilerla/conventional-pre-commit#143\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aeyoll\"\u003e\u003ccode\u003e@​aeyoll\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/compilerla/conventional-pre-commit/pull/148\"\u003ecompilerla/conventional-pre-commit#148\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/compilerla/conventional-pre-commit/compare/v4.3.0...v4.4.0\"\u003ehttps://github.com/compilerla/conventional-pre-commit/compare/v4.3.0...v4.4.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.4.0-pre1\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/compilerla/conventional-pre-commit/commit/91ab4bf57e58b32adf1a122681f6ebe164d081c8\"\u003e\u003ccode\u003e91ab4bf\u003c/code\u003e\u003c/a\u003e chore(deps): bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/compilerla/conventional-pre-commit/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/compilerla/conventional-pre-commit/commit/d397bc73fe8308af0ad8d8a05ad2d1bd135a845a\"\u003e\u003ccode\u003ed397bc7\u003c/code\u003e\u003c/a\u003e chore(pre-commit): autoupdate hooks (\u003ca href=\"https://redirect.github.com/compilerla/conventional-pre-commit/issues/144\"\u003e#144\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/compilerla/conventional-pre-commit/commit/800557d620dc67d8f45eedc2044072b25035db3f\"\u003e\u003ccode\u003e800557d\u003c/code\u003e\u003c/a\u003e feat: allow # in scope (\u003ca href=\"https://redirect.github.com/compilerla/conventional-pre-commit/issues/148\"\u003e#148\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/compilerla/conventional-pre-commit/commit/aed2b93edc89e7113ac4349f64a334c92ebe77b0\"\u003e\u003ccode\u003eaed2b93\u003c/code\u003e\u003c/a\u003e feat: allow # in scope\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/compilerla/conventional-pre-commit/commit/e20efe8e7d4849b03607afb9c2ed52bef773413b\"\u003e\u003ccode\u003ee20efe8\u003c/code\u003e\u003c/a\u003e chore(pre-commit): autofix run\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/compilerla/conventional-pre-commit/commit/980e24dc68bc3a507163d5a129041727df6d0f18\"\u003e\u003ccode\u003e980e24d\u003c/code\u003e\u003c/a\u003e chore(pre-commit): autoupdate hooks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/compilerla/conventional-pre-commit/commit/2ef4033308b9f783b3571433dfd1774d5ae58347\"\u003e\u003ccode\u003e2ef4033\u003c/code\u003e\u003c/a\u003e chore(deps): bump actions/checkout from 5 to 6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/compilerla/conventional-pre-commit/commit/fdde5f0251edbfc554795afdd6df71826d6602f3\"\u003e\u003ccode\u003efdde5f0\u003c/code\u003e\u003c/a\u003e chore(pre-commit): autoupdate hooks (\u003ca href=\"https://redirect.github.com/compilerla/conventional-pre-commit/issues/141\"\u003e#141\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/compilerla/conventional-pre-commit/commit/98b43bfa83970bdf88a7b27025b89f18886d6b1f\"\u003e\u003ccode\u003e98b43bf\u003c/code\u003e\u003c/a\u003e chore(pre-commit): autoupdate hooks\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/compilerla/conventional-pre-commit/compare/v4.3.0...v4.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `coverage` from 7.13.1 to 7.14.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst\"\u003ecoverage's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 7.14.0 — 2026-05-10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeature: now when running one of the reporting commands, if there are\nparallel data files that need combining, they will be implicitly combined\nbefore creating the report. There is no option to avoid the combination; let\nus know if you have a use case that requires it.  Thanks, \u003ccode\u003eTim Hatch \u0026lt;pull 2162_\u0026gt;\u003c/code\u003e\u003cem\u003e. Closes \u003ccode\u003eissue 1781\u003c/code\u003e\u003c/em\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the output from \u003ccode\u003ecombine\u003c/code\u003e was too verbose, listing each file\nconsidered. Now it shows a single line with the counts of files combined,\nfiles skipped, and files with errors. The \u003ccode\u003e-q\u003c/code\u003e flag suppresses this line.\nThe old detailed lines are available with the new \u003ccode\u003e--debug=combine\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: running a Python file through a symlink now sets the sys.path correctly,\nmatching regular Python behavior. Fixes \u003ccode\u003eissue 2157\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: \u003ccode\u003eCollector.flush_data\u003c/code\u003e could fail with \u0026quot;RuntimeError: Set changed\nsize during iteration\u0026quot; when a tracer in another thread added a line to the\nper-file set that \u003ccode\u003eadd_lines\u003c/code\u003e (or \u003ccode\u003eadd_arcs\u003c/code\u003e) was iterating. The values\npassed to \u003ccode\u003eCoverageData\u003c/code\u003e are now snapshotted via \u003ccode\u003edict.copy()\u003c/code\u003e and\n\u003ccode\u003eset.copy()\u003c/code\u003e, which are atomic under the GIL. Thanks, \u003ccode\u003eAlex Vandiver \u0026lt;pull 2165_\u0026gt;\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the soft keyword \u003ccode\u003elazy\u003c/code\u003e is now bolded in HTML reports.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWe are no longer testing eventlet support. Eventlet started issuing stern\ndeprecation warnings that break our tests. Our support code is still there.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _issue 1781: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/1781\"\u003ecoveragepy/coveragepy#1781\u003c/a\u003e\n.. _issue 2157: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2157\"\u003ecoveragepy/coveragepy#2157\u003c/a\u003e\n.. _pull 2162: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/pull/2162\"\u003ecoveragepy/coveragepy#2162\u003c/a\u003e\n.. _pull 2165: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/pull/2165\"\u003ecoveragepy/coveragepy#2165\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e.. _changes_7-13-5:\u003c/p\u003e\n\u003ch2\u003eVersion 7.13.5 — 2026-03-17\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix: \u003ccode\u003eissue 2138\u003c/code\u003e_ describes a memory leak that happened when repeatedly\nusing the Coverage API with in-memory data. This is now fixed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the markdown-formatted coverage report didn't fully escape special\ncharacters in file paths (\u003ccode\u003eissue 2141\u003c/code\u003e\u003cem\u003e). This would be very unlikely to\ncause a problem, but now it's done properly, thanks to \u003ccode\u003eEllie Ayla \u0026lt;pull 2142_\u0026gt;\u003c/code\u003e\u003c/em\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the C extension wouldn't build on VS2019, but now it does (\u003ccode\u003eissue 2145\u003c/code\u003e_).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/646351b60429f1b5760af6c1b97b28483244a955\"\u003e\u003ccode\u003e646351b\u003c/code\u003e\u003c/a\u003e docs: sample HTML for 7.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/39cd015505c8b04369c5b06e34fc22449a697370\"\u003e\u003ccode\u003e39cd015\u003c/code\u003e\u003c/a\u003e docs: prep for 7.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/649e8aa34af7d80c386ae82e8a3a6c9a3acb0dab\"\u003e\u003ccode\u003e649e8aa\u003c/code\u003e\u003c/a\u003e docs: thanks Alex Vandiver for \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2165\"\u003e#2165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/8cd392e3b5c4bc15d534aaec0c21714f9f518469\"\u003e\u003ccode\u003e8cd392e\u003c/code\u003e\u003c/a\u003e fix: snapshot data in Collector.flush_data to avoid threading race (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2165\"\u003e#2165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/c48e0edc2ebe44621b0053176e90f77b0c79bec1\"\u003e\u003ccode\u003ec48e0ed\u003c/code\u003e\u003c/a\u003e fix: less output for combining\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/c2a3a284078556c911e0d9b6c6af1b7082a363ea\"\u003e\u003ccode\u003ec2a3a28\u003c/code\u003e\u003c/a\u003e docs: explain the change from \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2162\"\u003e#2162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/1cd47aa6ac1da4e150da44055295d4e4f3a014e8\"\u003e\u003ccode\u003e1cd47aa\u003c/code\u003e\u003c/a\u003e fix: implicit combine-during-report now removes the combined data files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/2d99fd7696e0bccec8037479a4e45c1ecccb8058\"\u003e\u003ccode\u003e2d99fd7\u003c/code\u003e\u003c/a\u003e feat: automatically combine coverage in report, thanks Tim Hatch (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2162\"\u003e#2162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/9fbdcdfee1c122fac43f1bf9a5e2d1f4d835f21c\"\u003e\u003ccode\u003e9fbdcdf\u003c/code\u003e\u003c/a\u003e fix: lazy soft keywords are bolded\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/5de7d0267b9466d59995aaae1a7e707c8c6f66e7\"\u003e\u003ccode\u003e5de7d02\u003c/code\u003e\u003c/a\u003e build: oops, misplaced quote\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/coveragepy/coveragepy/compare/7.13.1...7.14.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tox` from 4.33.0 to 4.54.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/tox/releases\"\u003etox's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.54.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e🧪 test(conftest): strip broken nspkg.pth files under py3.15 by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/tox/pull/3937\"\u003etox-dev/tox#3937\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e✨ feat(packaging): declare tox.pytest deps via a testing extra by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/tox/pull/3940\"\u003etox-dev/tox#3940\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(schema): cover every replace form in the TOML schema by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/tox/pull/3941\"\u003etox-dev/tox#3941\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/tox/compare/4.53.1...4.54.0\"\u003ehttps://github.com/tox-dev/tox/compare/4.53.1...4.54.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.53.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(security): harden user-facing logs and untrusted inputs by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/tox/pull/3924\"\u003etox-dev/tox#3924\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(type): correct argparse override signatures for ty 0.0.33 by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/tox/pull/3932\"\u003etox-dev/tox#3932\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: allow deps arrays in TOML schema by \u003ca href=\"https://github.com/cyphercodes\"\u003e\u003ccode\u003e@​cyphercodes\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/tox/pull/3931\"\u003etox-dev/tox#3931\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphercodes\"\u003e\u003ccode\u003e@​cyphercodes\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/tox/pull/3931\"\u003etox-dev/tox#3931\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/tox/compare/4.53.0...4.53.1\"\u003ehttps://github.com/tox-dev/tox/compare/4.53.0...4.53.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.53.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e✨ feat(toml): allow bare range/labeled dicts in env_list by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/tox/pull/3923\"\u003etox-dev/tox#3923\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/tox/compare/4.52.1...4.53.0\"\u003ehttps://github.com/tox-dev/tox/compare/4.52.1...4.53.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.52.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003euse normalize_isa for architecture factor matching by \u003ca href=\"https://github.com/rahuldevikar\"\u003e\u003ccode\u003e@​rahuldevikar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/tox/pull/3919\"\u003etox-dev/tox#3919\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(pip): invalidate install cache on resolution env var changes by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/tox/pull/3921\"\u003etox-dev/tox#3921\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/tox/compare/4.52.0...4.52.1\"\u003ehttps://github.com/tox-dev/tox/compare/4.52.0...4.52.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.52.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eremove unsupported --remote flag from gh repo fork by \u003ca href=\"https://github.com/rahuldevikar\"\u003e\u003ccode\u003e@​rahuldevikar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/tox/pull/3908\"\u003etox-dev/tox#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e✨ feat(config): support escaped dots in -x override keys by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/tox/pull/3910\"\u003etox-dev/tox#3910\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(docs): auto-generate manpage from CLI parser by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/tox/pull/3911\"\u003etox-dev/tox#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/tox/blob/main/docs/changelog.rst\"\u003etox's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eFeatures - 4.54.0\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eDeclare the runtime dependencies of the \u003ccode\u003etox.pytest\u003c/code\u003e plugin (\u003ccode\u003epytest\u003c/code\u003e, \u003ccode\u003edevpi-process\u003c/code\u003e and \u003ccode\u003epytest-mock\u003c/code\u003e)\nunder a new \u003ccode\u003etesting\u003c/code\u003e extra, so plugin authors can pull them in via \u003ccode\u003etox[testing]\u003c/code\u003e - by :user:\u003ccode\u003egaborbernat\u003c/code\u003e.\n(:issue:\u003ccode\u003e3938\u003c/code\u003e, :issue:\u003ccode\u003e3940\u003c/code\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug fixes - 4.54.0\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eExtend the generated TOML schema to cover every \u003ccode\u003ereplace\u003c/code\u003e table form (\u003ccode\u003eenv\u003c/code\u003e, \u003ccode\u003eref\u003c/code\u003e, \u003ccode\u003eposargs\u003c/code\u003e, \u003ccode\u003eglob\u003c/code\u003e,\n\u003ccode\u003eif\u003c/code\u003e), including conditional replacements used inside \u003ccode\u003ecommands\u003c/code\u003e. A guard test asserts the schema stays in sync\nwith the loader implementation so future replace types cannot be added without a corresponding schema entry.\n(:issue:\u003ccode\u003e3939\u003c/code\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003ev4.53.1 (2026-05-02)\u003c/p\u003e\n\u003chr /\u003e\n\u003ch1\u003eBug fixes - 4.53.1\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eHardening pass on user-facing logging and config parsing:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMask secret-looking \u003ccode\u003e--key=value\u003c/code\u003e flag values in command logs (terminal warnings, \u003ccode\u003e.tox/\u0026lt;env\u0026gt;/log/*.log\u003c/code\u003e, and\n\u003ccode\u003eOutcome\u003c/code\u003e \u003ccode\u003e__repr__\u003c/code\u003e) using the same keyword regex previously applied to environment variable values.\u003c/li\u003e\n\u003cli\u003eResolve PEP 723 \u003ccode\u003escript\u003c/code\u003e paths and reject any that escape \u003ccode\u003etox_root\u003c/code\u003e; cap the script read at 5 MiB so a symlink\nto \u003ccode\u003e/dev/zero\u003c/code\u003e cannot exhaust memory.\u003c/li\u003e\n\u003cli\u003eReplace \u003ccode\u003eeval()\u003c/code\u003e of a constructed \u003ccode\u003eLiteral[...]\u003c/code\u003e string in the CLI parser with a direct\n\u003ccode\u003eLiteral[tuple(action.choices)]\u003c/code\u003e subscript.\u003c/li\u003e\n\u003cli\u003ePass \u003ccode\u003etimeout=30\u003c/code\u003e to \u003ccode\u003eurlopen\u003c/code\u003e when fetching a remote requirements file so a slow or unresponsive mirror cannot\nhang \u003ccode\u003etox\u003c/code\u003e indefinitely. (:issue:\u003ccode\u003e3924\u003c/code\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow the generated TOML schema to validate array values for \u003ccode\u003edeps\u003c/code\u003e. (:issue:\u003ccode\u003e3929\u003c/code\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCorrect type annotations for \u003ccode\u003eArgumentParser.parse_args\u003c/code\u003e and \u003ccode\u003eparse_known_args\u003c/code\u003e overrides following \u003ccode\u003etypeshed PR [#15613](https://github.com/tox-dev/tox/issues/15613) \u0026lt;https://github.com/python/typeshed/pull/15613\u0026gt;\u003c/code\u003e_, which widened the \u003ccode\u003eargs\u003c/code\u003e parameter from \u003ccode\u003eSequence[str]\u003c/code\u003e\nto \u003ccode\u003eIterable[str]\u003c/code\u003e. The narrower type in tox's overrides violated the Liskov substitution principle and caused\n\u003ccode\u003einvalid-method-override\u003c/code\u003e errors with \u003ccode\u003ety\u003c/code\u003e 0.0.33. Also correct the \u003ccode\u003eoption_spec\u003c/code\u003e annotation in\n\u003ccode\u003edocs/tox_conf.py\u003c/code\u003e to \u003ccode\u003eClassVar[dict[str, Callable[[str], Any]]]\u003c/code\u003e matching the docutils stubs type.\n(:issue:\u003ccode\u003e3932\u003c/code\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003ev4.53.0 (2026-04-14)\u003c/p\u003e\n\u003chr /\u003e\n\u003ch1\u003eFeatures - 4.53.0\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eTOML \u003ccode\u003eenv_list\u003c/code\u003e now accepts bare range dicts (\u003ccode\u003e{ prefix = \u0026quot;3.\u0026quot;, start = 12, stop = 14 }\u003c/code\u003e) and bare labeled dicts\n(\u003ccode\u003e{ ecosystem = [\u0026quot;oci\u0026quot;, \u0026quot;python\u0026quot;] }\u003c/code\u003e) as top-level items, removing the \u003ccode\u003e{ product = [...] }\u003c/code\u003e wrapper when there is\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/tox/commit/1f1fcc7a53665a827d8a304190696c6926ebb2eb\"\u003e\u003ccode\u003e1f1fcc7\u003c/code\u003e\u003c/a\u003e release 4.54.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/tox/commit/b35c8eedaf94906ed0e7938c7526dced550e6fa0\"\u003e\u003ccode\u003eb35c8ee\u003c/code\u003e\u003c/a\u003e 🐛 fix(schema): cover every replace form in the TOML schema (\u003ca href=\"https://redirect.github.com/tox-dev/tox/issues/3941\"\u003e#3941\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/tox/commit/6eb5c4f5eec439b3924d6adb3d9d16ea7fc88a20\"\u003e\u003ccode\u003e6eb5c4f\u003c/code\u003e\u003c/a\u003e ✨ feat(packaging): declare tox.pytest deps via a testing extra (\u003ca href=\"https://redirect.github.com/tox-dev/tox/issues/3940\"\u003e#3940\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/tox/commit/1ad47ddaab21c891f136a9627d1c6cdb6ea655d7\"\u003e\u003ccode\u003e1ad47dd\u003c/code\u003e\u003c/a\u003e 🧪 test(conftest): strip broken nspkg.pth files under py3.15 (\u003ca href=\"https://redirect.github.com/tox-dev/tox/issues/3937\"\u003e#3937\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/tox/commit/dfba9661b10aa5148daf7267b80fec50f4faa9d2\"\u003e\u003ccode\u003edfba966\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/tox/issues/3936\"\u003e#3936\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/tox/commit/21069af5f5b93774f88c271d5deb1389cd2caf12\"\u003e\u003ccode\u003e21069af\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/tox/issues/3933\"\u003e#3933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/tox/commit/2b177917e4c0208c3e380e43f8d32d507180d82e\"\u003e\u003ccode\u003e2b17791\u003c/code\u003e\u003c/a\u003e release 4.53.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/tox/commit/86234dd57fc6a6dbf801aa98a91642cb9daf1dc8\"\u003e\u003ccode\u003e86234dd\u003c/code\u003e\u003c/a\u003e fix: allow deps arrays in TOML schema (\u003ca href=\"https://redirect.github.com/tox-dev/tox/issues/3931\"\u003e#3931\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/tox/commit/dd305fe8f347c49fcd3bd63d5e56c912e4c428f2\"\u003e\u003ccode\u003edd305fe\u003c/code\u003e\u003c/a\u003e 🐛 fix(type): correct argparse override signatures for ty 0.0.33 (\u003ca href=\"https://redirect.github.com/tox-dev/tox/issues/3932\"\u003e#3932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/tox/commit/3aa3cd5d4226dfdb54de3de810cd9367390c6424\"\u003e\u003ccode\u003e3aa3cd5\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tox-dev/tox/compare/4.33.0...4.54.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-pyyaml` from 6.0.12.20250915 to 6.0.12.20260518\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-toml` from 0.10.8.20240310 to 0.10.8.20260518\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-colorama` from 0.4.15.20250801 to 0.4.15.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `commitizen` from 4.13.10 to 4.16.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/commitizen-tools/commitizen/releases\"\u003ecommitizen's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.16.2 (2026-05-15)\u003c/h2\u003e\n\u003ch3\u003eFix\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003etags\u003c/strong\u003e: widen prerelease and devrelease tag regexes for SemVer2 (\u003ca href=\"https://redirect.github.com/commitizen-tools/commitizen/issues/1972\"\u003e#1972\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.16.1 (2026-05-15)\u003c/h2\u003e\n\u003ch3\u003eFix\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecz_customize\u003c/strong\u003e: derive bump_map_major_version_zero from bump_map (\u003ca href=\"https://redirect.github.com/commitizen-tools/commitizen/issues/1977\"\u003e#1977\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.16.0 (2026-05-12)\u003c/h2\u003e\n\u003ch3\u003eFeat\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ehooks\u003c/strong\u003e: support interactive hooks scripts\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.15.1 (2026-05-06)\u003c/h2\u003e\n\u003ch3\u003eFix\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003esecurity\u003c/strong\u003e: prevent command injection via shell=True (CWE-78) (\u003ca href=\"https://redirect.github.com/commitizen-tools/commitizen/issues/1941\"\u003e#1941\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.15.0 (2026-05-03)\u003c/h2\u003e\n\u003ch3\u003eFeat\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eversion\u003c/strong\u003e: add MANUAL_VERSION, --next and --patch to version command (\u003ca href=\"https://redirect.github.com/commitizen-tools/commitizen/issues/1724\"\u003e#1724\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.14.0 (2026-05-03)\u003c/h2\u003e\n\u003ch3\u003eFeat\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003e--allow-no-commit\u003c/code\u003e to \u003ccode\u003echangelog\u003c/code\u003e command (\u003ca href=\"https://redirect.github.com/commitizen-tools/commitizen/issues/1868\"\u003e#1868\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/commitizen-tools/commitizen/commit/953e1ba4599cc3143122ed5c3e8de3d6dfd5524d\"\u003e\u003ccode\u003e953e1ba\u003c/code\u003e\u003c/a\u003e bump: version 4.16.1 → 4.16.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/commitizen-tools/commitizen/commit/c6b8c4455d8867d2b4fc31f4598f25f7a99968fe\"\u003e\u003ccode\u003ec6b8c44\u003c/code\u003e\u003c/a\u003e fix(tags): widen prerelease and devrelease tag regexes for SemVer2 (\u003ca href=\"https://redirect.github.com/commitizen-tools/commitizen/issues/1972\"\u003e#1972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/commitizen-tools/commitizen/commit/67151641260a5fd05fd61a1cddbf336a01108f6c\"\u003e\u003ccode\u003e6715164\u003c/code\u003e\u003c/a\u003e bump: version 4.16.0 → 4.16.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/commitizen-tools/commitizen/commit/3f8b8ca6f16c204c473c0aa17ccbee4970921da1\"\u003e\u003ccode\u003e3f8b8ca\u003c/code\u003e\u003c/a\u003e fix(cz_customize): derive bump_map_major_version_zero from bump_map (\u003ca href=\"https://redirect.github.com/commitizen-tools/commitizen/issues/1977\"\u003e#1977\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/commitizen-tools/commitizen/commit/1d89cc5f840c08e721431d2971bfa2b43fc4a633\"\u003e\u003ccode\u003e1d89cc5\u003c/code\u003e\u003c/a\u003e docs(cli/screenshots): update CLI screenshots\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/commitizen-tools/commitizen/commit/9707a58ba8c850259ece0fafc8108ba2f350e005\"\u003e\u003ccode\u003e9707a58\u003c/code\u003e\u003c/a\u003e bump: version 4.15.1 → 4.16.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/commitizen-tools/commitizen/commit/80b92f1e603912c89dd756f387df847c4338cd24\"\u003e\u003ccode\u003e80b92f1\u003c/code\u003e\u003c/a\u003e ci: place --no-raise before bump subcommand (\u003ca href=\"https://redirect.github.com/commitizen-tools/commitizen/issues/1954\"\u003e#1954\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/commitizen-tools/commitizen/commit/ecc4da436adac1e769d035a5f4684f6f087e6c39\"\u003e\u003ccode\u003eecc4da4\u003c/code\u003e\u003c/a\u003e docs(cli/screenshots): update CLI screenshots\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/commitizen-tools/commitizen/commit/ce07c7728c74600939244b649dd5754ef2b79507\"\u003e\u003ccode\u003ece07c77\u003c/code\u003e\u003c/a\u003e test: use match in pytest.raises (\u003ca href=\"https://redirect.github.com/commitizen-tools/commitizen/issues/1846\"\u003e#1846\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/commitizen-tools/commitizen/commit/9bd9e8b281e0e2229497f14b4d170e35b6f6be8f\"\u003e\u003ccode\u003e9bd9e8b\u003c/code\u003e\u003c/a\u003e docs(cli/screenshots): update CLI screenshots\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/commitizen-tools/commitizen/compare/v4.13.10...v4.16.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/bolajiwahab/pgrubic/pull/203","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/bolajiwahab%2Fpgrubic/issues/203","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/203/packages"},{"uuid":"4470752108","node_id":"PR_kwDOP_kul87cu2Q2","number":479,"state":"open","title":"deps(python)(deps-dev): bump types-pyyaml from 6.0.12.20260510 to 6.0.12.20260518","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":6,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-18T16:23:20.000Z","updated_at":"2026-05-21T00:03:09.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(python)(deps-dev)","packages":[{"name":"types-pyyaml","old_version":"6.0.12.20260510","new_version":"6.0.12.20260518","repository_url":"https://github.com/python/typeshed"}],"path":null,"ecosystem":"pip"},"body":"Bumps [types-pyyaml](https://github.com/python/typeshed) from 6.0.12.20260510 to 6.0.12.20260518.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e","html_url":"https://github.com/jimmy058910/jmo-security-repo/pull/479","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/jimmy058910%2Fjmo-security-repo/issues/479","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/479/packages"},{"uuid":"4464481432","node_id":"PR_kwDOCbJ3R87ca4Cv","number":4419,"state":"open","title":"deps(python)(deps-dev): bump the all-dependencies group with 9 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-17T18:11:01.000Z","updated_at":"2026-05-17T18:12:34.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(python)(deps-dev): bump","group_name":"all-dependencies","update_count":9,"packages":[{"name":"python-multipart","old_version":"0.0.27","new_version":"0.0.28","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"pydantic","old_version":"2.13.3","new_version":"2.13.4","repository_url":"https://github.com/pydantic/pydantic"},{"name":"types-aiofiles","old_version":"25.1.0.20260409","new_version":"25.1.0.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-python-dateutil","old_version":"2.9.0.20260408","new_version":"2.9.0.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-toml","old_version":"0.10.8.20260408","new_version":"0.10.8.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-protobuf","old_version":"7.34.1.20260503","new_version":"7.34.1.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-deprecated","old_version":"1.3.1.20260408","new_version":"1.3.1.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-pyyaml","old_version":"6.0.12.20260408","new_version":"6.0.12.20260510","repository_url":"https://github.com/python/typeshed"},{"name":"mypy","old_version":"1.20.2","new_version":"2.0.0","repository_url":"https://github.com/python/mypy"}],"path":null,"ecosystem":"pip"},"body":"Bumps the all-dependencies group with 9 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.27` | `0.0.28` |\n| [pydantic](https://github.com/pydantic/pydantic) | `2.13.3` | `2.13.4` |\n| [types-aiofiles](https://github.com/python/typeshed) | `25.1.0.20260409` | `25.1.0.20260508` |\n| [types-python-dateutil](https://github.com/python/typeshed) | `2.9.0.20260408` | `2.9.0.20260508` |\n| [types-toml](https://github.com/python/typeshed) | `0.10.8.20260408` | `0.10.8.20260508` |\n| [types-protobuf](https://github.com/python/typeshed) | `7.34.1.20260503` | `7.34.1.20260508` |\n| [types-deprecated](https://github.com/python/typeshed) | `1.3.1.20260408` | `1.3.1.20260508` |\n| [types-pyyaml](https://github.com/python/typeshed) | `6.0.12.20260408` | `6.0.12.20260510` |\n| [mypy](https://github.com/python/mypy) | `1.20.2` | `2.0.0` |\n\nUpdates `python-multipart` from 0.0.27 to 0.0.28\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.28\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up partial-boundary tail scan via \u003ccode\u003ebytes.find\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/281\"\u003eKludex/python-multipart#281\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCap multipart boundary length at 256 bytes by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/282\"\u003eKludex/python-multipart#282\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.27...0.0.28\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.27...0.0.28\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.28 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up partial-boundary tail scan via \u003ccode\u003ebytes.find\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/281\"\u003e#281\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCap multipart boundary length at 256 bytes \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/282\"\u003e#282\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/7d8d28b210ac6cb055399562b0dc0e5cf9aef14a\"\u003e\u003ccode\u003e7d8d28b\u003c/code\u003e\u003c/a\u003e Version 0.0.28 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/284\"\u003e#284\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/b0dd125457d0f98de23bf2f894aedb1a54639d4e\"\u003e\u003ccode\u003eb0dd125\u003c/code\u003e\u003c/a\u003e Cap multipart boundary length at 256 bytes (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/282\"\u003e#282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/d1b57392cf7d0c19235ba454eb5686fd27dc2384\"\u003e\u003ccode\u003ed1b5739\u003c/code\u003e\u003c/a\u003e Speed up partial-boundary tail scan via \u003ccode\u003ebytes.find\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/281\"\u003e#281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/09cb8c3da7638d45ecdf7c154832303214bba829\"\u003e\u003ccode\u003e09cb8c3\u003c/code\u003e\u003c/a\u003e Make the long_boundary benchmark dominated by the patched code path (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/280\"\u003e#280\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/a6467c93c14aa4b09ef65450ead8011c45e5c7a0\"\u003e\u003ccode\u003ea6467c9\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Switch CodSpeed benchmarks to walltime mode\u0026quot; (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/279\"\u003e#279\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/9a9690035a956fbdcca06f98461244cf790375a7\"\u003e\u003ccode\u003e9a96900\u003c/code\u003e\u003c/a\u003e Switch CodSpeed benchmarks to walltime mode (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/278\"\u003e#278\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/1fc7a626f566ae11bc63165260262b9a30af9008\"\u003e\u003ccode\u003e1fc7a62\u003c/code\u003e\u003c/a\u003e Make benchmark coverage trigger the partial-boundary fallback (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/277\"\u003e#277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/03df045810a216dceabbefc9dca7a33a264307bc\"\u003e\u003ccode\u003e03df045\u003c/code\u003e\u003c/a\u003e Add CodSpeed benchmark suite for parser hot paths (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/276\"\u003e#276\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/79a7c614953d0c91a1d6dc69759b4fbcd0fb44f3\"\u003e\u003ccode\u003e79a7c61\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 3 updates (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/273\"\u003e#273\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/bd29332f23429d06cf16226819f89b28a8288915\"\u003e\u003ccode\u003ebd29332\u003c/code\u003e\u003c/a\u003e Bump the github-actions group with 5 updates (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/274\"\u003e#274\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.27...0.0.28\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pydantic` from 2.13.3 to 2.13.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic/releases\"\u003epydantic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.13.4 2026-05-06\u003c/h2\u003e\n\u003ch2\u003ev2.13.4 (2026-05-06)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003ePackaging\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBump libc from 0.2.155 to 0.2.185 by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13109\"\u003e#13109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS by \u003ca href=\"https://github.com/washingtoneg\"\u003e\u003ccode\u003e@​washingtoneg\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13147\"\u003e#13147\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13129\"\u003e#13129\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic/blob/v2.13.4/HISTORY.md\"\u003epydantic's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.13.4 (2026-05-06)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.4\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003ePackaging\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBump libc from 0.2.155 to 0.2.185 by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13109\"\u003e#13109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS by \u003ca href=\"https://github.com/washingtoneg\"\u003e\u003ccode\u003e@​washingtoneg\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13147\"\u003e#13147\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13129\"\u003e#13129\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/cf67d4b3193c3fe43ede18612ed62785eee11382\"\u003e\u003ccode\u003ecf67d4b\u003c/code\u003e\u003c/a\u003e Fix linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/f0d8a214a5803036db46a56b1f62f1e56b81d662\"\u003e\u003ccode\u003ef0d8a21\u003c/code\u003e\u003c/a\u003e Prepare release v2.13.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/5e3fe1d41a00f441204241c66078003ae0391f9a\"\u003e\u003ccode\u003e5e3fe1d\u003c/code\u003e\u003c/a\u003e Check for pydantic tag pattern in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/7f9edcc2a191d2eaa9751220eb910914e716a686\"\u003e\u003ccode\u003e7f9edcc\u003c/code\u003e\u003c/a\u003e Document tagging conventions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/b46a0c9b8a4dd967fda8ec1a92f6437076bf262c\"\u003e\u003ccode\u003eb46a0c9\u003c/code\u003e\u003c/a\u003e Adapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/50629c851e61d887d5420452c311ec6203f1f400\"\u003e\u003ccode\u003e50629c8\u003c/code\u003e\u003c/a\u003e Update to PyPy 7.3.22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/8522ebb71e5e9a6f7188af5f009f01785b8cf725\"\u003e\u003ccode\u003e8522ebb\u003c/code\u003e\u003c/a\u003e Preserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/a37f3aff090ca342dc5f48304889963530b993f8\"\u003e\u003ccode\u003ea37f3af\u003c/code\u003e\u003c/a\u003e Adapt \u003ccode\u003eMISSING\u003c/code\u003e sentinel test to work with unreleased \u003ccode\u003etyping_extensions\u003c/code\u003e ver...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/909259a9df660518033aa686b689f045a6eaf9d2\"\u003e\u003ccode\u003e909259a\u003c/code\u003e\u003c/a\u003e Remove Logfire example in documentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/2c4174c366606fc2dc46cb806833a080aefa77df\"\u003e\u003ccode\u003e2c4174c\u003c/code\u003e\u003c/a\u003e Bump libc from 0.2.155 to 0.2.185\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-aiofiles` from 25.1.0.20260409 to 25.1.0.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-python-dateutil` from 2.9.0.20260408 to 2.9.0.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-toml` from 0.10.8.20260408 to 0.10.8.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-protobuf` from 7.34.1.20260503 to 7.34.1.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-deprecated` from 1.3.1.20260408 to 1.3.1.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-pyyaml` from 6.0.12.20260408 to 6.0.12.20260510\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mypy` from 1.20.2 to 2.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python/mypy/blob/master/CHANGELOG.md\"\u003emypy's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eMypy Release Notes\u003c/h1\u003e\n\u003ch2\u003eNext Release\u003c/h2\u003e\n\u003ch2\u003eMypy 2.1\u003c/h2\u003e\n\u003cp\u003eWe’ve just uploaded mypy 2.1.0 to the Python Package Index (\u003ca href=\"https://pypi.org/project/mypy/\"\u003ePyPI\u003c/a\u003e).\nMypy is a static type checker for Python. This release includes new features, performance\nimprovements and bug fixes. You can install it as follows:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epython3 -m pip install -U mypy\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eYou can read the full documentation for this release on \u003ca href=\"http://mypy.readthedocs.io\"\u003eRead the Docs\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003elibrt.vecs: Fast Growable Array Type for Mypyc\u003c/h3\u003e\n\u003cp\u003eThe new \u003ccode\u003elibrt.vecs\u003c/code\u003e module provides an efficient growable array type \u003ccode\u003evec\u003c/code\u003e that is\noptimized for mypyc use. It provides fast, packed arrays with integer and floating point\nvalue types, which can be \u003cstrong\u003eseveral times faster\u003c/strong\u003e than \u003ccode\u003elist\u003c/code\u003e, and tens of times faster\nthan \u003ccode\u003earray.array\u003c/code\u003e in code compiled using mypyc. It also supports nested \u003ccode\u003evec\u003c/code\u003e objects and\nnon-value-type items, such as \u003ccode\u003evec[vec[str]]\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eRefer to the \u003ca href=\"https://mypyc.readthedocs.io/en/latest/librt_vecs.html\"\u003edocumentation\u003c/a\u003e for\nthe details.\u003c/p\u003e\n\u003cp\u003eContributed by Jukka Lehtosalo.\u003c/p\u003e\n\u003ch3\u003elibrt.random: Fast Pseudo-Random Number Generation\u003c/h3\u003e\n\u003cp\u003eThe new \u003ccode\u003elibrt.random\u003c/code\u003e module provides fast pseudo-random number generation that is\noptimized for code compiled using mypyc. It can be 3x to 10x faster than the stdlib\n\u003ccode\u003erandom\u003c/code\u003e module in compiled code.\u003c/p\u003e\n\u003cp\u003eRefer to the \u003ca href=\"https://mypyc.readthedocs.io/en/latest/librt_random.html\"\u003edocumentation\u003c/a\u003e for\nthe details.\u003c/p\u003e\n\u003cp\u003eContributed by Jukka Lehtosalo (PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21433\"\u003e21433\u003c/a\u003e).\u003c/p\u003e\n\u003ch3\u003eMypyc Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMake compilation order with multiple files consistent (Piotr Sawicki, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21419\"\u003e21419\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash on accessing \u003ccode\u003eStopAsyncIteration\u003c/code\u003e (Piotr Sawicki, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21406\"\u003e21406\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix incremental compilation with \u003ccode\u003eseparate\u003c/code\u003e flag (Vaggelis Danias, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21299\"\u003e21299\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes to Crashes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix crash on partial type with \u003ccode\u003e--allow-redefinition\u003c/code\u003e and \u003ccode\u003eglobal\u003c/code\u003e declaration (Jukka Lehtosalo, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21428\"\u003e21428\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix broken awaitable generator patching (Ivan Levkivskyi, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21435\"\u003e21435\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges to Messages\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/7a765008a138ec46c579bfc6ef608860cab36033\"\u003e\u003ccode\u003e7a76500\u003c/code\u003e\u003c/a\u003e Remove +dev from version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/5a3ab3b29f03d8baafeced3761e1afc8bd58be79\"\u003e\u003ccode\u003e5a3ab3b\u003c/code\u003e\u003c/a\u003e Changelog for mypy 2.0 (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21422\"\u003e#21422\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/f9c86e21e88f96806c65790d604bf1264db39434\"\u003e\u003ccode\u003ef9c86e2\u003c/code\u003e\u003c/a\u003e Some changelog updates for 2.0 (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21413\"\u003e#21413\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/519eaf15e0ceafae30337083577a54c7d3f3b4fe\"\u003e\u003ccode\u003e519eaf1\u003c/code\u003e\u003c/a\u003e Bump librt to 0.10.0 (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21415\"\u003e#21415\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/158a6207d6e221cc403e1d556097b5abf5157cdd\"\u003e\u003ccode\u003e158a620\u003c/code\u003e\u003c/a\u003e Fix negative narrowing for containers (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21411\"\u003e#21411\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/e556eb93a3c551a320a536879ce0a1608d14d490\"\u003e\u003ccode\u003ee556eb9\u003c/code\u003e\u003c/a\u003e Try fixing mypy mypyc wheels (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21392\"\u003e#21392\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/f2c97971f5f4dcd749cf87df1e1308ab5754490a\"\u003e\u003ccode\u003ef2c9797\u003c/code\u003e\u003c/a\u003e Expose --num-workers and --native-parser (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21387\"\u003e#21387\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/db0cb2f7c68b0f9d43d6ee1ab68117c1550dac39\"\u003e\u003ccode\u003edb0cb2f\u003c/code\u003e\u003c/a\u003e Bump ast-serialize cache version (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21388\"\u003e#21388\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/1090ca6d476f629c566250a41204450043a47cf5\"\u003e\u003ccode\u003e1090ca6\u003c/code\u003e\u003c/a\u003e Bump ast-serialize version to 0.3.0 only (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21391\"\u003e#21391\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/714ca9f2ac76e7c6dd56e26fd555f69313ba47ab\"\u003e\u003ccode\u003e714ca9f\u003c/code\u003e\u003c/a\u003e [mypyc] Add note about librt.strings thread safety (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21383\"\u003e#21383\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python/mypy/compare/v1.20.2...v2.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/strawberry-graphql/strawberry/pull/4419","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/strawberry-graphql%2Fstrawberry/issues/4419","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/4419/packages"},{"uuid":"4459469007","node_id":"PR_kwDOSGPLhc7cMKOp","number":24,"state":"open","title":"Bump the uv group across 1 directory with 7 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-16T09:46:34.000Z","updated_at":"2026-05-16T09:47:08.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"uv","update_count":7,"packages":[{"name":"orjson","old_version":"3.11.8","new_version":"3.11.9","repository_url":"https://github.com/ijl/orjson"},{"name":"pydantic-settings","old_version":"2.14.0","new_version":"2.14.1","repository_url":"https://github.com/pydantic/pydantic-settings"},{"name":"litellm","old_version":"1.83.14","new_version":"1.84.0","repository_url":"https://github.com/BerriAI/litellm"},{"name":"uv","old_version":"0.11.8","new_version":"0.11.14","repository_url":"https://github.com/astral-sh/uv"},{"name":"types-pyyaml","old_version":"6.0.12.20260408","new_version":"6.0.12.20260510","repository_url":"https://github.com/python/typeshed"},{"name":"coverage","old_version":"7.13.5","new_version":"7.14.0","repository_url":"https://github.com/coveragepy/coveragepy"},{"name":"zensical","old_version":"0.0.39","new_version":"0.0.42","repository_url":"https://github.com/zensical/zensical"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 7 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [orjson](https://github.com/ijl/orjson) | `3.11.8` | `3.11.9` |\n| [pydantic-settings](https://github.com/pydantic/pydantic-settings) | `2.14.0` | `2.14.1` |\n| [litellm](https://github.com/BerriAI/litellm) | `1.83.14` | `1.84.0` |\n| [uv](https://github.com/astral-sh/uv) | `0.11.8` | `0.11.14` |\n| [types-pyyaml](https://github.com/python/typeshed) | `6.0.12.20260408` | `6.0.12.20260510` |\n| [coverage](https://github.com/coveragepy/coveragepy) | `7.13.5` | `7.14.0` |\n| [zensical](https://github.com/zensical/zensical) | `0.0.39` | `0.0.42` |\n\n\nUpdates `orjson` from 3.11.8 to 3.11.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ijl/orjson/releases\"\u003eorjson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.11.9\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBuild now depends on Rust 1.95 or later instead of 1.89.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix building on Rust 1.95.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ijl/orjson/blob/master/CHANGELOG.md\"\u003eorjson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.11.9 - 2026-05-06\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBuild now depends on Rust 1.95 or later instead of 1.89.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix building on Rust 1.95.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/705515d77b28429d0b7c30c3d781abe52e8a1e5a\"\u003e\u003ccode\u003e705515d\u003c/code\u003e\u003c/a\u003e 3.11.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/d19055d5bab432f98d53b71606a9c6c23fb21bf6\"\u003e\u003ccode\u003ed19055d\u003c/code\u003e\u003c/a\u003e build update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/77e2d96c3febe099cde2447856fe2523d68c71b0\"\u003e\u003ccode\u003e77e2d96\u003c/code\u003e\u003c/a\u003e MSRV 1.95, remove compiler feature detection\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ijl/orjson/compare/3.11.8...3.11.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pydantic-settings` from 2.14.0 to 2.14.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic-settings/releases\"\u003epydantic-settings's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the python-packages group with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/850\"\u003epydantic/pydantic-settings#850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 5 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/854\"\u003epydantic/pydantic-settings#854\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the github-actions group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/853\"\u003epydantic/pydantic-settings#853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/856\"\u003epydantic/pydantic-settings#856\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix field named \u003ccode\u003ecls\u003c/code\u003e conflicting with classmethod parameter by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/858\"\u003epydantic/pydantic-settings#858\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare release 2.14.1 by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/859\"\u003epydantic/pydantic-settings#859\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic-settings/compare/v2.14.0...v2.14.1\"\u003ehttps://github.com/pydantic/pydantic-settings/compare/v2.14.0...v2.14.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/e95c30bec8cfaee88ee275138c064aea97a25bdf\"\u003e\u003ccode\u003ee95c30b\u003c/code\u003e\u003c/a\u003e Prepare release 2.14.1 (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/859\"\u003e#859\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/0c8734581b6cf70a995afad603ac456631d00621\"\u003e\u003ccode\u003e0c87345\u003c/code\u003e\u003c/a\u003e Fix field named \u003ccode\u003ecls\u003c/code\u003e conflicting with classmethod parameter (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/858\"\u003e#858\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/7bd0072795a800065b42210b6dca90fc9b83daf7\"\u003e\u003ccode\u003e7bd0072\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 2 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/856\"\u003e#856\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/b03e573d017ed48e1c2774a5e0b715db9766c76b\"\u003e\u003ccode\u003eb03e573\u003c/code\u003e\u003c/a\u003e Bump the github-actions group with 3 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/853\"\u003e#853\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/eaa3b434938411ec8a3717ea646614561e713f51\"\u003e\u003ccode\u003eeaa3b43\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 5 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/854\"\u003e#854\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/9f95615c24c6813c1d7d203576581a79cb6d9e8e\"\u003e\u003ccode\u003e9f95615\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 4 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/850\"\u003e#850\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pydantic/pydantic-settings/compare/v2.14.0...v2.14.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `litellm` from 1.83.14 to 1.84.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/BerriAI/litellm/commits/v1.84.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uv` from 0.11.8 to 0.11.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/uv/releases\"\u003euv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.11.14\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-12.\u003c/p\u003e\n\u003ch3\u003eEnhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Astral mirror URL override (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19206\"\u003e#19206\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIgnore \u003ccode\u003etop_level.txt\u003c/code\u003e entries in uninstall that are not valid Python identifiers (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19340\"\u003e#19340\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid applying \u003ccode\u003e.env\u003c/code\u003e files in parent process (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19343\"\u003e#19343\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFilter ANSI codes in logging output (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19311\"\u003e#19311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003euv tree\u003c/code\u003e showing extra-conditional deps for packages required without extras (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19332\"\u003e#19332\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRespect build options (e.g., \u003ccode\u003e--no-build\u003c/code\u003e) during lock validation (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19366\"\u003e#19366\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eInstall uv 0.11.14\u003c/h2\u003e\n\u003ch3\u003eInstall prebuilt binaries via shell script\u003c/h3\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003ecurl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-installer.sh | sh\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch3\u003eInstall prebuilt binaries via powershell script\u003c/h3\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003epowershell -ExecutionPolicy Bypass -c \u0026quot;irm https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-installer.ps1 | iex\u0026quot;\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eDownload uv 0.11.14\u003c/h2\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003eFile\u003c/th\u003e\n\u003cth\u003ePlatform\u003c/th\u003e\n\u003cth\u003eChecksum\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-aarch64-apple-darwin.tar.gz\"\u003euv-aarch64-apple-darwin.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eApple Silicon macOS\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-aarch64-apple-darwin.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-x86_64-apple-darwin.tar.gz\"\u003euv-x86_64-apple-darwin.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eIntel macOS\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-x86_64-apple-darwin.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-aarch64-pc-windows-msvc.zip\"\u003euv-aarch64-pc-windows-msvc.zip\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eARM64 Windows\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-aarch64-pc-windows-msvc.zip.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-i686-pc-windows-msvc.zip\"\u003euv-i686-pc-windows-msvc.zip\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003ex86 Windows\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-i686-pc-windows-msvc.zip.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-x86_64-pc-windows-msvc.zip\"\u003euv-x86_64-pc-windows-msvc.zip\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003ex64 Windows\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-x86_64-pc-windows-msvc.zip.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-aarch64-unknown-linux-gnu.tar.gz\"\u003euv-aarch64-unknown-linux-gnu.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eARM64 Linux\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-aarch64-unknown-linux-gnu.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-i686-unknown-linux-gnu.tar.gz\"\u003euv-i686-unknown-linux-gnu.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003ex86 Linux\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-i686-unknown-linux-gnu.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-powerpc64le-unknown-linux-gnu.tar.gz\"\u003euv-powerpc64le-unknown-linux-gnu.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003ePPC64LE Linux\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-powerpc64le-unknown-linux-gnu.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-riscv64gc-unknown-linux-gnu.tar.gz\"\u003euv-riscv64gc-unknown-linux-gnu.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eRISCV Linux\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-riscv64gc-unknown-linux-gnu.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-s390x-unknown-linux-gnu.tar.gz\"\u003euv-s390x-unknown-linux-gnu.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eS390x Linux\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-s390x-unknown-linux-gnu.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-x86_64-unknown-linux-gnu.tar.gz\"\u003euv-x86_64-unknown-linux-gnu.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003ex64 Linux\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-x86_64-unknown-linux-gnu.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-armv7-unknown-linux-gnueabihf.tar.gz\"\u003euv-armv7-unknown-linux-gnueabihf.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eARMv7 Linux\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-armv7-unknown-linux-gnueabihf.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-aarch64-unknown-linux-musl.tar.gz\"\u003euv-aarch64-unknown-linux-musl.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eARM64 MUSL Linux\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-aarch64-unknown-linux-musl.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-i686-unknown-linux-musl.tar.gz\"\u003euv-i686-unknown-linux-musl.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003ex86 MUSL Linux\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-i686-unknown-linux-musl.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-riscv64gc-unknown-linux-musl.tar.gz\"\u003euv-riscv64gc-unknown-linux-musl.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eRISCV MUSL Linux\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-riscv64gc-unknown-linux-musl.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/uv/blob/main/CHANGELOG.md\"\u003euv's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.11.14\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-12.\u003c/p\u003e\n\u003ch3\u003eEnhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Astral mirror URL override (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19206\"\u003e#19206\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIgnore \u003ccode\u003etop_level.txt\u003c/code\u003e entries in uninstall that are not valid Python identifiers (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19340\"\u003e#19340\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid applying \u003ccode\u003e.env\u003c/code\u003e files in parent process (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19343\"\u003e#19343\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFilter ANSI codes in logging output (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19311\"\u003e#19311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003euv tree\u003c/code\u003e showing extra-conditional deps for packages required without extras (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19332\"\u003e#19332\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRespect build options (e.g., \u003ccode\u003e--no-build\u003c/code\u003e) during lock validation (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19366\"\u003e#19366\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.11.13\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-10.\u003c/p\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eInclude data files in editable builds (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19312\"\u003e#19312\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRespect \u003ccode\u003e--require-hashes\u003c/code\u003e when installing from \u003ccode\u003epylock.toml\u003c/code\u003e files (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19334\"\u003e#19334\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePython\u003c/h3\u003e\n\u003ch3\u003ePython\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd CPython 3.14.5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.11.12\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-08.\u003c/p\u003e\n\u003ch3\u003ePython\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd CPython 3.15.0b1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003e--no-editable\u003c/code\u003e support to \u003ccode\u003euv pip install\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19306\"\u003e#19306\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequire git refs in URLs to be percent-encoded (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19320\"\u003e#19320\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRespect \u003ccode\u003e--no-dev\u003c/code\u003e over \u003ccode\u003eUV_DEV=1\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19313\"\u003e#19313\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't suggest non-existent \u003ccode\u003e--no-frozen\u003c/code\u003e flag (\u003ca href=\"https://redirect.github.com/astral-sh/uv/issues/19290\"\u003e#19290\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19294\"\u003e#19294\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/uv/commit/3fdfdc7d4a63c9f283eb751823b7628b13116684\"\u003e\u003ccode\u003e3fdfdc7\u003c/code\u003e\u003c/a\u003e Bump version to 0.11.14 (\u003ca href=\"https://redirect.github.com/astral-sh/uv/issues/19377\"\u003e#19377\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/uv/commit/634b03f972330183295adae438ec90e76105593e\"\u003e\u003ccode\u003e634b03f\u003c/code\u003e\u003c/a\u003e Document \u003ccode\u003euv auth helper\u003c/code\u003e for Bazel credential helper use (\u003ca href=\"https://redirect.github.com/astral-sh/uv/issues/19358\"\u003e#19358\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/uv/commit/601c2b80421544fc0f18bedd2d141308e8acbfd1\"\u003e\u003ccode\u003e601c2b8\u003c/code\u003e\u003c/a\u003e Respect build options (e.g., \u003ccode\u003e--no-build\u003c/code\u003e) during lock validation (\u003ca href=\"https://redirect.github.com/astral-sh/uv/issues/19366\"\u003e#19366\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/uv/commit/7d6590313139e075eac190a3611238072e7c3cdf\"\u003e\u003ccode\u003e7d65903\u003c/code\u003e\u003c/a\u003e Add Astral mirror URL override (\u003ca href=\"https://redirect.github.com/astral-sh/uv/issues/19206\"\u003e#19206\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/uv/commit/685c32c51de5f21cdffe1311d6265b9dbebe2a03\"\u003e\u003ccode\u003e685c32c\u003c/code\u003e\u003c/a\u003e Ignore \u003ccode\u003etop_level.txt\u003c/code\u003e entries in uninstall that are not valid Python identif...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/uv/commit/374fcaa56aa46a2923eed31fe0df7a4a7a14c477\"\u003e\u003ccode\u003e374fcaa\u003c/code\u003e\u003c/a\u003e Fix JUnit upload on Windows runners (\u003ca href=\"https://redirect.github.com/astral-sh/uv/issues/19370\"\u003e#19370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/uv/commit/96b43afadc2add190895b20282e83023a08bd0e7\"\u003e\u003ccode\u003e96b43af\u003c/code\u003e\u003c/a\u003e Ensure publish to crates.io is idempotent (\u003ca href=\"https://redirect.github.com/astral-sh/uv/issues/19361\"\u003e#19361\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/uv/commit/b2bd71a82c172926d6fb76ecbbad9c61c6e706b1\"\u003e\u003ccode\u003eb2bd71a\u003c/code\u003e\u003c/a\u003e Filter ANSI codes in logging output (\u003ca href=\"https://redirect.github.com/astral-sh/uv/issues/19311\"\u003e#19311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/uv/commit/81e7f8ccbbd3ed407f32312743fe138d36411cff\"\u003e\u003ccode\u003e81e7f8c\u003c/code\u003e\u003c/a\u003e Update Rust crate junction to v2 (\u003ca href=\"https://redirect.github.com/astral-sh/uv/issues/19353\"\u003e#19353\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/uv/commit/9f21ff88867f59e84bc82f7422492b998aba6e30\"\u003e\u003ccode\u003e9f21ff8\u003c/code\u003e\u003c/a\u003e Avoid applying \u003ccode\u003e.env\u003c/code\u003e files in parent process (\u003ca href=\"https://redirect.github.com/astral-sh/uv/issues/19343\"\u003e#19343\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/astral-sh/uv/compare/0.11.8...0.11.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-pyyaml` from 6.0.12.20260408 to 6.0.12.20260510\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `coverage` from 7.13.5 to 7.14.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst\"\u003ecoverage's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 7.14.0 — 2026-05-10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeature: now when running one of the reporting commands, if there are\nparallel data files that need combining, they will be implicitly combined\nbefore creating the report. There is no option to avoid the combination; let\nus know if you have a use case that requires it.  Thanks, \u003ccode\u003eTim Hatch \u0026lt;pull 2162_\u0026gt;\u003c/code\u003e\u003cem\u003e. Closes \u003ccode\u003eissue 1781\u003c/code\u003e\u003c/em\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the output from \u003ccode\u003ecombine\u003c/code\u003e was too verbose, listing each file\nconsidered. Now it shows a single line with the counts of files combined,\nfiles skipped, and files with errors. The \u003ccode\u003e-q\u003c/code\u003e flag suppresses this line.\nThe old detailed lines are available with the new \u003ccode\u003e--debug=combine\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: running a Python file through a symlink now sets the sys.path correctly,\nmatching regular Python behavior. Fixes \u003ccode\u003eissue 2157\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: \u003ccode\u003eCollector.flush_data\u003c/code\u003e could fail with \u0026quot;RuntimeError: Set changed\nsize during iteration\u0026quot; when a tracer in another thread added a line to the\nper-file set that \u003ccode\u003eadd_lines\u003c/code\u003e (or \u003ccode\u003eadd_arcs\u003c/code\u003e) was iterating. The values\npassed to \u003ccode\u003eCoverageData\u003c/code\u003e are now snapshotted via \u003ccode\u003edict.copy()\u003c/code\u003e and\n\u003ccode\u003eset.copy()\u003c/code\u003e, which are atomic under the GIL. Thanks, \u003ccode\u003eAlex Vandiver \u0026lt;pull 2165_\u0026gt;\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the soft keyword \u003ccode\u003elazy\u003c/code\u003e is now bolded in HTML reports.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWe are no longer testing eventlet support. Eventlet started issuing stern\ndeprecation warnings that break our tests. Our support code is still there.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _issue 1781: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/1781\"\u003ecoveragepy/coveragepy#1781\u003c/a\u003e\n.. _issue 2157: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2157\"\u003ecoveragepy/coveragepy#2157\u003c/a\u003e\n.. _pull 2162: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/pull/2162\"\u003ecoveragepy/coveragepy#2162\u003c/a\u003e\n.. _pull 2165: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/pull/2165\"\u003ecoveragepy/coveragepy#2165\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e.. _changes_7-13-5:\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/646351b60429f1b5760af6c1b97b28483244a955\"\u003e\u003ccode\u003e646351b\u003c/code\u003e\u003c/a\u003e docs: sample HTML for 7.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/39cd015505c8b04369c5b06e34fc22449a697370\"\u003e\u003ccode\u003e39cd015\u003c/code\u003e\u003c/a\u003e docs: prep for 7.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/649e8aa34af7d80c386ae82e8a3a6c9a3acb0dab\"\u003e\u003ccode\u003e649e8aa\u003c/code\u003e\u003c/a\u003e docs: thanks Alex Vandiver for \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2165\"\u003e#2165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/8cd392e3b5c4bc15d534aaec0c21714f9f518469\"\u003e\u003ccode\u003e8cd392e\u003c/code\u003e\u003c/a\u003e fix: snapshot data in Collector.flush_data to avoid threading race (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2165\"\u003e#2165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/c48e0edc2ebe44621b0053176e90f77b0c79bec1\"\u003e\u003ccode\u003ec48e0ed\u003c/code\u003e\u003c/a\u003e fix: less output for combining\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/c2a3a284078556c911e0d9b6c6af1b7082a363ea\"\u003e\u003ccode\u003ec2a3a28\u003c/code\u003e\u003c/a\u003e docs: explain the change from \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2162\"\u003e#2162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/1cd47aa6ac1da4e150da44055295d4e4f3a014e8\"\u003e\u003ccode\u003e1cd47aa\u003c/code\u003e\u003c/a\u003e fix: implicit combine-during-report now removes the combined data files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/2d99fd7696e0bccec8037479a4e45c1ecccb8058\"\u003e\u003ccode\u003e2d99fd7\u003c/code\u003e\u003c/a\u003e feat: automatically combine coverage in report, thanks Tim Hatch (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2162\"\u003e#2162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/9fbdcdfee1c122fac43f1bf9a5e2d1f4d835f21c\"\u003e\u003ccode\u003e9fbdcdf\u003c/code\u003e\u003c/a\u003e fix: lazy soft keywords are bolded\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/5de7d0267b9466d59995aaae1a7e707c8c6f66e7\"\u003e\u003ccode\u003e5de7d02\u003c/code\u003e\u003c/a\u003e build: oops, misplaced quote\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/coveragepy/coveragepy/compare/7.13.5...7.14.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `zensical` from 0.0.39 to 0.0.42\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zensical/zensical/releases\"\u003ezensical's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.42\u003c/h2\u003e\n\u003ch2\u003eSummary\u003c/h2\u003e\n\u003cp\u003eThis version includes a number of bug fixes and refactorings to improve the stability and accuracy of link validation, and fixes a reload loop when the \u003ccode\u003ecustom_dir\u003c/code\u003e, which is auto-watched, is explicitly added to \u003ccode\u003ewatch\u003c/code\u003e. Moreover, GLightbox is now only downloaded when needed, which fixes an issue when using Zensical in air-gapped environments.\u003c/p\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e6b54e14 \u003cstrong\u003eui\u003c/strong\u003e – update ui to v0.0.18\u003c/li\u003e\n\u003cli\u003ecdee1e8 \u003cstrong\u003ezensical\u003c/strong\u003e – disabling link validation doesn't disable link and reference collection (\u003ca href=\"https://redirect.github.com/zensical/zensical/issues/659\"\u003e#659\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e4355dad \u003cstrong\u003ecompat\u003c/strong\u003e – harden link validation for files with CRLF line endings\u003c/li\u003e\n\u003cli\u003ea418c6b \u003cstrong\u003ecompat\u003c/strong\u003e – link validation doesn't ignore fenced code blocks when \u003ccode\u003e\\r\u003c/code\u003e is present\u003c/li\u003e\n\u003cli\u003eb31dd14 \u003cstrong\u003ecompat\u003c/strong\u003e – \u003ccode\u003e$\u003c/code\u003e at end of line breaks link validation (\u003ca href=\"https://redirect.github.com/zensical/zensical/issues/659\"\u003e#659\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e17c67a2 \u003cstrong\u003ecompat\u003c/strong\u003e – remove abbreviations from table of contents (\u003ca href=\"https://redirect.github.com/zensical/zensical/issues/669\"\u003e#669\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e6eb2f4d \u003cstrong\u003ecompat\u003c/strong\u003e – reserve theme name \u003ccode\u003ezensical\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ea5a8641 \u003cstrong\u003ezensical\u003c/strong\u003e – only wait for config update after a first successful build (\u003ca href=\"https://redirect.github.com/zensical/zensical/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e8207554 \u003cstrong\u003ecompat\u003c/strong\u003e – don't consider \u003ccode\u003e[]\u003c/code\u003e and \u003ccode\u003e[][]\u003c/code\u003e link references (\u003ca href=\"https://redirect.github.com/zensical/zensical/issues/663\"\u003e#663\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ec338b27 \u003cstrong\u003ecompat\u003c/strong\u003e – two backticks with no closing run trip up link parser  (\u003ca href=\"https://redirect.github.com/zensical/zensical/issues/663\"\u003e#663\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/zensical/zensical/issues/665\"\u003e#665\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ed707aa9 \u003cstrong\u003ecompat\u003c/strong\u003e – prevent reload loop by de-duplicating watched theme files (\u003ca href=\"https://redirect.github.com/zensical/zensical/issues/655\"\u003e#655\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRefactorings\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e53f593f \u003cstrong\u003ecompat\u003c/strong\u003e – avoid mutating configurations list\u003c/li\u003e\n\u003cli\u003ea77087a \u003cstrong\u003ecompat\u003c/strong\u003e – reorganize config module\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.41\u003c/h2\u003e\n\u003ch2\u003eSummary\u003c/h2\u003e\n\u003cp\u003eThis version adds support for \u003ca href=\"https://zensical.org/docs/setup/extensions/macros/#reading-tabular-data\"\u003eintegrating tabular data\u003c/a\u003e as Markdown tables, covering the functionality of the \u003ca href=\"https://pypi.org/project/mkdocs-table-reader-plugin/\"\u003emkdocs-table-reader-plugin\u003c/a\u003e, as well as the \u003ca href=\"https://zensical.org/docs/setup/basics/#watch\"\u003e\u003ccode\u003ewatch\u003c/code\u003e\u003c/a\u003e option to automatically rebuild on changes in unmonitored files. Table reading is implemented as part of \u003ca href=\"https://zensical.org/docs/setup/extensions/macros/\"\u003emacros\u003c/a\u003e, which we shipped in \u003ca href=\"https://github.com/zensical/zensical/releases/tag/v0.0.40\"\u003e0.0.40\u003c/a\u003e. You can now embed CSV and other file formats with:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e{{ read_csv(\u0026quot;data/team.csv\u0026quot;) }}\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eAdditionally, the stability of link \u003ca href=\"https://zensical.org/docs/setup/validation/\"\u003evalidation\u003c/a\u003e has been drastically improved, reducing the rate of false positives. We're working on support for validating links using \u003ca href=\"https://mkdocstrings.github.io/autorefs/\"\u003eautorefs\u003c/a\u003e, which we'll provide in one of the next versions.\u003c/p\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ed24ea24 \u003cstrong\u003ecompat\u003c/strong\u003e – support table reader functionality\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zensical/zensical/commit/7a141c5678ebcedb05e8b4be8f8d6f8bce990943\"\u003e\u003ccode\u003e7a141c5\u003c/code\u003e\u003c/a\u003e chore: release v0.0.42\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zensical/zensical/commit/6b54e140c8a40fc6328a8dd4bbf87629fa1a8c87\"\u003e\u003ccode\u003e6b54e14\u003c/code\u003e\u003c/a\u003e fix: update ui to v0.0.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zensical/zensical/commit/cdee1e8bc77e83ebbb089cab0b5a0984cc6305cc\"\u003e\u003ccode\u003ecdee1e8\u003c/code\u003e\u003c/a\u003e fix: disabling link validation doesn't disable link and reference collection ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zensical/zensical/commit/7a5d97abe0bc15b10e4656767de658daab59c759\"\u003e\u003ccode\u003e7a5d97a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/zensical/zensical/issues/680\"\u003e#680\u003c/a\u003e from zensical/fix/validation-edge-cases\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zensical/zensical/commit/4355dad3ce47a0e647e2187a770a2b9b0b2d502e\"\u003e\u003ccode\u003e4355dad\u003c/code\u003e\u003c/a\u003e fix: harden link validation for files with CRLF line endings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zensical/zensical/commit/a418c6bd3c62673e91df01690fd9eccafe262041\"\u003e\u003ccode\u003ea418c6b\u003c/code\u003e\u003c/a\u003e fix: link validation doesn't ignore fenced code blocks when \u003ccode\u003e\\r\u003c/code\u003e is present\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zensical/zensical/commit/b31dd1472c091891ee6a87cb46e8313cf3dde9be\"\u003e\u003ccode\u003eb31dd14\u003c/code\u003e\u003c/a\u003e fix: \u003ccode\u003e$\u003c/code\u003e at end of line breaks link validation (\u003ca href=\"https://redirect.github.com/zensical/zensical/issues/659\"\u003e#659\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zensical/zensical/commit/17c67a2f62181c85220275e8f87c5985135bd62f\"\u003e\u003ccode\u003e17c67a2\u003c/code\u003e\u003c/a\u003e fix: remove abbreviations from table of contents (\u003ca href=\"https://redirect.github.com/zensical/zensical/issues/669\"\u003e#669\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zensical/zensical/commit/6eb2f4d942e79e6f48f772fa16dcddc6e6dbb4eb\"\u003e\u003ccode\u003e6eb2f4d\u003c/code\u003e\u003c/a\u003e fix: reserve theme name \u003ccode\u003ezensical\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zensical/zensical/commit/a5a864178ccd0616e5aea56b66f8ce6b031ce50b\"\u003e\u003ccode\u003ea5a8641\u003c/code\u003e\u003c/a\u003e fix: only wait for config update after a first successful build (\u003ca href=\"https://redirect.github.com/zensical/zensical/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/zensical/zensical/compare/v0.0.39...v0.0.42\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/callowayproject/foreman/pull/24","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/callowayproject%2Fforeman/issues/24","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/24/packages"},{"uuid":"4451031951","node_id":"PR_kwDOSEb-G87bxRkZ","number":27,"state":"closed","title":"Bump the dev group across 1 directory with 43 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-22T03:26:47.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-15T03:38:47.000Z","updated_at":"2026-05-22T03:26:49.000Z","time_to_close":604080,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"dev","update_count":43,"packages":[{"name":"coverage","old_version":"7.13.5","new_version":"7.14.0","repository_url":"https://github.com/coveragepy/coveragepy"},{"name":"faker","old_version":"40.13.0","new_version":"40.18.0","repository_url":"https://github.com/joke2k/faker"},{"name":"basedpyright","old_version":"1.39.0","new_version":"1.39.4","repository_url":"https://github.com/detachhead/basedpyright"},{"name":"ruff","old_version":"0.15.10","new_version":"0.15.13","repository_url":"https://github.com/astral-sh/ruff"},{"name":"types-aiofiles","old_version":"25.1.0.20260409","new_version":"25.1.0.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-cachetools","old_version":"6.2.0.20260408","new_version":"7.0.0.20260503","repository_url":"https://github.com/python/typeshed"},{"name":"types-colorama","old_version":"0.4.15.20260408","new_version":"0.4.15.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-defusedxml","old_version":"0.7.0.20260408","new_version":"0.7.0.20260504","repository_url":"https://github.com/python/typeshed"},{"name":"types-deprecated","old_version":"1.3.1.20260408","new_version":"1.3.1.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-docutils","old_version":"0.22.3.20260408","new_version":"0.22.3.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-flask-cors","old_version":"6.0.0.20260408","new_version":"6.0.0.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-flask-migrate","old_version":"4.1.0.20260408","new_version":"4.1.0.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-gevent","old_version":"26.4.0.20260409","new_version":"26.4.0.20260512","repository_url":"https://github.com/python/typeshed"},{"name":"types-greenlet","old_version":"3.4.0.20260409","new_version":"3.5.0.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-html5lib","old_version":"1.1.11.20260408","new_version":"1.1.11.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-markdown","old_version":"3.10.2.20260408","new_version":"3.10.2.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-oauthlib","old_version":"3.3.0.20260408","new_version":"3.3.0.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-objgraph","old_version":"3.6.0.20260408","new_version":"3.6.0.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-olefile","old_version":"0.47.0.20260408","new_version":"0.47.0.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-openpyxl","old_version":"3.1.5.20260408","new_version":"3.1.5.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-pexpect","old_version":"4.9.0.20260408","new_version":"4.9.0.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-protobuf","old_version":"7.34.1.20260408","new_version":"7.34.1.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-psutil","old_version":"7.2.2.20260408","new_version":"7.2.2.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-psycopg2","old_version":"2.9.21.20260408","new_version":"2.9.21.20260509","repository_url":"https://github.com/python/typeshed"},{"name":"types-pygments","old_version":"2.20.0.20260408","new_version":"2.20.0.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-pymysql","old_version":"1.1.0.20260408","new_version":"1.1.0.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-python-dateutil","old_version":"2.9.0.20260408","new_version":"2.9.0.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-pywin32","old_version":"311.0.0.20260408","new_version":"311.0.0.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-pyyaml","old_version":"6.0.12.20260408","new_version":"6.0.12.20260510","repository_url":"https://github.com/python/typeshed"},{"name":"types-regex","old_version":"2026.4.4.20260408","new_version":"2026.5.9.20260510","repository_url":"https://github.com/python/typeshed"},{"name":"types-shapely","old_version":"2.1.0.20260408","new_version":"2.1.0.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-simplejson","old_version":"3.20.0.20260408","new_version":"3.20.0.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-tensorflow","old_version":"2.18.0.20260408","new_version":"2.18.0.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-tqdm","old_version":"4.67.3.20260408","new_version":"4.67.3.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"boto3-stubs","old_version":"1.42.88","new_version":"1.43.8","repository_url":"https://github.com/youtype/mypy_boto3_builder"},{"name":"types-jmespath","old_version":"1.1.0.20260408","new_version":"1.1.0.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"hypothesis","old_version":"6.151.12","new_version":"6.152.7","repository_url":"https://github.com/HypothesisWorks/hypothesis"},{"name":"types-cffi","old_version":"2.0.0.20260408","new_version":"2.0.0.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-setuptools","old_version":"82.0.0.20260408","new_version":"82.0.0.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"scipy-stubs","old_version":"1.17.1.3","new_version":"1.17.1.4","repository_url":"https://github.com/scipy/scipy-stubs"},{"name":"celery-types","old_version":"0.23.0","new_version":"0.26.0","repository_url":"https://github.com/sbdchd/celery-types"},{"name":"mypy","old_version":"1.20.1","new_version":"2.1.0","repository_url":"https://github.com/python/mypy"},{"name":"pyrefly","old_version":"0.60.0","new_version":"1.0.0","repository_url":"https://github.com/facebook/pyrefly"}],"path":null,"ecosystem":"pip"},"body":"Bumps the dev group with 43 updates in the /api directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [coverage](https://github.com/coveragepy/coveragepy) | `7.13.5` | `7.14.0` |\n| [faker](https://github.com/joke2k/faker) | `40.13.0` | `40.18.0` |\n| [basedpyright](https://github.com/detachhead/basedpyright) | `1.39.0` | `1.39.4` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.15.10` | `0.15.13` |\n| [types-aiofiles](https://github.com/python/typeshed) | `25.1.0.20260409` | `25.1.0.20260508` |\n| [types-cachetools](https://github.com/python/typeshed) | `6.2.0.20260408` | `7.0.0.20260503` |\n| [types-colorama](https://github.com/python/typeshed) | `0.4.15.20260408` | `0.4.15.20260508` |\n| [types-defusedxml](https://github.com/python/typeshed) | `0.7.0.20260408` | `0.7.0.20260504` |\n| [types-deprecated](https://github.com/python/typeshed) | `1.3.1.20260408` | `1.3.1.20260508` |\n| [types-docutils](https://github.com/python/typeshed) | `0.22.3.20260408` | `0.22.3.20260508` |\n| [types-flask-cors](https://github.com/python/typeshed) | `6.0.0.20260408` | `6.0.0.20260508` |\n| [types-flask-migrate](https://github.com/python/typeshed) | `4.1.0.20260408` | `4.1.0.20260508` |\n| [types-gevent](https://github.com/python/typeshed) | `26.4.0.20260409` | `26.4.0.20260512` |\n| [types-greenlet](https://github.com/python/typeshed) | `3.4.0.20260409` | `3.5.0.20260508` |\n| [types-html5lib](https://github.com/python/typeshed) | `1.1.11.20260408` | `1.1.11.20260508` |\n| [types-markdown](https://github.com/python/typeshed) | `3.10.2.20260408` | `3.10.2.20260508` |\n| [types-oauthlib](https://github.com/python/typeshed) | `3.3.0.20260408` | `3.3.0.20260508` |\n| [types-objgraph](https://github.com/python/typeshed) | `3.6.0.20260408` | `3.6.0.20260508` |\n| [types-olefile](https://github.com/python/typeshed) | `0.47.0.20260408` | `0.47.0.20260508` |\n| [types-openpyxl](https://github.com/python/typeshed) | `3.1.5.20260408` | `3.1.5.20260508` |\n| [types-pexpect](https://github.com/python/typeshed) | `4.9.0.20260408` | `4.9.0.20260508` |\n| [types-protobuf](https://github.com/python/typeshed) | `7.34.1.20260408` | `7.34.1.20260508` |\n| [types-psutil](https://github.com/python/typeshed) | `7.2.2.20260408` | `7.2.2.20260508` |\n| [types-psycopg2](https://github.com/python/typeshed) | `2.9.21.20260408` | `2.9.21.20260509` |\n| [types-pygments](https://github.com/python/typeshed) | `2.20.0.20260408` | `2.20.0.20260508` |\n| [types-pymysql](https://github.com/python/typeshed) | `1.1.0.20260408` | `1.1.0.20260508` |\n| [types-python-dateutil](https://github.com/python/typeshed) | `2.9.0.20260408` | `2.9.0.20260508` |\n| [types-pywin32](https://github.com/python/typeshed) | `311.0.0.20260408` | `311.0.0.20260508` |\n| [types-pyyaml](https://github.com/python/typeshed) | `6.0.12.20260408` | `6.0.12.20260510` |\n| [types-regex](https://github.com/python/typeshed) | `2026.4.4.20260408` | `2026.5.9.20260510` |\n| [types-shapely](https://github.com/python/typeshed) | `2.1.0.20260408` | `2.1.0.20260508` |\n| [types-simplejson](https://github.com/python/typeshed) | `3.20.0.20260408` | `3.20.0.20260508` |\n| [types-tensorflow](https://github.com/python/typeshed) | `2.18.0.20260408` | `2.18.0.20260508` |\n| [types-tqdm](https://github.com/python/typeshed) | `4.67.3.20260408` | `4.67.3.20260508` |\n| [boto3-stubs](https://github.com/youtype/mypy_boto3_builder) | `1.42.88` | `1.43.8` |\n| [types-jmespath](https://github.com/python/typeshed) | `1.1.0.20260408` | `1.1.0.20260508` |\n| [hypothesis](https://github.com/HypothesisWorks/hypothesis) | `6.151.12` | `6.152.7` |\n| [types-cffi](https://github.com/python/typeshed) | `2.0.0.20260408` | `2.0.0.20260508` |\n| [types-setuptools](https://github.com/python/typeshed) | `82.0.0.20260408` | `82.0.0.20260508` |\n| [scipy-stubs](https://github.com/scipy/scipy-stubs) | `1.17.1.3` | `1.17.1.4` |\n| [celery-types](https://github.com/sbdchd/celery-types) | `0.23.0` | `0.26.0` |\n| [mypy](https://github.com/python/mypy) | `1.20.1` | `2.1.0` |\n| [pyrefly](https://github.com/facebook/pyrefly) | `0.60.0` | `1.0.0` |\n\n\nUpdates `coverage` from 7.13.5 to 7.14.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst\"\u003ecoverage's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 7.14.0 — 2026-05-10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeature: now when running one of the reporting commands, if there are\nparallel data files that need combining, they will be implicitly combined\nbefore creating the report. There is no option to avoid the combination; let\nus know if you have a use case that requires it.  Thanks, \u003ccode\u003eTim Hatch \u0026lt;pull 2162_\u0026gt;\u003c/code\u003e\u003cem\u003e. Closes \u003ccode\u003eissue 1781\u003c/code\u003e\u003c/em\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the output from \u003ccode\u003ecombine\u003c/code\u003e was too verbose, listing each file\nconsidered. Now it shows a single line with the counts of files combined,\nfiles skipped, and files with errors. The \u003ccode\u003e-q\u003c/code\u003e flag suppresses this line.\nThe old detailed lines are available with the new \u003ccode\u003e--debug=combine\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: running a Python file through a symlink now sets the sys.path correctly,\nmatching regular Python behavior. Fixes \u003ccode\u003eissue 2157\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: \u003ccode\u003eCollector.flush_data\u003c/code\u003e could fail with \u0026quot;RuntimeError: Set changed\nsize during iteration\u0026quot; when a tracer in another thread added a line to the\nper-file set that \u003ccode\u003eadd_lines\u003c/code\u003e (or \u003ccode\u003eadd_arcs\u003c/code\u003e) was iterating. The values\npassed to \u003ccode\u003eCoverageData\u003c/code\u003e are now snapshotted via \u003ccode\u003edict.copy()\u003c/code\u003e and\n\u003ccode\u003eset.copy()\u003c/code\u003e, which are atomic under the GIL. Thanks, \u003ccode\u003eAlex Vandiver \u0026lt;pull 2165_\u0026gt;\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the soft keyword \u003ccode\u003elazy\u003c/code\u003e is now bolded in HTML reports.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWe are no longer testing eventlet support. Eventlet started issuing stern\ndeprecation warnings that break our tests. Our support code is still there.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _issue 1781: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/1781\"\u003ecoveragepy/coveragepy#1781\u003c/a\u003e\n.. _issue 2157: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2157\"\u003ecoveragepy/coveragepy#2157\u003c/a\u003e\n.. _pull 2162: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/pull/2162\"\u003ecoveragepy/coveragepy#2162\u003c/a\u003e\n.. _pull 2165: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/pull/2165\"\u003ecoveragepy/coveragepy#2165\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e.. _changes_7-13-5:\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/646351b60429f1b5760af6c1b97b28483244a955\"\u003e\u003ccode\u003e646351b\u003c/code\u003e\u003c/a\u003e docs: sample HTML for 7.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/39cd015505c8b04369c5b06e34fc22449a697370\"\u003e\u003ccode\u003e39cd015\u003c/code\u003e\u003c/a\u003e docs: prep for 7.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/649e8aa34af7d80c386ae82e8a3a6c9a3acb0dab\"\u003e\u003ccode\u003e649e8aa\u003c/code\u003e\u003c/a\u003e docs: thanks Alex Vandiver for \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2165\"\u003e#2165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/8cd392e3b5c4bc15d534aaec0c21714f9f518469\"\u003e\u003ccode\u003e8cd392e\u003c/code\u003e\u003c/a\u003e fix: snapshot data in Collector.flush_data to avoid threading race (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2165\"\u003e#2165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/c48e0edc2ebe44621b0053176e90f77b0c79bec1\"\u003e\u003ccode\u003ec48e0ed\u003c/code\u003e\u003c/a\u003e fix: less output for combining\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/c2a3a284078556c911e0d9b6c6af1b7082a363ea\"\u003e\u003ccode\u003ec2a3a28\u003c/code\u003e\u003c/a\u003e docs: explain the change from \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2162\"\u003e#2162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/1cd47aa6ac1da4e150da44055295d4e4f3a014e8\"\u003e\u003ccode\u003e1cd47aa\u003c/code\u003e\u003c/a\u003e fix: implicit combine-during-report now removes the combined data files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/2d99fd7696e0bccec8037479a4e45c1ecccb8058\"\u003e\u003ccode\u003e2d99fd7\u003c/code\u003e\u003c/a\u003e feat: automatically combine coverage in report, thanks Tim Hatch (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2162\"\u003e#2162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/9fbdcdfee1c122fac43f1bf9a5e2d1f4d835f21c\"\u003e\u003ccode\u003e9fbdcdf\u003c/code\u003e\u003c/a\u003e fix: lazy soft keywords are bolded\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/5de7d0267b9466d59995aaae1a7e707c8c6f66e7\"\u003e\u003ccode\u003e5de7d02\u003c/code\u003e\u003c/a\u003e build: oops, misplaced quote\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/coveragepy/coveragepy/compare/7.13.5...7.14.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `faker` from 40.13.0 to 40.18.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/joke2k/faker/releases\"\u003efaker's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease v40.18.0\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/joke2k/faker/blob/refs/tags/v40.18.0/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eRelease v40.17.0\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/joke2k/faker/blob/refs/tags/v40.17.0/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eRelease v40.16.0\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/joke2k/faker/blob/refs/tags/v40.16.0/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eRelease v40.15.0\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/joke2k/faker/blob/refs/tags/v40.15.0/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eRelease v40.14.1\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/joke2k/faker/blob/refs/tags/v40.14.1/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eRelease v40.14.0\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/joke2k/faker/blob/refs/tags/v40.14.0/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/joke2k/faker/blob/v40.18.0/CHANGELOG.md\"\u003efaker's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/joke2k/faker/compare/v40.17.0...v40.18.0\"\u003ev40.18.0 - 2026-05-14\u003c/a\u003e\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd automotive providers for \u003ccode\u003ear_DZ\u003c/code\u003e and \u003ccode\u003efr_DZ\u003c/code\u003e locales. Thanks \u003ca href=\"https://github.com/othmane099\"\u003e\u003ccode\u003e@​othmane099\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003ephone_number\u003c/code\u003e provider for \u003ccode\u003ear_DZ\u003c/code\u003e and \u003ccode\u003efr_DZ\u003c/code\u003e locales. Thanks \u003ca href=\"https://github.com/othmane099\"\u003e\u003ccode\u003e@​othmane099\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/joke2k/faker/compare/v40.16.0...v40.17.0\"\u003ev40.17.0 - 2026-05-14\u003c/a\u003e\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eam_ET\u003c/code\u003e \u003ccode\u003ephone_number\u003c/code\u003e provider for Ethiopia. Thanks \u003ca href=\"https://github.com/jasur-py\"\u003e\u003ccode\u003e@​jasur-py\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/joke2k/faker/compare/v40.15.0...v40.16.0\"\u003ev40.16.0 - 2026-05-14\u003c/a\u003e\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix duplicate phone number prefix \u003ccode\u003e145\u003c/code\u003e in \u003ccode\u003ezh_CN\u003c/code\u003e locale. Thanks \u003ca href=\"https://github.com/r266-tec\"\u003e\u003ccode\u003e@​r266-tec\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/joke2k/faker/compare/v40.14.1...v40.15.0\"\u003ev40.15.0 - 2026-04-17\u003c/a\u003e\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd job providers for \u003ccode\u003ear_DZ\u003c/code\u003e and \u003ccode\u003efr_DZ\u003c/code\u003e locales (\u003ca href=\"https://redirect.github.com/joke2k/faker/issues/2352\"\u003e#2352\u003c/a\u003e). Thanks \u003ca href=\"https://github.com/othmane099\"\u003e\u003ccode\u003e@​othmane099\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd company providers for \u003ccode\u003ear_DZ\u003c/code\u003e and \u003ccode\u003efr_DZ\u003c/code\u003e locales (\u003ca href=\"https://redirect.github.com/joke2k/faker/issues/2351\"\u003e#2351\u003c/a\u003e). Thanks \u003ca href=\"https://github.com/othmane099\"\u003e\u003ccode\u003e@​othmane099\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd geo providers for \u003ccode\u003ear_DZ\u003c/code\u003e and \u003ccode\u003efr_DZ\u003c/code\u003e locales (\u003ca href=\"https://redirect.github.com/joke2k/faker/issues/2350\"\u003e#2350\u003c/a\u003e). Thanks \u003ca href=\"https://github.com/othmane099\"\u003e\u003ccode\u003e@​othmane099\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd currency providers for \u003ccode\u003ear_DZ\u003c/code\u003e and \u003ccode\u003efr_DZ\u003c/code\u003e locales (\u003ca href=\"https://redirect.github.com/joke2k/faker/issues/2349\"\u003e#2349\u003c/a\u003e). Thanks \u003ca href=\"https://github.com/othmane099\"\u003e\u003ccode\u003e@​othmane099\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003edate_time\u003c/code\u003e provider for \u003ccode\u003ear_DZ\u003c/code\u003e locale (\u003ca href=\"https://redirect.github.com/joke2k/faker/issues/2348\"\u003e#2348\u003c/a\u003e). Thanks \u003ca href=\"https://github.com/othmane099\"\u003e\u003ccode\u003e@​othmane099\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd ssn providers for \u003ccode\u003ear_DZ\u003c/code\u003e and \u003ccode\u003efr_DZ\u003c/code\u003e locales (\u003ca href=\"https://redirect.github.com/joke2k/faker/issues/2347\"\u003e#2347\u003c/a\u003e). Thanks \u003ca href=\"https://github.com/othmane099\"\u003e\u003ccode\u003e@​othmane099\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/joke2k/faker/compare/v40.14.0...v40.14.1\"\u003ev40.14.1 - 2026-04-17\u003c/a\u003e\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eUnicodeEncodeError\u003c/code\u003e in CLI docs on non-UTF consoles (\u003ca href=\"https://redirect.github.com/joke2k/faker/issues/2362\"\u003e#2362\u003c/a\u003e). Thanks \u003ca href=\"https://github.com/RedZapdos123\"\u003e\u003ccode\u003e@​RedZapdos123\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/joke2k/faker/compare/v40.13.0...v40.14.0\"\u003ev40.14.0 - 2026-04-17\u003c/a\u003e\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix: update placekitten URL to placekittens (\u003ca href=\"https://redirect.github.com/joke2k/faker/issues/2364\"\u003e#2364\u003c/a\u003e). Thanks \u003ca href=\"https://github.com/reory\"\u003e\u003ccode\u003e@​reory\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/joke2k/faker/commit/7a79d1b815c72cdd570e47002a1d6d90b8282bef\"\u003e\u003ccode\u003e7a79d1b\u003c/code\u003e\u003c/a\u003e Bump version: 40.17.0 → 40.18.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/joke2k/faker/commit/22334a6867869f87f174a168e0c1783241b23bb4\"\u003e\u003ccode\u003e22334a6\u003c/code\u003e\u003c/a\u003e :pencil: Update CHANGELOG.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/joke2k/faker/commit/8a7fa46a337e01eba9ec1c1af51e740d60940f1d\"\u003e\u003ccode\u003e8a7fa46\u003c/code\u003e\u003c/a\u003e :lipstick: Lint code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/joke2k/faker/commit/a70229ebf3abb0e2e44529e884bbe3d5aec9be8a\"\u003e\u003ccode\u003ea70229e\u003c/code\u003e\u003c/a\u003e Add automotive providers for \u003ccode\u003ear_DZ\u003c/code\u003e and \u003ccode\u003efr_DZ\u003c/code\u003e locales (\u003ca href=\"https://redirect.github.com/joke2k/faker/issues/2346\"\u003e#2346\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/joke2k/faker/commit/9dc592c21400f42a488e87850e30856a14ab4bd2\"\u003e\u003ccode\u003e9dc592c\u003c/code\u003e\u003c/a\u003e add \u003ccode\u003ephone_number\u003c/code\u003e provider for \u003ccode\u003ear_DZ\u003c/code\u003e and \u003ccode\u003efr_DZ\u003c/code\u003e locales (\u003ca href=\"https://redirect.github.com/joke2k/faker/issues/2338\"\u003e#2338\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/joke2k/faker/commit/7e8ec9c8c60679e404b5ca647a207168832c8ba4\"\u003e\u003ccode\u003e7e8ec9c\u003c/code\u003e\u003c/a\u003e Bump version: 40.16.0 → 40.17.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/joke2k/faker/commit/48fbd622669263bcbd2b822568a830512948d365\"\u003e\u003ccode\u003e48fbd62\u003c/code\u003e\u003c/a\u003e :pencil: Update CHANGELOG.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/joke2k/faker/commit/696ebf93a8310d621d6dd90426844de023d9ef50\"\u003e\u003ccode\u003e696ebf9\u003c/code\u003e\u003c/a\u003e :lipstick: Format code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/joke2k/faker/commit/0c339633949b44f5ab3c34d1b2046acddfae7e39\"\u003e\u003ccode\u003e0c33963\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003eam_ET\u003c/code\u003e \u003ccode\u003ephone_number\u003c/code\u003e provider for Ethiopia (\u003ca href=\"https://redirect.github.com/joke2k/faker/issues/2353\"\u003e#2353\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/joke2k/faker/commit/bec4ec21e9a75056e1fcf250d5aebcf22a415ca1\"\u003e\u003ccode\u003ebec4ec2\u003c/code\u003e\u003c/a\u003e :pencil: fix changelog\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/joke2k/faker/compare/v40.13.0...v40.18.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `basedpyright` from 1.39.0 to 1.39.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/b058a6450c9f2a720257f56a1f7ed8a4cdf33a15\"\u003e\u003ccode\u003eb058a64\u003c/code\u003e\u003c/a\u003e 1.39.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/5e1f1fb60ff9f646a0d039e3070a0abb75e9db6a\"\u003e\u003ccode\u003e5e1f1fb\u003c/code\u003e\u003c/a\u003e Fix: treat  \u003ccode\u003emap\u003c/code\u003e \u0026amp; \u003ccode\u003efilter\u003c/code\u003e as not subscriptable at runtime and don't show g...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/f9730a824e91dd75c3871bc894ee0d73bec682a9\"\u003e\u003ccode\u003ef9730a8\u003c/code\u003e\u003c/a\u003e bump python dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/a465682f20214a43fff4f3e82d02b74d322e6e3e\"\u003e\u003ccode\u003ea465682\u003c/code\u003e\u003c/a\u003e Update installation docs for PyCharm (\u003ca href=\"https://redirect.github.com/detachhead/basedpyright/issues/1643\"\u003e#1643\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/5f6672701c5b6a739563894256418845239be2a2\"\u003e\u003ccode\u003e5f66727\u003c/code\u003e\u003c/a\u003e 1.39.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/d8741dfc88be16e11c66cceff78e6e2634ddf49b\"\u003e\u003ccode\u003ed8741df\u003c/code\u003e\u003c/a\u003e hopefully fix docs deployment job\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/ceb200c192bb53629b4c62fdc082ec27b108f316\"\u003e\u003ccode\u003eceb200c\u003c/code\u003e\u003c/a\u003e 1.39.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/eb7a92cacd2697acb4e36e2f3147333588c88fa7\"\u003e\u003ccode\u003eeb7a92c\u003c/code\u003e\u003c/a\u003e try to fix browser-basedpyright being published with nothing in it\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/dec5306e9aabbce3f9b1b9ec283981d92dd43d80\"\u003e\u003ccode\u003edec5306\u003c/code\u003e\u003c/a\u003e update package-lock.json\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/6db43de5dda601e3cd83998c669c4ecbbfde26f6\"\u003e\u003ccode\u003e6db43de\u003c/code\u003e\u003c/a\u003e 1.39.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/detachhead/basedpyright/compare/v1.39.0...v1.39.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ruff` from 0.15.10 to 0.15.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/releases\"\u003eruff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.13\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-14.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a rule to flag lazy imports that are eagerly evaluated (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25016\"\u003e#25016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Standardize diagnostic message (\u003ccode\u003ePLR0914\u003c/code\u003e, \u003ccode\u003ePLR0917\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24996\"\u003e#24996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eF811\u003c/code\u003e false positive for class methods (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24933\"\u003e#24933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix setting selection for multi-folder workspace (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24819\"\u003e#24819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eeradicate\u003c/code\u003e] Fix false positive for lines with leading whitespace (\u003ccode\u003eERA001\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25122\"\u003e#25122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-pyi\u003c/code\u003e] Fix false positive for f-string debug specifier (\u003ccode\u003ePYI016\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24098\"\u003e#24098\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways include panic payload in panic diagnostic message (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24873\"\u003e#24873\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRestrict \u003ccode\u003ePYI034\u003c/code\u003e for in-place operations to enclosing class (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24511\"\u003e#24511\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove error message for parameters that are declared \u003ccode\u003eglobal\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24902\"\u003e#24902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate known stdlib (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25103\"\u003e#25103\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eisort\u003c/code\u003e] Avoid constructing \u003ccode\u003eglob::Pattern\u003c/code\u003es for literal known modules (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25123\"\u003e#25123\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCLI\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd TOML examples to \u003ccode\u003e--config\u003c/code\u003e help text (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25013\"\u003e#25013\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eColorize ruff check 'All checks passed' (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25085\"\u003e#25085\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIncrease max allowed value of \u003ccode\u003eline-length\u003c/code\u003e setting (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24962\"\u003e#24962\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eD203\u003c/code\u003e to rules that conflict with the formatter (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25044\"\u003e#25044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClarify \u003ccode\u003eCOM819\u003c/code\u003e and formatter interaction (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25045\"\u003e#25045\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClarify that \u003ccode\u003eNotImplemented\u003c/code\u003e is a value, not an exception (\u003ccode\u003eF901\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25054\"\u003e#25054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate number of lint rules supported (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24942\"\u003e#24942\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSimplify the playground's markdown template (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24924\"\u003e#24924\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md\"\u003eruff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.13\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-14.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a rule to flag lazy imports that are eagerly evaluated (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25016\"\u003e#25016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Standardize diagnostic message (\u003ccode\u003ePLR0914\u003c/code\u003e, \u003ccode\u003ePLR0917\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24996\"\u003e#24996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eF811\u003c/code\u003e false positive for class methods (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24933\"\u003e#24933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix setting selection for multi-folder workspace (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24819\"\u003e#24819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eeradicate\u003c/code\u003e] Fix false positive for lines with leading whitespace (\u003ccode\u003eERA001\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25122\"\u003e#25122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-pyi\u003c/code\u003e] Fix false positive for f-string debug specifier (\u003ccode\u003ePYI016\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24098\"\u003e#24098\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways include panic payload in panic diagnostic message (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24873\"\u003e#24873\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRestrict \u003ccode\u003ePYI034\u003c/code\u003e for in-place operations to enclosing class (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24511\"\u003e#24511\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove error message for parameters that are declared \u003ccode\u003eglobal\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24902\"\u003e#24902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate known stdlib (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25103\"\u003e#25103\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eisort\u003c/code\u003e] Avoid constructing \u003ccode\u003eglob::Pattern\u003c/code\u003es for literal known modules (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25123\"\u003e#25123\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCLI\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd TOML examples to \u003ccode\u003e--config\u003c/code\u003e help text (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25013\"\u003e#25013\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eColorize ruff check 'All checks passed' (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25085\"\u003e#25085\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIncrease max allowed value of \u003ccode\u003eline-length\u003c/code\u003e setting (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24962\"\u003e#24962\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eD203\u003c/code\u003e to rules that conflict with the formatter (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25044\"\u003e#25044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClarify \u003ccode\u003eCOM819\u003c/code\u003e and formatter interaction (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25045\"\u003e#25045\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClarify that \u003ccode\u003eNotImplemented\u003c/code\u003e is a value, not an exception (\u003ccode\u003eF901\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25054\"\u003e#25054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate number of lint rules supported (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24942\"\u003e#24942\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSimplify the playground's markdown template (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24924\"\u003e#24924\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MichaReiser\"\u003e\u003ccode\u003e@​MichaReiser\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/2afb467ce397e4a89c13a0a814c62cfecb0e9e49\"\u003e\u003ccode\u003e2afb467\u003c/code\u003e\u003c/a\u003e Bump 0.15.13 (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25157\"\u003e#25157\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/300879600fa3af7cde1e675c63de6ad9d0797d1b\"\u003e\u003ccode\u003e3008796\u003c/code\u003e\u003c/a\u003e [ty] classify TypeVar semantic tokens as type parameters (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24891\"\u003e#24891\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/79470e31877acb6074f3bbff2a49e508822ae4e8\"\u003e\u003ccode\u003e79470e3\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003eisort\u003c/code\u003e] Avoid constructing \u003ccode\u003eglob::Pattern\u003c/code\u003es for literal known modules (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25123\"\u003e#25123\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/2522549901d50f18775999f0fb802b19229417f0\"\u003e\u003ccode\u003e2522549\u003c/code\u003e\u003c/a\u003e Remove shellcheck from prek (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25154\"\u003e#25154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/7db7170020f539d6d2bc01dbd0b0c09fab91dc06\"\u003e\u003ccode\u003e7db7170\u003c/code\u003e\u003c/a\u003e [ty] Support TypedDict key completions in incomplete, anonymous contexts (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25\"\u003e#25\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/bb3dd535f1c5a83e2e56ac93a771fadbeeceebd0\"\u003e\u003ccode\u003ebb3dd53\u003c/code\u003e\u003c/a\u003e [ty] Run full iteration analysis on narrowed typevars (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25143\"\u003e#25143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/828cdb7732efcb16a53f4ee5f011cf653b834d1a\"\u003e\u003ccode\u003e828cdb7\u003c/code\u003e\u003c/a\u003e [ty] Isolate file-watching test environment (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25151\"\u003e#25151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/89e1d8670ea4d3af60c8143ee552dc750200718d\"\u003e\u003ccode\u003e89e1d86\u003c/code\u003e\u003c/a\u003e [ty] Preserve TypedDict keys through dict unpacking (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24523\"\u003e#24523\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/86f3064d6fffa5697d174f26b840bd6857b381da\"\u003e\u003ccode\u003e86f3064\u003c/code\u003e\u003c/a\u003e [ty] Avoid accessing \u003ccode\u003eargs[0]\u003c/code\u003e for \u003ccode\u003estatic_assert\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25149\"\u003e#25149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/ed819f947dc27e36eac8bb3134153c4668d76a3a\"\u003e\u003ccode\u003eed819f9\u003c/code\u003e\u003c/a\u003e [ty] Treat custom enum \u003ccode\u003e__new__\u003c/code\u003e values as dynamic (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25136\"\u003e#25136\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/astral-sh/ruff/compare/0.15.10...0.15.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-aiofiles` from 25.1.0.20260409 to 25.1.0.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-cachetools` from 6.2.0.20260408 to 7.0.0.20260503\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-colorama` from 0.4.15.20260408 to 0.4.15.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-defusedxml` from 0.7.0.20260408 to 0.7.0.20260504\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-deprecated` from 1.3.1.20260408 to 1.3.1.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-docutils` from 0.22.3.20260408 to 0.22.3.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-flask-cors` from 6.0.0.20260408 to 6.0.0.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-flask-migrate` from 4.1.0.20260408 to 4.1.0.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-gevent` from 26.4.0.20260409 to 26.4.0.20260512\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-greenlet` from 3.4.0.20260409 to 3.5.0.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-html5lib` from 1.1.11.20260408 to 1.1.11.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-markdown` from 3.10.2.20260408 to 3.10.2.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-oauthlib` from 3.3.0.20260408 to 3.3.0.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-objgraph` from 3.6.0.20260408 to 3.6.0.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-olefile` from 0.47.0.20260408 to 0.47.0.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-openpyxl` from 3.1.5.20260408 to 3.1.5.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-pexpect` from 4.9.0.20260408 to 4.9.0.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-protobuf` from 7.34.1.20260408 to 7.34.1.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-psutil` from 7.2.2.20260408 to 7.2.2.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-psycopg2` from 2.9.21.20260408 to 2.9.21.20260509\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-pygments` from 2.20.0.20260408 to 2.20.0.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-pymysql` from 1.1.0.20260408 to 1.1.0.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-python-dateutil` from 2.9.0.20260408 to 2.9.0.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-pywin32` from 311.0.0.20260408 to 311.0.0.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-pyyaml` from 6.0.12.20260408 to 6.0.12.20260510\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-regex` from 2026.4.4.20260408 to 2026.5.9.20260510\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-shapely` from 2.1.0.20260408 to 2.1.0.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-simplejson` from 3.20.0.20260408 to 3.20.0.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-tensorflow` from 2.18.0.20260408 to 2.18.0.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-tqdm` from 4.67.3.20260408 to 4.67.3.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `boto3-stubs` from 1.42.88 to 1.43.8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/youtype/mypy_boto3_builder/releases\"\u003eboto3-stubs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.8.0 - Python 3.8 runtime is back\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[services]\u003c/code\u003e \u003ccode\u003einstall_requires\u003c/code\u003e section is calculated based on dependencies in use, so \u003ccode\u003etyping-extensions\u003c/code\u003e version is set properly\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[all]\u003c/code\u003e Replaced \u003ccode\u003etyping\u003c/code\u003e imports with \u003ccode\u003ecollections.abc\u003c/code\u003e with a fallback to \u003ccode\u003etyping\u003c/code\u003e for Python \u0026lt;3.9\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[all]\u003c/code\u003e Added aliases for \u003ccode\u003ebuiltins.list\u003c/code\u003e, \u003ccode\u003ebuiltins.set\u003c/code\u003e, \u003ccode\u003ebuiltins.dict\u003c/code\u003e, and \u003ccode\u003ebuiltins.type\u003c/code\u003e, so Python 3.8 runtime should work as expected again (reported by \u003ca href=\"https://github.com/YHallouard\"\u003e\u003ccode\u003e@​YHallouard\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/youtype/mypy_boto3_builder/issues/340\"\u003e#340\u003c/a\u003e and \u003ca href=\"https://github.com/Omri-Ben-Yair\"\u003e\u003ccode\u003e@​Omri-Ben-Yair\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/youtype/mypy_boto3_builder/issues/336\"\u003e#336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[all]\u003c/code\u003e Unions use the same type annotations as the rest of the structures due to proper fallbacks\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[services]\u003c/code\u003e Universal input/output shapes were not replaced properly in service subresources\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[docs]\u003c/code\u003e Simplified doc links rendering for services\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[services]\u003c/code\u003e Cleaned up unnecessary imports in \u003ccode\u003eclient.pyi\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[builder]\u003c/code\u003e Import records with fallback are always rendered\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/youtype/mypy_boto3_builder/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-jmespath` from 1.1.0.20260408 to 1.1.0.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `hypothesis` from 6.151.12 to 6.152.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/HypothesisWorks/hypothesis/releases\"\u003ehypothesis's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eHypothesis for Python - version 6.152.7\u003c/h2\u003e\n\u003cp\u003eThis patch improves our type hints for \u0026quot;.filter()\u0026quot; to work with\n\u0026quot;typing.TypeGuard\u0026quot;. For example:\u003c/p\u003e\n\u003cp\u003efrom typing import TypeGuard\u003c/p\u003e\n\u003cp\u003efrom hypothesis import strategies as st\u003c/p\u003e\n\u003cp\u003edef is_str(x: object) -\u0026gt; TypeGuard[str]:\nreturn isinstance(x, str)\u003c/p\u003e\n\u003cp\u003es = st.from_type(object).filter(is_str)\u003c/p\u003e\n\u003ch1\u003epreviously: SearchStrategy[object]\u003c/h1\u003e\n\u003ch1\u003enow: SearchStrategy[str]\u003c/h1\u003e\n\u003cp\u003ereveal_type(s)\u003c/p\u003e\n\u003cp\u003e\u003cem\u003e\u003ca href=\"https://hypothesis.readthedocs.io/en/latest/changelog.html#v6-152-7\"\u003eThe canonical version of these notes (with links) is on readthedocs.\u003c/a\u003e\u003c/em\u003e\u003c/p\u003e\n\u003ch2\u003eHypothesis for Python - version 6.152.6\u003c/h2\u003e\n\u003cp\u003eThis patch adds a shrinking pass that tries natural text\ntransformations - unicode decomposition (NFD/NFKD) and case mapping -\non individual characters in string choices.  Failures involving e.g.\n\u0026quot;\u0026quot;À\u0026quot; != \u0026quot;À\u0026quot;.lower()\u0026quot; will now reliably shrink to \u0026quot;\u0026quot;A\u0026quot;\u0026quot; rather than\nsometimes getting stuck on the high-codepoint accented form (issue\n\u003ca href=\"https://redirect.github.com/HypothesisWorks/hypothesis/issues/4725\"\u003e#4725\u003c/a\u003e).\u003c/p\u003e\n\u003cp\u003e\u003cem\u003e\u003ca href=\"https://hypothesis.readthedocs.io/en/latest/changelog.html#v6-152-6\"\u003eThe canonical version of these notes (with links) is on readthedocs.\u003c/a\u003e\u003c/em\u003e\u003c/p\u003e\n\u003ch2\u003eHypothesis for Python - version 6.152.5\u003c/h2\u003e\n\u003cp\u003eThis patch improves the \u0026quot;Phase.explain\u0026quot; phase so that simple cases\nlike \u0026quot;assert n1 == n2\u0026quot; no longer get a misleading \u0026quot;# or any other\ngenerated value\u0026quot; comment (issue \u003ca href=\"https://redirect.github.com/HypothesisWorks/hypothesis/issues/4715\"\u003e#4715\u003c/a\u003e). Before falling back to random\nsampling, we now also try borrowing values from each other arg slice\nwith matching shape.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003e\u003ca href=\"https://hypothesis.readthedocs.io/en/latest/changelog.html#v6-152-5\"\u003eThe canonical version of these notes (with links) is on readthedocs.\u003c/a\u003e\u003c/em\u003e\u003c/p\u003e\n\u003ch2\u003eHypothesis for Python - version 6.152.4\u003c/h2\u003e\n\u003cp\u003eThis patch fixes a rare internal error during \u0026quot;Phase.explain\u0026quot;\nintroduced in version 6.149.0 for certain strategies (issue \u003ca href=\"https://redirect.github.com/HypothesisWorks/hypothesis/issues/4708\"\u003e#4708\u003c/a\u003e).\u003c/p\u003e\n\u003cp\u003e\u003cem\u003e\u003ca href=\"https://hypothesis.readthedocs.io/en/latest/changelog.html#v6-152-4\"\u003eThe canonical version of these notes (with links) is on readthedocs.\u003c/a\u003e\u003c/em\u003e\u003c/p\u003e\n\u003ch2\u003eHypothesis for Python - version 6.152.3\u003c/h2\u003e\n\u003cp\u003eThe \u0026quot;hypothesis-urandom\u0026quot; backend now reads from \u0026quot;/dev/urandom\u0026quot; with\nbuffering disabled, which improves the control of those hooking\n\u0026quot;/dev/urandom\u0026quot; to change or read Hypothesis's random decisions.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003e\u003ca href=\"https://hypothesis.readthedocs.io/en/latest/changelog.html#v6-152-3\"\u003eThe canonical version of these notes (with links) is on readthedocs.\u003c/a\u003e\u003c/em\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/adc8d2d4d3dbdbc640d00e216782ef5dd3611640\"\u003e\u003ccode\u003eadc8d2d\u003c/code\u003e\u003c/a\u003e Bump hypothesis-python version to 6.152.7 and update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/d66ce67fed6cf77dd8bc14fb88f2d97d027458c4\"\u003e\u003ccode\u003ed66ce67\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/HypothesisWorks/hypothesis/issues/4672\"\u003e#4672\u003c/a\u003e from CharString/annotate-filter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/df889578276ee8624e95692ba8f0a57b0a04c487\"\u003e\u003ccode\u003edf88957\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/HypothesisWorks/hypothesis/issues/4727\"\u003e#4727\u003c/a\u003e from hettlage/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/415443cd82dcd389d398a7f36ebf41ea6162a7d6\"\u003e\u003ccode\u003e415443c\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/bfd0ebfe74bcfc0447498259ec008c0fa13ee976\"\u003e\u003ccode\u003ebfd0ebf\u003c/code\u003e\u003c/a\u003e Revert RELEASE.rst to original version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/492f8185f80935a6cfc26e0c54bc9f5aed882c80\"\u003e\u003ccode\u003e492f818\u003c/code\u003e\u003c/a\u003e attempt to de-flake test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/55ab356dc1b96b59821db851ebce3bdf483c2eb6\"\u003e\u003ccode\u003e55ab356\u003c/code\u003e\u003c/a\u003e fix release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/7fd8e506efc43ce9b0d19993fc2cf8eb759d273f\"\u003e\u003ccode\u003e7fd8e50\u003c/code\u003e\u003c/a\u003e simplify type hints\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/c8b952ed27af8aa7f5fcc90c136f4dfff649adc7\"\u003e\u003ccode\u003ec8b952e\u003c/code\u003e\u003c/a\u003e Merge remote-tracking branch 'upstream/master' into annotate-filter-4672\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/b2e8d8968eb3fd85391febfe96ea24703faf23a9\"\u003e\u003ccode\u003eb2e8d89\u003c/code\u003e\u003c/a\u003e add tests and release notes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/HypothesisWorks/hypothesis/compare/hypothesis-python-6.151.12...hypothesis-python-6.152.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-cffi` from 2.0.0.20260408 to 2.0.0.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-setuptools` from 82.0.0.20260408 to 82.0.0.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `scipy-stubs` from 1.17.1.3 to 1.17.1.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/scipy/scipy-stubs/releases\"\u003escipy-stubs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.17.1.4\u003c/h2\u003e\n\u003cp\u003eThis release targets \u003ca href=\"https://github.com/scipy/scipy/releases/tag/v1.17.1\"\u003eSciPy 1.17.1\u003c/a\u003e and supports Python 3.11-3.14, \u003ca href=\"https://github.com/numpy/numpy\"\u003eNumPy\u003c/a\u003e 1.26-2.4, and \u003ca href=\"https://github.com/jorenham/optype\"\u003eoptype\u003c/a\u003e 0.14-0.18.\u003c/p\u003e\n\u003ch1\u003e:trophy: Release Highlights\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 Fix \u003ccode\u003eapprox_fprime\u003c/code\u003e and \u003ccode\u003enewton\u003c/code\u003e to accept functions returning n-D arrays in \u003ccode\u003escipy.optimize\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e✨ Improved shape-typing support for statistical testing functions in \u003ccode\u003escipy.stats\u003c/code\u003e and FFT shifting functions in \u003ccode\u003escipy.fft\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🔒️ Enforce \u003ca href=\"https://github.com/zizmorcore/zizmor\"\u003ezizmor\u003c/a\u003e to improve security in GitHub Actions and dependabot (guard against supply-chain attacks, cache poisoning, etc.).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003e✨ Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esignal\u003c/code\u003e: stub the private \u003ccode\u003e_signal_api\u003c/code\u003e module by \u003ca href=\"https://github.com/jorenham\"\u003e\u003ccode\u003e@​jorenham\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scipy/scipy-stubs/pull/1492\"\u003escipy/scipy-stubs#1492\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003esignal\u003c/code\u003e: stub the private \u003ccode\u003e_delegators\u003c/code\u003e module by \u003ca href=\"https://github.com/jorenham\"\u003e\u003ccode\u003e@​jorenham\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scipy/scipy-stubs/pull/1493\"\u003escipy/scipy-stubs#1493\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003estats\u003c/code\u003e: improved \u003ccode\u003eks_2samp\u003c/code\u003e shape-typing by \u003ca href=\"https://github.com/jorenham\"\u003e\u003ccode\u003e@​jorenham\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scipy/scipy-stubs/pull/1494\"\u003escipy/scipy-stubs#1494\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003estats\u003c/code\u003e: improved \u003ccode\u003ebrunnermunzel\u003c/code\u003e shape-typing by \u003ca href=\"https://github.com/jorenham\"\u003e\u003ccode\u003e@​jorenham\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scipy/scipy-stubs/pull/1497\"\u003escipy/scipy-stubs#1497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003estats\u003c/code\u003e: improved \u003ccode\u003ef_oneway\u003c/code\u003e shape-typing by \u003ca href=\"https://github.com/jorenham\"\u003e\u003ccode\u003e@​jorenham\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scipy/scipy-stubs/pull/1499\"\u003escipy/scipy-stubs#1499\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003estats\u003c/code\u003e: improved \u003ccode\u003ekruskal\u003c/code\u003e shape-typing by \u003ca href=\"https://github.com/jorenham\"\u003e\u003ccode\u003e@​jorenham\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scipy/scipy-stubs/pull/1500\"\u003escipy/scipy-stubs#1500\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003estats\u003c/code\u003e: improved \u003ccode\u003esigmaclip\u003c/code\u003e dtypes by \u003ca href=\"https://github.com/jorenham\"\u003e\u003ccode\u003e@​jorenham\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scipy/scipy-stubs/pull/1501\"\u003escipy/scipy-stubs#1501\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003efftpack\u003c/code\u003e: improve return dtypes for real transforms by \u003ca href=\"https://github.com/Deshan-5\"\u003e\u003ccode\u003e@​Deshan-5\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scipy/scipy-stubs/pull/1509\"\u003escipy/scipy-stubs#1509\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003esignal\u003c/code\u003e: improve \u003ccode\u003elp2{lp,hp,bp,bs}[_zpk]\u003c/code\u003e and \u003ccode\u003ebilinear_zpk\u003c/code\u003e by \u003ca href=\"https://github.com/Aniketsy\"\u003e\u003ccode\u003e@​Aniketsy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scipy/scipy-stubs/pull/1523\"\u003escipy/scipy-stubs#1523\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003estats.dunnett\u003c/code\u003e: support for \u003ccode\u003elongdouble\u003c/code\u003e dtypes by \u003ca href=\"https://github.com/Aniketsy\"\u003e\u003ccode\u003e@​Aniketsy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scipy/scipy-stubs/pull/1528\"\u003escipy/scipy-stubs#1528\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003efft\u003c/code\u003e: \u003ccode\u003efftshift\u003c/code\u003e and \u003ccode\u003eifftshift\u003c/code\u003e shape-typing support by \u003ca href=\"https://github.com/Aniketsy\"\u003e\u003ccode\u003e@​Aniketsy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scipy/scipy-stubs/pull/1532\"\u003escipy/scipy-stubs#1532\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🐛 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e_lib._uarray._backend\u003c/code\u003e: fix \u003ccode\u003ewrap_single_convertor[_instance]\u003c/code\u003e overloads by \u003ca href=\"https://github.com/jorenham\"\u003e\u003ccode\u003e@​jorenham\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scipy/scipy-stubs/pull/1481\"\u003escipy/scipy-stubs#1481\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eoptimize\u003c/code\u003e: add vector-valued \u003ccode\u003eapprox_fprime\u003c/code\u003e overload by \u003ca href=\"https://github.com/fbourgey\"\u003e\u003ccode\u003e@​fbourgey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scipy/scipy-stubs/pull/1530\"\u003escipy/scipy-stubs#1530\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003efft\u003c/code\u003e: \u003ccode\u003e[i]fftshift\u003c/code\u003e dtype preservation for int and bool inputs by \u003ca href=\"https://github.com/Aniketsy\"\u003e\u003ccode\u003e@​Aniketsy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scipy/scipy-stubs/pull/1533\"\u003escipy/scipy-stubs#1533\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eoptimize\u003c/code\u003e: generalize \u003ccode\u003enewton\u003c/code\u003e overloads to ND arrays by \u003ca href=\"https://github.com/fbourgey\"\u003e\u003ccode\u003e@​fbourgey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scipy/scipy-stubs/pull/1534\"\u003escipy/scipy-stubs#1534\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e↪️ Workarounds\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esparse\u003c/code\u003e: improve CSC and CSR array/matrix constructor compatibility with mypy by \u003ca href=\"https://github.com/jorenham\"\u003e\u003ccode\u003e@​jorenham\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scipy/scipy-stubs/pull/1485\"\u003escipy/scipy-stubs#1485\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e📝 Documentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd Monad to the list of downstream projects by \u003ca href=\"https://github.com/jorenham\"\u003e\u003ccode\u003e@​jorenham\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scipy/scipy-stubs/pull/1498\"\u003escipy/scipy-stubs#1498\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🧹 Maintenance\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e🔖 prepare for further development by \u003ca href=\"https://github.com/jorenham\"\u003e\u003ccode\u003e@​jorenham\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scipy/scipy-stubs/pull/1480\"\u003escipy/scipy-stubs#1480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e⬆️ Update uv-build requirement from \u0026lt;0.11,\u0026gt;=0.10.9 to \u0026gt;=0.10.9,\u0026lt;0.12 in the actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/scipy/scipy-stubs/pull/1482\"\u003escipy/scipy-stubs#1482\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e⬆️ ty 0.0.25 by \u003ca href=\"https://github.com/jorenham\"\u003e\u003ccode\u003e@​jorenham\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scipy/scipy-stubs/pull/1483\"\u003escipy/scipy-stubs#1483\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scipy/scipy-stubs/commit/ff66e8a4a3b9fec77d32193965e4ad3d9acfea84\"\u003e\u003ccode\u003eff66e8a\u003c/code\u003e\u003c/a\u003e 🔖 scipy-stubs 1.17.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scipy/scipy-stubs/commit/1ba8ccfa1942dff275792fc486656e3fe12f4ee6\"\u003e\u003ccode\u003e1ba8ccf\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/scipy/scipy-stubs/issues/1546\"\u003e#1546\u003c/a\u003e from scipy/fix-mypy_primer-comment-workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scipy/scipy-stubs/commit/b4beb7de3cc744f24a0f017b81b9a58202e8e9aa\"\u003e\u003ccode\u003eb4beb7d\u003c/code\u003e\u003c/a\u003e 💚 fix mypy_primer comment workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scipy/scipy-stubs/commit/74945653316a671d475f06f86520f378f3c420b9\"\u003e\u003ccode\u003e7494565\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/scipy/scipy-stubs/issues/1545\"\u003e#1545\u003c/a\u003e from scipy/bump-mypy-pyrefly\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scipy/scipy-stubs/commit/12f0735b88e3fe47860b2e4f9a5074a277e0cf50\"\u003e\u003ccode\u003e12f0735\u003c/code\u003e\u003c/a\u003e ⬆️ mypy 1.20.1 and pyrefly 0.60.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scipy/scipy-stubs/commit/b9efc6fb754a4be43ffd7443713f744e419951bf\"\u003e\u003ccode\u003eb9efc6f\u003c/code\u003e\u003c/a\u003e ✨ \u003ccode\u003efft\u003c/code\u003e: \u003ccode\u003efftshift\u003c/code\u003e and \u003ccode\u003eifftshift\u003c/code\u003e shape-typing support (\u003ca href=\"https://redirect.github.com/scipy/scipy-stubs/issues/1532\"\u003e#1532\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scipy/scipy-stubs/commit/009d10ed67d5e8d3657750bb455d7b7a2cdd8496\"\u003e\u003ccode\u003e009d10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/scipy/scipy-stubs/issues/1544\"\u003e#1544\u003c/a\u003e from scipy/zizmor/update_dprint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scipy/scipy-stubs/commit/cac2b4a50fcc32a7dbd68742d20fc85b05570cca\"\u003e\u003ccode\u003ecac2b4a\u003c/code\u003e\u003c/a\u003e 🔒️ fix zizmor \u003ccode\u003e--pedantic\u003c/code\u003e audits in \u003ccode\u003eupdate_dprint.yml\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scipy/scipy-stubs/commit/cab3222674d15ce35370a8852d541439131e6035\"\u003e\u003ccode\u003ecab3222\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/scipy/scipy-stubs/issues/1543\"\u003e#1543\u003c/a\u003e from scipy/zizmor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scipy/scipy-stubs/commit/483a2d3d7b95b5cda285ac4788ec66008e06852b\"\u003e\u003ccode\u003e483a2d3\u003c/code\u003e\u003c/a\u003e 💡 ignore zizmor error\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/scipy/scipy-stubs/compare/v1.17.1.3...v1.17.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `celery-types` from 0.23.0 to 0.26.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sbdchd/celery-types/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mypy` from 1.20.1 to 2.1.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python/mypy/blob/master/CHANGELOG.md\"\u003emypy's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eMypy Release Notes\u003c/h1\u003e\n\u003ch2\u003eNext Release\u003c/h2\u003e\n\u003ch2\u003eMypy 2.1\u003c/h2\u003e\n\u003cp\u003eWe’ve just uploaded mypy 2.1.0 to the Python Package Index (\u003ca href=\"https://pypi.org/project/mypy/\"\u003ePyPI\u003c/a\u003e).\nMypy is a static type checker for Python. This release includes new features, performance\nimprovements and bug fixes. You can install it as follows:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epython3 -m pip install -U mypy\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eYou can read the full documentation for this release on \u003ca href=\"http://mypy.readthedocs.io\"\u003eRead the Docs\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003elibrt.vecs: Fast Growable Array Type for Mypyc\u003c/h3\u003e\n\u003cp\u003eThe new \u003ccode\u003elibrt.vecs\u003c/code\u003e module provides an efficient growable array type \u003ccode\u003evec\u003c/code\u003e that is\noptimized for mypyc use. It provides fast, packed arrays with integer and floating point\nvalue types, which can be \u003cstrong\u003eseveral times faster\u003c/strong\u003e than \u003ccode\u003elist\u003c/code\u003e, and tens of times faster\nthan \u003ccode\u003earray.array\u003c/code\u003e in code compiled using mypyc. It also supports nested \u003ccode\u003evec\u003c/code\u003e objects and\nnon-value-type items, such as \u003ccode\u003evec[vec[str]]\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eRefer to the \u003ca href=\"https://mypyc.readthedocs.io/en/latest/librt_vecs.html\"\u003edocumentation\u003c/a\u003e for\nthe details.\u003c/p\u003e\n\u003cp\u003eContributed by Jukka Lehtosalo.\u003c/p\u003e\n\u003ch3\u003elibrt.random: Fast Pseudo-Random Number Generation\u003c/h3\u003e\n\u003cp\u003eThe new \u003ccode\u003elibrt.random\u003c/code\u003e module provides fast pseudo-random number generation that is\noptimized for code compiled using mypyc. It can be 3x to 10x faster than the stdlib\n\u003ccode\u003erandom\u003c/code\u003e module in compiled code.\u003c/p\u003e\n\u003cp\u003eRefer to the \u003ca href=\"https://mypyc.readthedocs.io/en/latest/librt_random.html\"\u003edocumentation\u003c/a\u003e for\nthe details.\u003c/p\u003e\n\u003cp\u003eContributed by Jukka Lehtosalo (PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21433\"\u003e21433\u003c/a\u003e).\u003c/p\u003e\n\u003ch3\u003eMypyc Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMake compilation order with multiple files consistent (Piotr Sawicki, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21419\"\u003e21419\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash on accessing \u003ccode\u003eStopAsyncIteration\u003c/code\u003e (Piotr Sawicki, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21406\"\u003e21406\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix incremental compilation with \u003ccode\u003eseparate\u003c/code\u003e flag (Vaggelis Danias, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21299\"\u003e21299\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes to Crashes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix crash on partial type with \u003ccode\u003e--allow-redefinition\u003c/code\u003e and \u003ccode\u003eglobal\u003c/code\u003e declaration (Jukka Lehtosalo, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21428\"\u003e21428\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix broken awaitable generator patching (Ivan Levkivskyi, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21435\"\u003e21435\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges to Messages\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/c1c336d7e34eb313080c79b156518c58d27c7234\"\u003e\u003ccode\u003ec1c336d\u003c/code\u003e\u003c/a\u003e Remove +dev from version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/74df14b7cbf08140236aa45bbb7f42219b0b1df7\"\u003e\u003ccode\u003e74df14b\u003c/code\u003e\u003c/a\u003e Add changelog for mypy 2.1 (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21464\"\u003e#21464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/022d9bc96f86c40f338a5cf150f1806cc8f300ff\"\u003e\u003ccode\u003e022d9bc\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;TypeForm: Enable by default (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21262\"\u003e#21262\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/8826288214f1cb31496e610667481221e025359c\"\u003e\u003ccode\u003e8826288\u003c/code\u003e\u003c/a\u003e [mypyc] Document librt.random (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21463\"\u003e#21463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/3f4067b699dbe52d08e42ef3b3ebfdebdc06bd96\"\u003e\u003ccode\u003e3f4067b\u003c/code\u003e\u003c/a\u003e Bump librt version to 0.11.0 (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21458\"\u003e#21458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/2b1eb58a250c5f1eb4ef5fb1f312ff528c5a1d4e\"\u003e\u003ccode\u003e2b1eb58\u003c/code\u003e\u003c/a\u003e [mypyc] Enable incremental self-compilation (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21369\"\u003e#21369\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/8152f4af3f6c03beaf2660026240f0fdce7feecc\"\u003e\u003ccode\u003e8152f4a\u003c/code\u003e\u003c/a\u003e Respect file config comments for stale modules (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21444\"\u003e#21444\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/116d60bdd3fdfe8d97c6afe99370910db56f1b92\"\u003e\u003ccode\u003e116d60b\u003c/code\u003e\u003c/a\u003e Fix nondeterminism from nonassociativity of overload joins (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21455\"\u003e#21455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/6c4af8e42110cea3f84bc02add2ca7b89c268210\"\u003e\u003ccode\u003e6c4af8e\u003c/code\u003e\u003c/a\u003e Fix function call message change for small number of args (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21432\"\u003e#21432\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/4b8fdcaf24032592510e8f15421fb32d82a71800\"\u003e\u003ccode\u003e4b8fdca\u003c/code\u003e\u003c/a\u003e [mypyc] Add librt.random module (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21433\"\u003e#21433\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python/mypy/compare/v1.20.1...v2.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyrefly` from 0.60.0 to 1.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/facebook/pyrefly/releases\"\u003epyrefly's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ePyrefly v1.0.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eStatus: STABLE\u003c/strong\u003e\n\u003cem\u003eRelease date: 12 May 2026\u003c/em\u003e\u003c/p\u003e\n\u003ch2\u003ePyrefly v1.0.0 is here!\u003c/h2\u003e\n\u003cp\u003eWe're thrilled to announce that Pyrefly has reached its stable 1.0.0 release! Since our \u003ca href=\"https://github.com/facebook/pyrefly/releases/tag/0.42.0\"\u003ebeta release\u003c/a\u003e in November 2025, we've fixed hundreds of bugs, improved performance, and added lots of new functionality. Pyrefly is already the default type checker for Instagram at Meta and has been adopted by other large production codebases like PyTorch and JAX. Today, we're making it official: Pyrefly is production ready.\u003c/p\u003e\n\u003cp\u003eThis would not have been possible without our amazing open-source community. To everyone who filed GitHub issues, submitted pull requests, gave us feedback at conferences, or joined us on Discord: thank you. Your contributions shaped this release.\u003c/p\u003e\n\u003cp\u003eThese release notes cover the major highlights since our beta release. For the full history, see our \u003ca href=\"https://github.com/facebook/pyrefly/releases\"\u003epast weekly release notes\u003c/a\u003e.\u003c/p\u003e\n\u003chr /\u003e\n\u003ch2\u003ePerformance Improvements\u003c/h2\u003e\n\u003cp\u003eWe've continued to push Pyrefly's performance since the \u003ca href=\"https://pyrefly.org/blog/2026/02/06/performance-improvements/\"\u003espeed improvements we shared in February\u003c/a\u003e. Since beta:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e2–125x faster updated diagnostics\u003c/strong\u003e after saving a file (no, that’s not a typo!). Thanks to fine-grained dependency tracking and streaming diagnostics, updates now consistently arrive in milliseconds\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e20–36% faster full type checking\u003c/strong\u003e on large projects like PyTorch and Pandas\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e2–3x faster initial indexing\u003c/strong\u003e when Pyrefly first scans your project\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e40–60% less memory usage\u003c/strong\u003e during both indexing and incremental type checking\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e(Tested on an M4 Macbook Pro using open-source benchmarks from \u003ca href=\"https://github.com/lolpack/type_coverage_py\"\u003etype_coverage_py\u003c/a\u003e and \u003ca href=\"https://github.com/astral-sh/ruff/tree/e990dfd069fceef96f797b46161ef78862608449/scripts/ty_benchmark\"\u003ety_benchmark\u003c/a\u003e.)\u003c/p\u003e\n\u003cp\u003eCompare the performance of Pyrefly and other Python type checkers on our regularly updated \u003ca href=\"https://python-type-checking.com/typecheck_benchmark/\"\u003ebenchmarking suite\u003c/a\u003e, which runs against 53 popular Python packages.\u003c/p\u003e\n\u003chr /\u003e\n\u003ch2\u003eConfiguration Presets\u003c/h2\u003e\n\u003cp\u003eA new \u003ccode\u003epreset\u003c/code\u003e configuration option provides named bundles of error severities and behavior settings.\u003c/p\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth align=\"left\"\u003ePreset\u003c/th\u003e\n\u003cth align=\"left\"\u003eDescription\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd align=\"left\"\u003e\u003ccode\u003eoff\u003c/code\u003e\u003c/td\u003e\n\u003ctd align=\"left\"\u003eSilences all diagnostics. Useful for IDE-only users or if you want total control of which errors are enabled.\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd align=\"left\"\u003e\u003ccode\u003ebasic\u003c/code\u003e\u003c/td\u003e\n\u003ctd align=\"left\"\u003eLow-noise, high-confidence diagnostics only (syntax errors, missing imports, unknown names, etc.). Ideal for unconfigured projects or IDE-first users.\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd align=\"left\"\u003e\u003ccode\u003elegacy\u003c/code\u003e\u003c/td\u003e\n\u003ctd align=\"left\"\u003eFor codebases migrating from mypy. Disables checks mypy doesn't have. \u003ccode\u003epyrefly init\u003c/code\u003e now emits this preset automatically when migrating from a mypy config.\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd align=\"left\"\u003e\u003ccode\u003edefault\u003c/code\u003e\u003c/td\u003e\n\u003ctd align=\"left\"\u003eThe standard Pyrefly experience. Equivalent to having no preset.\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd align=\"left\"\u003e\u003ccode\u003estrict\u003c/code\u003e\u003c/td\u003e\n\u003ctd align=\"left\"\u003eEnables additional strict checks on top of the \u003ccode\u003edefault\u003c/code\u003e preset. For users who want to avoid \u003ccode\u003eAny\u003c/code\u003e types in their codebase.\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003cp\u003eSee the \u003ca href=\"https://pyrefly.org/en/docs/configuration/#preset\"\u003econfiguration docs\u003c/a\u003e for details.\u003c/p\u003e\n\u003chr /\u003e\n\u003ch2\u003eOnboarding Experience\u003c/h2\u003e\n\u003cp\u003eWe’ve made improvements to the out-of-the-box experience for projects without a \u003ccode\u003epyrefly.toml\u003c/code\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eAutomatic config synthesis\u003c/strong\u003e — if you have a mypy or pyright config, Pyrefly automatically migrates your settings and synthesizes an appropriate in-memory Pyrefly config. (This is the same migration that \u003ccode\u003epyrefly init\u003c/code\u003e would commit to disk.)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facebook/pyrefly/commit/2362c071caa576f9112781b5571f9e283cd52920\"\u003e\u003ccode\u003e2362c07\u003c/code\u003e\u003c/a\u003e Bump to version 1.0.0 with release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facebook/pyrefly/commit/471bb8316cf40e9d29cbc79d5c701a7dec3ab6b5\"\u003e\u003ccode\u003e471bb83\u003c/code\u003e\u003c/a\u003e Prep README.md and pyproject.toml for V1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facebook/pyrefly/commit/f2c6df4c66c726af4c7603272da47b65d91d4d4c\"\u003e\u003ccode\u003ef2c6df4\u003c/code\u003e\u003c/a\u003e Use vanity URLs for unconfigured-config upsell\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facebook/pyrefly/commit/d5bf386fd24f8969506f2edd0e06c3896962dbce\"\u003e\u003ccode\u003ed5bf386\u003c/code\u003e\u003c/a\u003e Fix TSP extra IPC connection shutdown hang (\u003ca href=\"https://redirect.github.com/facebook/pyrefly/issues/3287\"\u003e#3287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facebook/pyrefly/commit/e0a91be41640e70e0cd45a57eae98eecf86459a4\"\u003e\u003ccode\u003ee0a91be\u003c/code\u003e\u003c/a\u003e do not send snapshotchanged to extra connections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facebook/pyrefly/commit/3df562c8165ea2ac69b389eb1552f9dbf5c18573\"\u003e\u003ccode\u003e3df562c\u003c/code\u003e\u003c/a\u003e extract TypeErrorDisplayStatus into its own module\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facebook/pyrefly/commit/71ff2a5cbc7ce9a82e758174fe25274256728c28\"\u003e\u003ccode\u003e71ff2a5\u003c/code\u003e\u003c/a\u003e upgrade\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facebook/pyrefly/commit/b3d41027a20764fd076c7af89d9dbb45e64dd458\"\u003e\u003ccode\u003eb3d4102\u003c/code\u003e\u003c/a\u003e Strip debuginfo from release binaries to reduce binary size\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facebook/pyrefly/commit/ccb904d47281c22195839bcc714eb1c38256e690\"\u003e\u003ccode\u003eccb904d\u003c/code\u003e\u003c/a\u003e Fix Pyrefly regression with imported TypeVars via attribute access (\u003ca href=\"https://redirect.github.com/facebook/pyrefly/issues/3333\"\u003e#3333\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facebook/pyrefly/commit/fb2ef608a2bb9b896a0232be0783338eea3b028a\"\u003e\u003ccode\u003efb2ef60\u003c/code\u003e\u003c/a\u003e support vscode-python-environments extension (\u003ca href=\"https://redirect.github.com/facebook/pyrefly/issues/3327\"\u003e#3327\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/facebook/pyrefly/compare/0.60.0...1.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/NH3CH2COOH/dify-for-adaption/pull/27","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/NH3CH2COOH%2Fdify-for-adaption/issues/27","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/27/packages"},{"uuid":"4450182039","node_id":"PR_kwDOSQXwv87bumta","number":67,"state":"open","title":"chore(deps): bump the uv-dependencies group across 1 directory with 33 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-14T23:56:49.000Z","updated_at":"2026-05-14T23:58:14.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv-dependencies","update_count":33,"packages":[{"name":"apprise","old_version":"1.9.9","new_version":"1.10.0","repository_url":"https://github.com/caronc/apprise"},{"name":"cryptography","old_version":"46.0.7","new_version":"48.0.0","repository_url":"https://github.com/pyca/cryptography"},{"name":"pytz","old_version":"2026.1.post1","new_version":"2026.2","repository_url":"https://github.com/stub42/pytz"},{"name":"cyclopts","old_version":"4.10.2","new_version":"4.12.0","repository_url":"https://github.com/BrianPugh/cyclopts"},{"name":"cachetools","old_version":"7.0.6","new_version":"7.1.1","repository_url":"https://github.com/tkem/cachetools"},{"name":"coolname","old_version":"4.2.0","new_version":"5.0.0","repository_url":"https://github.com/alexanderlukanin13/coolname"},{"name":"fastapi","old_version":"0.136.0","new_version":"0.136.1","repository_url":"https://github.com/fastapi/fastapi"},{"name":"fsspec","old_version":"2026.3.0","new_version":"2026.4.0","repository_url":"https://github.com/fsspec/filesystem_spec"},{"name":"opentelemetry-api","old_version":"1.39.1","new_version":"1.41.1","repository_url":"https://github.com/open-telemetry/opentelemetry-python"},{"name":"orjson","old_version":"3.11.8","new_version":"3.11.9","repository_url":"https://github.com/ijl/orjson"},{"name":"packaging","old_version":"26.1","new_version":"26.2","repository_url":"https://github.com/pypa/packaging"},{"name":"pydantic","old_version":"2.13.3","new_version":"2.13.4","repository_url":"https://github.com/pydantic/pydantic"},{"name":"pydantic-settings","old_version":"2.14.0","new_version":"2.14.1","repository_url":"https://github.com/pydantic/pydantic-settings"},{"name":"uvicorn","old_version":"0.45.0","new_version":"0.47.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"pydocket","old_version":"0.19.2","new_version":"0.20.2","repository_url":"https://github.com/chrisguidry/docket"},{"name":"uv","old_version":"0.11.7","new_version":"0.11.14","repository_url":"https://github.com/astral-sh/uv"},{"name":"prefect-dbt","old_version":"0.7.23","new_version":"0.7.24","repository_url":"https://github.com/PrefectHQ/prefect"},{"name":"prefect-redis","old_version":"0.2.10","new_version":"0.2.11","repository_url":"https://github.com/PrefectHQ/prefect"},{"name":"moto","old_version":"5.1.22","new_version":"5.2.1","repository_url":"https://github.com/getmoto/moto"},{"name":"pyright","old_version":"1.1.408","new_version":"1.1.409","repository_url":"https://github.com/RobertCraigie/pyright-python"},{"name":"virtualenv","old_version":"21.2.4","new_version":"21.3.3","repository_url":"https://github.com/pypa/virtualenv"},{"name":"ruff","old_version":"0.15.11","new_version":"0.15.13","repository_url":"https://github.com/astral-sh/ruff"},{"name":"types-cachetools","old_version":"6.2.0.20260408","new_version":"7.0.0.20260503","repository_url":"https://github.com/python/typeshed"},{"name":"types-pyyaml","old_version":"6.0.12.20260408","new_version":"6.0.12.20260510","repository_url":"https://github.com/python/typeshed"},{"name":"types-dateparser","old_version":"1.4.0.20260408","new_version":"1.4.0.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"pytest-codspeed","old_version":"4.4.0","new_version":"5.0.2","repository_url":"https://github.com/CodSpeedHQ/pytest-codspeed"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv-dependencies group with 26 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [apprise](https://github.com/caronc/apprise) | `1.9.9` | `1.10.0` |\n| [cryptography](https://github.com/pyca/cryptography) | `46.0.7` | `48.0.0` |\n| [pytz](https://github.com/stub42/pytz) | `2026.1.post1` | `2026.2` |\n| [cyclopts](https://github.com/BrianPugh/cyclopts) | `4.10.2` | `4.12.0` |\n| [cachetools](https://github.com/tkem/cachetools) | `7.0.6` | `7.1.1` |\n| [coolname](https://github.com/alexanderlukanin13/coolname) | `4.2.0` | `5.0.0` |\n| [fastapi](https://github.com/fastapi/fastapi) | `0.136.0` | `0.136.1` |\n| [fsspec](https://github.com/fsspec/filesystem_spec) | `2026.3.0` | `2026.4.0` |\n| [opentelemetry-api](https://github.com/open-telemetry/opentelemetry-python) | `1.39.1` | `1.41.1` |\n| [orjson](https://github.com/ijl/orjson) | `3.11.8` | `3.11.9` |\n| [packaging](https://github.com/pypa/packaging) | `26.1` | `26.2` |\n| [pydantic](https://github.com/pydantic/pydantic) | `2.13.3` | `2.13.4` |\n| [pydantic-settings](https://github.com/pydantic/pydantic-settings) | `2.14.0` | `2.14.1` |\n| [uvicorn](https://github.com/Kludex/uvicorn) | `0.45.0` | `0.47.0` |\n| [pydocket](https://github.com/chrisguidry/docket) | `0.19.2` | `0.20.2` |\n| [uv](https://github.com/astral-sh/uv) | `0.11.7` | `0.11.14` |\n| [prefect-dbt](https://github.com/PrefectHQ/prefect) | `0.7.23` | `0.7.24` |\n| [prefect-redis](https://github.com/PrefectHQ/prefect) | `0.2.10` | `0.2.11` |\n| [moto](https://github.com/getmoto/moto) | `5.1.22` | `5.2.1` |\n| [pyright](https://github.com/RobertCraigie/pyright-python) | `1.1.408` | `1.1.409` |\n| [virtualenv](https://github.com/pypa/virtualenv) | `21.2.4` | `21.3.3` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.15.11` | `0.15.13` |\n| [types-cachetools](https://github.com/python/typeshed) | `6.2.0.20260408` | `7.0.0.20260503` |\n| [types-pyyaml](https://github.com/python/typeshed) | `6.0.12.20260408` | `6.0.12.20260510` |\n| [types-dateparser](https://github.com/python/typeshed) | `1.4.0.20260408` | `1.4.0.20260508` |\n| [pytest-codspeed](https://github.com/CodSpeedHQ/pytest-codspeed) | `4.4.0` | `5.0.2` |\n\n\nUpdates `apprise` from 1.9.9 to 1.10.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/caronc/apprise/releases\"\u003eapprise's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.10.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eThe big wow factor of this release would be the huge effort put into Matrix E2EE built into Apprise without adding overhead to the plugin itself. Huge props to those that helped out.  Other than that, a few more services have been added (137 supported now :rocket: ).\u003c/p\u003e\n\u003cp\u003eThe official documentation website (\u003ca href=\"https://appriseit.com\"\u003ehttps://appriseit.com\u003c/a\u003e) got a nice cleanup; the Service listings are now searchable; some nice tweaks to the URL Builder as well.\u003c/p\u003e\n\u003ch3\u003e:mega: New Notification Services:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOpsgenie functionality ported to jira:// in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1273\"\u003ecaronc/apprise#1273\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEvolution API (WhatsApp) notification plugin by \u003ca href=\"https://github.com/opastorello\"\u003e\u003ccode\u003e@​opastorello\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1579\"\u003ecaronc/apprise#1579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded blink(1) support in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1578\"\u003ecaronc/apprise#1578\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExotel Support in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/782\"\u003ecaronc/apprise#782\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded Octopush Support in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/622\"\u003ecaronc/apprise#622\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded Postmark support in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1590\"\u003ecaronc/apprise#1590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:lady_beetle:  Bugfixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003entfy:// tags= changed to xtags= in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1555\"\u003ecaronc/apprise#1555\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003ethis allows tags to work again correctly for those dependant on it; previously \u003ccode\u003etags=\u003c/code\u003e conflicted with \u003ccode\u003etags=\u003c/code\u003e in Apprise)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eXMPP server hostname can differentiate to what is found in JID in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1560\"\u003ecaronc/apprise#1560\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efixed issue with mailto:// when using yahoo.com in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1561\"\u003ecaronc/apprise#1561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFluxer time dependant unittest assertion optimized for slower systems in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1566\"\u003ecaronc/apprise#1566\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efixed templating references impacting url generation (on \u003ca href=\"https://appriseit.com\"\u003ehttps://appriseit.com\u003c/a\u003e) in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1582\"\u003ecaronc/apprise#1582\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efixed KeyError Exception thrown when certain emoji's specified in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1592\"\u003ecaronc/apprise#1592\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:bulb: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the Dot. (Quote/0) plugin from API v1 to API v2 by \u003ca href=\"https://github.com/HerbertGao\"\u003e\u003ccode\u003e@​HerbertGao\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1512\"\u003ecaronc/apprise#1512\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated Dot. plugin to better align with Apprise in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1588\"\u003ecaronc/apprise#1588\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eURLs that can not be loaded are more verbose for the reasoning in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1568\"\u003ecaronc/apprise#1568\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWebex wxteams:// Bot API Support in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1567\"\u003ecaronc/apprise#1567\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efixes parse_url() -\u0026gt; url() -\u0026gt; parse_url() inconsistency in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1572\"\u003ecaronc/apprise#1572\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePushover Delivery Group Support in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1563\"\u003ecaronc/apprise#1563\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMatrix token template cleanup in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1573\"\u003ecaronc/apprise#1573\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efcm:// add apns-push-type header for reliable iOS delivery by \u003ca href=\"https://github.com/AlbertoLanaro\"\u003e\u003ccode\u003e@​AlbertoLanaro\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1577\"\u003ecaronc/apprise#1577\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHome Assistant \u0026quot;Service' Notification Support Added (extension to what was already there) in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1294\"\u003ecaronc/apprise#1294\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded attachment support to Mattermost in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1583\"\u003ecaronc/apprise#1583\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e:fire: Matrix E2EE Support in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1574\"\u003ecaronc/apprise#1574\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMatrix Hookshot support added in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1586\"\u003ecaronc/apprise#1586\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMastodon supports hashtag/user references in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1587\"\u003ecaronc/apprise#1587\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePushPlus refactored to support more options in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1589\"\u003ecaronc/apprise#1589\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInproved azure:// error handling and message responses in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1499\"\u003ecaronc/apprise#1499\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:heart: Life-Cycle Support\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate LoC badge by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1554\"\u003ecaronc/apprise#1554\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMemory-Optimized Plugin Management in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1557\"\u003ecaronc/apprise#1557\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRuff linter configuration updated and applied to entire codebase in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1562\"\u003ecaronc/apprise#1562\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ei18n(pt_BR): add Brazilian Portuguese translation by \u003ca href=\"https://github.com/opastorello\"\u003e\u003ccode\u003e@​opastorello\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1580\"\u003ecaronc/apprise#1580\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ei18n(es): add Spanish translation by \u003ca href=\"https://github.com/opastorello\"\u003e\u003ccode\u003e@​opastorello\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1581\"\u003ecaronc/apprise#1581\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eInstallation\u003c/h2\u003e\n\u003cp\u003eApprise is available \u003ca href=\"https://pypi.org/project/apprise/\"\u003eon PyPI\u003c/a\u003e through \u003cem\u003epip\u003c/em\u003e:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/caronc/apprise/commit/343c960969477b60df580f70294ce966bb4b0ce2\"\u003e\u003ccode\u003e343c960\u003c/code\u003e\u003c/a\u003e bummped version to v1.10.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/caronc/apprise/commit/67b523077173bcf8c717b0e567b7d2e7251d21e1\"\u003e\u003ccode\u003e67b5230\u003c/code\u003e\u003c/a\u003e Inproved azure:// error handling and message responses (\u003ca href=\"https://redirect.github.com/caronc/apprise/issues/1499\"\u003e#1499\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/caronc/apprise/commit/755f17479ff20fd9473e1aa15ab1b190920041c3\"\u003e\u003ccode\u003e755f174\u003c/code\u003e\u003c/a\u003e bugfix: KeyError Exception thrown when certain emoji's specified (\u003ca href=\"https://redirect.github.com/caronc/apprise/issues/1592\"\u003e#1592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/caronc/apprise/commit/a7bc56dd81ea60b1c9f59775d1e005e560a716b9\"\u003e\u003ccode\u003ea7bc56d\u003c/code\u003e\u003c/a\u003e PushPlus refactored to support more options (\u003ca href=\"https://redirect.github.com/caronc/apprise/issues/1589\"\u003e#1589\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/caronc/apprise/commit/9d0056b9cd4771bc752d4ff2936a1e4977e3fa81\"\u003e\u003ccode\u003e9d0056b\u003c/code\u003e\u003c/a\u003e Added Postmark support (\u003ca href=\"https://redirect.github.com/caronc/apprise/issues/1590\"\u003e#1590\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/caronc/apprise/commit/0617ef7ac63cc6f1e850913c055e280043360358\"\u003e\u003ccode\u003e0617ef7\u003c/code\u003e\u003c/a\u003e Updated Dot. plugin to better align with Apprise standards (\u003ca href=\"https://redirect.github.com/caronc/apprise/issues/1588\"\u003e#1588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/caronc/apprise/commit/0fbe0946869fab49c330d6fd5fb89ea58cb9b6db\"\u003e\u003ccode\u003e0fbe094\u003c/code\u003e\u003c/a\u003e Added Octopush Support (\u003ca href=\"https://redirect.github.com/caronc/apprise/issues/622\"\u003e#622\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/caronc/apprise/commit/58d0f1e00a5e4daac928372d1b49a2886e7589f2\"\u003e\u003ccode\u003e58d0f1e\u003c/code\u003e\u003c/a\u003e Exotel Support (\u003ca href=\"https://redirect.github.com/caronc/apprise/issues/782\"\u003e#782\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/caronc/apprise/commit/2a8d62fad5dc1930d8f14e0775341692ff0c5aa5\"\u003e\u003ccode\u003e2a8d62f\u003c/code\u003e\u003c/a\u003e Mastodon supports hashtag/user references (\u003ca href=\"https://redirect.github.com/caronc/apprise/issues/1587\"\u003e#1587\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/caronc/apprise/commit/1382633788004b515240c0f17c5b0cfe0f111554\"\u003e\u003ccode\u003e1382633\u003c/code\u003e\u003c/a\u003e Matrix Hookshot support added (\u003ca href=\"https://redirect.github.com/caronc/apprise/issues/1586\"\u003e#1586\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/caronc/apprise/compare/v1.9.9...v1.10.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 46.0.7 to 48.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e48.0.0 - 2026-05-04\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **BACKWARDS INCOMPATIBLE:** Support for Python 3.8 has been removed.\n  ``cryptography`` now requires Python 3.9 or later.\n* **BACKWARDS INCOMPATIBLE:** Loading an X.509 CRL whose inner\n  ``TBSCertList.signature`` algorithm does not match the outer\n  ``signatureAlgorithm`` now raises ``ValueError``. Previously, such CRLs\n  were parsed successfully and only rejected during signature validation.\n* Added support for :doc:`/hazmat/primitives/asymmetric/mlkem` and\n  :doc:`/hazmat/primitives/asymmetric/mldsa` when using OpenSSL 3.5.0 or\n  later, in addition to the existing AWS-LC and BoringSSL support. This means\n  post-quantum algorithms are now available to users of our wheels.\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Going forward, we do not guarantee that all functionality\u003cbr /\u003e\nin \u003ccode\u003ecryptography\u003c/code\u003e will be available when building against\u003cbr /\u003e\nOpenSSL. See :doc:\u003ccode\u003e/statements/state-of-openssl\u003c/code\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v47-0-0:\u003c/p\u003e\n\u003cp\u003e47.0.0 - 2026-04-24\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.8 is deprecated and will be removed in the next\n\u003ccode\u003ecryptography\u003c/code\u003e release.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Support for binary elliptic curves\n(\u003ccode\u003eSECT*\u003c/code\u003e classes) has been removed. These curves are rarely used and\nhave additional security considerations that make them undesirable.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Support for OpenSSL 1.1.x has been removed.\nOpenSSL 3.0.0 or later is now required. LibreSSL, BoringSSL, and AWS-LC\ncontinue to be supported.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Dropped support for LibreSSL \u0026lt; 4.1.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Loading keys with unsupported algorithms or\nkeys with unsupported explicit curve encodings now raises\n:class:\u003ccode\u003e~cryptography.exceptions.UnsupportedAlgorithm\u003c/code\u003e instead of\n\u003ccode\u003eValueError\u003c/code\u003e. This change affects\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_pem_private_key\u003c/code\u003e,\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_der_private_key\u003c/code\u003e,\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_pem_public_key\u003c/code\u003e,\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_der_public_key\u003c/code\u003e,\nand :meth:\u003ccode\u003e~cryptography.x509.Certificate.public_key\u003c/code\u003e when called on\ncertificates with unsupported public key algorithms.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e When parsing elliptic curve private keys, we now\nreject keys that incorrectly encode a private key of the wrong length because\nsuch keys are impossible to process in a constant-time manner. We do not\nbelieve keys with this problem are in wide use, however we may revert this\nchange based on the feedback we receive.\u003c/li\u003e\n\u003cli\u003eDeprecated passing 64-bit (8-byte) and 128-bit (16-byte) keys to\n:class:\u003ccode\u003e~cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES\u003c/code\u003e. In a\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/8e03e30e3aae01632a697e903e3593c924f0139d\"\u003e\u003ccode\u003e8e03e30\u003c/code\u003e\u003c/a\u003e bump for 48.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14796\"\u003e#14796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/295e0d254ef31ab864730aa41312ec355416ee71\"\u003e\u003ccode\u003e295e0d2\u003c/code\u003e\u003c/a\u003e Add AGENTS.md with CLAUDE.md symlink (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14794\"\u003e#14794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/104a2de19e268a433e6da92be9cb872dcf0003c8\"\u003e\u003ccode\u003e104a2de\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14793\"\u003e#14793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/67ec1e51988195e17993d2edef5258b27509b926\"\u003e\u003ccode\u003e67ec1e5\u003c/code\u003e\u003c/a\u003e call check_length early on AesSiv::encrypt (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14792\"\u003e#14792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/b2da57a0d9e4bfd2b95364299091a18f74127b26\"\u003e\u003ccode\u003eb2da57a\u003c/code\u003e\u003c/a\u003e changelog for mldsa/mlkem for openssl (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14791\"\u003e#14791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/3cf44adee25c368d4a136e072fa9f80465d91eb0\"\u003e\u003ccode\u003e3cf44ad\u003c/code\u003e\u003c/a\u003e ML-KEM OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14781\"\u003e#14781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e31639666766f846fbab2c605879db0fa64fe83\"\u003e\u003ccode\u003e2e31639\u003c/code\u003e\u003c/a\u003e ML-DSA OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14773\"\u003e#14773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/5affe5a286a986fdf512c4a5cb280d28a96c10e3\"\u003e\u003ccode\u003e5affe5a\u003c/code\u003e\u003c/a\u003e fix rust nightly clippy (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14790\"\u003e#14790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e73ca448eaf64b6f0d4ffbb794cf96170cef5ec\"\u003e\u003ccode\u003e2e73ca4\u003c/code\u003e\u003c/a\u003e bump rust-openssl dep and update EcPoint::mul_generator to mul_generator2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/82ebd3b9f49d49ad5fd8b4b1f1dd02487b6e1466\"\u003e\u003ccode\u003e82ebd3b\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14785\"\u003e#14785\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.7...48.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytz` from 2026.1.post1 to 2026.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stub42/pytz/commit/45957c55be9dbf013b636aeb7d22dc7bec81a9f4\"\u003e\u003ccode\u003e45957c5\u003c/code\u003e\u003c/a\u003e Bump github actions/checkout to \u003ca href=\"https://github.com/v6\"\u003e\u003ccode\u003e@​v6\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stub42/pytz/commit/8e927c67c98ccde3624642f2f32cd6c5208a5161\"\u003e\u003ccode\u003e8e927c6\u003c/code\u003e\u003c/a\u003e Bump version numbers to 2026.2 (IANA 2026b)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stub42/pytz/commit/6f08adec7bcb382e78afedb660f94f38a093fddf\"\u003e\u003ccode\u003e6f08ade\u003c/code\u003e\u003c/a\u003e IANA 2026b\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stub42/pytz/commit/edbfbdf8f708657ce5b9fee32e2f8eaa8647359a\"\u003e\u003ccode\u003eedbfbdf\u003c/code\u003e\u003c/a\u003e Squashed 'tz/' changes from dd6be6d155..8be0d5483d\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stub42/pytz/commit/a148b0390a42ea9a95ef7f6d8c346307405708d5\"\u003e\u003ccode\u003ea148b03\u003c/code\u003e\u003c/a\u003e Fix typo in README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stub42/pytz/commit/b841195f5df79455ee3aa9ec3d8749af835dab48\"\u003e\u003ccode\u003eb841195\u003c/code\u003e\u003c/a\u003e fix typo\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/stub42/pytz/compare/release_2026.1.post1...release_2026.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cyclopts` from 4.10.2 to 4.12.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/BrianPugh/cyclopts/releases\"\u003ecyclopts's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.12.0\u003c/h2\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAllow for validators to be string(s) (class method forward reference) by \u003ca href=\"https://github.com/BrianPugh\"\u003e\u003ccode\u003e@​BrianPugh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BrianPugh/cyclopts/pull/803\"\u003eBrianPugh/cyclopts#803\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/BrianPugh/cyclopts/compare/v4.11.2...v4.12.0\"\u003ehttps://github.com/BrianPugh/cyclopts/compare/v4.11.2...v4.12.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.11.2\u003c/h2\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003e_should_attempt_json_list\u003c/code\u003e for detecting \u003ccode\u003elist[str] | None\u003c/code\u003e and Annotated annotations by \u003ca href=\"https://github.com/BrianPugh\"\u003e\u003ccode\u003e@​BrianPugh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BrianPugh/cyclopts/pull/800\"\u003eBrianPugh/cyclopts#800\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/BrianPugh/cyclopts/compare/v4.11.1...v4.11.2\"\u003ehttps://github.com/BrianPugh/cyclopts/compare/v4.11.1...v4.11.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.11.1\u003c/h2\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eInclude meta-apps when assembling usage string by \u003ca href=\"https://github.com/BrianPugh\"\u003e\u003ccode\u003e@​BrianPugh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BrianPugh/cyclopts/pull/793\"\u003eBrianPugh/cyclopts#793\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd missing python3.14 classifier by \u003ca href=\"https://github.com/BrianPugh\"\u003e\u003ccode\u003e@​BrianPugh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BrianPugh/cyclopts/pull/796\"\u003eBrianPugh/cyclopts#796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003cstrong\u003euntyped\u003c/strong\u003e boolean negative name derivation by \u003ca href=\"https://github.com/BrianPugh\"\u003e\u003ccode\u003e@​BrianPugh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BrianPugh/cyclopts/pull/798\"\u003eBrianPugh/cyclopts#798\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eVarious completion fixes by \u003ca href=\"https://github.com/BrianPugh\"\u003e\u003ccode\u003e@​BrianPugh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BrianPugh/cyclopts/pull/794\"\u003eBrianPugh/cyclopts#794\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/BrianPugh/cyclopts/compare/v4.11.0...v4.11.1\"\u003ehttps://github.com/BrianPugh/cyclopts/compare/v4.11.0...v4.11.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.11.0\u003c/h2\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003eusage_name\u003c/code\u003e override for configuring docs creation by \u003ca href=\"https://github.com/BrianPugh\"\u003e\u003ccode\u003e@​BrianPugh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BrianPugh/cyclopts/pull/791\"\u003eBrianPugh/cyclopts#791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded granular help for \u003ccode\u003edict[str, dataclass-like]\u003c/code\u003e params by \u003ca href=\"https://github.com/wrongbad\"\u003e\u003ccode\u003e@​wrongbad\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BrianPugh/cyclopts/pull/787\"\u003eBrianPugh/cyclopts#787\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved type hints/completion for attrs converter functions. by \u003ca href=\"https://github.com/BrianPugh\"\u003e\u003ccode\u003e@​BrianPugh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BrianPugh/cyclopts/pull/784\"\u003eBrianPugh/cyclopts#784\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix token_count for discriminated unions by \u003ca href=\"https://github.com/BrianPugh\"\u003e\u003ccode\u003e@​BrianPugh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BrianPugh/cyclopts/pull/789\"\u003eBrianPugh/cyclopts#789\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eMisc Internal\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eprefer using consistent \u003ccode\u003eis_annotated\u003c/code\u003e over get_origin by \u003ca href=\"https://github.com/BrianPugh\"\u003e\u003ccode\u003e@​BrianPugh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BrianPugh/cyclopts/pull/792\"\u003eBrianPugh/cyclopts#792\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/wrongbad\"\u003e\u003ccode\u003e@​wrongbad\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/BrianPugh/cyclopts/pull/787\"\u003eBrianPugh/cyclopts#787\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/BrianPugh/cyclopts/compare/v4.10.2...v4.11.0\"\u003ehttps://github.com/BrianPugh/cyclopts/compare/v4.10.2...v4.11.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BrianPugh/cyclopts/commit/b0c66c452139de521f0bab4260eeda2af5ca15e9\"\u003e\u003ccode\u003eb0c66c4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/BrianPugh/cyclopts/issues/803\"\u003e#803\u003c/a\u003e from BrianPugh/str-reference-validator\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BrianPugh/cyclopts/commit/bad4370647e1daabbad0edabdbc2606e68574a8f\"\u003e\u003ccode\u003ebad4370\u003c/code\u003e\u003c/a\u003e Missing test coverage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BrianPugh/cyclopts/commit/efe193001cce30a0e9f0f8cf854bf47171d7942d\"\u003e\u003ccode\u003eefe1930\u003c/code\u003e\u003c/a\u003e resolve string forward-referenced validators\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BrianPugh/cyclopts/commit/921b1fa36afa2faca35f5e54d366f27816bed407\"\u003e\u003ccode\u003e921b1fa\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/BrianPugh/cyclopts/issues/800\"\u003e#800\u003c/a\u003e from BrianPugh/json-list-detection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BrianPugh/cyclopts/commit/f37a3fa84d70a2df6481296199777bd048cdd8b0\"\u003e\u003ccode\u003ef37a3fa\u003c/code\u003e\u003c/a\u003e use self.hint instead of self.field_info.annotation in _should_attempt_json_list\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BrianPugh/cyclopts/commit/f54568a310a0f8fb69bf570cfc82f65320f0f005\"\u003e\u003ccode\u003ef54568a\u003c/code\u003e\u003c/a\u003e replicate bug described by \u003ca href=\"https://redirect.github.com/BrianPugh/cyclopts/issues/799\"\u003e#799\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BrianPugh/cyclopts/commit/9e0806f2c1cf4a8ba1f78f4a5c6c3cee54d81d41\"\u003e\u003ccode\u003e9e0806f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/BrianPugh/cyclopts/issues/794\"\u003e#794\u003c/a\u003e from BrianPugh/better-completion-harness\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BrianPugh/cyclopts/commit/ad4f7e2e1b50403069f6e5136bce6ead4a285565\"\u003e\u003ccode\u003ead4f7e2\u003c/code\u003e\u003c/a\u003e more tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BrianPugh/cyclopts/commit/5d5259f0c275456c313f8266d9ea85545d4f7573\"\u003e\u003ccode\u003e5d5259f\u003c/code\u003e\u003c/a\u003e fix: don't escape option/command names in single-quoted bash arrays\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BrianPugh/cyclopts/commit/b0dc417b95629d52321ce32aa7b2aee6377135f0\"\u003e\u003ccode\u003eb0dc417\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/BrianPugh/cyclopts/issues/798\"\u003e#798\u003c/a\u003e from BrianPugh/untyped-boolean-negative\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/BrianPugh/cyclopts/compare/v4.10.2...v4.12.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cachetools` from 7.0.6 to 7.1.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tkem/cachetools/blob/master/CHANGELOG.rst\"\u003ecachetools's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ev7.1.1 (2026-05-03)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eVarious type stub improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev7.1.0 (2026-05-01)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAdd type stubs based on the work of the good people at \u003ccode\u003etypeshed \u0026lt;https://github.com/python/typeshed/tree/main/stubs/cachetools/\u0026gt;\u003c/code\u003e__.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate unit tests.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/2e6a2d21c44e83b56c06cc9dd738e5b7a097ce6a\"\u003e\u003ccode\u003e2e6a2d2\u003c/code\u003e\u003c/a\u003e Release v7.1.1.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/cc065582849e3658d2c92aac0f5c2b6271ed077f\"\u003e\u003ccode\u003ecc06558\u003c/code\u003e\u003c/a\u003e Minor typing improvements.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/193dd62d9be4e1099039e8fba59a1fe50e8f4d08\"\u003e\u003ccode\u003e193dd62\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/tkem/cachetools/issues/393\"\u003e#393\u003c/a\u003e: Improve ambiguous overloads for decorators.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/1ea3422e058ef8b6b7dc15beb9d44d8f7c195a62\"\u003e\u003ccode\u003e1ea3422\u003c/code\u003e\u003c/a\u003e Bump release date.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/d9874465a6ab6f9d1d56cef91370f9c237a7eca6\"\u003e\u003ccode\u003ed987446\u003c/code\u003e\u003c/a\u003e Release v7.1.0.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/3d79e80a4a54892d1552cd17da8e27920c1918d8\"\u003e\u003ccode\u003e3d79e80\u003c/code\u003e\u003c/a\u003e Update Copilot Instructions.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/83fe6bc78d0155a0036dda8a8eb1a2ddb8f26c60\"\u003e\u003ccode\u003e83fe6bc\u003c/code\u003e\u003c/a\u003e Add tox pyright check.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/bd3fbc49212eb948e08e9c478e5901f1293fd1f4\"\u003e\u003ccode\u003ebd3fbc4\u003c/code\u003e\u003c/a\u003e Improve typing support.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/09dd6fec4b1b2339451ab26d1ca3c7a049b8c38c\"\u003e\u003ccode\u003e09dd6fe\u003c/code\u003e\u003c/a\u003e Improve original type stubs from typeshed.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/873c7013ea92b16f2f24a6001e625fabfdf951a5\"\u003e\u003ccode\u003e873c701\u003c/code\u003e\u003c/a\u003e Add typeshed typings.\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/tkem/cachetools/compare/v7.0.6...v7.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `coolname` from 4.2.0 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/alexanderlukanin13/coolname/blob/master/HISTORY.rst\"\u003ecoolname's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.0.0 (2026-04-22)\u003c/h2\u003e\n\u003cp\u003eThis major release has new features and significant internal changes, but it is compatible with 4.x in any normal usage\nas described in documentation, and you can upgrade from 4.x with minimal unit test coverage.\u003c/p\u003e\n\u003cp\u003eThere are implementation changes that \u003cem\u003etheoretically\u003c/em\u003e can break user code in undocumented scenarios.\nEven if it breaks, most likely, it will take a minute to fix.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eWhat's new in the default generator:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eComplete typing support, tested with mypy \u003ccode\u003estrict = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded a few more words, and fixed one spelling mistake.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. collapse:: Boring technical details\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e* :py:class:`RandomGenerator` and global methods like :py:func:`generate_slug` now live in the top-level\n  ``coolname`` namespace.\n  It won't affect your code if you've been importing directly from ``coolname`` as per documentation.\n\u003cp\u003eBasically, instead of this:\u003c/p\u003e\n\u003cp\u003e.. code-block:: python\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\u0026amp;gt;\u0026amp;gt;\u0026amp;gt; from coolname import generate_slug, RandomGenerator\n\u0026amp;gt;\u0026amp;gt;\u0026amp;gt; generate_slug\n\u0026amp;lt;bound method RandomGenerator.generate_slug of \u0026amp;lt;coolname.impl.RandomGenerator object at 0x7a7cb248d6a0\u0026amp;gt;\u0026amp;gt;\n\u0026amp;gt;\u0026amp;gt;\u0026amp;gt; RandomGenerator\n\u0026amp;lt;class 'coolname.impl.RandomGenerator'\u0026amp;gt;\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eYou will see this (notice no \u003ccode\u003eimpl\u003c/code\u003e):\u003c/p\u003e\n\u003cp\u003e.. code-block:: python\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\u0026amp;gt;\u0026amp;gt;\u0026amp;gt; generate_slug\n\u0026amp;lt;bound method RandomGenerator.generate_slug of \u0026amp;lt;coolname.RandomGenerator object at 0x75038bacde80\u0026amp;gt;\u0026amp;gt;\n\u0026amp;gt;\u0026amp;gt;\u0026amp;gt; RandomGenerator\n\u0026amp;lt;class 'coolname.RandomGenerator'\u0026amp;gt;\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eIn custom generators:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDefault parameter value changed: \u003ccode\u003eensure_unique=True\u003c/code\u003e. Custom generators can forget about it\nand still generate sequences without repeating words.\nConsider also using \u003ccode\u003eensure_unique_prefix\u003c/code\u003e (disabled by default).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e:doc:\u003ccode\u003eNew parameters \u0026lt;parameters-table\u0026gt;\u003c/code\u003e for advanced words/phrases lists:\n\u003ccode\u003estrip_whitespace\u003c/code\u003e, \u003ccode\u003eallow_whitespace\u003c/code\u003e, \u003ccode\u003eseparator\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWhat is considered a valid word? It's now controlled by \u003ccode\u003eword_regex\u003c/code\u003e parameter, \u003ccode\u003e\\w+\u003c/code\u003e by default.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alexanderlukanin13/coolname/commit/7d450781390fc2193b676a339e34adb697f1febb\"\u003e\u003ccode\u003e7d45078\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dev\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alexanderlukanin13/coolname/commit/13541d9e8e768751898732e51188defb5524917d\"\u003e\u003ccode\u003e13541d9\u003c/code\u003e\u003c/a\u003e docs: autodoc fix - build package first\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alexanderlukanin13/coolname/commit/8015c5efc0f209a685be2ff6b5bc5f82c5594996\"\u003e\u003ccode\u003e8015c5e\u003c/code\u003e\u003c/a\u003e Merge branch 'dev'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alexanderlukanin13/coolname/commit/659fad71955a169543a76acb5188af68ea1a8b95\"\u003e\u003ccode\u003e659fad7\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dev\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alexanderlukanin13/coolname/commit/3a1d21b788f9276b2ff8421b1a7f20e90df25fa8\"\u003e\u003ccode\u003e3a1d21b\u003c/code\u003e\u003c/a\u003e docs: HISTORY\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alexanderlukanin13/coolname/commit/a351596508e19f178ce5513f9029f2cd662d8338\"\u003e\u003ccode\u003ea351596\u003c/code\u003e\u003c/a\u003e feat: number\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alexanderlukanin13/coolname/commit/9e04baba3f69c1465ad8e85c384f58af5904b309\"\u003e\u003ccode\u003e9e04bab\u003c/code\u003e\u003c/a\u003e work in progress\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alexanderlukanin13/coolname/commit/4f0b8f98a5cc5937f27eefcde8b8e6acc3f988c2\"\u003e\u003ccode\u003e4f0b8f9\u003c/code\u003e\u003c/a\u003e improved: PhraseSplitter clearer error messages + tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alexanderlukanin13/coolname/commit/e9cceba9fc104145588447f0e9a07d5b223914ab\"\u003e\u003ccode\u003ee9cceba\u003c/code\u003e\u003c/a\u003e refactor: use pathlib.Path in coolname.loader; updated tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alexanderlukanin13/coolname/commit/e6484ed0c9d1c6cd1258f05218f2a1dae0cbabf6\"\u003e\u003ccode\u003ee6484ed\u003c/code\u003e\u003c/a\u003e Bump pytest from 7.4.4 to 9.0.3 in /requirements\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/alexanderlukanin13/coolname/compare/4.2.0...5.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fastapi` from 0.136.0 to 0.136.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/fastapi/releases\"\u003efastapi's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.136.1\u003c/h2\u003e\n\u003ch3\u003eUpgrades\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆️ Update Pydantic v2 code to address deprecations. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15101\"\u003e#15101\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🔨 Tweak translation script. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15174\"\u003e#15174\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump mkdocs-material from 9.7.1 to 9.7.6. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15408\"\u003e#15408\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump inline-snapshot from 0.31.1 to 0.32.6. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15409\"\u003e#15409\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pytest-codspeed from 4.3.0 to 4.4.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15407\"\u003e#15407\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pytest-cov from 7.0.0 to 7.1.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15406\"\u003e#15406\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump cloudflare/wrangler-action from 3.14.1 to 3.15.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15405\"\u003e#15405\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump mypy from 1.19.1 to 1.20.1. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15410\"\u003e#15410\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump python-dotenv from 1.2.1 to 1.2.2. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15400\"\u003e#15400\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump starlette from 0.52.1 to 1.0.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15397\"\u003e#15397\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pygithub from 2.8.1 to 2.9.1. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15396\"\u003e#15396\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pyjwt from 2.12.0 to 2.12.1. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15393\"\u003e#15393\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump zizmor from 1.23.1 to 1.24.1. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15394\"\u003e#15394\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump strawberry-graphql from 0.312.3 to 0.314.3. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15395\"\u003e#15395\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump python-multipart from 0.0.22 to 0.0.26. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15360\"\u003e#15360\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump authlib from 1.6.9 to 1.6.11. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15373\"\u003e#15373\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump aiohttp from 3.13.3 to 3.13.4. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15282\"\u003e#15282\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pygments from 2.19.2 to 2.20.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15263\"\u003e#15263\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pymdown-extensions from 10.20.1 to 10.21.2. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15391\"\u003e#15391\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pillow from 12.1.1 to 12.2.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15333\"\u003e#15333\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pytest from 9.0.2 to 9.0.3. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15334\"\u003e#15334\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump actions/upload-artifact from 7.0.0 to 7.0.1. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15374\"\u003e#15374\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump actions/cache from 5.0.4 to 5.0.5. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15385\"\u003e#15385\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔧 Update sponsors: remove Zuplo. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15369\"\u003e#15369\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔧 Update sponsors: remove Speakeasy. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15368\"\u003e#15368\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔒️ Add zizmor and fix audit findings. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15316\"\u003e#15316\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/e54e5a8980ffa6d7ff68ee7b25a1c46036375521\"\u003e\u003ccode\u003ee54e5a8\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.136.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/9a8a5fd99902c3b80d4cc94b85e120e2b808825f\"\u003e\u003ccode\u003e9a8a5fd\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/7815a32f2ed177b8b786a48b3e0712c05b5c644f\"\u003e\u003ccode\u003e7815a32\u003c/code\u003e\u003c/a\u003e ⬆️ Update Pydantic v2 code to address deprecations (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15101\"\u003e#15101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/ef1c927b0558d414e199a666833942a6fabb3a51\"\u003e\u003ccode\u003eef1c927\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/38039e12a86e67f2001b9b7d96c219691d6cb4af\"\u003e\u003ccode\u003e38039e1\u003c/code\u003e\u003c/a\u003e 🔨 Tweak translation script (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15174\"\u003e#15174\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/4fa826ce0a3b16884a04f51e5aac95d01790b599\"\u003e\u003ccode\u003e4fa826c\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/c39415673e621665fdb7bbdde69beba7eb1dfd12\"\u003e\u003ccode\u003ec394156\u003c/code\u003e\u003c/a\u003e ⬆ Bump mkdocs-material from 9.7.1 to 9.7.6 (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15408\"\u003e#15408\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/ae230ad2f9d90a4e3f6222ff1a5d6e8da41ec0ad\"\u003e\u003ccode\u003eae230ad\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/d9eb39d1a1bf2f6e6e5d3a55088f61c712cb864e\"\u003e\u003ccode\u003ed9eb39d\u003c/code\u003e\u003c/a\u003e ⬆ Bump inline-snapshot from 0.31.1 to 0.32.6 (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15409\"\u003e#15409\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/4f8b5d14d324ae8e15cfae8d85adb4186d4c2175\"\u003e\u003ccode\u003e4f8b5d1\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastapi/fastapi/compare/0.136.0...0.136.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fsspec` from 2026.3.0 to 2026.4.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/8fdedd1fd17be354f75f0cec1f973d93416c704b\"\u003e\u003ccode\u003e8fdedd1\u003c/code\u003e\u003c/a\u003e Merge branch 'master' of \u003ca href=\"https://github.com/fsspec/filesystem_spec\"\u003ehttps://github.com/fsspec/filesystem_spec\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/8205d0d1afecb64f34565ebeb073b7f1959a869d\"\u003e\u003ccode\u003e8205d0d\u003c/code\u003e\u003c/a\u003e Release (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2027\"\u003e#2027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/50bfba22200077fa602038857e19d58cc2541db5\"\u003e\u003ccode\u003e50bfba2\u003c/code\u003e\u003c/a\u003e Merge branch 'master' of \u003ca href=\"https://github.com/fsspec/filesystem_spec\"\u003ehttps://github.com/fsspec/filesystem_spec\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/f58bc851213ab3a87b2d26c01c9d26b291b0e1d3\"\u003e\u003ccode\u003ef58bc85\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;DEP: de-duplicate and sort optional dependencies (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2021\"\u003e#2021\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2026\"\u003e#2026\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/c6c7b40b7794c6e554d9dcae7bf4930bba67e403\"\u003e\u003ccode\u003ec6c7b40\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;DEP: de-duplicate and sort optional dependencies (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2021\"\u003e#2021\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/3bc67f85c3b67c5adef11af35761fd839de306fb\"\u003e\u003ccode\u003e3bc67f8\u003c/code\u003e\u003c/a\u003e DEP: de-duplicate and sort optional dependencies (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2021\"\u003e#2021\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/0b290bf1336bb15d4327afcdf743d9a17b5ea762\"\u003e\u003ccode\u003e0b290bf\u003c/code\u003e\u003c/a\u003e docs: add URL handling note to HTTPFileSystem class docstring (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2024\"\u003e#2024\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/b33a2d6c3b6912c645d9a315791f41e74bff4c66\"\u003e\u003ccode\u003eb33a2d6\u003c/code\u003e\u003c/a\u003e ci: install downstream systems like gcsfs before testing so the \u003ccode\u003e_version.py\u003c/code\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/e9e7a5b5eab42b6c6d0790aa0aa510f66fc44630\"\u003e\u003ccode\u003ee9e7a5b\u003c/code\u003e\u003c/a\u003e Delegate DirFileSystem delete and write_text (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2022\"\u003e#2022\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/105d614a443e3f46236deb87442cc5491741687c\"\u003e\u003ccode\u003e105d614\u003c/code\u003e\u003c/a\u003e fix: use encode_url() in _pipe_file for consistency (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2023\"\u003e#2023\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fsspec/filesystem_spec/compare/2026.3.0...2026.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `opentelemetry-api` from 1.39.1 to 1.41.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/blob/v1.41.1/CHANGELOG.md\"\u003eopentelemetry-api's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.41.1/0.62b1 (2026-04-24)\u003c/h2\u003e\n\u003ch2\u003eVersion 1.41.0/0.62b0 (2026-04-09)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-sdk\u003c/code\u003e: Add \u003ccode\u003ehost\u003c/code\u003e resource detector support to declarative file configuration via \u003ccode\u003edetection_development.detectors[].host\u003c/code\u003e\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/5002\"\u003e#5002\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-sdk\u003c/code\u003e: Add \u003ccode\u003econtainer\u003c/code\u003e resource detector support to declarative file configuration via \u003ccode\u003edetection_development.detectors[].container\u003c/code\u003e, using entry point loading of the \u003ccode\u003eopentelemetry-resource-detector-containerid\u003c/code\u003e contrib package\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/5004\"\u003e#5004\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-sdk\u003c/code\u003e: Add \u003ccode\u003ecreate_tracer_provider\u003c/code\u003e/\u003ccode\u003econfigure_tracer_provider\u003c/code\u003e to declarative file configuration, enabling TracerProvider instantiation from config files without reading env vars\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/4985\"\u003e#4985\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eEnabled the flake8-tidy-import plugins rules for the ruff linter. These rules throw warnings for relative imports in the modules.\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/5019\"\u003e#5019\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-sdk\u003c/code\u003e: Fix \u003ccode\u003eAttributeError\u003c/code\u003e in \u003ccode\u003eExplicitBucketHistogramAggregation\u003c/code\u003e when applied to non-Histogram instruments without explicit boundaries\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/5034\"\u003e#5034\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eBatchLogRecordProcessor\u003c/code\u003e default \u003ccode\u003eschedule_delay_millis\u003c/code\u003e from 5000ms to 1000ms to comply with the OTel specification. Note: logs may be exported 5x more frequently by default (e.g. for users who don't explicitly set the \u003ccode\u003eOTEL_BLRP_SCHEDULE_DELAY\u003c/code\u003e env var).\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/4998\"\u003e#4998\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-sdk\u003c/code\u003e: Add \u003ccode\u003eprocess\u003c/code\u003e resource detector support to declarative file configuration via \u003ccode\u003edetection_development.detectors[].process\u003c/code\u003e\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/5001\"\u003e#5001\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-sdk\u003c/code\u003e: Add shared \u003ccode\u003e_parse_headers\u003c/code\u003e helper for declarative config OTLP exporters\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/5021\"\u003e#5021\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-api\u003c/code\u003e: Replace a broad exception in attribute cleaning tests to satisfy pylint in the \u003ccode\u003elint-opentelemetry-api\u003c/code\u003e CI job\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-sdk\u003c/code\u003e: Add \u003ccode\u003ecreate_meter_provider\u003c/code\u003e/\u003ccode\u003econfigure_meter_provider\u003c/code\u003e to declarative file configuration, enabling MeterProvider instantiation from config files without reading env vars\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/4987\"\u003e#4987\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-sdk\u003c/code\u003e: Add \u003ccode\u003ecreate_resource\u003c/code\u003e and \u003ccode\u003ecreate_propagator\u003c/code\u003e/\u003ccode\u003econfigure_propagator\u003c/code\u003e to declarative file configuration, enabling Resource and propagator instantiation from config files without reading env vars\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-sdk\u003c/code\u003e: Map Python \u003ccode\u003eCRITICAL\u003c/code\u003e log level to OTel \u003ccode\u003eFATAL\u003c/code\u003e severity text per the specification\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-sdk\u003c/code\u003e: Add file configuration support with YAML/JSON loading, environment variable substitution, and schema validation against the vendored OTel config JSON schema\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/4898\"\u003e#4898\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix intermittent CI failures in \u003ccode\u003egetting-started\u003c/code\u003e and \u003ccode\u003etracecontext\u003c/code\u003e jobs caused by GitHub git CDN SHA propagation lag by installing contrib packages from the already-checked-out local copy instead of a second git clone\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/4958\"\u003e#4958\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-sdk\u003c/code\u003e: fix type annotations on \u003ccode\u003eMetricReader\u003c/code\u003e and related types\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/4938/\"\u003e#4938\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-sdk\u003c/code\u003e: implement log creation metric\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/4935\"\u003e#4935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-sdk\u003c/code\u003e: implement metric reader metrics\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-sdk\u003c/code\u003e: implement processor metrics\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/5012\"\u003e#5012\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-sdk\u003c/code\u003e: upgrade vendored OTel configuration schema from v1.0.0-rc.3 to v1.0.0\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/4965\"\u003e#4965\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eimprove check-links ci job\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eResolve some Pyright type errors in Span/ReadableSpan and utility stubs\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-exporter-prometheus\u003c/code\u003e: Fix metric name prefix\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/4895\"\u003e#4895\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-api\u003c/code\u003e, \u003ccode\u003eopentelemetry-sdk\u003c/code\u003e: Add deepcopy support for \u003ccode\u003eBoundedAttributes\u003c/code\u003e and \u003ccode\u003eBoundedList\u003c/code\u003e\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/4934\"\u003e#4934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-proto-json\u003c/code\u003e, \u003ccode\u003eopentelemetry-codegen-json\u003c/code\u003e: Implement custom protoc plugin to generate OTLP JSON class definitions\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/760e0248edbd01ae817941c1dfa61c07241b0727\"\u003e\u003ccode\u003e760e024\u003c/code\u003e\u003c/a\u003e Prepare release 1.41.1/0.62b1 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/issues/5138\"\u003e#5138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/90e06bcd8c024a38ecf388c19c5a15fc094ea0ed\"\u003e\u003ccode\u003e90e06bc\u003c/code\u003e\u003c/a\u003e Unreleased changelog for 1.41.1 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/issues/5137\"\u003e#5137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/1a178fcc5c689516849ced80fb2533fe7db7a80f\"\u003e\u003ccode\u003e1a178fc\u003c/code\u003e\u003c/a\u003e [release/v1.41.x-0.62bx] Prepare release 1.41.0/0.62b0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/issues/5064\"\u003e#5064\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/37dea4bbdb1a3c83b96fc22c2f68a848b4989fb5\"\u003e\u003ccode\u003e37dea4b\u003c/code\u003e\u003c/a\u003e feat: add experimental logger configurator (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/issues/4980\"\u003e#4980\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/7c860ca40eb87c15fb608ce3598cfec4a5da2d1c\"\u003e\u003ccode\u003e7c860ca\u003c/code\u003e\u003c/a\u003e misc: update version for codegen-json and proto-json packages (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/issues/5061\"\u003e#5061\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/b3d98b392fd1fa1a501e11ce8e126f2003edb895\"\u003e\u003ccode\u003eb3d98b3\u003c/code\u003e\u003c/a\u003e [chore]: update readme (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/issues/5060\"\u003e#5060\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/dbbd1bca26f12d0cefff721a857d08a82476f434\"\u003e\u003ccode\u003edbbd1bc\u003c/code\u003e\u003c/a\u003e feat(config): Add MeterProvider support for declarative config (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/issues/4987\"\u003e#4987\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/6faa58c58782313283a87a7c61fbbdd9cd2054d6\"\u003e\u003ccode\u003e6faa58c\u003c/code\u003e\u003c/a\u003e feat(config): add host resource detector support for declarative config (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/issues/5002\"\u003e#5002\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/c0cbfbd62fa59e2c41cd2c88371dc6478fa95716\"\u003e\u003ccode\u003ec0cbfbd\u003c/code\u003e\u003c/a\u003e feat(config): wire container resource detector via entry point loading (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/issues/5004\"\u003e#5004\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/f764e45f52952f5a0287e5a6c094cbfd56accd2b\"\u003e\u003ccode\u003ef764e45\u003c/code\u003e\u003c/a\u003e feat(config): Add TracerProvider support for declarative config (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/issues/4985\"\u003e#4985\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/compare/v1.39.1...v1.41.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `orjson` from 3.11.8 to 3.11.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ijl/orjson/releases\"\u003eorjson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.11.9\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBuild now depends on Rust 1.95 or later instead of 1.89.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix building on Rust 1.95.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ijl/orjson/blob/master/CHANGELOG.md\"\u003eorjson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.11.9 - 2026-05-06\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBuild now depends on Rust 1.95 or later instead of 1.89.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix building on Rust 1.95.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/705515d77b28429d0b7c30c3d781abe52e8a1e5a\"\u003e\u003ccode\u003e705515d\u003c/code\u003e\u003c/a\u003e 3.11.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/d19055d5bab432f98d53b71606a9c6c23fb21bf6\"\u003e\u003ccode\u003ed19055d\u003c/code\u003e\u003c/a\u003e build update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/77e2d96c3febe099cde2447856fe2523d68c71b0\"\u003e\u003ccode\u003e77e2d96\u003c/code\u003e\u003c/a\u003e MSRV 1.95, remove compiler feature detection\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ijl/orjson/compare/3.11.8...3.11.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `packaging` from 26.1 to 26.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/packaging/releases\"\u003epackaging's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eFixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect sysconfig var name for pyemscripten by \u003ca href=\"https://github.com/ryanking13\"\u003e\u003ccode\u003e@​ryanking13\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1160\"\u003epypa/packaging#1160\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003eVersion\u003c/code\u003e, \u003ccode\u003eSpecifier\u003c/code\u003e, \u003ccode\u003eSpecifierSet\u003c/code\u003e, \u003ccode\u003eTag\u003c/code\u003e, \u003ccode\u003eMarker\u003c/code\u003e, and \u003ccode\u003eRequirement\u003c/code\u003e pickle-safe\nand backward-compatible with pickles created in 25.0-26.1 (including references to the removed\n\u003ccode\u003epackaging._structures\u003c/code\u003e module) by \u003ca href=\"https://github.com/eachimei\"\u003e\u003ccode\u003e@​eachimei\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/henryiii\"\u003e\u003ccode\u003e@​henryiii\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1163\"\u003epypa/packaging#1163\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1168\"\u003epypa/packaging#1168\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1170\"\u003epypa/packaging#1170\u003c/a\u003e, and \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1171\"\u003epypa/packaging#1171\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: re-export ExceptionGroup for now by \u003ca href=\"https://github.com/henryiii\"\u003e\u003ccode\u003e@​henryiii\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1164\"\u003epypa/packaging#1164\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDocumentation:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003edocs: add errors section and fix missing details by \u003ca href=\"https://github.com/henryiii\"\u003e\u003ccode\u003e@​henryiii\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1159\"\u003epypa/packaging#1159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs(dev): document property-based test suite by \u003ca href=\"https://github.com/r266-tech\"\u003e\u003ccode\u003e@​r266-tech\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1167\"\u003epypa/packaging#1167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in DirectUrl documentation by \u003ca href=\"https://github.com/sbidoul\"\u003e\u003ccode\u003e@​sbidoul\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1169\"\u003epypa/packaging#1169\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs(specifiers): add is_unsatisfiable() usage example by \u003ca href=\"https://github.com/r266-tech\"\u003e\u003ccode\u003e@​r266-tech\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1166\"\u003epypa/packaging#1166\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eInternal:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEnable the auditor persona on zizmor by \u003ca href=\"https://github.com/henryiii\"\u003e\u003ccode\u003e@​henryiii\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1158\"\u003epypa/packaging#1158\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTest new pickle guarantees by \u003ca href=\"https://github.com/henryiii\"\u003e\u003ccode\u003e@​henryiii\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1174\"\u003epypa/packaging#1174\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse native uv integration in rtd by \u003ca href=\"https://github.com/henryiii\"\u003e\u003ccode\u003e@​henryiii\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1175\"\u003epypa/packaging#1175\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ryanking13\"\u003e\u003ccode\u003e@​ryanking13\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1160\"\u003epypa/packaging#1160\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eachimei\"\u003e\u003ccode\u003e@​eachimei\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1163\"\u003epypa/packaging#1163\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pypa/packaging/compare/26.1...26.2\"\u003ehttps://github.com/pypa/packaging/compare/26.1...26.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/packaging/blob/main/CHANGELOG.rst\"\u003epackaging's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e26.2 - 2026-04-24\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\nFixes:\n\u003cul\u003e\n\u003cli\u003eFix incorrect sysconfig var name for pyemscripten in (:pull:\u003ccode\u003e1160\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003eVersion\u003c/code\u003e, \u003ccode\u003eSpecifier\u003c/code\u003e, \u003ccode\u003eSpecifierSet\u003c/code\u003e, \u003ccode\u003eTag\u003c/code\u003e, \u003ccode\u003eMarker\u003c/code\u003e, and \u003ccode\u003eRequirement\u003c/code\u003e pickle-safe\u003cbr /\u003e\nand backward-compatible with pickles created in 25.0-26.1 (including references to the removed\u003cbr /\u003e\n\u003ccode\u003epackaging._structures\u003c/code\u003e module) (:pull:\u003ccode\u003e1163\u003c/code\u003e, :pull:\u003ccode\u003e1168\u003c/code\u003e, :pull:\u003ccode\u003e1170\u003c/code\u003e, :pull:\u003ccode\u003e1171\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eRe-export \u003ccode\u003eExceptionGroup\u003c/code\u003e in metadata for now in (:pull:\u003ccode\u003e1164\u003c/code\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDocumentation:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd errors section and fix missing details in (:pull:\u003ccode\u003e1159\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eDocument our property-based test suite in (:pull:\u003ccode\u003e1167\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eFix a \u003ccode\u003eDirectUrl\u003c/code\u003e typo in (:pull:\u003ccode\u003e1169\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eAdd example of \u003ccode\u003eis_unsatisfiable\u003c/code\u003e in (:pull:\u003ccode\u003e1166\u003c/code\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eInternal:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEnable the auditor persona on zizmor in (:pull:\u003ccode\u003e1158\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eTest new pickle guarantees in (:pull:\u003ccode\u003e1174\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eUse new native ReadTheDocs uv integration in (:pull:\u003ccode\u003e1175\u003c/code\u003e)\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/packaging/commit/84a87ee42483d7352f9502d78a9553da8859aa7a\"\u003e\u003ccode\u003e84a87ee\u003c/code\u003e\u003c/a\u003e Bump for release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/packaging/commit/4a616b65bed23c8c6d58e6b0fc1a4434d4ff1f14\"\u003e\u003ccode\u003e4a616b6\u003c/code\u003e\u003c/a\u003e docs: a few more updates to prepare for 26.2 (\u003ca href=\"https://redirect.github.com/pypa/packaging/issues/1176\"\u003e#1176\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/packaging/commit/9de6f44f1e82d4595edf3aad1c4f6f98c85935a0\"\u003e\u003ccode\u003e9de6f44\u003c/code\u003e\u003c/a\u003e ci: use native uv integration in rtd (\u003ca href=\"https://redirect.github.com/pypa/packaging/issues/1175\"\u003e#1175\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/packaging/commit/bc76e14debd1a2799d1ca8f9d9c9823f35bfa466\"\u003e\u003ccode\u003ebc76e14\u003c/code\u003e\u003c/a\u003e chore: update changelog for 26.2 (\u003ca href=\"https://redirect.github.com/pypa/packaging/issues/1161\"\u003e#1161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/packaging/commit/3f00091c08f0aa830e33ed7db00f16f11c8ac97f\"\u003e\u003ccode\u003e3f00091\u003c/code\u003e\u003c/a\u003e tests: add a pickle check (\u003ca href=\"https://redirect.github.com/pypa/packaging/issues/1174\"\u003e#1174\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/packaging/commit/48a8a069805291186522de3eff73ea80a8ca96ad\"\u003e\u003ccode\u003e48a8a06\u003c/code\u003e\u003c/a\u003e fix: make Requirements/Markers pickle-safe (\u003ca href=\"https://redirect.github.com/pypa/packaging/issues/1171\"\u003e#1171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/packaging/commit/823b44ed1f904084a77ae3adf0ef130af6365f84\"\u003e\u003ccode\u003e823b44e\u003c/code\u003e\u003c/a\u003e fix: make Tags pickle-safe (\u003ca href=\"https://redirect.github.com/pypa/packaging/issues/1170\"\u003e#1170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/packaging/commit/4bed32d920ca7211dd65fdf0a1ee06376e9c4733\"\u003e\u003ccode\u003e4bed32d\u003c/code\u003e\u003c/a\u003e fix: make Specifier / SpecifierSet pickle-safe (\u003ca href=\"https://redirect.github.com/pypa/packaging/issues/1168\"\u003e#1168\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/packaging/commit/963118e37caae97bc8b72f72956c7fb4ca9857ec\"\u003e\u003ccode\u003e963118e\u003c/code\u003e\u003c/a\u003e fix: re-export ExceptionGroup for now (\u003ca href=\"https://redirect.github.com/pypa/packaging/issues/1164\"\u003e#1164\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/packaging/commit/66e34a80256c96dea11da143682950c84b8133bb\"\u003e\u003ccode\u003e66e34a8\u003c/code\u003e\u003c/a\u003e docs(specifiers): add is_unsatisfiable() usage example (\u003ca href=\"https://redirect.github.com/pypa/packaging/issues/1166\"\u003e#1166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pypa/packaging/compare/26.1...26.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pydantic` from 2.13.3 to 2.13.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic/releases\"\u003epydantic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.13.4 2026-05-06\u003c/h2\u003e\n\u003ch2\u003ev2.13.4 (2026-05-06)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003ePackaging\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBump libc from 0.2.155 to 0.2.185 by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13109\"\u003e#13109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS by \u003ca href=\"https://github.com/washingtoneg\"\u003e\u003ccode\u003e@​washingtoneg\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13147\"\u003e#13147\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13129\"\u003e#13129\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic/blob/v2.13.4/HISTORY.md\"\u003epydantic's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.13.4 (2026-05-06)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.4\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003ePackaging\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBump libc from 0.2.155 to 0.2.185 by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13109\"\u003e#13109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS by \u003ca href=\"https://github.com/washingtoneg\"\u003e\u003ccode\u003e@​washingtoneg\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13147\"\u003e#13147\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13129\"\u003e#13129\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/cf67d4b3193c3fe43ede18612ed62785eee11382\"\u003e\u003ccode\u003ecf67d4b\u003c/code\u003e\u003c/a\u003e Fix linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/f0d8a214a5803036db46a56b1f62f1e56b81d662\"\u003e\u003ccode\u003ef0d8a21\u003c/code\u003e\u003c/a\u003e Prepare release v2.13.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/5e3fe1d41a00f441204241c66078003ae0391f9a\"\u003e\u003ccode\u003e5e3fe1d\u003c/code\u003e\u003c/a\u003e Check for pydantic tag pattern in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/7f9edcc2a191d2eaa9751220eb910914e716a686\"\u003e\u003ccode\u003e7f9edcc\u003c/code\u003e\u003c/a\u003e Document tagging conventions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/b46a0c9b8a4dd967fda8ec1a92f6437076bf262c\"\u003e\u003ccode\u003eb46a0c9\u003c/code\u003e\u003c/a\u003e Adapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/50629c851e61d887d5420452c311ec6203f1f400\"\u003e\u003ccode\u003e50629c8\u003c/code\u003e\u003c/a\u003e Update to PyPy 7.3.22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/8522ebb71e5e9a6f7188af5f009f01785b8cf725\"\u003e\u003ccode\u003e8522ebb\u003c/code\u003e\u003c/a\u003e Preserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/a37f3aff090ca342dc5f48304889963530b993f8\"\u003e\u003ccode\u003ea37f3af\u003c/code\u003e\u003c/a\u003e Adapt \u003ccode\u003eMISSING\u003c/code\u003e sentinel test to work with unreleased \u003ccode\u003etyping_extensions\u003c/code\u003e ver...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/909259a9df660518033aa686b689f045a6eaf9d2\"\u003e\u003ccode\u003e909259a\u003c/code\u003e\u003c/a\u003e Remove Logfire example in documentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/2c4174c366606fc2dc46cb806833a080aefa77df\"\u003e\u003ccode\u003e2c4174c\u003c/code\u003e\u003c/a\u003e Bump libc from 0.2.155 to 0.2.185\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pydantic-core` from 2.46.3 to 2.46.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/cf67d4b3193c3fe43ede18612ed62785eee11382\"\u003e\u003ccode\u003ecf67d4b\u003c/code\u003e\u003c/a\u003e Fix linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py...\n\n_Description has been truncated_","html_url":"https://github.com/sxarsky/eval-prefect/pull/67","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/sxarsky%2Feval-prefect/issues/67","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/67/packages"},{"uuid":"4450048862","node_id":"PR_kwDOQqG8is7buLPq","number":399,"state":"open","title":"chore(deps): bump the python-dependencies group with 13 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-14T23:22:54.000Z","updated_at":"2026-05-22T01:01:23.722Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"python-dependencies","update_count":13,"packages":[{"name":"pandas","old_version":"3.0.2","new_version":"3.0.3","repository_url":"https://github.com/pandas-dev/pandas"},{"name":"astropy-iers-data","old_version":"0.2026.5.4.1.4.54","new_version":"0.2026.5.11.1.8.52","repository_url":"https://github.com/astropy/astropy-iers-data"},{"name":"coverage","old_version":"7.13.5","new_version":"7.14.0","repository_url":"https://github.com/coveragepy/coveragepy"},{"name":"fonttools","old_version":"4.62.1","new_version":"4.63.0","repository_url":"https://github.com/fonttools/fonttools"},{"name":"idna","old_version":"3.13","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"librt","old_version":"0.10.0","new_version":"0.11.0","repository_url":"https://github.com/mypyc/librt"},{"name":"matplotlib-inline","old_version":"0.2.1","new_version":"0.2.2","repository_url":"https://github.com/ipython/matplotlib-inline"},{"name":"mypy","old_version":"2.0.0","new_version":"2.1.0","repository_url":"https://github.com/python/mypy"},{"name":"regex","old_version":"2026.4.4","new_version":"2026.5.9","repository_url":"https://github.com/mrabarnett/mrab-regex"},{"name":"requests","old_version":"2.33.1","new_version":"2.34.2","repository_url":"https://github.com/psf/requests"},{"name":"ruff","old_version":"0.15.12","new_version":"0.15.13","repository_url":"https://github.com/astral-sh/ruff"},{"name":"types-pyyaml","old_version":"6.0.12.20260408","new_version":"6.0.12.20260510","repository_url":"https://github.com/python/typeshed"},{"name":"types-requests","old_version":"2.33.0.20260503","new_version":"2.33.0.20260513","repository_url":"https://github.com/python/typeshed"}],"path":null,"ecosystem":"pip"},"body":"Bumps the python-dependencies group with 13 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [pandas](https://github.com/pandas-dev/pandas) | `3.0.2` | `3.0.3` |\n| [astropy-iers-data](https://github.com/astropy/astropy-iers-data) | `0.2026.5.4.1.4.54` | `0.2026.5.11.1.8.52` |\n| [coverage](https://github.com/coveragepy/coveragepy) | `7.13.5` | `7.14.0` |\n| [fonttools](https://github.com/fonttools/fonttools) | `4.62.1` | `4.63.0` |\n| [idna](https://github.com/kjd/idna) | `3.13` | `3.15` |\n| [librt](https://github.com/mypyc/librt) | `0.10.0` | `0.11.0` |\n| [matplotlib-inline](https://github.com/ipython/matplotlib-inline) | `0.2.1` | `0.2.2` |\n| [mypy](https://github.com/python/mypy) | `2.0.0` | `2.1.0` |\n| [regex](https://github.com/mrabarnett/mrab-regex) | `2026.4.4` | `2026.5.9` |\n| [requests](https://github.com/psf/requests) | `2.33.1` | `2.34.2` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.15.12` | `0.15.13` |\n| [types-pyyaml](https://github.com/python/typeshed) | `6.0.12.20260408` | `6.0.12.20260510` |\n| [types-requests](https://github.com/python/typeshed) | `2.33.0.20260503` | `2.33.0.20260513` |\n\nUpdates `pandas` from 3.0.2 to 3.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pandas-dev/pandas/releases\"\u003epandas's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003epandas 3.0.3\u003c/h2\u003e\n\u003cp\u003eWe are pleased to announce the release of pandas 3.0.3.\nThis is a patch release in the 3.0.x series and includes some regression fixes and bug fixes. We recommend that all users of the 3.0.x series upgrade to this version.\u003c/p\u003e\n\u003cp\u003eSee the \u003ca href=\"https://pandas.pydata.org/docs/whatsnew/v3.0.3.html\"\u003efull whatsnew\u003c/a\u003e for a list of all the changes.\u003c/p\u003e\n\u003cp\u003ePandas 3.0 supports Python 3.11 and higher.\nThe release can be installed from PyPI:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epython -m pip install --upgrade pandas==3.0.*\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eOr from conda-forge\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge pandas=3.0\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003ePlease report any issues with the release on the \u003ca href=\"https://github.com/pandas-dev/pandas/issues\"\u003epandas issue tracker\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThanks to all the contributors who made this release possible.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/72f2fea91530b5abb3cf2100cb22d84e504695c0\"\u003e\u003ccode\u003e72f2fea\u003c/code\u003e\u003c/a\u003e RLS: 3.0.3 (\u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/65590\"\u003e#65590\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/2897590094c2b6e3962d01a82665936f30be563d\"\u003e\u003ccode\u003e2897590\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/65436\"\u003e#65436\u003c/a\u003e on branch 3.0.x (Account for privatization of matplotlib `...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/49894b5b6037c50f6444504070d9b1e8e514001a\"\u003e\u003ccode\u003e49894b5\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/65499\"\u003e#65499\u003c/a\u003e on branch 3.0.x (BUG: fix check if pyarrow is installed in...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/1c6d1e30cc4b80bedb769a8b3731b0788f69c9dc\"\u003e\u003ccode\u003e1c6d1e3\u003c/code\u003e\u003c/a\u003e [backport 3.0.x] PERF: remove special casing for zoneinfo in tz_localize_to_u...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/2a547116afc46d88d4e6584670fd793949222a1e\"\u003e\u003ccode\u003e2a54711\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/64379\"\u003e#64379\u003c/a\u003e on branch 3.0.x (PERF: improve performance with ZoneInfo t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/036bb7c0e7160b9d5a7f6bd26a9fc00921fa6977\"\u003e\u003ccode\u003e036bb7c\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/65482\"\u003e#65482\u003c/a\u003e on branch 3.0.x (PERF: don't call unique on dtypes for che...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/bf4c182b09251f5b469e8e246ae3ea3e1ae07164\"\u003e\u003ccode\u003ebf4c182\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/65410\"\u003e#65410\u003c/a\u003e on branch 3.0.x (TST: also convert str index to object in ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/dd02d75ce219135f9f3f65c13644d4be35585d42\"\u003e\u003ccode\u003edd02d75\u003c/code\u003e\u003c/a\u003e [backport 3.0.x] BUG: keep fsspec OpenFile alive for chained URL reads (\u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/6547\"\u003e#6547\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/aef3d0f6698667262c6d6ffc69180b280b0fa86a\"\u003e\u003ccode\u003eaef3d0f\u003c/code\u003e\u003c/a\u003e [backport 3.0.x] CI: lowercase types-pymysql/types-pyyaml to fix mamba 2.6.0 ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/bb8e24876273a14322047f4b89e648f6a4abebae\"\u003e\u003ccode\u003ebb8e248\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/65399\"\u003e#65399\u003c/a\u003e on branch 3.0.x (DOC: fix source link for classes in the r...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pandas-dev/pandas/compare/v3.0.2...v3.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `astropy-iers-data` from 0.2026.5.4.1.4.54 to 0.2026.5.11.1.8.52\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astropy/astropy-iers-data/releases\"\u003eastropy-iers-data's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.2026.5.11.1.8.52\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/astropy/astropy-iers-data/compare/v0.2026.5.4.1.4.54...v0.2026.5.11.1.8.52\"\u003ehttps://github.com/astropy/astropy-iers-data/compare/v0.2026.5.4.1.4.54...v0.2026.5.11.1.8.52\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astropy/astropy-iers-data/commit/f21a227f08b656a5dd03d7244f14c1c57a0737c1\"\u003e\u003ccode\u003ef21a227\u003c/code\u003e\u003c/a\u003e Update IERS Earth rotation and leap second tables\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/astropy/astropy-iers-data/compare/v0.2026.5.4.1.4.54...v0.2026.5.11.1.8.52\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `coverage` from 7.13.5 to 7.14.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst\"\u003ecoverage's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 7.14.0 — 2026-05-10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeature: now when running one of the reporting commands, if there are\nparallel data files that need combining, they will be implicitly combined\nbefore creating the report. There is no option to avoid the combination; let\nus know if you have a use case that requires it.  Thanks, \u003ccode\u003eTim Hatch \u0026lt;pull 2162_\u0026gt;\u003c/code\u003e\u003cem\u003e. Closes \u003ccode\u003eissue 1781\u003c/code\u003e\u003c/em\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the output from \u003ccode\u003ecombine\u003c/code\u003e was too verbose, listing each file\nconsidered. Now it shows a single line with the counts of files combined,\nfiles skipped, and files with errors. The \u003ccode\u003e-q\u003c/code\u003e flag suppresses this line.\nThe old detailed lines are available with the new \u003ccode\u003e--debug=combine\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: running a Python file through a symlink now sets the sys.path correctly,\nmatching regular Python behavior. Fixes \u003ccode\u003eissue 2157\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: \u003ccode\u003eCollector.flush_data\u003c/code\u003e could fail with \u0026quot;RuntimeError: Set changed\nsize during iteration\u0026quot; when a tracer in another thread added a line to the\nper-file set that \u003ccode\u003eadd_lines\u003c/code\u003e (or \u003ccode\u003eadd_arcs\u003c/code\u003e) was iterating. The values\npassed to \u003ccode\u003eCoverageData\u003c/code\u003e are now snapshotted via \u003ccode\u003edict.copy()\u003c/code\u003e and\n\u003ccode\u003eset.copy()\u003c/code\u003e, which are atomic under the GIL. Thanks, \u003ccode\u003eAlex Vandiver \u0026lt;pull 2165_\u0026gt;\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the soft keyword \u003ccode\u003elazy\u003c/code\u003e is now bolded in HTML reports.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWe are no longer testing eventlet support. Eventlet started issuing stern\ndeprecation warnings that break our tests. Our support code is still there.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _issue 1781: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/1781\"\u003ecoveragepy/coveragepy#1781\u003c/a\u003e\n.. _issue 2157: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2157\"\u003ecoveragepy/coveragepy#2157\u003c/a\u003e\n.. _pull 2162: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/pull/2162\"\u003ecoveragepy/coveragepy#2162\u003c/a\u003e\n.. _pull 2165: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/pull/2165\"\u003ecoveragepy/coveragepy#2165\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e.. _changes_7-13-5:\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/646351b60429f1b5760af6c1b97b28483244a955\"\u003e\u003ccode\u003e646351b\u003c/code\u003e\u003c/a\u003e docs: sample HTML for 7.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/39cd015505c8b04369c5b06e34fc22449a697370\"\u003e\u003ccode\u003e39cd015\u003c/code\u003e\u003c/a\u003e docs: prep for 7.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/649e8aa34af7d80c386ae82e8a3a6c9a3acb0dab\"\u003e\u003ccode\u003e649e8aa\u003c/code\u003e\u003c/a\u003e docs: thanks Alex Vandiver for \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2165\"\u003e#2165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/8cd392e3b5c4bc15d534aaec0c21714f9f518469\"\u003e\u003ccode\u003e8cd392e\u003c/code\u003e\u003c/a\u003e fix: snapshot data in Collector.flush_data to avoid threading race (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2165\"\u003e#2165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/c48e0edc2ebe44621b0053176e90f77b0c79bec1\"\u003e\u003ccode\u003ec48e0ed\u003c/code\u003e\u003c/a\u003e fix: less output for combining\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/c2a3a284078556c911e0d9b6c6af1b7082a363ea\"\u003e\u003ccode\u003ec2a3a28\u003c/code\u003e\u003c/a\u003e docs: explain the change from \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2162\"\u003e#2162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/1cd47aa6ac1da4e150da44055295d4e4f3a014e8\"\u003e\u003ccode\u003e1cd47aa\u003c/code\u003e\u003c/a\u003e fix: implicit combine-during-report now removes the combined data files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/2d99fd7696e0bccec8037479a4e45c1ecccb8058\"\u003e\u003ccode\u003e2d99fd7\u003c/code\u003e\u003c/a\u003e feat: automatically combine coverage in report, thanks Tim Hatch (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2162\"\u003e#2162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/9fbdcdfee1c122fac43f1bf9a5e2d1f4d835f21c\"\u003e\u003ccode\u003e9fbdcdf\u003c/code\u003e\u003c/a\u003e fix: lazy soft keywords are bolded\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/5de7d0267b9466d59995aaae1a7e707c8c6f66e7\"\u003e\u003ccode\u003e5de7d02\u003c/code\u003e\u003c/a\u003e build: oops, misplaced quote\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/coveragepy/coveragepy/compare/7.13.5...7.14.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fonttools` from 4.62.1 to 4.63.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fonttools/fonttools/releases\"\u003efonttools's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.63.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[ttLib] Add support for Apple Color Emoji \u003ccode\u003ebgcl\u003c/code\u003e table (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4065\"\u003e#4065\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[ttLib] Add support for \u003ccode\u003eIFT\u003c/code\u003e and \u003ccode\u003eIFTX\u003c/code\u003e tables (Incremental Font Transfer, PatchMapFormat2) (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4070\"\u003e#4070\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4072\"\u003e#4072\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[otData] Introduce \u003ccode\u003eFieldSpec\u003c/code\u003e dataclass for OpenType table schema definitions, replacing raw tuples in \u003ccode\u003eotData.py\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4076\"\u003e#4076\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[Feat] Show \u003ccode\u003ename\u003c/code\u003e table strings as comments next to label IDs in TTX output, matching the convention used by \u003ccode\u003efvar\u003c/code\u003e, \u003ccode\u003eSTAT\u003c/code\u003e, \u003ccode\u003etrak\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4089\"\u003e#4089\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cu2qu] Fix Cython complex-division rounding difference in \u003ccode\u003esplit_cubic_into_three\u003c/code\u003e that could cause ±1 off-curve coordinate shifts (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/3928\"\u003e#3928\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4083\"\u003e#4083\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[designspaceLib] Fix \u003ccode\u003emap_backward\u003c/code\u003e\u003ccode\u003egooglefonts/ufo2ft#978\u003c/code\u003e\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4085\"\u003e#4085\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[OS/2] Fix \u003ccode\u003esetUnicodeRanges\u003c/code\u003e to accept reserved bits 123-127, restoring round-trip with \u003ccode\u003egetUnicodeRanges\u003c/code\u003e and fixing \u003ccode\u003erecalcUnicodeRanges\u003c/code\u003e crash in the subsetter (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4087\"\u003e#4087\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4088\"\u003e#4088\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cython] Declare Cython extensions as free-threading compatible on Python 3.13+, so that importing them on free-threaded Python no longer re-enables the GIL (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4073\"\u003e#4073\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4090\"\u003e#4090\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fonttools/fonttools/blob/main/NEWS.rst\"\u003efonttools's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.63.0 (released 2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[ttLib] Add support for Apple Color Emoji \u003ccode\u003ebgcl\u003c/code\u003e table (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4065\"\u003e#4065\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[ttLib] Add support for \u003ccode\u003eIFT\u003c/code\u003e and \u003ccode\u003eIFTX\u003c/code\u003e tables (Incremental Font Transfer,\nPatchMapFormat2) (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4070\"\u003e#4070\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4072\"\u003e#4072\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[otData] Introduce \u003ccode\u003eFieldSpec\u003c/code\u003e dataclass for OpenType table schema definitions,\nreplacing raw tuples in \u003ccode\u003eotData.py\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4076\"\u003e#4076\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[Feat] Show \u003ccode\u003ename\u003c/code\u003e table strings as comments next to label IDs in TTX output,\nmatching the convention used by \u003ccode\u003efvar\u003c/code\u003e, \u003ccode\u003eSTAT\u003c/code\u003e, \u003ccode\u003etrak\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4089\"\u003e#4089\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cu2qu] Fix Cython complex-division rounding difference in\n\u003ccode\u003esplit_cubic_into_three\u003c/code\u003e that could cause ±1 off-curve coordinate shifts\n(\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/3928\"\u003e#3928\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4083\"\u003e#4083\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[designspaceLib] Fix \u003ccode\u003emap_backward\u003c/code\u003e for many-to-one (flat-segment) axis maps\nthat silently dropped entries via dict comprehension\n\u003ccode\u003egooglefonts/ufo2ft#978\u003c/code\u003e\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4085\"\u003e#4085\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[OS/2] Fix \u003ccode\u003esetUnicodeRanges\u003c/code\u003e to accept reserved bits 123-127, restoring\nround-trip with \u003ccode\u003egetUnicodeRanges\u003c/code\u003e and fixing \u003ccode\u003erecalcUnicodeRanges\u003c/code\u003e crash\nin the subsetter (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4087\"\u003e#4087\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4088\"\u003e#4088\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cython] Declare Cython extensions as free-threading compatible on Python 3.13+,\nso that importing them on free-threaded Python no longer re-enables the GIL\n(\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4073\"\u003e#4073\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4090\"\u003e#4090\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/978d9edccb60ea0e5fbad7015cb11817c3532328\"\u003e\u003ccode\u003e978d9ed\u003c/code\u003e\u003c/a\u003e Release 4.63.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/6b40ecb6f13e076916044ecd8f0fc13ab5f957f6\"\u003e\u003ccode\u003e6b40ecb\u003c/code\u003e\u003c/a\u003e Add changelog entries for 4.63.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/382a35fb5e96c6ff38a1e7775a24e20bf122a66d\"\u003e\u003ccode\u003e382a35f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4090\"\u003e#4090\u003c/a\u003e from fonttools/fix-freethreading-compat\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/0e999b55f05ad0dd8423f389673a32de9c5199bb\"\u003e\u003ccode\u003e0e999b5\u003c/code\u003e\u003c/a\u003e Declare Cython extensions as free-threading compatible\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/9e55ea54c184b0d4c0830525f72e69c6c1a32691\"\u003e\u003ccode\u003e9e55ea5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4089\"\u003e#4089\u003c/a\u003e from fonttools/graphite-feat-labels\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/e84db3ab426a251256ebec7904c03dc73e25932b\"\u003e\u003ccode\u003ee84db3a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4088\"\u003e#4088\u003c/a\u003e from fonttools/fix-setUnicodeRanges-bits-123-127\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/d6eabd1edf7bfa950b6b85c393e4c185dee36d7f\"\u003e\u003ccode\u003ed6eabd1\u003c/code\u003e\u003c/a\u003e Feat: show name table strings as comments next to label IDs in ttx\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/7d0902b2e27ec1433b015b3b8a79391d7c8604cb\"\u003e\u003ccode\u003e7d0902b\u003c/code\u003e\u003c/a\u003e OS/2: fix setUnicodeRanges round-trip for reserved bits 123-127\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/06e266ce70ec578d549c2df0e180a84d9323baf2\"\u003e\u003ccode\u003e06e266c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4085\"\u003e#4085\u003c/a\u003e from fonttools/fix-map-backward-non-injective\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/6d64598a63f83bcd59d29cf3f22dd25343bd9688\"\u003e\u003ccode\u003e6d64598\u003c/code\u003e\u003c/a\u003e Add more tests for map_backward with many-to-one axis maps\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fonttools/fonttools/compare/4.62.1...4.63.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.13 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.13...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `librt` from 0.10.0 to 0.11.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mypyc/librt/commit/862679a0492f4433a286b2d53965ec2603623be1\"\u003e\u003ccode\u003e862679a\u003c/code\u003e\u003c/a\u003e Sync mypy and bump version to 0.11.0 (\u003ca href=\"https://redirect.github.com/mypyc/librt/issues/40\"\u003e#40\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/mypyc/librt/compare/v0.10.0...v0.11.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `matplotlib-inline` from 0.2.1 to 0.2.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/e6e197523ecfabfff1d976e5b6958c3ede948ccb\"\u003e\u003ccode\u003ee6e1975\u003c/code\u003e\u003c/a\u003e release 0.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/0aac2e223483ffbfb5a6076d8c2ca83545cca440\"\u003e\u003ccode\u003e0aac2e2\u003c/code\u003e\u003c/a\u003e Bump the actions group across 1 directory with 2 updates (\u003ca href=\"https://redirect.github.com/ipython/matplotlib-inline/issues/65\"\u003e#65\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/6eb2bd89dc8d4d6678478c6b2ec15be7b20d3374\"\u003e\u003ccode\u003e6eb2bd8\u003c/code\u003e\u003c/a\u003e Bump the actions group across 1 directory with 2 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/631d7dd26be1287f64c5bd4bbb84888903e419b0\"\u003e\u003ccode\u003e631d7dd\u003c/code\u003e\u003c/a\u003e Zizmor hardening (\u003ca href=\"https://redirect.github.com/ipython/matplotlib-inline/issues/66\"\u003e#66\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/8d45c8fc427d39750751bdaa0ffe5abc8e30cd50\"\u003e\u003ccode\u003e8d45c8f\u003c/code\u003e\u003c/a\u003e Zizmor hardening\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/f830b37c728146dca4f947de6cbdb420ee9c69fb\"\u003e\u003ccode\u003ef830b37\u003c/code\u003e\u003c/a\u003e Specify BSD license and add license files (\u003ca href=\"https://redirect.github.com/ipython/matplotlib-inline/issues/62\"\u003e#62\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/e3b8bb10d275d5caa97d8d1b584d48797e494de4\"\u003e\u003ccode\u003ee3b8bb1\u003c/code\u003e\u003c/a\u003e Deprecate Python 3.9 in CI pipeline\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/c783ae72ed581f24fa136f34e6df4f6e99c3f785\"\u003e\u003ccode\u003ec783ae7\u003c/code\u003e\u003c/a\u003e Deprecate Python 3.9 in CI pipeline\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/8ac056c5730a6adbc9dd5e049b85163ba6a09a28\"\u003e\u003ccode\u003e8ac056c\u003c/code\u003e\u003c/a\u003e Update workflow to include matplotlib for tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/0cc8a2e91306c94e36f0a9cd8e31a38299b1c126\"\u003e\u003ccode\u003e0cc8a2e\u003c/code\u003e\u003c/a\u003e Use valid SPDX ID\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ipython/matplotlib-inline/compare/0.2.1...0.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mypy` from 2.0.0 to 2.1.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python/mypy/blob/master/CHANGELOG.md\"\u003emypy's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eMypy Release Notes\u003c/h1\u003e\n\u003ch2\u003eNext Release\u003c/h2\u003e\n\u003ch2\u003eMypy 2.1\u003c/h2\u003e\n\u003cp\u003eWe’ve just uploaded mypy 2.1.0 to the Python Package Index (\u003ca href=\"https://pypi.org/project/mypy/\"\u003ePyPI\u003c/a\u003e).\nMypy is a static type checker for Python. This release includes new features, performance\nimprovements and bug fixes. You can install it as follows:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epython3 -m pip install -U mypy\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eYou can read the full documentation for this release on \u003ca href=\"http://mypy.readthedocs.io\"\u003eRead the Docs\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003elibrt.vecs: Fast Growable Array Type for Mypyc\u003c/h3\u003e\n\u003cp\u003eThe new \u003ccode\u003elibrt.vecs\u003c/code\u003e module provides an efficient growable array type \u003ccode\u003evec\u003c/code\u003e that is\noptimized for mypyc use. It provides fast, packed arrays with integer and floating point\nvalue types, which can be \u003cstrong\u003eseveral times faster\u003c/strong\u003e than \u003ccode\u003elist\u003c/code\u003e, and tens of times faster\nthan \u003ccode\u003earray.array\u003c/code\u003e in code compiled using mypyc. It also supports nested \u003ccode\u003evec\u003c/code\u003e objects and\nnon-value-type items, such as \u003ccode\u003evec[vec[str]]\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eRefer to the \u003ca href=\"https://mypyc.readthedocs.io/en/latest/librt_vecs.html\"\u003edocumentation\u003c/a\u003e for\nthe details.\u003c/p\u003e\n\u003cp\u003eContributed by Jukka Lehtosalo.\u003c/p\u003e\n\u003ch3\u003elibrt.random: Fast Pseudo-Random Number Generation\u003c/h3\u003e\n\u003cp\u003eThe new \u003ccode\u003elibrt.random\u003c/code\u003e module provides fast pseudo-random number generation that is\noptimized for code compiled using mypyc. It can be 3x to 10x faster than the stdlib\n\u003ccode\u003erandom\u003c/code\u003e module in compiled code.\u003c/p\u003e\n\u003cp\u003eRefer to the \u003ca href=\"https://mypyc.readthedocs.io/en/latest/librt_random.html\"\u003edocumentation\u003c/a\u003e for\nthe details.\u003c/p\u003e\n\u003cp\u003eContributed by Jukka Lehtosalo (PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21433\"\u003e21433\u003c/a\u003e).\u003c/p\u003e\n\u003ch3\u003eMypyc Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMake compilation order with multiple files consistent (Piotr Sawicki, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21419\"\u003e21419\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash on accessing \u003ccode\u003eStopAsyncIteration\u003c/code\u003e (Piotr Sawicki, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21406\"\u003e21406\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix incremental compilation with \u003ccode\u003eseparate\u003c/code\u003e flag (Vaggelis Danias, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21299\"\u003e21299\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes to Crashes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix crash on partial type with \u003ccode\u003e--allow-redefinition\u003c/code\u003e and \u003ccode\u003eglobal\u003c/code\u003e declaration (Jukka Lehtosalo, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21428\"\u003e21428\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix broken awaitable generator patching (Ivan Levkivskyi, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21435\"\u003e21435\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges to Messages\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/c1c336d7e34eb313080c79b156518c58d27c7234\"\u003e\u003ccode\u003ec1c336d\u003c/code\u003e\u003c/a\u003e Remove +dev from version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/74df14b7cbf08140236aa45bbb7f42219b0b1df7\"\u003e\u003ccode\u003e74df14b\u003c/code\u003e\u003c/a\u003e Add changelog for mypy 2.1 (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21464\"\u003e#21464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/022d9bc96f86c40f338a5cf150f1806cc8f300ff\"\u003e\u003ccode\u003e022d9bc\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;TypeForm: Enable by default (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21262\"\u003e#21262\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/8826288214f1cb31496e610667481221e025359c\"\u003e\u003ccode\u003e8826288\u003c/code\u003e\u003c/a\u003e [mypyc] Document librt.random (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21463\"\u003e#21463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/3f4067b699dbe52d08e42ef3b3ebfdebdc06bd96\"\u003e\u003ccode\u003e3f4067b\u003c/code\u003e\u003c/a\u003e Bump librt version to 0.11.0 (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21458\"\u003e#21458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/2b1eb58a250c5f1eb4ef5fb1f312ff528c5a1d4e\"\u003e\u003ccode\u003e2b1eb58\u003c/code\u003e\u003c/a\u003e [mypyc] Enable incremental self-compilation (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21369\"\u003e#21369\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/8152f4af3f6c03beaf2660026240f0fdce7feecc\"\u003e\u003ccode\u003e8152f4a\u003c/code\u003e\u003c/a\u003e Respect file config comments for stale modules (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21444\"\u003e#21444\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/116d60bdd3fdfe8d97c6afe99370910db56f1b92\"\u003e\u003ccode\u003e116d60b\u003c/code\u003e\u003c/a\u003e Fix nondeterminism from nonassociativity of overload joins (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21455\"\u003e#21455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/6c4af8e42110cea3f84bc02add2ca7b89c268210\"\u003e\u003ccode\u003e6c4af8e\u003c/code\u003e\u003c/a\u003e Fix function call message change for small number of args (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21432\"\u003e#21432\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/4b8fdcaf24032592510e8f15421fb32d82a71800\"\u003e\u003ccode\u003e4b8fdca\u003c/code\u003e\u003c/a\u003e [mypyc] Add librt.random module (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21433\"\u003e#21433\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python/mypy/compare/v2.0.0...v2.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `regex` from 2026.4.4 to 2026.5.9\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mrabarnett/mrab-regex/blob/hg/changelog.txt\"\u003eregex's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eVersion: 2026.5.9\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eReverse matching with full unicode casefolding could lead to out-of-range string indexes.\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eVersion: 2026.4.4\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eA fix for older Python versions before free-threading was  supported.\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eVersion: 2026.4.3\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eMore fixes for free-threading.\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eVersion: 2026.3.32\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eFixed segfault.\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eVersion: 2026.3.31\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eFixed bug again.\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eVersion: 2026.3.30\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eFixed bug.\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eVersion: 2026.3.28\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eFixed version.\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eVersion: 2026.3.27\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eVarious fixes, including ones to improve free-threading support.\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eVersion: 2026.2.28\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eReplaced atomic operations with mutex on pattern object for free-threaded Python.\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eVersion: 2026.2.26\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003ePR [#598](https://github.com/mrabarnett/mrab-regex/issues/598): Fix race condition in storage caching with atomic operations.\n\u003cp\u003eReplaced use of PyUnicode_GET_LENGTH with PyUnicode_GetLength.\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eVersion: 2026.2.19\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eAdded \\z as alias of \\Z, like in re module.\n\u003cp\u003eAdded prefixmatch as alias of match, like in re module.\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eVersion: 2026.1.15\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mrabarnett/mrab-regex/commit/e57d185bb711729091907b23edac5dcba0426243\"\u003e\u003ccode\u003ee57d185\u003c/code\u003e\u003c/a\u003e Reverse matching with full unicode casefolding lead to out-of-range string in...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/mrabarnett/mrab-regex/compare/2026.4.4...2026.5.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.33.1 to 2.34.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.34.2\u003c/h2\u003e\n\u003ch2\u003e2.34.2 (2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMoved \u003ccode\u003eheaders\u003c/code\u003e input type back to \u003ccode\u003eMapping\u003c/code\u003e to avoid invariance issues with \u003ccode\u003eMutableMapping\u003c/code\u003e and inferred dict types. Users calling \u003ccode\u003eRequest.headers.update()\u003c/code\u003e may need to narrow typing in their code. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.34.1\u003c/h2\u003e\n\u003ch2\u003e2.34.1 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWidened \u003ccode\u003ejson\u003c/code\u003e input type from \u003ccode\u003edict\u003c/code\u003e and \u003ccode\u003elist\u003c/code\u003e to \u003ccode\u003eMapping\u003c/code\u003e\nand \u003ccode\u003eSequence\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanged \u003ccode\u003eheaders\u003c/code\u003e input type to MutableMapping and removed \u003ccode\u003eNone\u003c/code\u003e from\n\u003ccode\u003eRequest.headers\u003c/code\u003e typing to improve handling for users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.reason\u003c/code\u003e moved from \u003ccode\u003estr | None\u003c/code\u003e to \u003ccode\u003estr\u003c/code\u003e to improve handling\nfor users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where some bodies with custom \u003ccode\u003e__getattr__\u003c/code\u003e implementations\nweren't being properly detected as Iterables. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7433\"\u003e#7433\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/k223kim\"\u003e\u003ccode\u003e@​k223kim\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7433\"\u003epsf/requests#7433\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.34.0\u003c/h2\u003e\n\u003ch2\u003e2.34.0 (2026-05-11)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRequests 2.34.0 introduces inline types, replacing those provided by\ntypeshed. Public API types should be fully compatible with mypy, pyright,\nand ty. \u003cstrong\u003eWe believe types are comprehensive but if you find issues, please\nreport them to the \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003epinned tracking issue\u003c/a\u003e.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eSpecial thanks to \u003ca href=\"https://github.com/bastimeyer\"\u003e\u003ccode\u003e@​bastimeyer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/cthoyt\"\u003e\u003ccode\u003e@​cthoyt\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/edgarrmondragon\"\u003e\u003ccode\u003e@​edgarrmondragon\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/srittau\"\u003e\u003ccode\u003e@​srittau\u003c/code\u003e\u003c/a\u003e for\nhelping review and test the types ahead of the release. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7272\"\u003e#7272\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDigest Auth hashing algorithms have added \u003ccode\u003eusedforsecurity=False\u003c/code\u003e to clarify\nsecurity considerations. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7310\"\u003e#7310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.15 based on beta1. Downstream projects\nshould be able to start testing prior to its release in October. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7422\"\u003e#7422\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.14t. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7419\"\u003e#7419\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eResponse.history\u003c/code\u003e no longer contains a reference to itself, preventing\naccidental looping when traversing the history list. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7328\"\u003e#7328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests no longer performs greedy matching on no_proxy domains. The\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.34.2 (2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMoved \u003ccode\u003eheaders\u003c/code\u003e input type back to \u003ccode\u003eMapping\u003c/code\u003e to avoid invariance issues\nwith \u003ccode\u003eMutableMapping\u003c/code\u003e and inferred dict types. Users calling\n\u003ccode\u003eRequest.headers.update()\u003c/code\u003e may need to narrow typing in their code. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.34.1 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWidened \u003ccode\u003ejson\u003c/code\u003e input type from \u003ccode\u003edict\u003c/code\u003e and \u003ccode\u003elist\u003c/code\u003e to \u003ccode\u003eMapping\u003c/code\u003e\nand \u003ccode\u003eSequence\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanged \u003ccode\u003eheaders\u003c/code\u003e input type to MutableMapping and removed \u003ccode\u003eNone\u003c/code\u003e from\n\u003ccode\u003eRequest.headers\u003c/code\u003e typing to improve handling for users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.reason\u003c/code\u003e moved from \u003ccode\u003estr | None\u003c/code\u003e to \u003ccode\u003estr\u003c/code\u003e to improve handling\nfor users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where some bodies with custom \u003ccode\u003e__getattr__\u003c/code\u003e implementations\nweren't being properly detected as Iterables. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7433\"\u003e#7433\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.34.0 (2026-05-11)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRequests 2.34.0 introduces inline types, replacing those provided by\ntypeshed. Public API types should be fully compatible with mypy, pyright,\nand ty. We believe types are comprehensive but if you find issues, please\nreport them to the pinned tracking issue.\u003c/p\u003e\n\u003cp\u003eSpecial thanks to \u003ca href=\"https://github.com/bastimeyer\"\u003e\u003ccode\u003e@​bastimeyer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/cthoyt\"\u003e\u003ccode\u003e@​cthoyt\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/edgarrmondragon\"\u003e\u003ccode\u003e@​edgarrmondragon\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/srittau\"\u003e\u003ccode\u003e@​srittau\u003c/code\u003e\u003c/a\u003e for\nhelping review and test the types ahead of the release. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7272\"\u003e#7272\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDigest Auth hashing algorithms have added \u003ccode\u003eusedforsecurity=False\u003c/code\u003e to clarify\nsecurity considerations. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7310\"\u003e#7310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.15 based on beta1. Downstream projects\nshould be able to start testing prior to its release in October. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7422\"\u003e#7422\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.14t. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7419\"\u003e#7419\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eResponse.history\u003c/code\u003e no longer contains a reference to itself, preventing\naccidental looping when traversing the history list. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7328\"\u003e#7328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests no longer performs greedy matching on no_proxy domains. The\nproxy_bypass implementation has been updated with CPython's fix from\nbpo-39057. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7427\"\u003e#7427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests no longer incorrectly strips duplicate leading slashes in\nURI paths. This should address user issues with specific presigned\nURLs. Note the full fix requires urllib3 2.7.0+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7315\"\u003e#7315\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/6e83187b8feb273ed4c6cdab5efd8d54901dfab3\"\u003e\u003ccode\u003e6e83187\u003c/code\u003e\u003c/a\u003e v2.34.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/84d10f0be83e8f6aeca8a05230c52216431c4d0b\"\u003e\u003ccode\u003e84d10f0\u003c/code\u003e\u003c/a\u003e Move Request.headers back to Mapping (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/b7b549b54571d03950b16afd2d01bc6ff0348224\"\u003e\u003ccode\u003eb7b549b\u003c/code\u003e\u003c/a\u003e v2.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e511bc72777a94c45d004e010c597925092e1efe\"\u003e\u003ccode\u003ee511bc7\u003c/code\u003e\u003c/a\u003e Fix mutability issues with headers input types (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/5691f596134c2feb121e595c77a0178921fcce61\"\u003e\u003ccode\u003e5691f59\u003c/code\u003e\u003c/a\u003e Update JsonType containers to read-based collections (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/2144213c307691710c9d665700860fc4993c3035\"\u003e\u003ccode\u003e2144213\u003c/code\u003e\u003c/a\u003e Constrain Response.reason to str (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/6404f345e562d962abe6700a1c357ec1e7e18232\"\u003e\u003ccode\u003e6404f34\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eprepare_body\u003c/code\u003e stream detection for \u003ccode\u003e__getattr__\u003c/code\u003e-based file wrappers (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7\"\u003e#7\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0b401c76b6e80a4eecf3c690085b2553f6e261ca\"\u003e\u003ccode\u003e0b401c7\u003c/code\u003e\u003c/a\u003e v2.34.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/86b378d3f60f828daa13ca50aa82e287ff7b66b4\"\u003e\u003ccode\u003e86b378d\u003c/code\u003e\u003c/a\u003e Align Session.get parameters with requests.get (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7429\"\u003e#7429\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/a4f9a5999bdb9bf2d6e7c8aa973b28cacb17134f\"\u003e\u003ccode\u003ea4f9a59\u003c/code\u003e\u003c/a\u003e Port bpo-39057 to Requests (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7427\"\u003e#7427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.33.1...v2.34.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ruff` from 0.15.12 to 0.15.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/releases\"\u003eruff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.13\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-14.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a rule to flag lazy imports that are eagerly evaluated (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25016\"\u003e#25016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Standardize diagnostic message (\u003ccode\u003ePLR0914\u003c/code\u003e, \u003ccode\u003ePLR0917\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24996\"\u003e#24996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eF811\u003c/code\u003e false positive for class methods (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24933\"\u003e#24933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix setting selection for multi-folder workspace (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24819\"\u003e#24819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eeradicate\u003c/code\u003e] Fix false positive for lines with leading whitespace (\u003ccode\u003eERA001\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25122\"\u003e#25122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-pyi\u003c/code\u003e] Fix false positive for f-string debug specifier (\u003ccode\u003ePYI016\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24098\"\u003e#24098\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways include panic payload in panic diagnostic message (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24873\"\u003e#24873\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRestrict \u003ccode\u003ePYI034\u003c/code\u003e for in-place operations to enclosing class (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24511\"\u003e#24511\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove error message for parameters that are declared \u003ccode\u003eglobal\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24902\"\u003e#24902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate known stdlib (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25103\"\u003e#25103\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eisort\u003c/code\u003e] Avoid constructing \u003ccode\u003eglob::Pattern\u003c/code\u003es for literal known modules (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25123\"\u003e#25123\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCLI\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd TOML examples to \u003ccode\u003e--config\u003c/code\u003e help text (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25013\"\u003e#25013\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eColorize ruff check 'All checks passed' (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25085\"\u003e#25085\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIncrease max allowed value of \u003ccode\u003eline-length\u003c/code\u003e setting (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24962\"\u003e#24962\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eD203\u003c/code\u003e to rules that conflict with the formatter (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25044\"\u003e#25044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClarify \u003ccode\u003eCOM819\u003c/code\u003e and formatter interaction (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25045\"\u003e#25045\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClarify that \u003ccode\u003eNotImplemented\u003c/code\u003e is a value, not an exception (\u003ccode\u003eF901\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25054\"\u003e#25054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate number of lint rules supported (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24942\"\u003e#24942\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSimplify the playground's markdown template (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24924\"\u003e#24924\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md\"\u003eruff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.13\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-14.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a rule to flag lazy imports that are eagerly evaluated (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25016\"\u003e#25016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Standardize diagnostic message (\u003ccode\u003ePLR0914\u003c/code\u003e, \u003ccode\u003ePLR0917\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24996\"\u003e#24996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eF811\u003c/code\u003e false positive for class methods (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24933\"\u003e#24933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix setting selection for multi-folder workspace (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24819\"\u003e#24819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eeradicate\u003c/code\u003e] Fix false positive for lines with leading whitespace (\u003ccode\u003eERA001\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25122\"\u003e#25122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-pyi\u003c/code\u003e] Fix false positive for f-string debug specifier (\u003ccode\u003ePYI016\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24098\"\u003e#24098\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways include panic payload in panic diagnostic message (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24873\"\u003e#24873\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRestrict \u003ccode\u003ePYI034\u003c/code\u003e for in-place operations to enclosing class (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24511\"\u003e#24511\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove error message for parameters that are declared \u003ccode\u003eglobal\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24902\"\u003e#24902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate known stdlib (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25103\"\u003e#25103\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eisort\u003c/code\u003e] Avoid constructing \u003ccode\u003eglob::Pattern\u003c/code\u003es for literal known modules (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25123\"\u003e#25123\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCLI\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd TOML examples to \u003ccode\u003e--config\u003c/code\u003e help text (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25013\"\u003e#25013\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eColorize ruff check 'All checks passed' (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25085\"\u003e#25085\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIncrease max allowed value of \u003ccode\u003eline-length\u003c/code\u003e setting (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24962\"\u003e#24962\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eD203\u003c/code\u003e to rules that conflict with the formatter (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25044\"\u003e#25044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClarify \u003ccode\u003eCOM819\u003c/code\u003e and formatter interaction (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25045\"\u003e#25045\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClarify that \u003ccode\u003eNotImplemented\u003c/code\u003e is a value, not an exception (\u003ccode\u003eF901\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25054\"\u003e#25054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate number of lint rules supported (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24942\"\u003e#24942\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSimplify the playground's markdown template (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24924\"\u003e#24924\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MichaReiser\"\u003e\u003ccode\u003e@​MichaReiser\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/2afb467ce397e4a89c13a0a814c62cfecb0e9e49\"\u003e\u003ccode\u003e2afb467\u003c/code\u003e\u003c/a\u003e Bump 0.15.13 (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25157\"\u003e#25157\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/300879600fa3af7cde1e675c63de6ad9d0797d1b\"\u003e\u003ccode\u003e3008796\u003c/code\u003e\u003c/a\u003e [ty] classify TypeVar semantic tokens as type parameters (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24891\"\u003e#24891\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/79470e31877acb6074f3bbff2a49e508822ae4e8\"\u003e\u003ccode\u003e79470e3\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003eisort\u003c/code\u003e] Avoid constructing \u003ccode\u003eglob::Pattern\u003c/code\u003es for literal known modules (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25123\"\u003e#25123\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/2522549901d50f18775999f0fb802b19229417f0\"\u003e\u003ccode\u003e2522549\u003c/code\u003e\u003c/a\u003e Remove shellcheck from prek (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25154\"\u003e#25154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/7db7170020f539d6d2bc01dbd0b0c09fab91dc06\"\u003e\u003ccode\u003e7db7170\u003c/code\u003e\u003c/a\u003e [ty] Support TypedDict key completions in incomplete, anonymous contexts (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25\"\u003e#25\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/bb3dd535f1c5a83e2e56ac93a771fadbeeceebd0\"\u003e\u003ccode\u003ebb3dd53\u003c/code\u003e\u003c/a\u003e [ty] Run full iteration analysis on narrowed typevars (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25143\"\u003e#25143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/828cdb7732efcb16a53f4ee5f011cf653b834d1a\"\u003e\u003ccode\u003e828cdb7\u003c/code\u003e\u003c/a\u003e [ty] Isolate file-watching test environment (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25151\"\u003e#25151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/89e1d8670ea4d3af60c8143ee552dc750200718d\"\u003e\u003ccode\u003e89e1d86\u003c/code\u003e\u003c/a\u003e [ty] Preserve TypedDict keys through dict unpacking (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24523\"\u003e#24523\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/86f3064d6fffa5697d174f26b840bd6857b381da\"\u003e\u003ccode\u003e86f3064\u003c/code\u003e\u003c/a\u003e [ty] Avoid accessing \u003ccode\u003eargs[0]\u003c/code\u003e for \u003ccode\u003estatic_assert\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25149\"\u003e#25149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/ed819f947dc27e36eac8bb3134153c4668d76a3a\"\u003e\u003ccode\u003eed819f9\u003c/code\u003e\u003c/a\u003e [ty] Treat custom enum \u003ccode\u003e__new__\u003c/code\u003e values as dynamic (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25136\"\u003e#25136\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/astral-sh/ruff/compare/0.15.12...0.15.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-pyyaml` from 6.0.12.20260408 to 6.0.12.20260510\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-requests` from 2.33.0.20260503 to 2.33.0.20260513\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/tatsuki-washimi/gwexpy/pull/399","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/tatsuki-washimi%2Fgwexpy/issues/399","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/399/packages"},{"uuid":"4424760159","node_id":"PR_kwDORnryns7acuzP","number":80,"state":"closed","title":"chore(deps-dev): Bump types-pyyaml from 6.0.12.20250915 to 6.0.12.20260510","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-19T00:22:47.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-11T22:32:31.000Z","updated_at":"2026-05-19T00:22:48.000Z","time_to_close":611416,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps-dev): Bump","packages":[{"name":"types-pyyaml","old_version":"6.0.12.20250915","new_version":"6.0.12.20260510","repository_url":"https://github.com/python/typeshed"}],"path":null,"ecosystem":"pip"},"body":"Bumps [types-pyyaml](https://github.com/python/typeshed) from 6.0.12.20250915 to 6.0.12.20260510.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=types-pyyaml\u0026package-manager=pip\u0026previous-version=6.0.12.20250915\u0026new-version=6.0.12.20260510)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/Lenivvenil/digest/pull/80","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Lenivvenil%2Fdigest/issues/80","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/80/packages"}],"issue_packages":[{"old_version":"6.0.12.20260408","new_version":"6.0.12.20260518","update_type":null,"path":null,"pr_created_at":"2026-06-03T00:50:11.000Z","version_change":"6.0.12.20260408 → 6.0.12.20260518","issue":{"uuid":"4576009766","node_id":"PR_kwDONDo5gc7iBcdO","number":727,"state":"closed","title":"Bump the python-dependencies group with 25 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-06-09T16:04:55.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-03T00:50:11.000Z","updated_at":"2026-06-09T16:04:58.000Z","time_to_close":573284,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"python-dependencies","update_count":25,"packages":[{"name":"certifi","old_version":"2026.4.22","new_version":"2026.5.20","repository_url":"https://github.com/certifi/python-certifi"},{"name":"django","old_version":"6.0.4","new_version":"6.0.5","repository_url":"https://github.com/django/django"},{"name":"django-import-export","old_version":"4.4.0","new_version":"4.4.1","repository_url":"https://github.com/django-import-export/django-import-export"},{"name":"django-stubs-ext","old_version":"6.0.3","new_version":"6.0.5","repository_url":"https://github.com/typeddjango/django-stubs"},{"name":"gunicorn","old_version":"25.3.0","new_version":"26.0.0","repository_url":"https://github.com/benoitc/gunicorn"},{"name":"idna","old_version":"3.13","new_version":"3.18","repository_url":"https://github.com/kjd/idna"},{"name":"requests","old_version":"2.33.1","new_version":"2.34.2","repository_url":"https://github.com/psf/requests"},{"name":"urllib3","old_version":"2.6.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"click","old_version":"8.3.3","new_version":"8.4.1","repository_url":"https://github.com/pallets/click"},{"name":"platformdirs","old_version":"4.9.6","new_version":"4.10.0","repository_url":"https://github.com/tox-dev/platformdirs"},{"name":"pymdown-extensions","old_version":"10.21.2","new_version":"10.21.3","repository_url":"https://github.com/facelessuser/pymdown-extensions"},{"name":"coverage","old_version":"7.13.5","new_version":"7.14.1","repository_url":"https://github.com/coveragepy/coveragepy"},{"name":"distlib","old_version":"0.4.0","new_version":"0.4.1","repository_url":"https://github.com/pypa/distlib"},{"name":"django-stubs","old_version":"6.0.3","new_version":"6.0.5","repository_url":"https://github.com/typeddjango/django-stubs"},{"name":"librt","old_version":"0.9.0","new_version":"0.11.0","repository_url":"https://github.com/mypyc/librt"},{"name":"mypy","old_version":"1.20.2","new_version":"2.1.0","repository_url":"https://github.com/python/mypy"},{"name":"python-discovery","old_version":"1.2.2","new_version":"1.4.0","repository_url":"https://github.com/tox-dev/python-discovery"},{"name":"regex","old_version":"2026.4.4","new_version":"2026.5.9","repository_url":"https://github.com/mrabarnett/mrab-regex"},{"name":"ruff","old_version":"0.15.12","new_version":"0.15.15","repository_url":"https://github.com/astral-sh/ruff"},{"name":"soupsieve","old_version":"2.8.3","new_version":"2.8.4","repository_url":"https://github.com/facelessuser/soupsieve"},{"name":"types-django-import-export","old_version":"4.4.0.20260408","new_version":"4.4.0.20260518","repository_url":"https://github.com/python/typeshed"},{"name":"types-markdown","old_version":"3.10.2.20260408","new_version":"3.10.2.20260518","repository_url":"https://github.com/python/typeshed"},{"name":"types-pyyaml","old_version":"6.0.12.20260408","new_version":"6.0.12.20260518","repository_url":"https://github.com/python/typeshed"},{"name":"types-requests","old_version":"2.33.0.20260408","new_version":"2.33.0.20260518","repository_url":"https://github.com/python/typeshed"},{"name":"virtualenv","old_version":"21.3.0","new_version":"21.4.2","repository_url":"https://github.com/pypa/virtualenv"}],"path":null,"ecosystem":"pip"},"body":"Bumps the python-dependencies group with 25 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [certifi](https://github.com/certifi/python-certifi) | `2026.4.22` | `2026.5.20` |\n| [django](https://github.com/django/django) | `6.0.4` | `6.0.5` |\n| [django-import-export](https://github.com/django-import-export/django-import-export) | `4.4.0` | `4.4.1` |\n| [django-stubs-ext](https://github.com/typeddjango/django-stubs) | `6.0.3` | `6.0.5` |\n| [gunicorn](https://github.com/benoitc/gunicorn) | `25.3.0` | `26.0.0` |\n| [idna](https://github.com/kjd/idna) | `3.13` | `3.18` |\n| [requests](https://github.com/psf/requests) | `2.33.1` | `2.34.2` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.6.3` | `2.7.0` |\n| [click](https://github.com/pallets/click) | `8.3.3` | `8.4.1` |\n| [platformdirs](https://github.com/tox-dev/platformdirs) | `4.9.6` | `4.10.0` |\n| [pymdown-extensions](https://github.com/facelessuser/pymdown-extensions) | `10.21.2` | `10.21.3` |\n| [coverage](https://github.com/coveragepy/coveragepy) | `7.13.5` | `7.14.1` |\n| [distlib](https://github.com/pypa/distlib) | `0.4.0` | `0.4.1` |\n| [django-stubs](https://github.com/typeddjango/django-stubs) | `6.0.3` | `6.0.5` |\n| [librt](https://github.com/mypyc/librt) | `0.9.0` | `0.11.0` |\n| [mypy](https://github.com/python/mypy) | `1.20.2` | `2.1.0` |\n| [python-discovery](https://github.com/tox-dev/python-discovery) | `1.2.2` | `1.4.0` |\n| [regex](https://github.com/mrabarnett/mrab-regex) | `2026.4.4` | `2026.5.9` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.15.12` | `0.15.15` |\n| [soupsieve](https://github.com/facelessuser/soupsieve) | `2.8.3` | `2.8.4` |\n| [types-django-import-export](https://github.com/python/typeshed) | `4.4.0.20260408` | `4.4.0.20260518` |\n| [types-markdown](https://github.com/python/typeshed) | `3.10.2.20260408` | `3.10.2.20260518` |\n| [types-pyyaml](https://github.com/python/typeshed) | `6.0.12.20260408` | `6.0.12.20260518` |\n| [types-requests](https://github.com/python/typeshed) | `2.33.0.20260408` | `2.33.0.20260518` |\n| [virtualenv](https://github.com/pypa/virtualenv) | `21.3.0` | `21.4.2` |\n\nUpdates `certifi` from 2026.4.22 to 2026.5.20\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/d7ea151afc2ce6bef0555b9349902bd867e928dd\"\u003e\u003ccode\u003ed7ea151\u003c/code\u003e\u003c/a\u003e 2026.05.20 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/413\"\u003e#413\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/certifi/python-certifi/compare/2026.04.22...2026.05.20\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `django` from 6.0.4 to 6.0.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/8f8ad09659d728423a00e0a3b5f16da5c3a38e24\"\u003e\u003ccode\u003e8f8ad09\u003c/code\u003e\u003c/a\u003e [6.0.x] Bumped version for 6.0.5 release.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/44ad76efcbe3c4ca0f08bb9dabe916f6374596c9\"\u003e\u003ccode\u003e44ad76e\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed CVE-2026-6907 -- Prevented caching of requests when Vary header...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/1b0184aa657bc3f5859aeb0206e7c1e94e48b103\"\u003e\u003ccode\u003e1b0184a\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed CVE-2026-35192 -- Ensured Vary header is sent when setting sess...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/ad8f9e19e0897ea45ded7c046ff28daf6f773e92\"\u003e\u003ccode\u003ead8f9e1\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed CVE-2026-5766 -- Enforced DATA_UPLOAD_MAX_MEMORY_SIZE in Memory...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/990ab01e70fd8f55e867b4a234c0ee242fd33fec\"\u003e\u003ccode\u003e990ab01\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed \u003ca href=\"https://redirect.github.com/django/django/issues/37039\"\u003e#37039\u003c/a\u003e -- Removed outdated note from QuerySet.iterator() docs.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/f0c269f285ab58bfb4a120141d7dd41ff4f42b45\"\u003e\u003ccode\u003ef0c269f\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed typo in stub release notes for 5.2.14.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/8bcd15beeff6542acc381b83f50b061d62284c2b\"\u003e\u003ccode\u003e8bcd15b\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed \u003ca href=\"https://redirect.github.com/django/django/issues/37067\"\u003e#37067\u003c/a\u003e -- Added trailing slash in django_file_prefixes().\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/3cdec6454fb86e8d03a06944c0c68025733ed93f\"\u003e\u003ccode\u003e3cdec64\u003c/code\u003e\u003c/a\u003e [6.0.x] Refs CVE-2026-25674 -- Clarified role of umask in upload permissions.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/5dd5c70cf1056e8e04badb687f773e8f16bba257\"\u003e\u003ccode\u003e5dd5c70\u003c/code\u003e\u003c/a\u003e [6.0.x] Added stub release notes and release date for 6.0.5 and 5.2.14.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/8ee73415270a1a54daaec9bb529ad82c6f7a6d4c\"\u003e\u003ccode\u003e8ee7341\u003c/code\u003e\u003c/a\u003e [6.0.x] Refs \u003ca href=\"https://redirect.github.com/django/django/issues/373\"\u003e#373\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/django/django/issues/34122\"\u003e#34122\u003c/a\u003e -- Removed warning that ForeignObject is an interna...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/django/django/compare/6.0.4...6.0.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `django-import-export` from 4.4.0 to 4.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/django-import-export/django-import-export/releases\"\u003edjango-import-export's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.4.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://django-import-export.readthedocs.io/en/stable/changelog.html#id1\"\u003eChangelog\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/django-import-export/django-import-export/blob/main/docs/changelog.rst\"\u003edjango-import-export's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.4.1 (2026-05-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRefactor lookup value retrieval in Field and CachedForeignKeyWidget (\u003ccode\u003e2146 \u0026lt;https://github.com/django-import-export/django-import-export/pull/2146\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix IncorrectLookupParameters when exporting from filtered change view (\u003ccode\u003e2154 \u0026lt;https://github.com/django-import-export/django-import-export/pull/2154\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix console error 'resource select input not found' on export (\u003ccode\u003e2158 \u0026lt;https://github.com/django-import-export/django-import-export/pull/2158\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix CachedForeignKeyWidget type mismatch on non-string lookup fields (\u003ccode\u003e2159 \u0026lt;https://github.com/django-import-export/django-import-export/pull/2159\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-import-export/django-import-export/commit/f4cfc4d090d6a7f485b3f06a769f7f8fa72052b6\"\u003e\u003ccode\u003ef4cfc4d\u003c/code\u003e\u003c/a\u003e updated changelog\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/django-import-export/django-import-export/compare/4.4.0...4.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `django-stubs-ext` from 6.0.3 to 6.0.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typeddjango/django-stubs/commit/8f534d0a4d2884d2e0b45749714deae60aa92b2e\"\u003e\u003ccode\u003e8f534d0\u003c/code\u003e\u003c/a\u003e Version 6.0.5 release (\u003ca href=\"https://redirect.github.com/typeddjango/django-stubs/issues/3402\"\u003e#3402\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typeddjango/django-stubs/commit/16679ef11d151dc6dafc15b4c83c0b85685888d7\"\u003e\u003ccode\u003e16679ef\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eAdminSite.register\u003c/code\u003e typing (\u003ca href=\"https://redirect.github.com/typeddjango/django-stubs/issues/3387\"\u003e#3387\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typeddjango/django-stubs/commit/030484fb9682f1e8a0b70dcc2b6914f706a9c393\"\u003e\u003ccode\u003e030484f\u003c/code\u003e\u003c/a\u003e Update dependency ty to v0.0.38 (\u003ca href=\"https://redirect.github.com/typeddjango/django-stubs/issues/3400\"\u003e#3400\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typeddjango/django-stubs/commit/906abd50d6bff56e9cdda3ddbe42a4e42d926a41\"\u003e\u003ccode\u003e906abd5\u003c/code\u003e\u003c/a\u003e Fix InlineModelAdmin parent-object method signatures (\u003ca href=\"https://redirect.github.com/typeddjango/django-stubs/issues/3308\"\u003e#3308\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typeddjango/django-stubs/commit/ad05f893e9825081a68fd50a3940e623f95ca6aa\"\u003e\u003ccode\u003ead05f89\u003c/code\u003e\u003c/a\u003e Update ty to v0.0.37 (\u003ca href=\"https://redirect.github.com/typeddjango/django-stubs/issues/3399\"\u003e#3399\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typeddjango/django-stubs/commit/c67f6b45b081b2f048129ac4a4ce68094e4d6035\"\u003e\u003ccode\u003ec67f6b4\u003c/code\u003e\u003c/a\u003e Update int128/hide-comment-action action to v1.59.0 (\u003ca href=\"https://redirect.github.com/typeddjango/django-stubs/issues/3397\"\u003e#3397\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typeddjango/django-stubs/commit/5322457da83de3aca22bacd4052303fc950f4b39\"\u003e\u003ccode\u003e5322457\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/typeddjango/django-stubs/issues/3396\"\u003e#3396\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typeddjango/django-stubs/commit/e097380fd28b7451a04bc477ee86835cdc28fbfd\"\u003e\u003ccode\u003ee097380\u003c/code\u003e\u003c/a\u003e Update dependency ty to v0.0.36 (\u003ca href=\"https://redirect.github.com/typeddjango/django-stubs/issues/3395\"\u003e#3395\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typeddjango/django-stubs/commit/97b6e0ea13ad558b9a5f4c5b037bf86886600651\"\u003e\u003ccode\u003e97b6e0e\u003c/code\u003e\u003c/a\u003e Update dependency pytest-mypy-plugins to v4.0.3 (\u003ca href=\"https://redirect.github.com/typeddjango/django-stubs/issues/3394\"\u003e#3394\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typeddjango/django-stubs/commit/5680543268bdb2294a1c61831d853e21540ffc51\"\u003e\u003ccode\u003e5680543\u003c/code\u003e\u003c/a\u003e Enable \u003ccode\u003eunused-ignore\u003c/code\u003e code in pyrefly (\u003ca href=\"https://redirect.github.com/typeddjango/django-stubs/issues/3393\"\u003e#3393\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/typeddjango/django-stubs/compare/6.0.3...6.0.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `gunicorn` from 25.3.0 to 26.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/benoitc/gunicorn/releases\"\u003egunicorn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.0.0\u003c/h2\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eEventlet worker removed\u003c/strong\u003e: The \u003ccode\u003eeventlet\u003c/code\u003e worker class has been dropped. Migrate to \u003ccode\u003egevent\u003c/code\u003e, \u003ccode\u003egthread\u003c/code\u003e, or \u003ccode\u003etornado\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eASGI Framework Compatibility Suite\u003c/strong\u003e: New end-to-end compatibility test harness covering Starlette, FastAPI, Litestar, Quart, Sanic, and BlackSheep. Current grid passes 438/444 tests (98%).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eASGI Test Suite Expansion\u003c/strong\u003e: 134 additional ASGI unit tests covering protocol semantics, lifespan, websockets, and chunked framing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP/1.1 Request-Target Validation\u003c/strong\u003e (RFC 9112 sections 3.2.3, 3.2.4):\n\u003cul\u003e\n\u003cli\u003eReject \u003ccode\u003eauthority-form\u003c/code\u003e request-target outside \u003ccode\u003eCONNECT\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eReject \u003ccode\u003easterisk-form\u003c/code\u003e request-target outside \u003ccode\u003eOPTIONS\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eReject \u003ccode\u003erelative-reference\u003c/code\u003e request-targets\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHeader Field Hardening\u003c/strong\u003e (RFC 9110):\n\u003cul\u003e\n\u003cli\u003eReject control characters in header field-value (section 5.5)\u003c/li\u003e\n\u003cli\u003eReject forbidden trailer field-names (section 6.5.1)\u003c/li\u003e\n\u003cli\u003eReject \u003ccode\u003eContent-Length\u003c/code\u003e list form (RFC 9112 section 6.3)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRequest Smuggling Hardening\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eTighten keepalive gate and scope \u003ccode\u003efinish_body\u003c/code\u003e byte cap\u003c/li\u003e\n\u003cli\u003eKeep \u003ccode\u003e_body_receiver\u003c/code\u003e alive across the keepalive smuggling gate so pipelined requests cannot re-enter a closed body\u003c/li\u003e\n\u003cli\u003eAddress parser/protocol findings from a six-point WSGI/ASGI audit\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePROXY Protocol (ASGI)\u003c/strong\u003e: Enforce \u003ccode\u003eproxy_allow_ips\u003c/code\u003e and tighten v1/v2 parsing in the ASGI callback parser.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eConnection Draining\u003c/strong\u003e: Drain the connection on close per RFC 9112 section 9.6 to prevent reset-on-close truncation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBody Framing on HEAD/204/304\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eKeep \u003ccode\u003eContent-Length\u003c/code\u003e on HEAD and 304 responses (\u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3621\"\u003e#3621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop body framing on HEAD/204/304 even when the framework set it\u003c/li\u003e\n\u003cli\u003eWarn once when an ASGI app emits a body for a no-body response\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP/2 ASGI\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003e_handle_stream_ended\u003c/code\u003e to set \u003ccode\u003e_body_complete\u003c/code\u003e in the async HTTP/2 handler so request bodies finalize correctly on stream end\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eInvalidChunkExtension\u003c/code\u003e mapping and fast-parser support in ASGI tests (\u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3565\"\u003e#3565\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP/1.1 100-Continue\u003c/strong\u003e: Stop adding \u003ccode\u003eTransfer-Encoding: chunked\u003c/code\u003e to 100-Continue interim responses.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eWebSocket Close Handshake\u003c/strong\u003e (RFC 6455):\n\u003cul\u003e\n\u003cli\u003eComply with the close handshake state machine\u003c/li\u003e\n\u003cli\u003eClose the transport after the close handshake completes\u003c/li\u003e\n\u003cli\u003eFix binary send when the \u003ccode\u003etext\u003c/code\u003e key is \u003ccode\u003eNone\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eEarly Hints\u003c/strong\u003e: Validate headers in the \u003ccode\u003eearly_hints\u003c/code\u003e callback to match \u003ccode\u003eprocess_headers\u003c/code\u003e; pass only the header name to \u003ccode\u003eInvalidHeader\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3588\"\u003e#3588\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eASGI Framework Fixes\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eFix ASGI disconnect handling for Django-style apps\u003c/li\u003e\n\u003cli\u003eFix Litestar request handling (use raw ASGI receive for body/headers)\u003c/li\u003e\n\u003cli\u003eFix Litestar HTTP endpoints for compatibility tests\u003c/li\u003e\n\u003cli\u003eFix Quart headers endpoint to normalize keys to lowercase\u003c/li\u003e\n\u003cli\u003eFix Quart WebSocket close test app (missing \u003ccode\u003eaccept()\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eFix duplicate \u003ccode\u003eTransfer-Encoding\u003c/code\u003e header for BlackSheep streaming\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/5d819cf36040f6cc6175fcc804d703fb899509dd\"\u003e\u003ccode\u003e5d819cf\u003c/code\u003e\u003c/a\u003e release: 26.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/b45c70df105f7d5dcbc5abfb732804d6464edc21\"\u003e\u003ccode\u003eb45c70d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3611\"\u003e#3611\u003c/a\u003e from zc-mattcen/docs-typo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/99c8d48acf453deb5c49fe12e195dbc00d888d1e\"\u003e\u003ccode\u003e99c8d48\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3623\"\u003e#3623\u003c/a\u003e from benoitc/chore/drop-eventlet-add-h2-uvloop-test-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/5a655af50f20e005dd9e32e6078dc82fa45f3d4b\"\u003e\u003ccode\u003e5a655af\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3622\"\u003e#3622\u003c/a\u003e from benoitc/test/docker-port-and-ipv4-fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/201df19a8011c0a1d6a0e75ebe22e89d48eb935e\"\u003e\u003ccode\u003e201df19\u003c/code\u003e\u003c/a\u003e chore: remove eventlet worker; add h2 and uvloop to test deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/f4ac8e1f1bf1d365e77f41915da55bec31873f84\"\u003e\u003ccode\u003ef4ac8e1\u003c/code\u003e\u003c/a\u003e test: pass action name to dirty client and stabilize after TTOU spam\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/54d38afddf1f0db0c15b5f4ff63f3c7bfad96961\"\u003e\u003ccode\u003e54d38af\u003c/code\u003e\u003c/a\u003e test: unblock docker fixtures on macOS hosts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/68843c8893dd938456f0a2da62085ab5776f8871\"\u003e\u003ccode\u003e68843c8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3621\"\u003e#3621\u003c/a\u003e from benoitc/fix/asgi-preserve-content-length-on-hea...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/31f2618f733cc0c78690df63f4e344aaf3f56b20\"\u003e\u003ccode\u003e31f2618\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3620\"\u003e#3620\u003c/a\u003e from benoitc/fix/asgi-proxy-protocol-trust-and-parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/41ec7527dbd8a9e52728477700707ad40e41d9dc\"\u003e\u003ccode\u003e41ec752\u003c/code\u003e\u003c/a\u003e fix: keep Content-Length on HEAD and 304 responses\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/benoitc/gunicorn/compare/25.3.0...26.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.13 to 3.18\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.18 (2026-06-02)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWhen decoding a domain, add a \u003ccode\u003edisplay\u003c/code\u003e argument that will pass\nthrough invalid labels rather than raising an exception.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.17 (2026-05-28)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSubstantial 75% reduction in memory usage through new data\nstructures and some optimization in processing speed.\u003c/li\u003e\n\u003cli\u003eAdded a general 1024-character input length cap to the public\nvalidation, conversion, and codec entry points. This is well above\nany legitimate domain or label and guards against pathological\ninputs.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.16 (2026-05-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a command-line interface (\u003ccode\u003epython -m idna\u003c/code\u003e, also available as\nthe \u003ccode\u003eidna\u003c/code\u003e script). Encodes or decodes one or more domains supplied\nas arguments or on standard input, with options to select A-label\nor U-label output and control error handling.\u003c/li\u003e\n\u003cli\u003eRaise the minimum supported Python version to 3.9\u003c/li\u003e\n\u003cli\u003eVarious code quality improvements\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f39ea903ba49eb5a0b2c6723c9a929b41ed4a0f1\"\u003e\u003ccode\u003ef39ea90\u003c/code\u003e\u003c/a\u003e Release 3.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/40f4e407bc7452da37c24b0c112dcda9a5b299ba\"\u003e\u003ccode\u003e40f4e40\u003c/code\u003e\u003c/a\u003e Pre-release 3.18rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/1a5bf80f2fa40454589e6144efe5f72015ef9d24\"\u003e\u003ccode\u003e1a5bf80\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/253\"\u003e#253\u003c/a\u003e from kjd/lenient-decode\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5bbb26fc86e28c4ee1434ae8ae8db76de4c2a5ac\"\u003e\u003ccode\u003e5bbb26f\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into lenient-decode\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/c532bae5270489cef8faf9f6b1eb70cbcb454c6d\"\u003e\u003ccode\u003ec532bae\u003c/code\u003e\u003c/a\u003e Rename decode() lenient= option to display= (issue \u003ca href=\"https://redirect.github.com/kjd/idna/issues/248\"\u003e#248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/0b1758ba11952a2e88fd6141ffa620409bff0580\"\u003e\u003ccode\u003e0b1758b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/252\"\u003e#252\u003c/a\u003e from kjd/release-3.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f48619c4cea6859b938d560fdd9feb898e678567\"\u003e\u003ccode\u003ef48619c\u003c/code\u003e\u003c/a\u003e Release 3.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/7421ba8003227f816142ab40178e3a7d204e6847\"\u003e\u003ccode\u003e7421ba8\u003c/code\u003e\u003c/a\u003e Pre-release 3.17rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/22ebb73b164081f209449b50162eb7ce086e96a4\"\u003e\u003ccode\u003e22ebb73\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/251\"\u003e#251\u003c/a\u003e from kjd/structure-optimizations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2a7ac0a58c788d50112a5003af545a83807fb108\"\u003e\u003ccode\u003e2a7ac0a\u003c/code\u003e\u003c/a\u003e Drop redundant parallel-arrays comment from uts46data\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.13...v3.18\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.33.1 to 2.34.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.34.2\u003c/h2\u003e\n\u003ch2\u003e2.34.2 (2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMoved \u003ccode\u003eheaders\u003c/code\u003e input type back to \u003ccode\u003eMapping\u003c/code\u003e to avoid invariance issues with \u003ccode\u003eMutableMapping\u003c/code\u003e and inferred dict types. Users calling \u003ccode\u003eRequest.headers.update()\u003c/code\u003e may need to narrow typing in their code. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.34.1\u003c/h2\u003e\n\u003ch2\u003e2.34.1 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWidened \u003ccode\u003ejson\u003c/code\u003e input type from \u003ccode\u003edict\u003c/code\u003e and \u003ccode\u003elist\u003c/code\u003e to \u003ccode\u003eMapping\u003c/code\u003e\nand \u003ccode\u003eSequence\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanged \u003ccode\u003eheaders\u003c/code\u003e input type to MutableMapping and removed \u003ccode\u003eNone\u003c/code\u003e from\n\u003ccode\u003eRequest.headers\u003c/code\u003e typing to improve handling for users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.reason\u003c/code\u003e moved from \u003ccode\u003estr | None\u003c/code\u003e to \u003ccode\u003estr\u003c/code\u003e to improve handling\nfor users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where some bodies with custom \u003ccode\u003e__getattr__\u003c/code\u003e implementations\nweren't being properly detected as Iterables. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7433\"\u003e#7433\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/k223kim\"\u003e\u003ccode\u003e@​k223kim\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7433\"\u003epsf/requests#7433\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.34.0\u003c/h2\u003e\n\u003ch2\u003e2.34.0 (2026-05-11)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRequests 2.34.0 introduces inline types, replacing those provided by\ntypeshed. Public API types should be fully compatible with mypy, pyright,\nand ty. \u003cstrong\u003eWe believe types are comprehensive but if you find issues, please\nreport them to the \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003epinned tracking issue\u003c/a\u003e.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eSpecial thanks to \u003ca href=\"https://github.com/bastimeyer\"\u003e\u003ccode\u003e@​bastimeyer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/cthoyt\"\u003e\u003ccode\u003e@​cthoyt\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/edgarrmondragon\"\u003e\u003ccode\u003e@​edgarrmondragon\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/srittau\"\u003e\u003ccode\u003e@​srittau\u003c/code\u003e\u003c/a\u003e for\nhelping review and test the types ahead of the release. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7272\"\u003e#7272\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDigest Auth hashing algorithms have added \u003ccode\u003eusedforsecurity=False\u003c/code\u003e to clarify\nsecurity considerations. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7310\"\u003e#7310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.15 based on beta1. Downstream projects\nshould be able to start testing prior to its release in October. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7422\"\u003e#7422\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.14t. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7419\"\u003e#7419\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eResponse.history\u003c/code\u003e no longer contains a reference to itself, preventing\naccidental looping when traversing the history list. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7328\"\u003e#7328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests no longer performs greedy matching on no_proxy domains. The\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.34.2 (2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMoved \u003ccode\u003eheaders\u003c/code\u003e input type back to \u003ccode\u003eMapping\u003c/code\u003e to avoid invariance issues\nwith \u003ccode\u003eMutableMapping\u003c/code\u003e and inferred dict types. Users calling\n\u003ccode\u003eRequest.headers.update()\u003c/code\u003e may need to narrow typing in their code. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.34.1 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWidened \u003ccode\u003ejson\u003c/code\u003e input type from \u003ccode\u003edict\u003c/code\u003e and \u003ccode\u003elist\u003c/code\u003e to \u003ccode\u003eMapping\u003c/code\u003e\nand \u003ccode\u003eSequence\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanged \u003ccode\u003eheaders\u003c/code\u003e input type to MutableMapping and removed \u003ccode\u003eNone\u003c/code\u003e from\n\u003ccode\u003eRequest.headers\u003c/code\u003e typing to improve handling for users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.reason\u003c/code\u003e moved from \u003ccode\u003estr | None\u003c/code\u003e to \u003ccode\u003estr\u003c/code\u003e to improve handling\nfor users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where some bodies with custom \u003ccode\u003e__getattr__\u003c/code\u003e implementations\nweren't being properly detected as Iterables. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7433\"\u003e#7433\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.34.0 (2026-05-11)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRequests 2.34.0 introduces inline types, replacing those provided by\ntypeshed. Public API types should be fully compatible with mypy, pyright,\nand ty. We believe types are comprehensive but if you find issues, please\nreport them to the pinned tracking issue.\u003c/p\u003e\n\u003cp\u003eSpecial thanks to \u003ca href=\"https://github.com/bastimeyer\"\u003e\u003ccode\u003e@​bastimeyer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/cthoyt\"\u003e\u003ccode\u003e@​cthoyt\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/edgarrmondragon\"\u003e\u003ccode\u003e@​edgarrmondragon\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/srittau\"\u003e\u003ccode\u003e@​srittau\u003c/code\u003e\u003c/a\u003e for\nhelping review and test the types ahead of the release. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7272\"\u003e#7272\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDigest Auth hashing algorithms have added \u003ccode\u003eusedforsecurity=False\u003c/code\u003e to clarify\nsecurity considerations. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7310\"\u003e#7310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.15 based on beta1. Downstream projects\nshould be able to start testing prior to its release in October. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7422\"\u003e#7422\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.14t. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7419\"\u003e#7419\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eResponse.history\u003c/code\u003e no longer contains a reference to itself, preventing\naccidental looping when traversing the history list. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7328\"\u003e#7328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests no longer performs greedy matching on no_proxy domains. The\nproxy_bypass implementation has been updated with CPython's fix from\nbpo-39057. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7427\"\u003e#7427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests no longer incorrectly strips duplicate leading slashes in\nURI paths. This should address user issues with specific presigned\nURLs. Note the full fix requires urllib3 2.7.0+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7315\"\u003e#7315\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/6e83187b8feb273ed4c6cdab5efd8d54901dfab3\"\u003e\u003ccode\u003e6e83187\u003c/code\u003e\u003c/a\u003e v2.34.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/84d10f0be83e8f6aeca8a05230c52216431c4d0b\"\u003e\u003ccode\u003e84d10f0\u003c/code\u003e\u003c/a\u003e Move Request.headers back to Mapping (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/b7b549b54571d03950b16afd2d01bc6ff0348224\"\u003e\u003ccode\u003eb7b549b\u003c/code\u003e\u003c/a\u003e v2.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e511bc72777a94c45d004e010c597925092e1efe\"\u003e\u003ccode\u003ee511bc7\u003c/code\u003e\u003c/a\u003e Fix mutability issues with headers input types (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/5691f596134c2feb121e595c77a0178921fcce61\"\u003e\u003ccode\u003e5691f59\u003c/code\u003e\u003c/a\u003e Update JsonType containers to read-based collections (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/2144213c307691710c9d665700860fc4993c3035\"\u003e\u003ccode\u003e2144213\u003c/code\u003e\u003c/a\u003e Constrain Response.reason to str (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/6404f345e562d962abe6700a1c357ec1e7e18232\"\u003e\u003ccode\u003e6404f34\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eprepare_body\u003c/code\u003e stream detection for \u003ccode\u003e__getattr__\u003c/code\u003e-based file wrappers (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7\"\u003e#7\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0b401c76b6e80a4eecf3c690085b2553f6e261ca\"\u003e\u003ccode\u003e0b401c7\u003c/code\u003e\u003c/a\u003e v2.34.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/86b378d3f60f828daa13ca50aa82e287ff7b66b4\"\u003e\u003ccode\u003e86b378d\u003c/code\u003e\u003c/a\u003e Align Session.get parameters with requests.get (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7429\"\u003e#7429\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/a4f9a5999bdb9bf2d6e7c8aa973b28cacb17134f\"\u003e\u003ccode\u003ea4f9a59\u003c/code\u003e\u003c/a\u003e Port bpo-39057 to Requests (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7427\"\u003e#7427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.33.1...v2.34.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.6.3 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.6.3...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `click` from 8.3.3 to 8.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/releases\"\u003eclick's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.4.1\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.4.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.4.1/\"\u003ehttps://pypi.org/project/click/8.4.1/\u003c/a\u003e\nChanges: \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-4-1\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-4-1\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/click/milestone/32?closed=1\"\u003ehttps://github.com/pallets/click/milestone/32?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eget_parameter_source()\u003c/code\u003e is available during eager callbacks and type conversion again. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3458\"\u003e#3458\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3484\"\u003e#3484\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eZsh completion scripts parse correctly on Windows. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3277\"\u003e#3277\u003c/a\u003e # 3466\u003c/li\u003e\n\u003cli\u003eShell completion of \u003ccode\u003eChoice\u003c/code\u003e \u003ccode\u003eEnum\u003c/code\u003e values produces a valid completion result. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3015\"\u003e#3015\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix empty byte-string handling in echo. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3487\"\u003e#3487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix closed file error with \u003ccode\u003eecho_via_pager\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3449\"\u003e#3449\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.0\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.4.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecation, or introduce potentially breaking changes.\u003c/p\u003e\n\u003cp\u003eWe encourage everyone to upgrade. You can read more about our \u003ca href=\"https://palletsprojects.com/versions\"\u003eVersion Support Policy\u003c/a\u003e on our website.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.4.0/\"\u003ehttps://pypi.org/project/click/8.4.0/\u003c/a\u003e\nChanges:  \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-4-0\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-4-0\u003c/a\u003e\nMilestone \u003ca href=\"https://github.com/pallets/click/milestone/30\"\u003ehttps://github.com/pallets/click/milestone/30\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eParamType\u003c/code\u003e typing improvements. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3371\"\u003e#3371\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e is now a generic abstract base class,\nparameterized by its converted value type.\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.convert\u003c/code\u003e return types are narrowed on all\nconcrete types (\u003ccode\u003estr\u003c/code\u003e for :class:\u003ccode\u003eSTRING\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e for\n:class:\u003ccode\u003eINT\u003c/code\u003e, etc.).\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.to_info_dict\u003c/code\u003e returns specific\n:class:\u003ccode\u003e~typing.TypedDict\u003c/code\u003e subclasses instead of\n\u003ccode\u003edict[str, Any]\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e:class:\u003ccode\u003eCompositeParamType\u003c/code\u003e and the number-range base are now\ngeneric with abstract methods.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor \u003ccode\u003econvert_type\u003c/code\u003e to extract type inference into a private\n\u003ccode\u003e_guess_type\u003c/code\u003e helper, and add :func:\u003ccode\u003etyping.overload\u003c/code\u003e signatures.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/3372\"\u003e#3372\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eParameter\u003c/code\u003e typing improvements. \u003ca href=\"https://redirect.github.com/pallets/click/issues/2805\"\u003e#2805\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e is now an abstract base class, making explicit\nthat it cannot be instantiated directly.\u003c/li\u003e\n\u003cli\u003e:attr:\u003ccode\u003eParameter.name\u003c/code\u003e is now \u003ccode\u003estr\u003c/code\u003e instead of \u003ccode\u003estr | None\u003c/code\u003e.\nWhen \u003ccode\u003eexpose_value=False\u003c/code\u003e, the name is set to \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e instead\nof \u003ccode\u003eNone\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ectx\u003c/code\u003e parameter of :meth:\u003ccode\u003eParameter.get_error_hint\u003c/code\u003e is now\ntyped as \u003ccode\u003eContext | None\u003c/code\u003e, matching the runtime behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSplit string values from \u003ccode\u003edefault_map\u003c/code\u003e for parameters with \u003ccode\u003enargs \u0026gt; 1\u003c/code\u003e\nor :class:\u003ccode\u003eTuple\u003c/code\u003e type, matching environment variable behavior.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/blob/main/CHANGES.rst\"\u003eclick's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 8.4.1\u003c/h2\u003e\n\u003cp\u003eReleased 2026-05-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eget_parameter_source()\u003c/code\u003e is available during eager callbacks and type\nconversion again. :issue:\u003ccode\u003e3458\u003c/code\u003e :issue:\u003ccode\u003e3484\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eZsh completion scripts parse correctly on Windows. :issue:\u003ccode\u003e3277\u003c/code\u003e :pr:\u003ccode\u003e3466\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eShell completion of \u003ccode\u003eChoice\u003c/code\u003e \u003ccode\u003eEnum\u003c/code\u003e values produces a valid completion\nresult. :issue:\u003ccode\u003e3015\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix empty byte-string handling in echo. :issue:\u003ccode\u003e3487\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix closed file error with \u003ccode\u003eecho_via_pager\u003c/code\u003e. :issue:\u003ccode\u003e3449\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 8.4.0\u003c/h2\u003e\n\u003cp\u003eReleased 2026-05-17\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e typing improvements. :pr:\u003ccode\u003e3371\u003c/code\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e is now a generic abstract base class,\nparameterized by its converted value type.\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.convert\u003c/code\u003e return types are narrowed on all\nconcrete types (\u003ccode\u003estr\u003c/code\u003e for :class:\u003ccode\u003eSTRING\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e for\n:class:\u003ccode\u003eINT\u003c/code\u003e, etc.).\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.to_info_dict\u003c/code\u003e returns specific\n:class:\u003ccode\u003e~typing.TypedDict\u003c/code\u003e subclasses instead of\n\u003ccode\u003edict[str, Any]\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e:class:\u003ccode\u003eCompositeParamType\u003c/code\u003e and the number-range base are now\ngeneric with abstract methods.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor \u003ccode\u003econvert_type\u003c/code\u003e to extract type inference into a private\n\u003ccode\u003e_guess_type\u003c/code\u003e helper, and add :func:\u003ccode\u003etyping.overload\u003c/code\u003e signatures.\n:pr:\u003ccode\u003e3372\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e typing improvements. :pr:\u003ccode\u003e2805\u003c/code\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e is now an abstract base class, making explicit\nthat it cannot be instantiated directly.\u003c/li\u003e\n\u003cli\u003e:attr:\u003ccode\u003eParameter.name\u003c/code\u003e is now \u003ccode\u003estr\u003c/code\u003e instead of \u003ccode\u003estr | None\u003c/code\u003e.\nWhen \u003ccode\u003eexpose_value=False\u003c/code\u003e, the name is set to \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e instead\nof \u003ccode\u003eNone\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ectx\u003c/code\u003e parameter of :meth:\u003ccode\u003eParameter.get_error_hint\u003c/code\u003e is now\ntyped as \u003ccode\u003eContext | None\u003c/code\u003e, matching the runtime behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSplit string values from \u003ccode\u003edefault_map\u003c/code\u003e for parameters with \u003ccode\u003enargs \u0026gt; 1\u003c/code\u003e\nor :class:\u003ccode\u003eTuple\u003c/code\u003e type, matching environment variable behavior.\n:issue:\u003ccode\u003e2745\u003c/code\u003e :pr:\u003ccode\u003e3364\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAuto-detect \u003ccode\u003etype=UNPROCESSED\u003c/code\u003e for \u003ccode\u003eflag_value\u003c/code\u003e of non-basic types\n(not \u003ccode\u003estr\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e, \u003ccode\u003efloat\u003c/code\u003e, or \u003ccode\u003ebool\u003c/code\u003e), so programmer-provided\nPython objects like classes and enum members are passed through unchanged\ninstead of being stringified. Previously \u003ccode\u003etype=click.UNPROCESSED\u003c/code\u003e had\nto be set explicitly. :issue:\u003ccode\u003e2012\u003c/code\u003e :pr:\u003ccode\u003e3363\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/6eeb50e948ea136db145280f6f5dd52eca3fa7e5\"\u003e\u003ccode\u003e6eeb50e\u003c/code\u003e\u003c/a\u003e release version 8.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/67921d5b71584112eebcbf89596b5f0e6d14c49f\"\u003e\u003ccode\u003e67921d5\u003c/code\u003e\u003c/a\u003e change log and doc fixes (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3495\"\u003e#3495\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/9c41f46a4015700489ad009266edf1f3893d01d1\"\u003e\u003ccode\u003e9c41f46\u003c/code\u003e\u003c/a\u003e Fix changelog and version admonitions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/6cb34774f20598aa288332f8da02c5aee85448a6\"\u003e\u003ccode\u003e6cb3477\u003c/code\u003e\u003c/a\u003e fix skip condition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/5ee8e3123d8ddece6c47eff9a7a7d4ca478c4f37\"\u003e\u003ccode\u003e5ee8e31\u003c/code\u003e\u003c/a\u003e fix I/O operation on closed file error with CliRunner and echo_via_pager (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3482\"\u003e#3482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/becbde5cf416441627f779e8dd34e57738ee1c1f\"\u003e\u003ccode\u003ebecbde5\u003c/code\u003e\u003c/a\u003e pager doesn't close std streams\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/a5f5aa6d4012d256ccca24638f2642fc371e9f77\"\u003e\u003ccode\u003ea5f5aa6\u003c/code\u003e\u003c/a\u003e Handle empty bytes in echo (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3493\"\u003e#3493\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/4d3db84b251518e97299a38a5ca4bab3d01873a2\"\u003e\u003ccode\u003e4d3db84\u003c/code\u003e\u003c/a\u003e handle empty bytes in echo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/d42f15b71757de791a5781fb179fd972da9169f5\"\u003e\u003ccode\u003ed42f15b\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eget_parameter_source()\u003c/code\u003e during type conversion and eager callbacks (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3484\"\u003e#3484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/0baa8db07736fc7ad3d3eed97d4c73b0059c63e1\"\u003e\u003ccode\u003e0baa8db\u003c/code\u003e\u003c/a\u003e Document ctx.params bypass with test and doc\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/click/compare/8.3.3...8.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `platformdirs` from 4.9.6 to 4.10.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/platformdirs/releases\"\u003eplatformdirs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.10.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: improve platformdirs maintenance path by \u003ca href=\"https://github.com/lphuc2250gma\"\u003e\u003ccode\u003e@​lphuc2250gma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/platformdirs/pull/488\"\u003etox-dev/platformdirs#488\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e✨ feat: add user_projects_dir for $XDG_PROJECTS_DIR by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/platformdirs/pull/490\"\u003etox-dev/platformdirs#490\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e✨ feat: add user_publicshare_dir, user_templates_dir, user_fonts_dir, user_preference_dir by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/platformdirs/pull/491\"\u003etox-dev/platformdirs#491\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lphuc2250gma\"\u003e\u003ccode\u003e@​lphuc2250gma\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/platformdirs/pull/488\"\u003etox-dev/platformdirs#488\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/platformdirs/compare/4.9.6...4.10.0\"\u003ehttps://github.com/tox-dev/platformdirs/compare/4.9.6...4.10.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/platformdirs/blob/main/docs/changelog.rst\"\u003eplatformdirs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e###########\nChangelog\n###########\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003e4.10.0 (2026-05-28)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e✨ feat: add user_publicshare_dir, user_templates_dir, user_fonts_dir, user_preference_dir :pr:\u003ccode\u003e491\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e✨ feat: add user_projects_dir for $XDG_PROJECTS_DIR :pr:\u003ccode\u003e490\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003echore: improve platformdirs maintenance path :pr:\u003ccode\u003e488\u003c/code\u003e - by :user:\u003ccode\u003elphuc2250gma\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e4.9.6 (2026-04-09)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(release): use double quotes for tag variable expansion :pr:\u003ccode\u003e477\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e4.9.5 (2026-04-06)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e📝 docs(appauthor): clarify None vs False on Windows :pr:\u003ccode\u003e476\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eSeparates implementations of macOS dirs that share a default :pr:\u003ccode\u003e473\u003c/code\u003e - by :user:\u003ccode\u003eGoddesen\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRemove persist-credentials: false from release job :pr:\u003ccode\u003e472\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003efix: do not duplicate site dirs in Unix.iter_{config,site}_dirs() when use_site_for_root is active :pr:\u003ccode\u003e469\u003c/code\u003e - by\n:user:\u003ccode\u003eviccie30\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🔧 fix(type): resolve ty 0.0.25 type errors :pr:\u003ccode\u003e468\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🔒 ci(workflows): add zizmor security auditing :pr:\u003ccode\u003e467\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(release): generate docstrfmt-compatible changelog entries :pr:\u003ccode\u003e463\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e4.9.4 (2026-03-05)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e461\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md\u003c/li\u003e\n\u003cli\u003e📝 docs: add project logo to documentation :pr:\u003ccode\u003e459\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eStandardize .github files to .yaml suffix\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump the all group with 2 updates :pr:\u003ccode\u003e457\u003c/code\u003e - by :user:\u003ccode\u003edependabot[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMove SECURITY.md to .github/SECURITY.md\u003c/li\u003e\n\u003cli\u003eAdd permissions to workflows :pr:\u003ccode\u003e455\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd security policy\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e454\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e4.9.2 (2026-02-16)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e📝 docs: restructure following Diataxis framework :pr:\u003ccode\u003e448\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/platformdirs/commit/04cb1361a064132102612ab05053351196a62b40\"\u003e\u003ccode\u003e04cb136\u003c/code\u003e\u003c/a\u003e Release 4.10.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/platformdirs/commit/078bc61171e1a0cfbb3f210ff0fd30795a359664\"\u003e\u003ccode\u003e078bc61\u003c/code\u003e\u003c/a\u003e ✨ feat: add user_publicshare_dir, user_templates_dir, user_fonts_dir, user_pr...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/platformdirs/commit/d27974762005fa35cebcd4dd7236f8081e88ad75\"\u003e\u003ccode\u003ed279747\u003c/code\u003e\u003c/a\u003e ✨ feat: add user_projects_dir for $XDG_PROJECTS_DIR (\u003ca href=\"https://redirect.github.com/tox-dev/platformdirs/issues/490\"\u003e#490\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/platformdirs/commit/4116391f16178ee5c4b293761491519f9f3c9834\"\u003e\u003ccode\u003e4116391\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/platformdirs/issues/489\"\u003e#489\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/platformdirs/commit/dbc63f58261f1b109f2d75c7d35a485331dbbe6f\"\u003e\u003ccode\u003edbc63f5\u003c/code\u003e\u003c/a\u003e chore: improve platformdirs maintenance path (\u003ca href=\"https://redirect.github.com/tox-dev/platformdirs/issues/488\"\u003e#488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/platformdirs/commit/9265108d732233ce7fbb63a94cd389708ce5e102\"\u003e\u003ccode\u003e9265108\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/platformdirs/issues/487\"\u003e#487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/platformdirs/commit/9f857ec172a1a09a9c608c28cfe2c460c3baac8e\"\u003e\u003ccode\u003e9f857ec\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/platformdirs/issues/486\"\u003e#486\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/platformdirs/commit/a76e77756278566e414eebbc03f789b3a21ea2fa\"\u003e\u003ccode\u003ea76e777\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/platformdirs/issues/484\"\u003e#484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/platformdirs/commit/903fd9f321285c38d4741d2e5ea1881938405d16\"\u003e\u003ccode\u003e903fd9f\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/platformdirs/issues/483\"\u003e#483\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/platformdirs/commit/a5da35d0d57cbcb5f30b18203aa7fbb44be69978\"\u003e\u003ccode\u003ea5da35d\u003c/code\u003e\u003c/a\u003e build(deps): bump astral-sh/setup-uv from 8.0.0 to 8.1.0 in the all group (\u003ca href=\"https://redirect.github.com/tox-dev/platformdirs/issues/482\"\u003e#482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tox-dev/platformdirs/compare/4.9.6...4.10.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pymdown-extensions` from 10.21.2 to 10.21.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/facelessuser/pymdown-extensions/releases\"\u003epymdown-extensions's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e10.21.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFIX\u003c/strong\u003e: Fix regression that allows a snippet to be loaded outside of the base path using directory traversal when\n\u003ccode\u003erestrict_base_path\u003c/code\u003e is enabled (the default). Found by \u003ca href=\"https://github.com/gistrec\"\u003e\u003ccode\u003e@​gistrec\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facelessuser/pymdown-extensions/commit/42628414c6591b1a1ce211157090783e3b2242d6\"\u003e\u003ccode\u003e4262841\u003c/code\u003e\u003c/a\u003e Fix spelling\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facelessuser/pymdown-extensions/commit/63b7835776d703d6c339cf2110d9888f676efc0c\"\u003e\u003ccode\u003e63b7835\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facelessuser/pymdown-extensions/commit/3d185501daaa1424c4a8d42124112c44ef6ab635\"\u003e\u003ccode\u003e3d18550\u003c/code\u003e\u003c/a\u003e Docs: update js deps\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/facelessuser/pymdown-extensions/compare/10.21.2...10.21.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `coverage` from 7.13.5 to 7.14.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst\"\u003ecoverage's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 7.14.1 — 2026-05-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the HTML report used typographic niceties to make file paths more\nreadable by adding a small amount of space around slashes. Those spaces\ninterfered with searching the page for file paths of interest. Now the report\nuses CSS to accomplish the same visual tweak so that searches with slashes\nwork correctly. Closes \u003ccode\u003eissue 2170\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eAdd a 3.16 PyPI classifier \u0026lt;hugo-316_\u0026gt;\u003c/code\u003e_ since we test on the 3.16 main\nbranch.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _issue 2170: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2170\"\u003ecoveragepy/coveragepy#2170\u003c/a\u003e\n.. _hugo-316: \u003ca href=\"https://mastodon.social/@hugovk/116588523571204490\"\u003ehttps://mastodon.social/@​hugovk/116588523571204490\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e.. _changes_7-14-0:\u003c/p\u003e\n\u003ch2\u003eVersion 7.14.0 — 2026-05-10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeature: now when running one of the reporting commands, if there are\nparallel data files that need combining, they will be implicitly combined\nbefore creating the report. There is no option to avoid the combination; let\nus know if you have a use case that requires it.  Thanks, \u003ccode\u003eTim Hatch \u0026lt;pull 2162_\u0026gt;\u003c/code\u003e\u003cem\u003e. Closes \u003ccode\u003eissue 1781\u003c/code\u003e\u003c/em\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the output from \u003ccode\u003ecombine\u003c/code\u003e was too verbose, listing each file\nconsidered. Now it shows a single line with the counts of files combined,\nfiles skipped, and files with errors. The \u003ccode\u003e-q\u003c/code\u003e flag suppresses this line.\nThe old detailed lines are available with the new \u003ccode\u003e--debug=combine\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: running a Python file through a symlink now sets the sys.path correctly,\nmatching regular Python behavior. Fixes \u003ccode\u003eissue 2157\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: \u003ccode\u003eCollector.flush_data\u003c/code\u003e could fail with \u0026quot;RuntimeError: Set changed\nsize during iteration\u0026quot; when a tracer in another thread added a line to the\nper-file set that \u003ccode\u003eadd_lines\u003c/code\u003e (or \u003ccode\u003eadd_arcs\u003c/code\u003e) was iterating. The values\npassed to \u003ccode\u003eCoverageData\u003c/code\u003e are now snapshotted via \u003ccode\u003edict.copy()\u003c/code\u003e and\n\u003ccode\u003eset.copy()\u003c/code\u003e, which are atomic under the GIL. Thanks, \u003ccode\u003eAlex Vandiver \u0026lt;pull 2165_\u0026gt;\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the soft keyword \u003ccode\u003elazy\u003c/code\u003e is now bolded in HTML reports.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWe are no longer testing eventlet support. Eventlet started issuing stern\ndeprecation warnings that break our tests. Our support code is still there.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _issue 1781: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/1781\"\u003ecoveragepy/coveragepy#1781\u003c/a\u003e\n.. _issue 2157: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2157\"\u003ecoveragepy/coveragepy#2157\u003c/a\u003e\n.. _pull 2162: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/pull/2162\"\u003ecoveragepy/coveragepy#2162\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/64d9b66fd852c1920ffe6cb8b58d7e4fdae90226\"\u003e\u003ccode\u003e64d9b66\u003c/code\u003e\u003c/a\u003e docs: correct the date for 7.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/6fa7dd44c25e1a660252faaf030dd8f2f1e20861\"\u003e\u003ccode\u003e6fa7dd4\u003c/code\u003e\u003c/a\u003e chore: bump actions/dependency-review-action (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2181\"\u003e#2181\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/078afae263597b004eb9a85d880b6a65008e75ed\"\u003e\u003ccode\u003e078afae\u003c/code\u003e\u003c/a\u003e docs: sample HTML for 7.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/cb4f028a36e008b664739d04f387b90ee5105044\"\u003e\u003ccode\u003ecb4f028\u003c/code\u003e\u003c/a\u003e docs: prep for 7.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/ae2d09f562271c6169534e1c242d015dd0823dda\"\u003e\u003ccode\u003eae2d09f\u003c/code\u003e\u003c/a\u003e Merge branch 'nedbat/classifire-316-kits'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/2c3568b2e041f2c0dbbc8eaa3919d46ee891b743\"\u003e\u003ccode\u003e2c3568b\u003c/code\u003e\u003c/a\u003e build: declare 3.16 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/faa68f8601cf098701b68976dbb73b9fc23c9297\"\u003e\u003ccode\u003efaa68f8\u003c/code\u003e\u003c/a\u003e chore: bump github/codeql-action in the action-dependencies group (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2173\"\u003e#2173\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/eb55feedf54b363e3d0b678f20abf3bfd3551a88\"\u003e\u003ccode\u003eeb55fee\u003c/code\u003e\u003c/a\u003e test: we don't need PyPy \u0026lt; 7.3.22 anymore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/ac168fe53c04cdb2ff5231c0c4e5045021ee339b\"\u003e\u003ccode\u003eac168fe\u003c/code\u003e\u003c/a\u003e test: the text summary should show missing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/fed4bd2db3c1cb2916a07791041da693fbf8e996\"\u003e\u003ccode\u003efed4bd2\u003c/code\u003e\u003c/a\u003e chore: upgrade virtualenv\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/coveragepy/coveragepy/compare/7.13.5...7.14.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `distlib` from 0.4.0 to 0.4.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/distlib/blob/master/CHANGES.rst\"\u003edistlib's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e0.4.1\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\nReleased: 2026-06-02\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003escripts\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix path traversal bug in handling entry points which allowed escaping the scripts directory.\nThanks to tonghuaroot for the comprehensive report.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003etests\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://redirect.github.com/pypa/distlib/issues/251\"\u003e#251\u003c/a\u003e: Change test function following a reorganization which happened in the Python stdlib.\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/distlib/commit/d562ad5aabe23dc03b22fccdf84dc01fddf0d336\"\u003e\u003ccode\u003ed562ad5\u003c/code\u003e\u003c/a\u003e Changes for 0.4.1.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/distlib/commit/6286442857de9f734686d08f0e59ca8048ee357a\"\u003e\u003ccode\u003e6286442\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/pypa/distlib/issues/251\"\u003e#251\u003c/a\u003e: Use more appropriate function in test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/distlib/commit/e3b1cd6ec121058ae71a2aab08aa2a120360c872\"\u003e\u003ccode\u003ee3b1cd6\u003c/code\u003e\u003c/a\u003e Bump version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/distlib/commit/da3e90aef9c2ea545ac653039dd970174b48ebd4\"\u003e\u003ccode\u003eda3e90a\u003c/code\u003e\u003c/a\u003e Added tag 0.4.0 for changeset d31f0b340fde\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pypa/distlib/compare/0.4.0...0.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `django-stubs` from 6.0.3 to 6.0.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typeddjango/django-stubs/commit/8f534d0a4d2884d2e0b45749714deae60aa92b2e\"\u003e\u003ccode\u003e8f534d0\u003c/code\u003e\u003c/a\u003e Version 6.0.5 release (\u003ca href=\"https://redirect.github.com/typeddjango/django-stubs/issues/3402\"\u003e#3402\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typeddjango/django-stubs/commit/16679ef11d151dc6dafc15b4c83c0b85685888d7\"\u003e\u003ccode\u003e16679ef\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eAdminSite.register\u003c/code\u003e typing (\u003ca href=\"https://redirect.github.com/typeddjango/django-stubs/issues/3387\"\u003e#3387\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typeddjango/django-stubs/commit/030484fb9682f1e8a0b70dcc2b6914f706a9c393\"\u003e\u003ccode\u003e030484f\u003c/code\u003e\u003c/a\u003e Update dependency ty to v0.0.38 (\u003ca href=\"https://redirect.github.com/typeddjango/django-stubs/issues/3400\"\u003e#3400\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://git...\n\n_Description has been truncated_","html_url":"https://github.com/direct-framework/direct-webapp/pull/727","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/direct-framework%2Fdirect-webapp/issues/727","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/727/packages"}},{"old_version":"6.0.12.20260408","new_version":"6.0.12.20260518","update_type":null,"path":null,"pr_created_at":"2026-05-28T23:57:23.000Z","version_change":"6.0.12.20260408 → 6.0.12.20260518","issue":{"uuid":"4544615051","node_id":"PR_kwDOQqG8is7gcnC3","number":430,"state":"open","title":"chore(deps): bump the python-dependencies group across 1 directory with 21 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-28T23:57:23.000Z","updated_at":"2026-05-28T23:57:29.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"python-dependencies","update_count":21,"packages":[{"name":"numpy","old_version":"2.4.4","new_version":"2.4.6","repository_url":"https://github.com/numpy/numpy"},{"name":"pandas","old_version":"3.0.2","new_version":"3.0.3","repository_url":"https://github.com/pandas-dev/pandas"},{"name":"astropy-iers-data","old_version":"0.2026.5.4.1.4.54","new_version":"0.2026.5.25.1.14.13","repository_url":"https://github.com/astropy/astropy-iers-data"},{"name":"certifi","old_version":"2026.4.22","new_version":"2026.5.20","repository_url":"https://github.com/certifi/python-certifi"},{"name":"click","old_version":"8.3.3","new_version":"8.4.1","repository_url":"https://github.com/pallets/click"},{"name":"coverage","old_version":"7.13.5","new_version":"7.14.1","repository_url":"https://github.com/coveragepy/coveragepy"},{"name":"decorator","old_version":"5.2.1","new_version":"5.3.1","repository_url":"https://github.com/micheles/decorator"},{"name":"fonttools","old_version":"4.62.1","new_version":"4.63.0","repository_url":"https://github.com/fonttools/fonttools"},{"name":"idna","old_version":"3.13","new_version":"3.17","repository_url":"https://github.com/kjd/idna"},{"name":"librt","old_version":"0.10.0","new_version":"0.11.0","repository_url":"https://github.com/mypyc/librt"},{"name":"matplotlib-inline","old_version":"0.2.1","new_version":"0.2.2","repository_url":"https://github.com/ipython/matplotlib-inline"},{"name":"mypy","old_version":"2.0.0","new_version":"2.1.0","repository_url":"https://github.com/python/mypy"},{"name":"platformdirs","old_version":"4.9.6","new_version":"4.10.0","repository_url":"https://github.com/tox-dev/platformdirs"},{"name":"pyjwt","old_version":"2.12.1","new_version":"2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"},{"name":"regex","old_version":"2026.4.4","new_version":"2026.5.9","repository_url":"https://github.com/mrabarnett/mrab-regex"},{"name":"requests","old_version":"2.33.1","new_version":"2.34.2","repository_url":"https://github.com/psf/requests"},{"name":"rpds-py","old_version":"0.30.0","new_version":"2026.5.1","repository_url":"https://github.com/crate-py/rpds"},{"name":"ruff","old_version":"0.15.12","new_version":"0.15.15","repository_url":"https://github.com/astral-sh/ruff"},{"name":"tornado","old_version":"6.5.5","new_version":"6.5.6","repository_url":"https://github.com/tornadoweb/tornado"},{"name":"types-pyyaml","old_version":"6.0.12.20260408","new_version":"6.0.12.20260518","repository_url":"https://github.com/python/typeshed"},{"name":"types-requests","old_version":"2.33.0.20260503","new_version":"2.33.0.20260518","repository_url":"https://github.com/python/typeshed"}],"path":null,"ecosystem":"pip"},"body":"Bumps the python-dependencies group with 21 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [numpy](https://github.com/numpy/numpy) | `2.4.4` | `2.4.6` |\n| [pandas](https://github.com/pandas-dev/pandas) | `3.0.2` | `3.0.3` |\n| [astropy-iers-data](https://github.com/astropy/astropy-iers-data) | `0.2026.5.4.1.4.54` | `0.2026.5.25.1.14.13` |\n| [certifi](https://github.com/certifi/python-certifi) | `2026.4.22` | `2026.5.20` |\n| [click](https://github.com/pallets/click) | `8.3.3` | `8.4.1` |\n| [coverage](https://github.com/coveragepy/coveragepy) | `7.13.5` | `7.14.1` |\n| [decorator](https://github.com/micheles/decorator) | `5.2.1` | `5.3.1` |\n| [fonttools](https://github.com/fonttools/fonttools) | `4.62.1` | `4.63.0` |\n| [idna](https://github.com/kjd/idna) | `3.13` | `3.17` |\n| [librt](https://github.com/mypyc/librt) | `0.10.0` | `0.11.0` |\n| [matplotlib-inline](https://github.com/ipython/matplotlib-inline) | `0.2.1` | `0.2.2` |\n| [mypy](https://github.com/python/mypy) | `2.0.0` | `2.1.0` |\n| [platformdirs](https://github.com/tox-dev/platformdirs) | `4.9.6` | `4.10.0` |\n| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.12.1` | `2.13.0` |\n| [regex](https://github.com/mrabarnett/mrab-regex) | `2026.4.4` | `2026.5.9` |\n| [requests](https://github.com/psf/requests) | `2.33.1` | `2.34.2` |\n| [rpds-py](https://github.com/crate-py/rpds) | `0.30.0` | `2026.5.1` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.15.12` | `0.15.15` |\n| [tornado](https://github.com/tornadoweb/tornado) | `6.5.5` | `6.5.6` |\n| [types-pyyaml](https://github.com/python/typeshed) | `6.0.12.20260408` | `6.0.12.20260518` |\n| [types-requests](https://github.com/python/typeshed) | `2.33.0.20260503` | `2.33.0.20260518` |\n\n\nUpdates `numpy` from 2.4.4 to 2.4.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/numpy/numpy/releases\"\u003enumpy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.4.6 (May 18, 2026)\u003c/h2\u003e\n\u003ch1\u003eNumPy 2.4.6 Release Notes\u003c/h1\u003e\n\u003cp\u003eNumPy 2.4.6 is a quick release that fixes a regression discovered in the 2.4.5\nrelease.\u003c/p\u003e\n\u003cp\u003eThis release supports Python versions 3.11-3.14\u003c/p\u003e\n\u003ch2\u003eContributors\u003c/h2\u003e\n\u003cp\u003eA total of 4 people contributed to this release. People with a \u0026quot;+\u0026quot; by their\nnames contributed a patch for the first time.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e!EarlMilktea\u003c/li\u003e\n\u003cli\u003eCharles Harris\u003c/li\u003e\n\u003cli\u003eSebastian Berg\u003c/li\u003e\n\u003cli\u003eWarren Weckesser\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ePull requests merged\u003c/h2\u003e\n\u003cp\u003eA total of 4 pull requests were merged for this release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31444\"\u003e#31444\u003c/a\u003e: MAINT: Prepare 2.4.x for further development\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31453\"\u003e#31453\u003c/a\u003e: BUG: Fix regression in \u003ccode\u003earr.conj()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31459\"\u003e#31459\u003c/a\u003e: BUG: \u003ccode\u003enp.linalg.svd(..., hermitian=True)\u003c/code\u003e returns non-unitary...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31460\"\u003e#31460\u003c/a\u003e: BUG: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator...\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.4.5 (May 15, 2026)\u003c/h2\u003e\n\u003ch1\u003eNumPy 2.4.5 Release Notes\u003c/h1\u003e\n\u003cp\u003eNumPy 2.4.5 is a patch release that fixes bugs discovered after the 2.4.4\nrelease, has some typing improvements, and maintains infrastructure.\u003c/p\u003e\n\u003cp\u003eThis release supports Python versions 3.11-3.14\u003c/p\u003e\n\u003ch2\u003eContributors\u003c/h2\u003e\n\u003cp\u003eA total of 17 people contributed to this release. People with a \u0026quot;+\u0026quot; by their\nnames contributed a patch for the first time.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAleksei Nikiforov\u003c/li\u003e\n\u003cli\u003eAnarion Zuo +\u003c/li\u003e\n\u003cli\u003eAnkit Ahlawat\u003c/li\u003e\n\u003cli\u003eBreno Favaretto +\u003c/li\u003e\n\u003cli\u003eCharles Harris\u003c/li\u003e\n\u003cli\u003eIgor Krivenko +\u003c/li\u003e\n\u003cli\u003eIjtihed Kilani +\u003c/li\u003e\n\u003cli\u003eJoren Hammudoglu\u003c/li\u003e\n\u003cli\u003eMaarten Baert +\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/b832a09cf2a169c833dd2371e7c07aa00b293242\"\u003e\u003ccode\u003eb832a09\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31462\"\u003e#31462\u003c/a\u003e from charris/prepare-2.4.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/57cc147d2ceacffc6534642bfbdebb3a80428e1e\"\u003e\u003ccode\u003e57cc147\u003c/code\u003e\u003c/a\u003e REL: Prepare for the NumPy 2.4.6 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/0c72b0b53b6b83c004e434b2c7855e73c000d21e\"\u003e\u003ccode\u003e0c72b0b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31459\"\u003e#31459\u003c/a\u003e from charris/backport-31347\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/9778d26e0475d381ccb7817c3b4dd8cacef2b9eb\"\u003e\u003ccode\u003e9778d26\u003c/code\u003e\u003c/a\u003e BUG: core: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator. (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/e0e38767d5d0f848ab44befeedcad71e8ef589c7\"\u003e\u003ccode\u003ee0e3876\u003c/code\u003e\u003c/a\u003e BUG: core: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator. (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/d1bffeb9ec4ec0bf029c94ea35abffa92d5c30f2\"\u003e\u003ccode\u003ed1bffeb\u003c/code\u003e\u003c/a\u003e BUG: \u003ccode\u003enp.linalg.svd(..., hermitian=True)\u003c/code\u003e returns non-unitary \u003ccode\u003evh\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31347\"\u003e#31347\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/8d8d7e5a14a1da0bfb0faf609a7a7610c431e6e9\"\u003e\u003ccode\u003e8d8d7e5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31453\"\u003e#31453\u003c/a\u003e from seberg/issue-31452\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/bddaab7ace45f90148d8f2bb6e67daab2d45ec76\"\u003e\u003ccode\u003ebddaab7\u003c/code\u003e\u003c/a\u003e BUG: Fix regression in \u003ccode\u003earr.conj()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/37a1ecca8dff09b2c579a991194ac55b9971f3a7\"\u003e\u003ccode\u003e37a1ecc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31444\"\u003e#31444\u003c/a\u003e from charris/begin-2.4.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/3c0e043217a759a8a948ade158fec14348c3b459\"\u003e\u003ccode\u003e3c0e043\u003c/code\u003e\u003c/a\u003e MAINT: Prepare 2.4.x for further development\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/numpy/numpy/compare/v2.4.4...v2.4.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pandas` from 3.0.2 to 3.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pandas-dev/pandas/releases\"\u003epandas's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003epandas 3.0.3\u003c/h2\u003e\n\u003cp\u003eWe are pleased to announce the release of pandas 3.0.3.\nThis is a patch release in the 3.0.x series and includes some regression fixes and bug fixes. We recommend that all users of the 3.0.x series upgrade to this version.\u003c/p\u003e\n\u003cp\u003eSee the \u003ca href=\"https://pandas.pydata.org/docs/whatsnew/v3.0.3.html\"\u003efull whatsnew\u003c/a\u003e for a list of all the changes.\u003c/p\u003e\n\u003cp\u003ePandas 3.0 supports Python 3.11 and higher.\nThe release can be installed from PyPI:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epython -m pip install --upgrade pandas==3.0.*\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eOr from conda-forge\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge pandas=3.0\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003ePlease report any issues with the release on the \u003ca href=\"https://github.com/pandas-dev/pandas/issues\"\u003epandas issue tracker\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThanks to all the contributors who made this release possible.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/72f2fea91530b5abb3cf2100cb22d84e504695c0\"\u003e\u003ccode\u003e72f2fea\u003c/code\u003e\u003c/a\u003e RLS: 3.0.3 (\u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/65590\"\u003e#65590\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/2897590094c2b6e3962d01a82665936f30be563d\"\u003e\u003ccode\u003e2897590\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/65436\"\u003e#65436\u003c/a\u003e on branch 3.0.x (Account for privatization of matplotlib `...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/49894b5b6037c50f6444504070d9b1e8e514001a\"\u003e\u003ccode\u003e49894b5\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/65499\"\u003e#65499\u003c/a\u003e on branch 3.0.x (BUG: fix check if pyarrow is installed in...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/1c6d1e30cc4b80bedb769a8b3731b0788f69c9dc\"\u003e\u003ccode\u003e1c6d1e3\u003c/code\u003e\u003c/a\u003e [backport 3.0.x] PERF: remove special casing for zoneinfo in tz_localize_to_u...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/2a547116afc46d88d4e6584670fd793949222a1e\"\u003e\u003ccode\u003e2a54711\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/64379\"\u003e#64379\u003c/a\u003e on branch 3.0.x (PERF: improve performance with ZoneInfo t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/036bb7c0e7160b9d5a7f6bd26a9fc00921fa6977\"\u003e\u003ccode\u003e036bb7c\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/65482\"\u003e#65482\u003c/a\u003e on branch 3.0.x (PERF: don't call unique on dtypes for che...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/bf4c182b09251f5b469e8e246ae3ea3e1ae07164\"\u003e\u003ccode\u003ebf4c182\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/65410\"\u003e#65410\u003c/a\u003e on branch 3.0.x (TST: also convert str index to object in ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/dd02d75ce219135f9f3f65c13644d4be35585d42\"\u003e\u003ccode\u003edd02d75\u003c/code\u003e\u003c/a\u003e [backport 3.0.x] BUG: keep fsspec OpenFile alive for chained URL reads (\u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/6547\"\u003e#6547\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/aef3d0f6698667262c6d6ffc69180b280b0fa86a\"\u003e\u003ccode\u003eaef3d0f\u003c/code\u003e\u003c/a\u003e [backport 3.0.x] CI: lowercase types-pymysql/types-pyyaml to fix mamba 2.6.0 ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/bb8e24876273a14322047f4b89e648f6a4abebae\"\u003e\u003ccode\u003ebb8e248\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/65399\"\u003e#65399\u003c/a\u003e on branch 3.0.x (DOC: fix source link for classes in the r...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pandas-dev/pandas/compare/v3.0.2...v3.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `astropy-iers-data` from 0.2026.5.4.1.4.54 to 0.2026.5.25.1.14.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astropy/astropy-iers-data/releases\"\u003eastropy-iers-data's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.2026.5.25.1.14.13\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/astropy/astropy-iers-data/compare/v0.2026.5.18.1.11.28...v0.2026.5.25.1.14.13\"\u003ehttps://github.com/astropy/astropy-iers-data/compare/v0.2026.5.18.1.11.28...v0.2026.5.25.1.14.13\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.2026.5.18.1.11.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/astropy/astropy-iers-data/compare/v0.2026.5.11.1.8.52...v0.2026.5.18.1.11.28\"\u003ehttps://github.com/astropy/astropy-iers-data/compare/v0.2026.5.11.1.8.52...v0.2026.5.18.1.11.28\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.2026.5.11.1.8.52\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/astropy/astropy-iers-data/compare/v0.2026.5.4.1.4.54...v0.2026.5.11.1.8.52\"\u003ehttps://github.com/astropy/astropy-iers-data/compare/v0.2026.5.4.1.4.54...v0.2026.5.11.1.8.52\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astropy/astropy-iers-data/commit/4a9ec12088a97c1da12a41836c1460b21c86f438\"\u003e\u003ccode\u003e4a9ec12\u003c/code\u003e\u003c/a\u003e Update IERS Earth rotation and leap second tables\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astropy/astropy-iers-data/commit/6fa1a100b2560cef129bbde0c274bacbbac60ce5\"\u003e\u003ccode\u003e6fa1a10\u003c/code\u003e\u003c/a\u003e Update IERS Earth rotation and leap second tables\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astropy/astropy-iers-data/commit/f21a227f08b656a5dd03d7244f14c1c57a0737c1\"\u003e\u003ccode\u003ef21a227\u003c/code\u003e\u003c/a\u003e Update IERS Earth rotation and leap second tables\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/astropy/astropy-iers-data/compare/v0.2026.5.4.1.4.54...v0.2026.5.25.1.14.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `certifi` from 2026.4.22 to 2026.5.20\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/d7ea151afc2ce6bef0555b9349902bd867e928dd\"\u003e\u003ccode\u003ed7ea151\u003c/code\u003e\u003c/a\u003e 2026.05.20 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/413\"\u003e#413\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/certifi/python-certifi/compare/2026.04.22...2026.05.20\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `click` from 8.3.3 to 8.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/releases\"\u003eclick's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.4.1\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.4.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.4.1/\"\u003ehttps://pypi.org/project/click/8.4.1/\u003c/a\u003e\nChanges: \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-4-1\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-4-1\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/click/milestone/32?closed=1\"\u003ehttps://github.com/pallets/click/milestone/32?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eget_parameter_source()\u003c/code\u003e is available during eager callbacks and type conversion again. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3458\"\u003e#3458\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3484\"\u003e#3484\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eZsh completion scripts parse correctly on Windows. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3277\"\u003e#3277\u003c/a\u003e # 3466\u003c/li\u003e\n\u003cli\u003eShell completion of \u003ccode\u003eChoice\u003c/code\u003e \u003ccode\u003eEnum\u003c/code\u003e values produces a valid completion result. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3015\"\u003e#3015\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix empty byte-string handling in echo. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3487\"\u003e#3487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix closed file error with \u003ccode\u003eecho_via_pager\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3449\"\u003e#3449\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.0\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.4.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecation, or introduce potentially breaking changes.\u003c/p\u003e\n\u003cp\u003eWe encourage everyone to upgrade. You can read more about our \u003ca href=\"https://palletsprojects.com/versions\"\u003eVersion Support Policy\u003c/a\u003e on our website.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.4.0/\"\u003ehttps://pypi.org/project/click/8.4.0/\u003c/a\u003e\nChanges:  \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-4-0\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-4-0\u003c/a\u003e\nMilestone \u003ca href=\"https://github.com/pallets/click/milestone/30\"\u003ehttps://github.com/pallets/click/milestone/30\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eParamType\u003c/code\u003e typing improvements. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3371\"\u003e#3371\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e is now a generic abstract base class,\nparameterized by its converted value type.\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.convert\u003c/code\u003e return types are narrowed on all\nconcrete types (\u003ccode\u003estr\u003c/code\u003e for :class:\u003ccode\u003eSTRING\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e for\n:class:\u003ccode\u003eINT\u003c/code\u003e, etc.).\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.to_info_dict\u003c/code\u003e returns specific\n:class:\u003ccode\u003e~typing.TypedDict\u003c/code\u003e subclasses instead of\n\u003ccode\u003edict[str, Any]\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e:class:\u003ccode\u003eCompositeParamType\u003c/code\u003e and the number-range base are now\ngeneric with abstract methods.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor \u003ccode\u003econvert_type\u003c/code\u003e to extract type inference into a private\n\u003ccode\u003e_guess_type\u003c/code\u003e helper, and add :func:\u003ccode\u003etyping.overload\u003c/code\u003e signatures.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/3372\"\u003e#3372\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eParameter\u003c/code\u003e typing improvements. \u003ca href=\"https://redirect.github.com/pallets/click/issues/2805\"\u003e#2805\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e is now an abstract base class, making explicit\nthat it cannot be instantiated directly.\u003c/li\u003e\n\u003cli\u003e:attr:\u003ccode\u003eParameter.name\u003c/code\u003e is now \u003ccode\u003estr\u003c/code\u003e instead of \u003ccode\u003estr | None\u003c/code\u003e.\nWhen \u003ccode\u003eexpose_value=False\u003c/code\u003e, the name is set to \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e instead\nof \u003ccode\u003eNone\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ectx\u003c/code\u003e parameter of :meth:\u003ccode\u003eParameter.get_error_hint\u003c/code\u003e is now\ntyped as \u003ccode\u003eContext | None\u003c/code\u003e, matching the runtime behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSplit string values from \u003ccode\u003edefault_map\u003c/code\u003e for parameters with \u003ccode\u003enargs \u0026gt; 1\u003c/code\u003e\nor :class:\u003ccode\u003eTuple\u003c/code\u003e type, matching environment variable behavior.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/blob/main/CHANGES.rst\"\u003eclick's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 8.4.1\u003c/h2\u003e\n\u003cp\u003eReleased 2026-05-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eget_parameter_source()\u003c/code\u003e is available during eager callbacks and type\nconversion again. :issue:\u003ccode\u003e3458\u003c/code\u003e :issue:\u003ccode\u003e3484\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eZsh completion scripts parse correctly on Windows. :issue:\u003ccode\u003e3277\u003c/code\u003e :pr:\u003ccode\u003e3466\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eShell completion of \u003ccode\u003eChoice\u003c/code\u003e \u003ccode\u003eEnum\u003c/code\u003e values produces a valid completion\nresult. :issue:\u003ccode\u003e3015\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix empty byte-string handling in echo. :issue:\u003ccode\u003e3487\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix closed file error with \u003ccode\u003eecho_via_pager\u003c/code\u003e. :issue:\u003ccode\u003e3449\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 8.4.0\u003c/h2\u003e\n\u003cp\u003eReleased 2026-05-17\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e typing improvements. :pr:\u003ccode\u003e3371\u003c/code\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e is now a generic abstract base class,\nparameterized by its converted value type.\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.convert\u003c/code\u003e return types are narrowed on all\nconcrete types (\u003ccode\u003estr\u003c/code\u003e for :class:\u003ccode\u003eSTRING\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e for\n:class:\u003ccode\u003eINT\u003c/code\u003e, etc.).\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.to_info_dict\u003c/code\u003e returns specific\n:class:\u003ccode\u003e~typing.TypedDict\u003c/code\u003e subclasses instead of\n\u003ccode\u003edict[str, Any]\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e:class:\u003ccode\u003eCompositeParamType\u003c/code\u003e and the number-range base are now\ngeneric with abstract methods.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor \u003ccode\u003econvert_type\u003c/code\u003e to extract type inference into a private\n\u003ccode\u003e_guess_type\u003c/code\u003e helper, and add :func:\u003ccode\u003etyping.overload\u003c/code\u003e signatures.\n:pr:\u003ccode\u003e3372\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e typing improvements. :pr:\u003ccode\u003e2805\u003c/code\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e is now an abstract base class, making explicit\nthat it cannot be instantiated directly.\u003c/li\u003e\n\u003cli\u003e:attr:\u003ccode\u003eParameter.name\u003c/code\u003e is now \u003ccode\u003estr\u003c/code\u003e instead of \u003ccode\u003estr | None\u003c/code\u003e.\nWhen \u003ccode\u003eexpose_value=False\u003c/code\u003e, the name is set to \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e instead\nof \u003ccode\u003eNone\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ectx\u003c/code\u003e parameter of :meth:\u003ccode\u003eParameter.get_error_hint\u003c/code\u003e is now\ntyped as \u003ccode\u003eContext | None\u003c/code\u003e, matching the runtime behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSplit string values from \u003ccode\u003edefault_map\u003c/code\u003e for parameters with \u003ccode\u003enargs \u0026gt; 1\u003c/code\u003e\nor :class:\u003ccode\u003eTuple\u003c/code\u003e type, matching environment variable behavior.\n:issue:\u003ccode\u003e2745\u003c/code\u003e :pr:\u003ccode\u003e3364\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAuto-detect \u003ccode\u003etype=UNPROCESSED\u003c/code\u003e for \u003ccode\u003eflag_value\u003c/code\u003e of non-basic types\n(not \u003ccode\u003estr\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e, \u003ccode\u003efloat\u003c/code\u003e, or \u003ccode\u003ebool\u003c/code\u003e), so programmer-provided\nPython objects like classes and enum members are passed through unchanged\ninstead of being stringified. Previously \u003ccode\u003etype=click.UNPROCESSED\u003c/code\u003e had\nto be set explicitly. :issue:\u003ccode\u003e2012\u003c/code\u003e :pr:\u003ccode\u003e3363\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/6eeb50e948ea136db145280f6f5dd52eca3fa7e5\"\u003e\u003ccode\u003e6eeb50e\u003c/code\u003e\u003c/a\u003e release version 8.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/67921d5b71584112eebcbf89596b5f0e6d14c49f\"\u003e\u003ccode\u003e67921d5\u003c/code\u003e\u003c/a\u003e change log and doc fixes (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3495\"\u003e#3495\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/9c41f46a4015700489ad009266edf1f3893d01d1\"\u003e\u003ccode\u003e9c41f46\u003c/code\u003e\u003c/a\u003e Fix changelog and version admonitions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/6cb34774f20598aa288332f8da02c5aee85448a6\"\u003e\u003ccode\u003e6cb3477\u003c/code\u003e\u003c/a\u003e fix skip condition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/5ee8e3123d8ddece6c47eff9a7a7d4ca478c4f37\"\u003e\u003ccode\u003e5ee8e31\u003c/code\u003e\u003c/a\u003e fix I/O operation on closed file error with CliRunner and echo_via_pager (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3482\"\u003e#3482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/becbde5cf416441627f779e8dd34e57738ee1c1f\"\u003e\u003ccode\u003ebecbde5\u003c/code\u003e\u003c/a\u003e pager doesn't close std streams\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/a5f5aa6d4012d256ccca24638f2642fc371e9f77\"\u003e\u003ccode\u003ea5f5aa6\u003c/code\u003e\u003c/a\u003e Handle empty bytes in echo (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3493\"\u003e#3493\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/4d3db84b251518e97299a38a5ca4bab3d01873a2\"\u003e\u003ccode\u003e4d3db84\u003c/code\u003e\u003c/a\u003e handle empty bytes in echo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/d42f15b71757de791a5781fb179fd972da9169f5\"\u003e\u003ccode\u003ed42f15b\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eget_parameter_source()\u003c/code\u003e during type conversion and eager callbacks (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3484\"\u003e#3484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/0baa8db07736fc7ad3d3eed97d4c73b0059c63e1\"\u003e\u003ccode\u003e0baa8db\u003c/code\u003e\u003c/a\u003e Document ctx.params bypass with test and doc\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/click/compare/8.3.3...8.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `coverage` from 7.13.5 to 7.14.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst\"\u003ecoverage's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 7.14.1 — 2026-05-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the HTML report used typographic niceties to make file paths more\nreadable by adding a small amount of space around slashes. Those spaces\ninterfered with searching the page for file paths of interest. Now the report\nuses CSS to accomplish the same visual tweak so that searches with slashes\nwork correctly. Closes \u003ccode\u003eissue 2170\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eAdd a 3.16 PyPI classifier \u0026lt;hugo-316_\u0026gt;\u003c/code\u003e_ since we test on the 3.16 main\nbranch.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _issue 2170: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2170\"\u003ecoveragepy/coveragepy#2170\u003c/a\u003e\n.. _hugo-316: \u003ca href=\"https://mastodon.social/@hugovk/116588523571204490\"\u003ehttps://mastodon.social/@​hugovk/116588523571204490\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e.. _changes_7-14-0:\u003c/p\u003e\n\u003ch2\u003eVersion 7.14.0 — 2026-05-10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeature: now when running one of the reporting commands, if there are\nparallel data files that need combining, they will be implicitly combined\nbefore creating the report. There is no option to avoid the combination; let\nus know if you have a use case that requires it.  Thanks, \u003ccode\u003eTim Hatch \u0026lt;pull 2162_\u0026gt;\u003c/code\u003e\u003cem\u003e. Closes \u003ccode\u003eissue 1781\u003c/code\u003e\u003c/em\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the output from \u003ccode\u003ecombine\u003c/code\u003e was too verbose, listing each file\nconsidered. Now it shows a single line with the counts of files combined,\nfiles skipped, and files with errors. The \u003ccode\u003e-q\u003c/code\u003e flag suppresses this line.\nThe old detailed lines are available with the new \u003ccode\u003e--debug=combine\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: running a Python file through a symlink now sets the sys.path correctly,\nmatching regular Python behavior. Fixes \u003ccode\u003eissue 2157\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: \u003ccode\u003eCollector.flush_data\u003c/code\u003e could fail with \u0026quot;RuntimeError: Set changed\nsize during iteration\u0026quot; when a tracer in another thread added a line to the\nper-file set that \u003ccode\u003eadd_lines\u003c/code\u003e (or \u003ccode\u003eadd_arcs\u003c/code\u003e) was iterating. The values\npassed to \u003ccode\u003eCoverageData\u003c/code\u003e are now snapshotted via \u003ccode\u003edict.copy()\u003c/code\u003e and\n\u003ccode\u003eset.copy()\u003c/code\u003e, which are atomic under the GIL. Thanks, \u003ccode\u003eAlex Vandiver \u0026lt;pull 2165_\u0026gt;\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the soft keyword \u003ccode\u003elazy\u003c/code\u003e is now bolded in HTML reports.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWe are no longer testing eventlet support. Eventlet started issuing stern\ndeprecation warnings that break our tests. Our support code is still there.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _issue 1781: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/1781\"\u003ecoveragepy/coveragepy#1781\u003c/a\u003e\n.. _issue 2157: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2157\"\u003ecoveragepy/coveragepy#2157\u003c/a\u003e\n.. _pull 2162: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/pull/2162\"\u003ecoveragepy/coveragepy#2162\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/64d9b66fd852c1920ffe6cb8b58d7e4fdae90226\"\u003e\u003ccode\u003e64d9b66\u003c/code\u003e\u003c/a\u003e docs: correct the date for 7.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/6fa7dd44c25e1a660252faaf030dd8f2f1e20861\"\u003e\u003ccode\u003e6fa7dd4\u003c/code\u003e\u003c/a\u003e chore: bump actions/dependency-review-action (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2181\"\u003e#2181\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/078afae263597b004eb9a85d880b6a65008e75ed\"\u003e\u003ccode\u003e078afae\u003c/code\u003e\u003c/a\u003e docs: sample HTML for 7.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/cb4f028a36e008b664739d04f387b90ee5105044\"\u003e\u003ccode\u003ecb4f028\u003c/code\u003e\u003c/a\u003e docs: prep for 7.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/ae2d09f562271c6169534e1c242d015dd0823dda\"\u003e\u003ccode\u003eae2d09f\u003c/code\u003e\u003c/a\u003e Merge branch 'nedbat/classifire-316-kits'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/2c3568b2e041f2c0dbbc8eaa3919d46ee891b743\"\u003e\u003ccode\u003e2c3568b\u003c/code\u003e\u003c/a\u003e build: declare 3.16 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/faa68f8601cf098701b68976dbb73b9fc23c9297\"\u003e\u003ccode\u003efaa68f8\u003c/code\u003e\u003c/a\u003e chore: bump github/codeql-action in the action-dependencies group (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2173\"\u003e#2173\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/eb55feedf54b363e3d0b678f20abf3bfd3551a88\"\u003e\u003ccode\u003eeb55fee\u003c/code\u003e\u003c/a\u003e test: we don't need PyPy \u0026lt; 7.3.22 anymore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/ac168fe53c04cdb2ff5231c0c4e5045021ee339b\"\u003e\u003ccode\u003eac168fe\u003c/code\u003e\u003c/a\u003e test: the text summary should show missing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/fed4bd2db3c1cb2916a07791041da693fbf8e996\"\u003e\u003ccode\u003efed4bd2\u003c/code\u003e\u003c/a\u003e chore: upgrade virtualenv\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/coveragepy/coveragepy/compare/7.13.5...7.14.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `decorator` from 5.2.1 to 5.3.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micheles/decorator/blob/master/CHANGES.md\"\u003edecorator's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.1 (2026-05-18)\u003c/h2\u003e\n\u003cp\u003eAdded license SPDX identifier to pyproject.toml (reported by\nChristian Lackas).\u003c/p\u003e\n\u003ch2\u003e5.3.0 (2026-05-17)\u003c/h2\u003e\n\u003cp\u003eAdded official support for Python 3.14 (thanks to Hugo van Kemenade,\nDavid Cain and the GitHub user bersbersbers).\nFixed a bug with \u0026quot;return await\u0026quot; contributed by Kadir Can Ozden.\nMoved decorator.py to a package structure (\u003ccode\u003edecorator/__init__.py\u003c/code\u003e) and\nadded a stub file (\u003ccode\u003edecorator/__init__.pyi\u003c/code\u003e) contributed by Marco Gorelli.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/426e9e35d563ffe356e54bd0f970d153b8f25370\"\u003e\u003ccode\u003e426e9e3\u003c/code\u003e\u003c/a\u003e Bumped the version to 5.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/062ff0e0c33733f2148a5590d118a8570df846d5\"\u003e\u003ccode\u003e062ff0e\u003c/code\u003e\u003c/a\u003e Fixed the dependency on setuptools\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/086ff5d95d4dc550117c12647a4427d70bf8833d\"\u003e\u003ccode\u003e086ff5d\u003c/code\u003e\u003c/a\u003e Updated license\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/5807a83ead31f0de5303fa950ddea49d850d7355\"\u003e\u003ccode\u003e5807a83\u003c/code\u003e\u003c/a\u003e Updated license\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/093aced11439251e496b47a9a9369501075e8d1a\"\u003e\u003ccode\u003e093aced\u003c/code\u003e\u003c/a\u003e Updated changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/e9ced7e63ad9502b3e2a3e3db5f5f1ccc16c5fd6\"\u003e\u003ccode\u003ee9ced7e\u003c/code\u003e\u003c/a\u003e Added license SPDX\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/b3e82ddc04e8d0c18c51eecb30b4a59aee5aac1d\"\u003e\u003ccode\u003eb3e82dd\u003c/code\u003e\u003c/a\u003e Fixed CHANGES.md [ci skip]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/f1ce8da8522193421436c368849afe886666b4e5\"\u003e\u003ccode\u003ef1ce8da\u003c/code\u003e\u003c/a\u003e Doc fix [ci skip]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/c924d7c6aa2e47a0627706c385101ff8d558d091\"\u003e\u003ccode\u003ec924d7c\u003c/code\u003e\u003c/a\u003e Updated supported versions [ci skip]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/8b83e8cca35f5c773654ce4ae89b4e3f84f430d3\"\u003e\u003ccode\u003e8b83e8c\u003c/code\u003e\u003c/a\u003e Fixed CHANGES [ci skip]\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micheles/decorator/compare/5.2.1...5.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fonttools` from 4.62.1 to 4.63.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fonttools/fonttools/releases\"\u003efonttools's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.63.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[ttLib] Add support for Apple Color Emoji \u003ccode\u003ebgcl\u003c/code\u003e table (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4065\"\u003e#4065\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[ttLib] Add support for \u003ccode\u003eIFT\u003c/code\u003e and \u003ccode\u003eIFTX\u003c/code\u003e tables (Incremental Font Transfer, PatchMapFormat2) (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4070\"\u003e#4070\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4072\"\u003e#4072\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[otData] Introduce \u003ccode\u003eFieldSpec\u003c/code\u003e dataclass for OpenType table schema definitions, replacing raw tuples in \u003ccode\u003eotData.py\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4076\"\u003e#4076\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[Feat] Show \u003ccode\u003ename\u003c/code\u003e table strings as comments next to label IDs in TTX output, matching the convention used by \u003ccode\u003efvar\u003c/code\u003e, \u003ccode\u003eSTAT\u003c/code\u003e, \u003ccode\u003etrak\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4089\"\u003e#4089\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cu2qu] Fix Cython complex-division rounding difference in \u003ccode\u003esplit_cubic_into_three\u003c/code\u003e that could cause ±1 off-curve coordinate shifts (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/3928\"\u003e#3928\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4083\"\u003e#4083\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[designspaceLib] Fix \u003ccode\u003emap_backward\u003c/code\u003e\u003ccode\u003egooglefonts/ufo2ft#978\u003c/code\u003e\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4085\"\u003e#4085\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[OS/2] Fix \u003ccode\u003esetUnicodeRanges\u003c/code\u003e to accept reserved bits 123-127, restoring round-trip with \u003ccode\u003egetUnicodeRanges\u003c/code\u003e and fixing \u003ccode\u003erecalcUnicodeRanges\u003c/code\u003e crash in the subsetter (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4087\"\u003e#4087\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4088\"\u003e#4088\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cython] Declare Cython extensions as free-threading compatible on Python 3.13+, so that importing them on free-threaded Python no longer re-enables the GIL (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4073\"\u003e#4073\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4090\"\u003e#4090\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fonttools/fonttools/blob/main/NEWS.rst\"\u003efonttools's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.63.0 (released 2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[ttLib] Add support for Apple Color Emoji \u003ccode\u003ebgcl\u003c/code\u003e table (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4065\"\u003e#4065\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[ttLib] Add support for \u003ccode\u003eIFT\u003c/code\u003e and \u003ccode\u003eIFTX\u003c/code\u003e tables (Incremental Font Transfer,\nPatchMapFormat2) (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4070\"\u003e#4070\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4072\"\u003e#4072\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[otData] Introduce \u003ccode\u003eFieldSpec\u003c/code\u003e dataclass for OpenType table schema definitions,\nreplacing raw tuples in \u003ccode\u003eotData.py\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4076\"\u003e#4076\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[Feat] Show \u003ccode\u003ename\u003c/code\u003e table strings as comments next to label IDs in TTX output,\nmatching the convention used by \u003ccode\u003efvar\u003c/code\u003e, \u003ccode\u003eSTAT\u003c/code\u003e, \u003ccode\u003etrak\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4089\"\u003e#4089\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cu2qu] Fix Cython complex-division rounding difference in\n\u003ccode\u003esplit_cubic_into_three\u003c/code\u003e that could cause ±1 off-curve coordinate shifts\n(\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/3928\"\u003e#3928\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4083\"\u003e#4083\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[designspaceLib] Fix \u003ccode\u003emap_backward\u003c/code\u003e for many-to-one (flat-segment) axis maps\nthat silently dropped entries via dict comprehension\n\u003ccode\u003egooglefonts/ufo2ft#978\u003c/code\u003e\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4085\"\u003e#4085\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[OS/2] Fix \u003ccode\u003esetUnicodeRanges\u003c/code\u003e to accept reserved bits 123-127, restoring\nround-trip with \u003ccode\u003egetUnicodeRanges\u003c/code\u003e and fixing \u003ccode\u003erecalcUnicodeRanges\u003c/code\u003e crash\nin the subsetter (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4087\"\u003e#4087\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4088\"\u003e#4088\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cython] Declare Cython extensions as free-threading compatible on Python 3.13+,\nso that importing them on free-threaded Python no longer re-enables the GIL\n(\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4073\"\u003e#4073\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4090\"\u003e#4090\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/978d9edccb60ea0e5fbad7015cb11817c3532328\"\u003e\u003ccode\u003e978d9ed\u003c/code\u003e\u003c/a\u003e Release 4.63.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/6b40ecb6f13e076916044ecd8f0fc13ab5f957f6\"\u003e\u003ccode\u003e6b40ecb\u003c/code\u003e\u003c/a\u003e Add changelog entries for 4.63.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/382a35fb5e96c6ff38a1e7775a24e20bf122a66d\"\u003e\u003ccode\u003e382a35f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4090\"\u003e#4090\u003c/a\u003e from fonttools/fix-freethreading-compat\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/0e999b55f05ad0dd8423f389673a32de9c5199bb\"\u003e\u003ccode\u003e0e999b5\u003c/code\u003e\u003c/a\u003e Declare Cython extensions as free-threading compatible\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/9e55ea54c184b0d4c0830525f72e69c6c1a32691\"\u003e\u003ccode\u003e9e55ea5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4089\"\u003e#4089\u003c/a\u003e from fonttools/graphite-feat-labels\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/e84db3ab426a251256ebec7904c03dc73e25932b\"\u003e\u003ccode\u003ee84db3a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4088\"\u003e#4088\u003c/a\u003e from fonttools/fix-setUnicodeRanges-bits-123-127\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/d6eabd1edf7bfa950b6b85c393e4c185dee36d7f\"\u003e\u003ccode\u003ed6eabd1\u003c/code\u003e\u003c/a\u003e Feat: show name table strings as comments next to label IDs in ttx\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/7d0902b2e27ec1433b015b3b8a79391d7c8604cb\"\u003e\u003ccode\u003e7d0902b\u003c/code\u003e\u003c/a\u003e OS/2: fix setUnicodeRanges round-trip for reserved bits 123-127\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/06e266ce70ec578d549c2df0e180a84d9323baf2\"\u003e\u003ccode\u003e06e266c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4085\"\u003e#4085\u003c/a\u003e from fonttools/fix-map-backward-non-injective\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/6d64598a63f83bcd59d29cf3f22dd25343bd9688\"\u003e\u003ccode\u003e6d64598\u003c/code\u003e\u003c/a\u003e Add more tests for map_backward with many-to-one axis maps\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fonttools/fonttools/compare/4.62.1...4.63.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.13 to 3.17\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.17 (2026-05-28)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSubstantial 75% reduction in memory usage through new data\nstructures and some optimization in processing speed.\u003c/li\u003e\n\u003cli\u003eAdded a general 1024-character input length cap to the public\nvalidation, conversion, and codec entry points. This is well above\nany legitimate domain or label and guards against pathological\ninputs.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.16 (2026-05-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a command-line interface (\u003ccode\u003epython -m idna\u003c/code\u003e, also available as\nthe \u003ccode\u003eidna\u003c/code\u003e script). Encodes or decodes one or more domains supplied\nas arguments or on standard input, with options to select A-label\nor U-label output and control error handling.\u003c/li\u003e\n\u003cli\u003eRaise the minimum supported Python version to 3.9\u003c/li\u003e\n\u003cli\u003eVarious code quality improvements\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f48619c4cea6859b938d560fdd9feb898e678567\"\u003e\u003ccode\u003ef48619c\u003c/code\u003e\u003c/a\u003e Release 3.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/7421ba8003227f816142ab40178e3a7d204e6847\"\u003e\u003ccode\u003e7421ba8\u003c/code\u003e\u003c/a\u003e Pre-release 3.17rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/22ebb73b164081f209449b50162eb7ce086e96a4\"\u003e\u003ccode\u003e22ebb73\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/251\"\u003e#251\u003c/a\u003e from kjd/structure-optimizations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2a7ac0a58c788d50112a5003af545a83807fb108\"\u003e\u003ccode\u003e2a7ac0a\u003c/code\u003e\u003c/a\u003e Drop redundant parallel-arrays comment from uts46data\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/354eee9850a7b2962b65ae02010f7ebd9c99b7ed\"\u003e\u003ccode\u003e354eee9\u003c/code\u003e\u003c/a\u003e Apply ruff format to uts46data.py\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/8c34ffcab603b4a7a727d4e286b1f3342813281d\"\u003e\u003ccode\u003e8c34ffc\u003c/code\u003e\u003c/a\u003e Refactor uts46data into parallel arrays\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/1189629e8a319f7c2b4678b5716c180ebd97de03\"\u003e\u003ccode\u003e1189629\u003c/code\u003e\u003c/a\u003e Range-encode joining_types for compact representation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f90b87adc6b6b2a591dfc7fb3f8e47870dc81722\"\u003e\u003ccode\u003ef90b87a\u003c/code\u003e\u003c/a\u003e Generic length limit for functions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/d6ffd28be164dfbd3ebca8b3396e39d191f4909b\"\u003e\u003ccode\u003ed6ffd28\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/247\"\u003e#247\u003c/a\u003e from kjd/release-3.16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/6d1a0de52a8b4690f1b2a89829aa85ff1de3635a\"\u003e\u003ccode\u003e6d1a0de\u003c/code\u003e\u003c/a\u003e Release 3.16\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.13...v3.17\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `librt` from 0.10.0 to 0.11.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mypyc/librt/commit/862679a0492f4433a286b2d53965ec2603623be1\"\u003e\u003ccode\u003e862679a\u003c/code\u003e\u003c/a\u003e Sync mypy and bump version to 0.11.0 (\u003ca href=\"https://redirect.github.com/mypyc/librt/issues/40\"\u003e#40\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/mypyc/librt/compare/v0.10.0...v0.11.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `matplotlib-inline` from 0.2.1 to 0.2.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/e6e197523ecfabfff1d976e5b6958c3ede948ccb\"\u003e\u003ccode\u003ee6e1975\u003c/code\u003e\u003c/a\u003e release 0.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/0aac2e223483ffbfb5a6076d8c2ca83545cca440\"\u003e\u003ccode\u003e0aac2e2\u003c/code\u003e\u003c/a\u003e Bump the actions group across 1 directory with 2 updates (\u003ca href=\"https://redirect.github.com/ipython/matplotlib-inline/issues/65\"\u003e#65\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/6eb2bd89dc8d4d6678478c6b2ec15be7b20d3374\"\u003e\u003ccode\u003e6eb2bd8\u003c/code\u003e\u003c/a\u003e Bump the actions group across 1 directory with 2 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/631d7dd26be1287f64c5bd4bbb84888903e419b0\"\u003e\u003ccode\u003e631d7dd\u003c/code\u003e\u003c/a\u003e Zizmor hardening (\u003ca href=\"https://redirect.github.com/ipython/matplotlib-inline/issues/66\"\u003e#66\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/8d45c8fc427d39750751bdaa0ffe5abc8e30cd50\"\u003e\u003ccode\u003e8d45c8f\u003c/code\u003e\u003c/a\u003e Zizmor hardening\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/f830b37c728146dca4f947de6cbdb420ee9c69fb\"\u003e\u003ccode\u003ef830b37\u003c/code\u003e\u003c/a\u003e Specify BSD license and add license files (\u003ca href=\"https://redirect.github.com/ipython/matplotlib-inline/issues/62\"\u003e#62\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/e3b8bb10d275d5caa97d8d1b584d48797e494de4\"\u003e\u003ccode\u003ee3b8bb1\u003c/code\u003e\u003c/a\u003e Deprecate Python 3.9 in CI pipeline\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/c783ae72ed581f24fa136f34e6df4f6e99c3f785\"\u003e\u003ccode\u003ec783ae7\u003c/code\u003e\u003c/a\u003e Deprecate Python 3.9 in CI pipeline\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/8ac056c5730a6adbc9dd5e049b85163ba6a09a28\"\u003e\u003ccode\u003e8ac056c\u003c/code\u003e\u003c/a\u003e Update workflow to include matplotlib for tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/0cc8a2e91306c94e36f0a9cd8e31a38299b1c126\"\u003e\u003ccode\u003e0cc8a2e\u003c/code\u003e\u003c/a\u003e Use valid SPDX ID\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ipython/matplotlib-inline/compare/0.2.1...0.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mypy` from 2.0.0 to 2.1.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python/mypy/blob/master/CHANGELOG.md\"\u003emypy's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eMypy Release Notes\u003c/h1\u003e\n\u003ch2\u003eNext Release\u003c/h2\u003e\n\u003ch2\u003eMypy 2.1\u003c/h2\u003e\n\u003cp\u003eWe’ve just uploaded mypy 2.1.0 to the Python Package Index (\u003ca href=\"https://pypi.org/project/mypy/\"\u003ePyPI\u003c/a\u003e).\nMypy is a static type checker for Python. This release includes new features, performance\nimprovements and bug fixes. You can install it as follows:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epython3 -m pip install -U mypy\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eYou can read the full documentation for this release on \u003ca href=\"http://mypy.readthedocs.io\"\u003eRead the Docs\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003elibrt.vecs: Fast Growable Array Type for Mypyc\u003c/h3\u003e\n\u003cp\u003eThe new \u003ccode\u003elibrt.vecs\u003c/code\u003e module provides an efficient growable array type \u003ccode\u003evec\u003c/code\u003e that is\noptimized for mypyc use. It provides fast, packed arrays with integer and floating point\nvalue types, which can be \u003cstrong\u003eseveral times faster\u003c/strong\u003e than \u003ccode\u003elist\u003c/code\u003e, and tens of times faster\nthan \u003ccode\u003earray.array\u003c/code\u003e in code compiled using mypyc. It also supports nested \u003ccode\u003evec\u003c/code\u003e objects and\nnon-value-type items, such as \u003ccode\u003evec[vec[str]]\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eRefer to the \u003ca href=\"https://mypyc.readthedocs.io/en/latest/librt_vecs.html\"\u003edocumentation\u003c/a\u003e for\nthe details.\u003c/p\u003e\n\u003cp\u003eContributed by Jukka Lehtosalo.\u003c/p\u003e\n\u003ch3\u003elibrt.random: Fast Pseudo-Random Number Generation\u003c/h3\u003e\n\u003cp\u003eThe new \u003ccode\u003elibrt.random\u003c/code\u003e module provides fast pseudo-random number generation that is\noptimized for code compiled using mypyc. It can be 3x to 10x faster than the stdlib\n\u003ccode\u003erandom\u003c/code\u003e module in compiled code.\u003c/p\u003e\n\u003cp\u003eRefer to the \u003ca href=\"https://mypyc.readthedocs.io/en/latest/librt_random.html\"\u003edocumentation\u003c/a\u003e for\nthe details.\u003c/p\u003e\n\u003cp\u003eContributed by Jukka Lehtosalo (PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21433\"\u003e21433\u003c/a\u003e).\u003c/p\u003e\n\u003ch3\u003eMypyc Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMake compilation order with multiple files consistent (Piotr Sawicki, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21419\"\u003e21419\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash on accessing \u003ccode\u003eStopAsyncIteration\u003c/code\u003e (Piotr Sawicki, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21406\"\u003e21406\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix incremental compilation with \u003ccode\u003eseparate\u003c/code\u003e flag (Vaggelis Danias, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21299\"\u003e21299\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes to Crashes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix crash on partial type with \u003ccode\u003e--allow-redefinition\u003c/code\u003e and \u003ccode\u003eglobal\u003c/code\u003e declaration (Jukka Lehtosalo, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21428\"\u003e21428\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix broken awaitable generator patching (Ivan Levkivskyi, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21435\"\u003e21435\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges to Messages\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/c1c336d7e34eb313080c79b156518c58d27c7234\"\u003e\u003ccode\u003ec1c336d\u003c/code\u003e\u003c/a\u003e Remove +dev from version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/74df14b7cbf08140236aa45bbb7f42219b0b1df7\"\u003e\u003ccode\u003e74df14b\u003c/code\u003e\u003c/a\u003e Add changelog for mypy 2.1 (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21464\"\u003e#21464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/022d9bc96f86c40f338a5cf150f1806cc8f300ff\"\u003e\u003ccode\u003e022d9bc\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;TypeForm: Enable by default (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21262\"\u003e#21262\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/8826288214f1cb31496e610667481221e025359c\"\u003e\u003ccode\u003e8826288\u003c/code\u003e\u003c/a\u003e [mypyc] Document librt.random (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21463\"\u003e#21463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/3f4067b699dbe52d08e42ef3b3ebfdebdc06bd96\"\u003e\u003ccode\u003e3f4067b\u003c/code\u003e\u003c/a\u003e Bump librt version to 0.11.0 (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21458\"\u003e#21458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/2b1eb58a250c5f1eb4ef5fb1f312ff528c5a1d4e\"\u003e\u003ccode\u003e2b1eb58\u003c/code\u003e\u003c/a\u003e [mypyc] Enable incremental self-compilation (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21369\"\u003e#21369\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/8152f4af3f6c03beaf2660026240f0fdce7feecc\"\u003e\u003ccode\u003e8152f4a\u003c/code\u003e\u003c/a\u003e Respect file config comments for stale modules (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21444\"\u003e#21444\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/116d60bdd3fdfe8d97c6afe99370910db56f1b92\"\u003e\u003ccode\u003e116d60b\u003c/code\u003e\u003c/a\u003e Fix nondeterminism from nonassociativity of overload joins (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21455\"\u003e#21455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/6c4af8e42110cea3f84bc02add2ca7b89c268210\"\u003e\u003ccode\u003e6c4af8e\u003c/code\u003e\u003c/a\u003e Fix function call message change for small number of args (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21432\"\u003e#21432\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/4b8fdcaf24032592510e8f15421fb32d82a71800\"\u003e\u003ccode\u003e4b8fdca\u003c/code\u003e\u003c/a\u003e [mypyc] Add librt.random module (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21433\"\u003e#21433\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python/mypy/compare/v2.0.0...v2.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `platformdirs` from 4.9.6 to 4.10.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/platformdirs/releases\"\u003eplatformdirs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.10.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: improve platformdirs maintenance path by \u003ca href=\"https://github.com/lphuc2250gma\"\u003e\u003ccode\u003e@​lphuc2250gma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/platformdirs/pull/488\"\u003etox-dev/platformdirs#488\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e✨ feat: add user_projects_dir for $XDG_PROJECTS_DIR by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/platformdirs/pull/490\"\u003etox-dev/platformdirs#490\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e✨ feat: add user_publicshare_dir, user_templates_dir, user_fonts_dir, user_preference_dir by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/platformdirs/pull/491\"\u003etox-dev/platformdirs#491\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lphuc2250gma\"\u003e\u003ccode\u003e@​lphuc2250gma\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/platformdirs/pull/488\"\u003etox-dev/platformdirs#488\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/platformdirs/compare/4.9.6...4.10.0\"\u003ehttps://github.com/tox-dev/platformdirs/compare/4.9.6...4.10.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/platformdirs/blob/main/docs/changelog.rst\"\u003eplatformdirs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e###########\nChangelog\n###########\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003e4.10.0 (2026-05-28)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e✨ feat: add user_publicshare_dir, user_templates_dir, user_fonts_dir, user_preference_dir :pr:\u003ccode\u003e491\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e✨ feat: add user_projects_dir for $XDG_PROJECTS_DIR :pr:\u003ccode\u003e490\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003echore: improve platformdirs maintenance path :pr:\u003ccode\u003e488\u003c/code\u003e - by :user:\u003ccode\u003elphuc2250gma\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e4.9.6 (2026-04-09)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(release): use double quotes for tag variable expansion :pr:\u003ccode\u003e477\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e4.9.5 (2026-04-06)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e📝 docs(appauthor): clarify None vs False on Windows :pr:\u003ccode\u003e476\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eSeparates implementations of macOS dirs that share a default :pr:\u003ccode\u003e473\u003c/code\u003e - by :user:\u003ccode\u003eGoddesen\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRemove persist-credentials: false from release job :pr:\u003ccode\u003e472\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003efix: do not duplicate site dirs in Unix.iter_{config,site}_dirs() when use_site_for_root is active :pr:\u003ccode\u003e469\u003c/code\u003e - by\n:user:\u003ccode\u003eviccie30\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🔧 fix(type): resolve ty 0.0.25 type errors :pr:\u003ccode\u003e468\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🔒 ci(workflows): add zizmor security auditing :pr:\u003ccode\u003e467\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(release): generate docstrfmt-compatible changelog entries :pr:\u003ccode\u003e463\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e4.9.4 (2026-03-05)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e461\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md\u003c/li\u003e\n\u003cli\u003e📝 docs: add project logo to documentation :pr:\u003ccode\u003e459\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eStandardize .github files to .yaml suffix\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump the all group with 2 updates :pr:\u003ccode\u003e457\u003c/code\u003e - by :user:\u003ccode\u003edependabot[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMove SECURITY.md to .github/SECURITY.md\u003c/li\u003e\n\u003cli\u003eAdd permissions to workflows :pr:\u003ccode\u003e455\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd security policy\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e454\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e4.9.2 (2026-02-16)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e📝 docs: restructure following Diataxis framework :pr:\u003ccode\u003e448\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/platformdirs/commit/04cb1361a064132102612ab05053351196a62b40\"\u003e\u003ccode\u003e04cb136\u003c/code\u003e\u003c/a\u003e Release 4.10.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/platformdirs/commit/078bc61171e1a0cfbb3f210ff0fd30795a359664\"\u003e\u003ccode\u003e078bc61\u003c/code\u003e\u003c/a\u003e ✨ feat: add user_publicshare_dir, user_templates_dir, user_fonts_dir, user_pr...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/platformdirs/commit/d27974762005fa35cebcd4dd7236f8081e88ad75\"\u003e\u003ccode\u003ed279747\u003c/code\u003e\u003c/a\u003e ✨ feat: add user_projects_dir for $XDG_PROJECTS_DIR (\u003ca href=\"https://redirect.github.com/tox-dev/platformdirs/issues/490\"\u003e#490\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/platformdirs/commit/4116391f16178ee5c4b293761491519f9f3c9834\"\u003e\u003ccode\u003e4116391\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/platformdirs/issues/489\"\u003e#489\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/platformdirs/commit/dbc63f58261f1b109f2d75c7d35a485331dbbe6f\"\u003e\u003ccode\u003edbc63f5\u003c/code\u003e\u003c/a\u003e chore: improve platformdirs maintenance path (\u003ca href=\"https://redirect.github.com/tox-dev/platformdirs/issues/488\"\u003e#488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/platformdirs/commit/9265108d732233ce7fbb63a94cd389708ce5e102\"\u003e\u003ccode\u003e9265108\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/platformdirs/issues/487\"\u003e#487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/platformdirs/commit/9f857ec172a1a09a9c608c28cfe2c460c3baac8e\"\u003e\u003ccode\u003e9f857ec\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/platformdirs/issues/486\"\u003e#486\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/platformdirs/commit/a76e77756278566e414eebbc03f789b3a21ea2fa\"\u003e\u003ccode\u003ea76e777\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/platformdirs/issues/484\"\u003e#484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/platformdirs/commit/903fd9f321285c38d4741d2e5ea1881938405d16\"\u003e\u003ccode\u003e903fd9f\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/platformdirs/issues/483\"\u003e#483\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/platformdirs/commit/a5da35d0d57cbcb5f30b18203aa7fbb44be69978\"\u003e\u003ccode\u003ea5da35d\u003c/code\u003e\u003c/a\u003e build(deps): bump astral-sh/setup-uv from 8.0.0 to 8.1.0 in the all group (\u003ca href=\"https://redirect.github.com/tox-dev/platformdirs/issues/482\"\u003e#482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tox-dev/platformdirs/compare/4.9.6...4.10.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyjwt` from 2.12.1 to 2.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/releases\"\u003epyjwt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.13.0\u003c/h2\u003e\n\u003ch1\u003ePyJWT 2.13.0 — Security Release\u003c/h1\u003e\n\u003cp\u003eThis release bundles five security fixes plus three additional hardening / spec-compliance changes. We recommend all users upgrade.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\"\u003e\u003ccode\u003eGHSA-xgmm-8j9v-c9wx\u003c/code\u003e\u003c/a\u003e — JWK JSON accepted as HMAC secret (algorithm confusion).\u003c/strong\u003e \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e previously rejected PEM- and SSH-formatted asymmetric keys but did not catch a JWK passed as a raw JSON string. In a verifier configured with both symmetric and asymmetric algorithms in \u003ccode\u003ealgorithms=[…]\u003c/code\u003e and a raw-JSON JWK as the key, an attacker could forge HS256 tokens using the JWK text as the HMAC secret. The guard has been extended to reject any JWK-shaped JSON. \u003cem\u003eReported by \u003ca href=\"https://github.com/aradona91\"\u003e\u003ccode\u003e@​aradona91\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\"\u003e\u003ccode\u003eGHSA-jq35-7prp-9v3f\u003c/code\u003e\u003c/a\u003e — Algorithm allow-list bypass with \u003ccode\u003ePyJWK\u003c/code\u003e / \u003ccode\u003ePyJWKClient\u003c/code\u003e.\u003c/strong\u003e When verifying with a \u003ccode\u003ePyJWK\u003c/code\u003e, the caller's \u003ccode\u003ealgorithms=[…]\u003c/code\u003e allow-list was checked against the token header \u003ccode\u003ealg\u003c/code\u003e as a string only; actual verification used the algorithm bound to the \u003ccode\u003ePyJWK\u003c/code\u003e. An attacker who controlled a registered JWKS key could sign with one algorithm and advertise another on the header. PyJWT now requires the token header \u003ccode\u003ealg\u003c/code\u003e to match the \u003ccode\u003ePyJWK\u003c/code\u003e's algorithm before verification. \u003cem\u003eReported by \u003ca href=\"https://github.com/sushi-gif\"\u003e\u003ccode\u003e@​sushi-gif\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\"\u003e\u003ccode\u003eGHSA-w7vc-732c-9m39\u003c/code\u003e\u003c/a\u003e — DoS via base64 decode of unused payload segment when \u003ccode\u003eb64=false\u003c/code\u003e.\u003c/strong\u003e For detached-payload JWS (\u003ccode\u003eb64=false\u003c/code\u003e), the compact-form payload segment was base64-decoded before being discarded in favor of the caller-supplied \u003ccode\u003edetached_payload\u003c/code\u003e. An attacker could inflate the unused segment to force CPU + memory cost without holding a valid signature. The segment is now required to be empty per RFC 7515 Appendix F, and is no longer decoded. \u003cem\u003eReported by \u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\"\u003e\u003ccode\u003eGHSA-993g-76c3-p5m4\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e accepts non-HTTP(S) URIs.\u003c/strong\u003e \u003ccode\u003ePyJWKClient.fetch_data\u003c/code\u003e passed its URI to \u003ccode\u003eurllib.request.urlopen\u003c/code\u003e, which by default also handles \u003ccode\u003efile://\u003c/code\u003e, \u003ccode\u003eftp://\u003c/code\u003e, and \u003ccode\u003edata:\u003c/code\u003e schemes. An application that fed an attacker-influenced URI into \u003ccode\u003ePyJWKClient\u003c/code\u003e could be coerced into reading local files or reaching other unintended schemes. \u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects any URI whose scheme isn't \u003ccode\u003ehttp\u003c/code\u003e or \u003ccode\u003ehttps\u003c/code\u003e. \u003cem\u003eReported by \u003ca href=\"https://github.com/KEIJOT\"\u003e\u003ccode\u003e@​KEIJOT\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\"\u003e\u003ccode\u003eGHSA-fhv5-28vv-h8m8\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e cache wiped on fetch error.\u003c/strong\u003e A \u003ccode\u003efinally\u003c/code\u003e-block \u003ccode\u003eput(jwk_set=None)\u003c/code\u003e cleared the JWK Set cache whenever a fetch raised, turning a transient JWKS-endpoint outage into application-wide auth failure. The cache write was moved into the success path; transient errors no longer evict valid cached keys. \u003cem\u003eReported by \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReject empty HMAC keys outright in \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e with \u003ccode\u003eInvalidKeyError\u003c/code\u003e instead of accepting them with only a warning. Defends against the \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e footgun. \u003cem\u003eThanks to \u003ca href=\"https://github.com/SnailSploit\"\u003e\u003ccode\u003e@​SnailSploit\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/spartan8806\"\u003e\u003ccode\u003e@​spartan8806\u003c/code\u003e\u003c/a\u003e for the reports.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003eForward per-call \u003ccode\u003eoptions\u003c/code\u003e (including \u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e) from \u003ccode\u003ePyJWT.decode\u003c/code\u003e through to \u003ccode\u003ePyJWS._verify_signature\u003c/code\u003e. The option was previously silently dropped between the two layers, so it only took effect when set on the \u003ccode\u003ePyJWT\u003c/code\u003e instance. \u003cem\u003eThanks to \u003ca href=\"https://github.com/WLUB\"\u003e\u003ccode\u003e@​WLUB\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRFC 7797 §3 compliance for \u003ccode\u003eb64=false\u003c/code\u003e:\u003c/strong\u003e the encoder now auto-adds \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e to \u003ccode\u003ecrit\u003c/code\u003e, and the decoder rejects tokens that set \u003ccode\u003eb64=false\u003c/code\u003e without listing it in \u003ccode\u003ecrit\u003c/code\u003e. \u003cem\u003eThanks to \u003ca href=\"https://github.com/MachineLearning-Nerd\"\u003e\u003ccode\u003e@​MachineLearning-Nerd\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups, by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/pull/1152\"\u003e#1152\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUpgrade notes\u003c/h2\u003e\n\u003cp\u003eMost fixes are invisible to correctly-configured callers. A few behavioral changes you may encounter:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eEmpty HMAC keys now raise.\u003c/strong\u003e If your app passed \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e or \u003ccode\u003eb\u0026quot;\u0026quot;\u003c/code\u003e as a secret (often via a missing env var, e.g. \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e), \u003ccode\u003eencode\u003c/code\u003e/\u003ccode\u003edecode\u003c/code\u003e will now raise \u003ccode\u003eInvalidKeyError\u003c/code\u003e. This is the intended behavior — fix the configuration.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWK\u003c/code\u003e decoding now requires the token's \u003ccode\u003ealg\u003c/code\u003e to match the JWK's algorithm.\u003c/strong\u003e Previously a mismatch was silently honored if the header \u003ccode\u003ealg\u003c/code\u003e appeared in the allow-list. Tokens that relied on this mismatch will now fail with \u003ccode\u003eInvalidAlgorithmError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects non-HTTP(S) URIs at construction time.\u003c/strong\u003e Tests or dev environments that fetched JWKS from \u003ccode\u003efile://\u003c/code\u003e URIs need to switch to a local HTTP server or load the JWKS by other means (e.g. construct \u003ccode\u003ePyJWKSet.from_dict(...)\u003c/code\u003e directly).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eb64=false\u003c/code\u003e tokens are now strictly RFC 7515 / 7797 compliant.\u003c/strong\u003e Tokens with a non-empty compact-form payload segment, or that omit \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e from \u003ccode\u003ecrit\u003c/code\u003e, will be rejected. PyJWT-produced tokens always satisfy both invariants, so round-trips through PyJWT are unaffected.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e set per-call now takes effect.\u003c/strong\u003e Callers who passed \u003ccode\u003eoptions={\u0026quot;enforce_minimum_key_length\u0026quot;: True}\u003c/code\u003e to \u003ccode\u003ejwt.decode()\u003c/code\u003e previously got no enforcement; they will now get \u003ccode\u003eInvalidKeyError\u003c/code\u003e on undersized keys, as documented.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull changelog:\u003c/strong\u003e \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ehttps://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst\"\u003epyjwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003ev2.13.0 \u0026lt;https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u0026gt;\u003c/code\u003e__\u003c/h2\u003e\n\u003cp\u003eSecurity\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject JWK JSON documents passed as raw HMAC secrets in\n  ``HMACAlgorithm.prepare_key`` to close an algorithm-confusion gap that\n  the existing PEM/SSH guard did not cover. Reported by @aradona91 in\n  `GHSA-xgmm-8j9v-c9wx \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\u0026gt;`__.\n- Bind the JWT header ``alg`` to ``PyJWK.algorithm_name`` during\n  verification so the caller's ``algorithms=[...]`` allow-list cannot be\n  bypassed when decoding with a ``PyJWK`` / ``PyJWKClient`` key. Reported\n  by @sushi-gif in `GHSA-jq35-7prp-9v3f \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\u0026gt;`__.\n- Reject non-``http(s)`` URI schemes in ``PyJWKClient`` so attacker-\n  influenced URIs cannot read local files or reach unintended schemes via\n  urllib's default ``file://`` / ``ftp://`` / ``data:`` handlers. Reported\n  by @KEIJOT in `GHSA-993g-76c3-p5m4 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\u0026gt;`__.\n- Preserve the cached JWK Set on fetch errors in ``PyJWKClient.fetch_data``.\n  The previous ``finally``-block ``put(None)`` pattern cleared the cache\n  on any transient outage, turning one bad JWKS request into application-\n  wide auth failure. Reported by @eddieran in `GHSA-fhv5-28vv-h8m8 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\u0026gt;`__.\n- Skip the unconditional base64 decode of the compact-form payload segment\n  when ``b64=false`` is set in the protected header, and require that\n  segment to be empty (RFC 7515 Appendix F detached form). Closes an\n  unauthenticated DoS amplifier. Reported by @thesmartshadow in\n  `GHSA-w7vc-732c-9m39 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\u0026gt;`__.\n\u003cp\u003eFixed\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject empty HMAC keys outright in ``HMACAlgorithm.prepare_key`` with\n  ``InvalidKeyError`` instead of ...\n\n_Description has been truncated_","html_url":"https://github.com/tatsuki-washimi/gwexpy/pull/430","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/tatsuki-washimi%2Fgwexpy/issues/430","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/430/packages"}},{"old_version":"6.0.12.20260510","new_version":"6.0.12.20260518","update_type":null,"path":null,"pr_created_at":"2026-05-26T05:09:42.000Z","version_change":"6.0.12.20260510 → 6.0.12.20260518","issue":{"uuid":"4521535875","node_id":"PR_kwDOOLckwc7fRcG7","number":1138,"state":"open","title":"Bump the pip-deps group across 1 directory with 15 updates","user":"dependabot[bot]","labels":["dependencies","python","skip-changelog"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-26T05:09:42.000Z","updated_at":"2026-05-26T05:10:57.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip-deps","update_count":15,"packages":[{"name":"requests","old_version":"2.34.0","new_version":"2.34.2","repository_url":"https://github.com/psf/requests"},{"name":"click","old_version":"8.3.3","new_version":"8.4.1","repository_url":"https://github.com/pallets/click"},{"name":"python-ldap","old_version":"3.4.5","new_version":"3.4.7","repository_url":"https://github.com/python-ldap/python-ldap"},{"name":"opentelemetry-api","old_version":"1.41.1","new_version":"1.42.1","repository_url":"https://github.com/open-telemetry/opentelemetry-python"},{"name":"opentelemetry-sdk","old_version":"1.41.1","new_version":"1.42.1","repository_url":"https://github.com/open-telemetry/opentelemetry-python"},{"name":"black","old_version":"26.3.1","new_version":"26.5.1","repository_url":"https://github.com/psf/black"},{"name":"botocore","old_version":"1.43.6","new_version":"1.43.14","repository_url":"https://github.com/boto/botocore"},{"name":"boto3","old_version":"1.43.6","new_version":"1.43.14","repository_url":"https://github.com/boto/boto3"},{"name":"python-frontmatter","old_version":"1.1.0","new_version":"1.3.0","repository_url":"https://github.com/eyeseast/python-frontmatter"},{"name":"types-pyyaml","old_version":"6.0.12.20260510","new_version":"6.0.12.20260518","repository_url":"https://github.com/python/typeshed"},{"name":"types-pytz","old_version":"2026.2.0.20260506","new_version":"2026.2.0.20260518","repository_url":"https://github.com/python/typeshed"},{"name":"types-python-dateutil","old_version":"2.9.0.20260508","new_version":"2.9.0.20260518","repository_url":"https://github.com/python/typeshed"},{"name":"types-requests","old_version":"2.33.0.20260508","new_version":"2.33.0.20260518","repository_url":"https://github.com/python/typeshed"},{"name":"pytest-socket","old_version":"0.7.0","new_version":"0.8.0","repository_url":"https://github.com/miketheman/pytest-socket"},{"name":"pytest-rerunfailures","old_version":"16.1","new_version":"16.3","repository_url":"https://github.com/pytest-dev/pytest-rerunfailures"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip-deps group with 15 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.34.0` | `2.34.2` |\n| [click](https://github.com/pallets/click) | `8.3.3` | `8.4.1` |\n| [python-ldap](https://github.com/python-ldap/python-ldap) | `3.4.5` | `3.4.7` |\n| [opentelemetry-api](https://github.com/open-telemetry/opentelemetry-python) | `1.41.1` | `1.42.1` |\n| [opentelemetry-sdk](https://github.com/open-telemetry/opentelemetry-python) | `1.41.1` | `1.42.1` |\n| [black](https://github.com/psf/black) | `26.3.1` | `26.5.1` |\n| [botocore](https://github.com/boto/botocore) | `1.43.6` | `1.43.14` |\n| [boto3](https://github.com/boto/boto3) | `1.43.6` | `1.43.14` |\n| [python-frontmatter](https://github.com/eyeseast/python-frontmatter) | `1.1.0` | `1.3.0` |\n| [types-pyyaml](https://github.com/python/typeshed) | `6.0.12.20260510` | `6.0.12.20260518` |\n| [types-pytz](https://github.com/python/typeshed) | `2026.2.0.20260506` | `2026.2.0.20260518` |\n| [types-python-dateutil](https://github.com/python/typeshed) | `2.9.0.20260508` | `2.9.0.20260518` |\n| [types-requests](https://github.com/python/typeshed) | `2.33.0.20260508` | `2.33.0.20260518` |\n| [pytest-socket](https://github.com/miketheman/pytest-socket) | `0.7.0` | `0.8.0` |\n| [pytest-rerunfailures](https://github.com/pytest-dev/pytest-rerunfailures) | `16.1` | `16.3` |\n\n\nUpdates `requests` from 2.34.0 to 2.34.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.34.2\u003c/h2\u003e\n\u003ch2\u003e2.34.2 (2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMoved \u003ccode\u003eheaders\u003c/code\u003e input type back to \u003ccode\u003eMapping\u003c/code\u003e to avoid invariance issues with \u003ccode\u003eMutableMapping\u003c/code\u003e and inferred dict types. Users calling \u003ccode\u003eRequest.headers.update()\u003c/code\u003e may need to narrow typing in their code. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.34.1\u003c/h2\u003e\n\u003ch2\u003e2.34.1 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWidened \u003ccode\u003ejson\u003c/code\u003e input type from \u003ccode\u003edict\u003c/code\u003e and \u003ccode\u003elist\u003c/code\u003e to \u003ccode\u003eMapping\u003c/code\u003e\nand \u003ccode\u003eSequence\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanged \u003ccode\u003eheaders\u003c/code\u003e input type to MutableMapping and removed \u003ccode\u003eNone\u003c/code\u003e from\n\u003ccode\u003eRequest.headers\u003c/code\u003e typing to improve handling for users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.reason\u003c/code\u003e moved from \u003ccode\u003estr | None\u003c/code\u003e to \u003ccode\u003estr\u003c/code\u003e to improve handling\nfor users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where some bodies with custom \u003ccode\u003e__getattr__\u003c/code\u003e implementations\nweren't being properly detected as Iterables. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7433\"\u003e#7433\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/k223kim\"\u003e\u003ccode\u003e@​k223kim\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7433\"\u003epsf/requests#7433\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.34.2 (2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMoved \u003ccode\u003eheaders\u003c/code\u003e input type back to \u003ccode\u003eMapping\u003c/code\u003e to avoid invariance issues\nwith \u003ccode\u003eMutableMapping\u003c/code\u003e and inferred dict types. Users calling\n\u003ccode\u003eRequest.headers.update()\u003c/code\u003e may need to narrow typing in their code. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.34.1 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWidened \u003ccode\u003ejson\u003c/code\u003e input type from \u003ccode\u003edict\u003c/code\u003e and \u003ccode\u003elist\u003c/code\u003e to \u003ccode\u003eMapping\u003c/code\u003e\nand \u003ccode\u003eSequence\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanged \u003ccode\u003eheaders\u003c/code\u003e input type to MutableMapping and removed \u003ccode\u003eNone\u003c/code\u003e from\n\u003ccode\u003eRequest.headers\u003c/code\u003e typing to improve handling for users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.reason\u003c/code\u003e moved from \u003ccode\u003estr | None\u003c/code\u003e to \u003ccode\u003estr\u003c/code\u003e to improve handling\nfor users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where some bodies with custom \u003ccode\u003e__getattr__\u003c/code\u003e implementations\nweren't being properly detected as Iterables. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7433\"\u003e#7433\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/6e83187b8feb273ed4c6cdab5efd8d54901dfab3\"\u003e\u003ccode\u003e6e83187\u003c/code\u003e\u003c/a\u003e v2.34.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/84d10f0be83e8f6aeca8a05230c52216431c4d0b\"\u003e\u003ccode\u003e84d10f0\u003c/code\u003e\u003c/a\u003e Move Request.headers back to Mapping (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/b7b549b54571d03950b16afd2d01bc6ff0348224\"\u003e\u003ccode\u003eb7b549b\u003c/code\u003e\u003c/a\u003e v2.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e511bc72777a94c45d004e010c597925092e1efe\"\u003e\u003ccode\u003ee511bc7\u003c/code\u003e\u003c/a\u003e Fix mutability issues with headers input types (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/5691f596134c2feb121e595c77a0178921fcce61\"\u003e\u003ccode\u003e5691f59\u003c/code\u003e\u003c/a\u003e Update JsonType containers to read-based collections (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/2144213c307691710c9d665700860fc4993c3035\"\u003e\u003ccode\u003e2144213\u003c/code\u003e\u003c/a\u003e Constrain Response.reason to str (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/6404f345e562d962abe6700a1c357ec1e7e18232\"\u003e\u003ccode\u003e6404f34\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eprepare_body\u003c/code\u003e stream detection for \u003ccode\u003e__getattr__\u003c/code\u003e-based file wrappers (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7\"\u003e#7\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/psf/requests/compare/v2.34.0...v2.34.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `click` from 8.3.3 to 8.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/releases\"\u003eclick's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.4.1\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.4.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.4.1/\"\u003ehttps://pypi.org/project/click/8.4.1/\u003c/a\u003e\nChanges: \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-4-1\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-4-1\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/click/milestone/32?closed=1\"\u003ehttps://github.com/pallets/click/milestone/32?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eget_parameter_source()\u003c/code\u003e is available during eager callbacks and type conversion again. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3458\"\u003e#3458\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3484\"\u003e#3484\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eZsh completion scripts parse correctly on Windows. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3277\"\u003e#3277\u003c/a\u003e # 3466\u003c/li\u003e\n\u003cli\u003eShell completion of \u003ccode\u003eChoice\u003c/code\u003e \u003ccode\u003eEnum\u003c/code\u003e values produces a valid completion result. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3015\"\u003e#3015\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix empty byte-string handling in echo. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3487\"\u003e#3487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix closed file error with \u003ccode\u003eecho_via_pager\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3449\"\u003e#3449\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.0\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.4.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecation, or introduce potentially breaking changes.\u003c/p\u003e\n\u003cp\u003eWe encourage everyone to upgrade. You can read more about our \u003ca href=\"https://palletsprojects.com/versions\"\u003eVersion Support Policy\u003c/a\u003e on our website.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.4.0/\"\u003ehttps://pypi.org/project/click/8.4.0/\u003c/a\u003e\nChanges:  \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-4-0\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-4-0\u003c/a\u003e\nMilestone \u003ca href=\"https://github.com/pallets/click/milestone/30\"\u003ehttps://github.com/pallets/click/milestone/30\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eParamType\u003c/code\u003e typing improvements. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3371\"\u003e#3371\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e is now a generic abstract base class,\nparameterized by its converted value type.\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.convert\u003c/code\u003e return types are narrowed on all\nconcrete types (\u003ccode\u003estr\u003c/code\u003e for :class:\u003ccode\u003eSTRING\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e for\n:class:\u003ccode\u003eINT\u003c/code\u003e, etc.).\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.to_info_dict\u003c/code\u003e returns specific\n:class:\u003ccode\u003e~typing.TypedDict\u003c/code\u003e subclasses instead of\n\u003ccode\u003edict[str, Any]\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e:class:\u003ccode\u003eCompositeParamType\u003c/code\u003e and the number-range base are now\ngeneric with abstract methods.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor \u003ccode\u003econvert_type\u003c/code\u003e to extract type inference into a private\n\u003ccode\u003e_guess_type\u003c/code\u003e helper, and add :func:\u003ccode\u003etyping.overload\u003c/code\u003e signatures.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/3372\"\u003e#3372\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eParameter\u003c/code\u003e typing improvements. \u003ca href=\"https://redirect.github.com/pallets/click/issues/2805\"\u003e#2805\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e is now an abstract base class, making explicit\nthat it cannot be instantiated directly.\u003c/li\u003e\n\u003cli\u003e:attr:\u003ccode\u003eParameter.name\u003c/code\u003e is now \u003ccode\u003estr\u003c/code\u003e instead of \u003ccode\u003estr | None\u003c/code\u003e.\nWhen \u003ccode\u003eexpose_value=False\u003c/code\u003e, the name is set to \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e instead\nof \u003ccode\u003eNone\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ectx\u003c/code\u003e parameter of :meth:\u003ccode\u003eParameter.get_error_hint\u003c/code\u003e is now\ntyped as \u003ccode\u003eContext | None\u003c/code\u003e, matching the runtime behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSplit string values from \u003ccode\u003edefault_map\u003c/code\u003e for parameters with \u003ccode\u003enargs \u0026gt; 1\u003c/code\u003e\nor :class:\u003ccode\u003eTuple\u003c/code\u003e type, matching environment variable behavior.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/blob/main/CHANGES.rst\"\u003eclick's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 8.4.1\u003c/h2\u003e\n\u003cp\u003eReleased 2026-05-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eget_parameter_source()\u003c/code\u003e is available during eager callbacks and type\nconversion again. :issue:\u003ccode\u003e3458\u003c/code\u003e :issue:\u003ccode\u003e3484\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eZsh completion scripts parse correctly on Windows. :issue:\u003ccode\u003e3277\u003c/code\u003e :pr:\u003ccode\u003e3466\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eShell completion of \u003ccode\u003eChoice\u003c/code\u003e \u003ccode\u003eEnum\u003c/code\u003e values produces a valid completion\nresult. :issue:\u003ccode\u003e3015\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix empty byte-string handling in echo. :issue:\u003ccode\u003e3487\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix closed file error with \u003ccode\u003eecho_via_pager\u003c/code\u003e. :issue:\u003ccode\u003e3449\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 8.4.0\u003c/h2\u003e\n\u003cp\u003eReleased 2026-05-17\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e typing improvements. :pr:\u003ccode\u003e3371\u003c/code\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e is now a generic abstract base class,\nparameterized by its converted value type.\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.convert\u003c/code\u003e return types are narrowed on all\nconcrete types (\u003ccode\u003estr\u003c/code\u003e for :class:\u003ccode\u003eSTRING\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e for\n:class:\u003ccode\u003eINT\u003c/code\u003e, etc.).\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.to_info_dict\u003c/code\u003e returns specific\n:class:\u003ccode\u003e~typing.TypedDict\u003c/code\u003e subclasses instead of\n\u003ccode\u003edict[str, Any]\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e:class:\u003ccode\u003eCompositeParamType\u003c/code\u003e and the number-range base are now\ngeneric with abstract methods.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor \u003ccode\u003econvert_type\u003c/code\u003e to extract type inference into a private\n\u003ccode\u003e_guess_type\u003c/code\u003e helper, and add :func:\u003ccode\u003etyping.overload\u003c/code\u003e signatures.\n:pr:\u003ccode\u003e3372\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e typing improvements. :pr:\u003ccode\u003e2805\u003c/code\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e is now an abstract base class, making explicit\nthat it cannot be instantiated directly.\u003c/li\u003e\n\u003cli\u003e:attr:\u003ccode\u003eParameter.name\u003c/code\u003e is now \u003ccode\u003estr\u003c/code\u003e instead of \u003ccode\u003estr | None\u003c/code\u003e.\nWhen \u003ccode\u003eexpose_value=False\u003c/code\u003e, the name is set to \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e instead\nof \u003ccode\u003eNone\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ectx\u003c/code\u003e parameter of :meth:\u003ccode\u003eParameter.get_error_hint\u003c/code\u003e is now\ntyped as \u003ccode\u003eContext | None\u003c/code\u003e, matching the runtime behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSplit string values from \u003ccode\u003edefault_map\u003c/code\u003e for parameters with \u003ccode\u003enargs \u0026gt; 1\u003c/code\u003e\nor :class:\u003ccode\u003eTuple\u003c/code\u003e type, matching environment variable behavior.\n:issue:\u003ccode\u003e2745\u003c/code\u003e :pr:\u003ccode\u003e3364\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAuto-detect \u003ccode\u003etype=UNPROCESSED\u003c/code\u003e for \u003ccode\u003eflag_value\u003c/code\u003e of non-basic types\n(not \u003ccode\u003estr\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e, \u003ccode\u003efloat\u003c/code\u003e, or \u003ccode\u003ebool\u003c/code\u003e), so programmer-provided\nPython objects like classes and enum members are passed through unchanged\ninstead of being stringified. Previously \u003ccode\u003etype=click.UNPROCESSED\u003c/code\u003e had\nto be set explicitly. :issue:\u003ccode\u003e2012\u003c/code\u003e :pr:\u003ccode\u003e3363\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/6eeb50e948ea136db145280f6f5dd52eca3fa7e5\"\u003e\u003ccode\u003e6eeb50e\u003c/code\u003e\u003c/a\u003e release version 8.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/67921d5b71584112eebcbf89596b5f0e6d14c49f\"\u003e\u003ccode\u003e67921d5\u003c/code\u003e\u003c/a\u003e change log and doc fixes (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3495\"\u003e#3495\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/9c41f46a4015700489ad009266edf1f3893d01d1\"\u003e\u003ccode\u003e9c41f46\u003c/code\u003e\u003c/a\u003e Fix changelog and version admonitions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/6cb34774f20598aa288332f8da02c5aee85448a6\"\u003e\u003ccode\u003e6cb3477\u003c/code\u003e\u003c/a\u003e fix skip condition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/5ee8e3123d8ddece6c47eff9a7a7d4ca478c4f37\"\u003e\u003ccode\u003e5ee8e31\u003c/code\u003e\u003c/a\u003e fix I/O operation on closed file error with CliRunner and echo_via_pager (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3482\"\u003e#3482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/becbde5cf416441627f779e8dd34e57738ee1c1f\"\u003e\u003ccode\u003ebecbde5\u003c/code\u003e\u003c/a\u003e pager doesn't close std streams\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/a5f5aa6d4012d256ccca24638f2642fc371e9f77\"\u003e\u003ccode\u003ea5f5aa6\u003c/code\u003e\u003c/a\u003e Handle empty bytes in echo (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3493\"\u003e#3493\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/4d3db84b251518e97299a38a5ca4bab3d01873a2\"\u003e\u003ccode\u003e4d3db84\u003c/code\u003e\u003c/a\u003e handle empty bytes in echo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/d42f15b71757de791a5781fb179fd972da9169f5\"\u003e\u003ccode\u003ed42f15b\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eget_parameter_source()\u003c/code\u003e during type conversion and eager callbacks (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3484\"\u003e#3484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/0baa8db07736fc7ad3d3eed97d4c73b0059c63e1\"\u003e\u003ccode\u003e0baa8db\u003c/code\u003e\u003c/a\u003e Document ctx.params bypass with test and doc\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/click/compare/8.3.3...8.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-ldap` from 3.4.5 to 3.4.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-ldap/python-ldap/releases\"\u003epython-ldap's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.4.7\u003c/h2\u003e\n\u003cp\u003eNo code changes, correcting for the fact that the previous release artifacts\nuploaded to PyPI contained unintended files.\u003c/p\u003e\n\u003ch2\u003e3.4.6\u003c/h2\u003e\n\u003cp\u003eFixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eattrlist\u003c/code\u003e parameter is now properly checked before use, avoiding memory\nerrors due to type mismatches\u003c/li\u003e\n\u003cli\u003eFixed errors with requestName/requestValue in \u003ccode\u003eextop.dds\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eldif\u003c/code\u003e and \u003ccode\u003eldap.schema\u003c/code\u003e modules now actively close sockets as they're\nfinished with them\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eInfrastructure:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePackage no longer requires setuptools-scm\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-ldap/python-ldap/blob/python-ldap-3.4.7/CHANGES\"\u003epython-ldap's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eReleased 3.4.7 2026-05-19\u003c/p\u003e\n\u003cp\u003eNo code changes, correcting for the fact that the previous release artifacts\nuploaded to PyPI contained unintended files.\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003eReleased 3.4.6 2026-05-14\u003c/p\u003e\n\u003cp\u003eFixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eattrlist\u003c/code\u003e parameter is now properly checked before use, avoiding memory\nerrors due to type mismatches\u003c/li\u003e\n\u003cli\u003eFixed errors with requestName/requestValue in \u003ccode\u003eextop.dds\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eldif\u003c/code\u003e and \u003ccode\u003eldap.schema\u003c/code\u003e modules now actively close sockets as they're\nfinished with them\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eInfrastructure:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePackage no longer requires setuptools-scm\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003eReleased 3.4.5 2025-10-10\u003c/p\u003e\n\u003cp\u003eSecurity fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2025-61911 (GHSA-r7r6-cc7p-4v5m): Enforce \u003ccode\u003estr\u003c/code\u003e input in\n\u003ccode\u003eldap.filter.escape_filter_chars\u003c/code\u003e with \u003ccode\u003eescape_mode=1\u003c/code\u003e; ensure proper\nescaping. (thanks to lukas-eu)\u003c/li\u003e\n\u003cli\u003eCVE-2025-61912 (GHSA-p34h-wq7j-h5v6): Correct NUL escaping in\n\u003ccode\u003eldap.dn.escape_dn_chars\u003c/code\u003e to \u003ccode\u003e\\00\u003c/code\u003e per RFC 4514. (thanks to aradona91)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReconnectLDAPObject now properly reconnects on UNAVAILABLE, CONNECT_ERROR\nand TIMEOUT exceptions (previously only SERVER_DOWN), fixing reconnection\nissues especially during server restarts\u003c/li\u003e\n\u003cli\u003eFixed syncrepl.py to use named constants instead of raw decimal values\nfor result types\u003c/li\u003e\n\u003cli\u003eFixed error handling in SearchNoOpMixIn to prevent a undefined variable error\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eTests:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded comprehensive reconnection test cases including concurrent operation\nhandling and server restart scenarios\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDoc/\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated installation docs and fixed various documentation typos\u003c/li\u003e\n\u003cli\u003eAdded ReadTheDocs configuration file\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eInfrastructure:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd testing and document support for Python 3.13\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003eReleased 3.4.4 2022-11-17\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-ldap/python-ldap/commit/79f34cc398c5bdf202bdb4024a1bb2ec272ce26e\"\u003e\u003ccode\u003e79f34cc\u003c/code\u003e\u003c/a\u003e Prepare a new release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-ldap/python-ldap/commit/4472afd4dd00da71c6836377bad8e0c77702bb66\"\u003e\u003ccode\u003e4472afd\u003c/code\u003e\u003c/a\u003e Prepare a new release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-ldap/python-ldap/commit/f8aa2894212e6624b1b4aac3aa46517652dd5983\"\u003e\u003ccode\u003ef8aa289\u003c/code\u003e\u003c/a\u003e CI: Drop 3.8 from CI as no longer supported in current images\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-ldap/python-ldap/commit/311dbbab0a222238790a18246f0b5b63b895930c\"\u003e\u003ccode\u003e311dbba\u003c/code\u003e\u003c/a\u003e fix(LDAPObject): Prevent memory errors in attrs_from_List\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-ldap/python-ldap/commit/dee242c7015faf0d132eedc4d4235b791910bdd9\"\u003e\u003ccode\u003edee242c\u003c/code\u003e\u003c/a\u003e test: Test valid and invalid attrlist parameters\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-ldap/python-ldap/commit/9257c176ec7e428742dce0a89d5df27d4cb4c3df\"\u003e\u003ccode\u003e9257c17\u003c/code\u003e\u003c/a\u003e ci(github): update github actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-ldap/python-ldap/commit/2ecbc03ff87afa4aa95db84def620a0c514ccbbb\"\u003e\u003ccode\u003e2ecbc03\u003c/code\u003e\u003c/a\u003e fix(ldif): explicitly close sockets after fetching URLs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-ldap/python-ldap/commit/5b173c96c2ade8b7ea2e91a5d46bbefbbd56c5c5\"\u003e\u003ccode\u003e5b173c9\u003c/code\u003e\u003c/a\u003e fix(ldap.schema): Explicitly close url file to avoid ResourceWarning in Pytho...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-ldap/python-ldap/commit/1491b43ecf1856608fa401e66c9d3f89874c75d7\"\u003e\u003ccode\u003e1491b43\u003c/code\u003e\u003c/a\u003e remove superfluous dependency on setuptools-scm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-ldap/python-ldap/commit/7e93577c20207c12205db4e6724291483aed94da\"\u003e\u003ccode\u003e7e93577\u003c/code\u003e\u003c/a\u003e fix(extop.dds): make passing of requestName optional again\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-ldap/python-ldap/compare/python-ldap-3.4.5...python-ldap-3.4.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `opentelemetry-api` from 1.41.1 to 1.42.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/blob/main/CHANGELOG.md\"\u003eopentelemetry-api's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.42.1/0.63b1 (2026-05-21)\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve the random trace ID flag when creating child spans instead of always\nsetting the random trace id bit depending on the available trace id\ngenerator.\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/5241\"\u003e#5241\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.42.0/0.63b0 (2026-05-19)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-api\u003c/code\u003e, \u003ccode\u003eopentelemetry-sdk\u003c/code\u003e: add support for 'random-trace-id'\nflags in W3C traceparent header trace flags. Implementations of \u003ccode\u003eIdGenerator\u003c/code\u003e\nthat do randomly generate the 56 least significant bits, should also\nimplement a \u003ccode\u003eis_trace_id_random\u003c/code\u003e methods that returns \u003ccode\u003eTrue\u003c/code\u003e.\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/4854\"\u003e#4854\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elogs: add exception support to Logger emit and LogRecord attributes\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/4908\"\u003e#4908\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-exporter-otlp-proto-grpc\u003c/code\u003e: make retryable gRPC error codes\nconfigurable for gRPC exporters\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/4917\"\u003e#4917\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-sdk\u003c/code\u003e: Add \u003ccode\u003ecreate_logger_provider\u003c/code\u003e/\u003ccode\u003econfigure_logger_provider\u003c/code\u003e\nto declarative file configuration, enabling LoggerProvider instantiation from\nconfig files without reading env vars\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/4990\"\u003e#4990\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-exporter-otlp-json-common\u003c/code\u003e: add\n'opentelemetry-exporter-otlp-json-common' package for OTLP JSON exporters\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-sdk\u003c/code\u003e: Add \u003ccode\u003eservice\u003c/code\u003e resource detector support to declarative\nfile configuration via \u003ccode\u003edetection_development.detectors[].service\u003c/code\u003e\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/5003\"\u003e#5003\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-docker-tests\u003c/code\u003e: add docker-tests coverage of\n\u003ccode\u003eopentelemetry-exporter-otlp-proto-grpc\u003c/code\u003e and\n\u003ccode\u003eopentelemetry-exporter-otlp-proto-http\u003c/code\u003e metrics export\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/5030\"\u003e#5030\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eregistry\u003c/code\u003e keyword argument to \u003ccode\u003ePrometheusMetricReader\u003c/code\u003e to allow passing\na custom Prometheus registry\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/5055\"\u003e#5055\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd WeaverLiveCheck test util\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/5088\"\u003e#5088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-sdk\u003c/code\u003e: add \u003ccode\u003eload_entry_point\u003c/code\u003e shared utility to declarative\nfile configuration for loading plugins via entry points; refactor propagator\nloading to use it\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/5093\"\u003e#5093\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-sdk\u003c/code\u003e: add sampler plugin loading to declarative file\nconfiguration via the \u003ccode\u003eopentelemetry_sampler\u003c/code\u003e entry point group, matching the\nspec's PluginComponentProvider mechanism\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/5095\"\u003e#5095\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/367e14d01104785ac28b1c66ac32b2082f864a12\"\u003e\u003ccode\u003e367e14d\u003c/code\u003e\u003c/a\u003e Prepare release 1.42.1/0.63b1 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/issues/5243\"\u003e#5243\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/fd8e50410b1788d34b36173dea58d8e38dcc80bc\"\u003e\u003ccode\u003efd8e504\u003c/code\u003e\u003c/a\u003e Preserve random trace ID flag for child spans (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/issues/5241\"\u003e#5241\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/issues/5242\"\u003e#5242\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/013045e3787654123b08530059759842312325ab\"\u003e\u003ccode\u003e013045e\u003c/code\u003e\u003c/a\u003e [release/v1.42.x-0.63bx] Prepare release 1.42.0/0.63b0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/issues/5225\"\u003e#5225\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/1731583b4e7bc6ec6a33345aa19706fc83acc8d5\"\u003e\u003ccode\u003e1731583\u003c/code\u003e\u003c/a\u003e ci: Enable GitHub Merge Queue support (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/issues/5209\"\u003e#5209\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/7fab34d4f49c1cd67df07fa53471c0ae6c269008\"\u003e\u003ccode\u003e7fab34d\u003c/code\u003e\u003c/a\u003e fix(config): allow deflate for OTLP HTTP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/issues/5075\"\u003e#5075\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/0b690d2139f68dd42d2425c920aec882698443fa\"\u003e\u003ccode\u003e0b690d2\u003c/code\u003e\u003c/a\u003e ci: validate changelog fragment filenames (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/issues/5212\"\u003e#5212\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/d4fabb4d6d79812a6d38dd900212f6a0fdb1866b\"\u003e\u003ccode\u003ed4fabb4\u003c/code\u003e\u003c/a\u003e feat(config): exporter plugin loading via entry points for declarative config...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/e19d34600b177b97cf1d8320a77ff75133515012\"\u003e\u003ccode\u003ee19d346\u003c/code\u003e\u003c/a\u003e feat(config): generic resource detector plugin loading for declarative config...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/1d69bd2eaa02715ecf3877a8f391678be58f2f57\"\u003e\u003ccode\u003e1d69bd2\u003c/code\u003e\u003c/a\u003e sdk/metrics: copy attributes dict to prevent post-recording mutation (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/issues/5106\"\u003e#5106\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/990a6112a124e53cc0e3f66871ce8f8d00955d15\"\u003e\u003ccode\u003e990a611\u003c/code\u003e\u003c/a\u003e feat(config): propagator plugin loading via entry points for declarative conf...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/compare/v1.41.1...v1.42.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `opentelemetry-sdk` from 1.41.1 to 1.42.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/blob/main/CHANGELOG.md\"\u003eopentelemetry-sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.42.1/0.63b1 (2026-05-21)\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve the random trace ID flag when creating child spans instead of always\nsetting the random trace id bit depending on the available trace id\ngenerator.\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/5241\"\u003e#5241\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.42.0/0.63b0 (2026-05-19)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-api\u003c/code\u003e, \u003ccode\u003eopentelemetry-sdk\u003c/code\u003e: add support for 'random-trace-id'\nflags in W3C traceparent header trace flags. Implementations of \u003ccode\u003eIdGenerator\u003c/code\u003e\nthat do randomly generate the 56 least significant bits, should also\nimplement a \u003ccode\u003eis_trace_id_random\u003c/code\u003e methods that returns \u003ccode\u003eTrue\u003c/code\u003e.\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/4854\"\u003e#4854\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elogs: add exception support to Logger emit and LogRecord attributes\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/4908\"\u003e#4908\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-exporter-otlp-proto-grpc\u003c/code\u003e: make retryable gRPC error codes\nconfigurable for gRPC exporters\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/4917\"\u003e#4917\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-sdk\u003c/code\u003e: Add \u003ccode\u003ecreate_logger_provider\u003c/code\u003e/\u003ccode\u003econfigure_logger_provider\u003c/code\u003e\nto declarative file configuration, enabling LoggerProvider instantiation from\nconfig files without reading env vars\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/4990\"\u003e#4990\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-exporter-otlp-json-common\u003c/code\u003e: add\n'opentelemetry-exporter-otlp-json-common' package for OTLP JSON exporters\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-sdk\u003c/code\u003e: Add \u003ccode\u003eservice\u003c/code\u003e resource detector support to declarative\nfile configuration via \u003ccode\u003edetection_development.detectors[].service\u003c/code\u003e\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/5003\"\u003e#5003\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-docker-tests\u003c/code\u003e: add docker-tests coverage of\n\u003ccode\u003eopentelemetry-exporter-otlp-proto-grpc\u003c/code\u003e and\n\u003ccode\u003eopentelemetry-exporter-otlp-proto-http\u003c/code\u003e metrics export\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/5030\"\u003e#5030\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eregistry\u003c/code\u003e keyword argument to \u003ccode\u003ePrometheusMetricReader\u003c/code\u003e to allow passing\na custom Prometheus registry\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/5055\"\u003e#5055\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd WeaverLiveCheck test util\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/5088\"\u003e#5088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-sdk\u003c/code\u003e: add \u003ccode\u003eload_entry_point\u003c/code\u003e shared utility to declarative\nfile configuration for loading plugins via entry points; refactor propagator\nloading to use it\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/5093\"\u003e#5093\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-sdk\u003c/code\u003e: add sampler plugin loading to declarative file\nconfiguration via the \u003ccode\u003eopentelemetry_sampler\u003c/code\u003e entry point group, matching the\nspec's PluginComponentProvider mechanism\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/5095\"\u003e#5095\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/367e14d01104785ac28b1c66ac32b2082f864a12\"\u003e\u003ccode\u003e367e14d\u003c/code\u003e\u003c/a\u003e Prepare release 1.42.1/0.63b1 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/issues/5243\"\u003e#5243\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/fd8e50410b1788d34b36173dea58d8e38dcc80bc\"\u003e\u003ccode\u003efd8e504\u003c/code\u003e\u003c/a\u003e Preserve random trace ID flag for child spans (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/issues/5241\"\u003e#5241\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/issues/5242\"\u003e#5242\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/013045e3787654123b08530059759842312325ab\"\u003e\u003ccode\u003e013045e\u003c/code\u003e\u003c/a\u003e [release/v1.42.x-0.63bx] Prepare release 1.42.0/0.63b0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/issues/5225\"\u003e#5225\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/1731583b4e7bc6ec6a33345aa19706fc83acc8d5\"\u003e\u003ccode\u003e1731583\u003c/code\u003e\u003c/a\u003e ci: Enable GitHub Merge Queue support (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/issues/5209\"\u003e#5209\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/7fab34d4f49c1cd67df07fa53471c0ae6c269008\"\u003e\u003ccode\u003e7fab34d\u003c/code\u003e\u003c/a\u003e fix(config): allow deflate for OTLP HTTP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/issues/5075\"\u003e#5075\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/0b690d2139f68dd42d2425c920aec882698443fa\"\u003e\u003ccode\u003e0b690d2\u003c/code\u003e\u003c/a\u003e ci: validate changelog fragment filenames (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/issues/5212\"\u003e#5212\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/d4fabb4d6d79812a6d38dd900212f6a0fdb1866b\"\u003e\u003ccode\u003ed4fabb4\u003c/code\u003e\u003c/a\u003e feat(config): exporter plugin loading via entry points for declarative config...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/e19d34600b177b97cf1d8320a77ff75133515012\"\u003e\u003ccode\u003ee19d346\u003c/code\u003e\u003c/a\u003e feat(config): generic resource detector plugin loading for declarative config...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/1d69bd2eaa02715ecf3877a8f391678be58f2f57\"\u003e\u003ccode\u003e1d69bd2\u003c/code\u003e\u003c/a\u003e sdk/metrics: copy attributes dict to prevent post-recording mutation (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/issues/5106\"\u003e#5106\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/990a6112a124e53cc0e3f66871ce8f8d00955d15\"\u003e\u003ccode\u003e990a611\u003c/code\u003e\u003c/a\u003e feat(config): propagator plugin loading via entry points for declarative conf...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/compare/v1.41.1...v1.42.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `black` from 26.3.1 to 26.5.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/releases\"\u003eblack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.5.1\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix unstable formatting of annotated assignments whose subscript annotation contains\nan inline comment (e.g. \u003ccode\u003ex: list[  # pyright: ignore[...]\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/psf/black/issues/5130\"\u003e#5130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve inline comments (including \u003ccode\u003e# type: ignore\u003c/code\u003e) immediately before a\n\u003ccode\u003e# fmt: skip\u003c/code\u003e line, avoiding AST equivalence failures (\u003ca href=\"https://redirect.github.com/psf/black/issues/5139\"\u003e#5139\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect the version in the published executables (\u003ca href=\"https://redirect.github.com/psf/black/issues/5137\"\u003e#5137\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Neovim integration guide covering conform.nvim, ALE, and simple command approaches\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/5124\"\u003e#5124\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e26.5.0\u003c/h2\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for unpacking in comprehensions (PEP 798) and for lazy imports (PEP 810),\nboth new syntactic features in Python 3.15 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5048\"\u003e#5048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePython 3.15 is now supported. Compiled wheels are not yet provided for Python 3.15, so\nperformance may be slower than on existing Python versions. Wheels will be provided\nonce Python 3.15 is later in its release cycle. (\u003ca href=\"https://redirect.github.com/psf/black/issues/5127\"\u003e#5127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003e# fmt: skip\u003c/code\u003e being ignored in nested \u003ccode\u003eif\u003c/code\u003e expressions with parenthesized \u003ccode\u003ein\u003c/code\u003e\nclauses (\u003ca href=\"https://redirect.github.com/psf/black/issues/4903\"\u003e#4903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd syntactic support for Python 3.15 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5048\"\u003e#5048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash when an f-string follows a \u003ccode\u003e# fmt: off\u003c/code\u003e comment inside brackets (\u003ca href=\"https://redirect.github.com/psf/black/issues/5097\"\u003e#5097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve multiline compound statement headers when \u003ccode\u003e# fmt: skip\u003c/code\u003e is placed on the\ncolon line (\u003ca href=\"https://redirect.github.com/psf/black/issues/5117\"\u003e#5117\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove heuristics around whether blank lines should appear before, within and after\ngroups of same-name decorated functions (such as \u003ccode\u003e@overload\u003c/code\u003e groups) in \u003ccode\u003e.pyi\u003c/code\u003e stub\nfiles (\u003ca href=\"https://redirect.github.com/psf/black/issues/5021\"\u003e#5021\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix blank lines being removed between a function and a decorated class in \u003ccode\u003e.pyi\u003c/code\u003e stub\nfiles (\u003ca href=\"https://redirect.github.com/psf/black/issues/5092\"\u003e#5092\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent string merger from creating unsplittable long lines when a pragma comment\n(e.g. \u003ccode\u003e# type: ignore\u003c/code\u003e) follows the closing bracket (\u003ca href=\"https://redirect.github.com/psf/black/issues/5096\"\u003e#5096\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRun CI on 3.15 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5127\"\u003e#5127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOutput\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/blob/main/CHANGES.md\"\u003eblack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 26.5.1\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix unstable formatting of annotated assignments whose subscript annotation contains\nan inline comment (e.g. \u003ccode\u003ex: list[  # pyright: ignore[...]\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/psf/black/issues/5130\"\u003e#5130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve inline comments (including \u003ccode\u003e# type: ignore\u003c/code\u003e) immediately before a\n\u003ccode\u003e# fmt: skip\u003c/code\u003e line, avoiding AST equivalence failures (\u003ca href=\"https://redirect.github.com/psf/black/issues/5139\"\u003e#5139\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect the version in the published executables (\u003ca href=\"https://redirect.github.com/psf/black/issues/5137\"\u003e#5137\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Neovim integration guide covering conform.nvim, ALE, and simple command approaches\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/5124\"\u003e#5124\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 26.5.0\u003c/h2\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for unpacking in comprehensions (PEP 798) and for lazy imports (PEP 810),\nboth new syntactic features in Python 3.15 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5048\"\u003e#5048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePython 3.15 is now supported. Compiled wheels are not yet provided for Python 3.15, so\nperformance may be slower than on existing Python versions. Wheels will be provided\nonce Python 3.15 is later in its release cycle. (\u003ca href=\"https://redirect.github.com/psf/black/issues/5127\"\u003e#5127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003e# fmt: skip\u003c/code\u003e being ignored in nested \u003ccode\u003eif\u003c/code\u003e expressions with parenthesized \u003ccode\u003ein\u003c/code\u003e\nclauses (\u003ca href=\"https://redirect.github.com/psf/black/issues/4903\"\u003e#4903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd syntactic support for Python 3.15 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5048\"\u003e#5048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash when an f-string follows a \u003ccode\u003e# fmt: off\u003c/code\u003e comment inside brackets (\u003ca href=\"https://redirect.github.com/psf/black/issues/5097\"\u003e#5097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve multiline compound statement headers when \u003ccode\u003e# fmt: skip\u003c/code\u003e is placed on the\ncolon line (\u003ca href=\"https://redirect.github.com/psf/black/issues/5117\"\u003e#5117\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove heuristics around whether blank lines should appear before, within and after\ngroups of same-name decorated functions (such as \u003ccode\u003e@overload\u003c/code\u003e groups) in \u003ccode\u003e.pyi\u003c/code\u003e stub\nfiles (\u003ca href=\"https://redirect.github.com/psf/black/issues/5021\"\u003e#5021\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix blank lines being removed between a function and a decorated class in \u003ccode\u003e.pyi\u003c/code\u003e stub\nfiles (\u003ca href=\"https://redirect.github.com/psf/black/issues/5092\"\u003e#5092\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent string merger from creating unsplittable long lines when a pragma comment\n(e.g. \u003ccode\u003e# type: ignore\u003c/code\u003e) follows the closing bracket (\u003ca href=\"https://redirect.github.com/psf/black/issues/5096\"\u003e#5096\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRun CI on 3.15 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5127\"\u003e#5127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/87928e6d6761a4a6d22250e1fee5601b3998086e\"\u003e\u003ccode\u003e87928e6\u003c/code\u003e\u003c/a\u003e Prepare release 26.5.1 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5140\"\u003e#5140\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c970a49702488739add6c728122deb3a99900803\"\u003e\u003ccode\u003ec970a49\u003c/code\u003e\u003c/a\u003e Preserve comments before fmt: skip lines (\u003ca href=\"https://redirect.github.com/psf/black/issues/5139\"\u003e#5139\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/5809338fd5f92d50e80c2ad312292ae6d428a480\"\u003e\u003ccode\u003e5809338\u003c/code\u003e\u003c/a\u003e Preserve inline comments inside annotation subscripts (\u003ca href=\"https://redirect.github.com/psf/black/issues/5130\"\u003e#5130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/61361b71995f6ea44ce01915bacd3ecc50642507\"\u003e\u003ccode\u003e61361b7\u003c/code\u003e\u003c/a\u003e docs: add Neovim integration guide and fix http link (\u003ca href=\"https://redirect.github.com/psf/black/issues/5124\"\u003e#5124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/ebe6018e3254629788376e619207719fbe34a849\"\u003e\u003ccode\u003eebe6018\u003c/code\u003e\u003c/a\u003e CI Hotfixes (\u003ca href=\"https://redirect.github.com/psf/black/issues/5136\"\u003e#5136\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/9cbd95f80e97c1ab4d690d1d41b81579a13bf75c\"\u003e\u003ccode\u003e9cbd95f\u003c/code\u003e\u003c/a\u003e Fix publish binaries again on Windows (\u003ca href=\"https://redirect.github.com/psf/black/issues/5134\"\u003e#5134\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/3dc8e6c41911bdaedb4bac8d633979c34a112b78\"\u003e\u003ccode\u003e3dc8e6c\u003c/code\u003e\u003c/a\u003e Add new changelog (\u003ca href=\"https://redirect.github.com/psf/black/issues/5132\"\u003e#5132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/6d0fff0d5a965b9d0d3dbd7c5738d835fd574130\"\u003e\u003ccode\u003e6d0fff0\u003c/code\u003e\u003c/a\u003e Fix publish binaries workflow (\u003ca href=\"https://redirect.github.com/psf/black/issues/5133\"\u003e#5133\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/d2490e24dad33b8f68c77602ee29160de0fea24b\"\u003e\u003ccode\u003ed2490e2\u003c/code\u003e\u003c/a\u003e Prepare release 26.5.0 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5131\"\u003e#5131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/2b13ea76fa69d4923381df65deb1a5c896ca27ad\"\u003e\u003ccode\u003e2b13ea7\u003c/code\u003e\u003c/a\u003e Preserve multiline headers with fmt skip (\u003ca href=\"https://redirect.github.com/psf/black/issues/5117\"\u003e#5117\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/black/compare/26.3.1...26.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `botocore` from 1.43.6 to 1.43.14\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/f23ff3b6696ff40edf962921f5e42299f32bbe94\"\u003e\u003ccode\u003ef23ff3b\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.14'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/7feaf2f7e052799cee88cebedec295422dd9ae33\"\u003e\u003ccode\u003e7feaf2f\u003c/code\u003e\u003c/a\u003e Bumping version to 1.43.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/d3e43934fe477630185bf6fd31c5ac7c87f4c8c5\"\u003e\u003ccode\u003ed3e4393\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/5204755d6cc055a11d660f5021e84aa1dcf86600\"\u003e\u003ccode\u003e5204755\u003c/code\u003e\u003c/a\u003e Update to latest models\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/89a5ca07e8c76117201d53fce33777c2c9fc704c\"\u003e\u003ccode\u003e89a5ca0\u003c/code\u003e\u003c/a\u003e Improving caching of S3 endpoints by omitting unused parameters (\u003ca href=\"https://redirect.github.com/boto/botocore/issues/3692\"\u003e#3692\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/8bd61f7918034e9c9d5013c8422dd3e9e56b050e\"\u003e\u003ccode\u003e8bd61f7\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.13'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/b6f2c74a6dea7272da8a2cf88dc777fbc133c2d7\"\u003e\u003ccode\u003eb6f2c74\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.13' into develop\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/9cfdcaf4baecbc6ad542bd9aeaa116bcf502024a\"\u003e\u003ccode\u003e9cfdcaf\u003c/code\u003e\u003c/a\u003e Bumping version to 1.43.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/656fd57082823142d4a7584a8d09fc53aa419614\"\u003e\u003ccode\u003e656fd57\u003c/code\u003e\u003c/a\u003e Update to latest models\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/280497b9d5ebc5b1a85c1911a069c7452041fa42\"\u003e\u003ccode\u003e280497b\u003c/code\u003e\u003c/a\u003e Merge customizations for Bedrock AgentCore Control\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/boto/botocore/compare/1.43.6...1.43.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `boto3` from 1.43.6 to 1.43.14\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/07953b03a1c6fc86660852ee65a21c3ceae3f437\"\u003e\u003ccode\u003e07953b0\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.14'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/25c77c306c3efba0d44bebec97ab882ddd6f0958\"\u003e\u003ccode\u003e25c77c3\u003c/code\u003e\u003c/a\u003e Bumping version to 1.43.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/5e64afcd4172f04cd4b62a40050bd6088e316316\"\u003e\u003ccode\u003e5e64afc\u003c/code\u003e\u003c/a\u003e Add changelog entries from botocore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/97921f4babf469d1c1fbbb27746bbaece6008122\"\u003e\u003ccode\u003e97921f4\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.13'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/4e58a354db37897d65024fca50e9f9b4e4845068\"\u003e\u003ccode\u003e4e58a35\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.13' into develop\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/1307ac2642ed8e53aca983b1c89e952309a0c66d\"\u003e\u003ccode\u003e1307ac2\u003c/code\u003e\u003c/a\u003e Bumping version to 1.43.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/c75c901f5be45cce8e8f46733ee0562d06110c81\"\u003e\u003ccode\u003ec75c901\u003c/code\u003e\u003c/a\u003e Add changelog entries from botocore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/d3f2433ff49062a75426c406e606625b69a32eb6\"\u003e\u003ccode\u003ed3f2433\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.12'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/d5eddf97fcacb8e8aecf0ff043501ff97454f105\"\u003e\u003ccode\u003ed5eddf9\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.12' into develop\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/93f3a42377b288934f08416a9c3b63920d8163c6\"\u003e\u003ccode\u003e93f3a42\u003c/code\u003e\u003c/a\u003e Bumping version to 1.43.12\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/boto/boto3/compare/1.43.6...1.43.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-frontmatter` from 1.1.0 to 1.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/eyeseast/python-frontmatter/releases\"\u003epython-frontmatter's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.3.0 - Now using uv\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTest on Python 3.14 and upgrade actions by \u003ca href=\"https://github.com/eyeseast\"\u003e\u003ccode\u003e@​eyeseast\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/eyeseast/python-frontmatter/pull/128\"\u003eeyeseast/python-frontmatter#128\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove codecs from tests by \u003ca href=\"https://github.com/eyeseast\"\u003e\u003ccode\u003e@​eyeseast\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/eyeseast/python-frontmatter/pull/129\"\u003eeyeseast/python-frontmatter#129\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMigrate to uv and pyproject.toml by \u003ca href=\"https://github.com/eyeseast\"\u003e\u003ccode\u003e@​eyeseast\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/eyeseast/python-frontmatter/pull/131\"\u003eeyeseast/python-frontmatter#131\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/eyeseast/python-frontmatter/compare/v1.2.0...v1.3.0\"\u003ehttps://github.com/eyeseast/python-frontmatter/compare/v1.2.0...v1.3.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.2.0 - Fix type issues and support newer Python versions\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSolve all the type issues by \u003ca href=\"https://github.com/eyeseast\"\u003e\u003ccode\u003e@​eyeseast\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/eyeseast/python-frontmatter/pull/120\"\u003eeyeseast/python-frontmatter#120\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInclude py.typed marker in package distribution by \u003ca href=\"https://github.com/giuse-boccia\"\u003e\u003ccode\u003e@​giuse-boccia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/eyeseast/python-frontmatter/pull/125\"\u003eeyeseast/python-frontmatter#125\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/giuse-boccia\"\u003e\u003ccode\u003e@​giuse-boccia\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/eyeseast/python-frontmatter/pull/125\"\u003eeyeseast/python-frontmatter#125\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThis version drops support for Python 3.9.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/eyeseast/python-frontmatter/compare/v1.1.0...v1.2.0\"\u003ehttps://github.com/eyeseast/python-frontmatter/compare/v1.1.0...v1.2.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eyeseast/python-frontmatter/commit/dc7c0af5466b104e0ba01ae3c5b2cd77edc27292\"\u003e\u003ccode\u003edc7c0af\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/eyeseast/python-frontmatter/issues/131\"\u003e#131\u003c/a\u003e from eyeseast/123-uv\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eyeseast/python-frontmatter/commit/1e787d8db0b426a6f28a449497bb5ab43d9f3d49\"\u003e\u003ccode\u003e1e787d8\u003c/code\u003e\u003c/a\u003e Migrate to uv and pyproject.toml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eyeseast/python-frontmatter/commit/36224327b9506ffaf5a62ffced1818934ff5278c\"\u003e\u003ccode\u003e3622432\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/eyeseast/python-frontmatter/issues/129\"\u003e#129\u003c/a\u003e from eyeseast/126-remove-codecs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eyeseast/python-frontmatter/commit/c4fdd50f3f8785f8f794e8f9ca5d1833824cb9eb\"\u003e\u003ccode\u003ec4fdd50\u003c/code\u003e\u003c/a\u003e Encoding is a kwarg\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eyeseast/python-frontmatter/commit/6fa3a9a630b2a15096101531884c5e55e90dd189\"\u003e\u003ccode\u003e6fa3a9a\u003c/code\u003e\u003c/a\u003e Remove codecs from tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eyeseast/python-frontmatter/commit/3a8c60009a5456c821e81458bcc47b369cd5db99\"\u003e\u003ccode\u003e3a8c600\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/eyeseast/python-frontmatter/issues/128\"\u003e#128\u003c/a\u003e from eyeseast/upgrade-actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eyeseast/python-frontmatter/commit/8243f83b628785910e21f6a75bc1152c1bd9263c\"\u003e\u003ccode\u003e8243f83\u003c/code\u003e\u003c/a\u003e Test on Python 3.14 and upgrade actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eyeseast/python-frontmatter/commit/55bcc679d0af970a40b5a97de92c73466e1de07e\"\u003e\u003ccode\u003e55bcc67\u003c/code\u003e\u003c/a\u003e v1.2.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eyeseast/python-frontmatter/commit/949826fe6fbb1513cf5d820abcf57deab216ff35\"\u003e\u003ccode\u003e949826f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/eyeseast/python-frontmatter/issues/125\"\u003e#125\u003c/a\u003e from giuse-boccia/fix/include-py-typed-marker\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eyeseast/python-frontmatter/commit/b12a13bc05f2362b1c21b6e1053d945aeebf497d\"\u003e\u003ccode\u003eb12a13b\u003c/code\u003e\u003c/a\u003e Include py.typed marker in package distribution\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/eyeseast/python-frontmatter/compare/v1.1.0...v1.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-pyyaml` from 6.0.12.20260510 to 6.0.12.20260518\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-pytz` from 2026.2.0.20260506 to 2026.2.0.20260518\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-python-dateutil` from 2.9.0.20260508 to 2.9.0.20260518\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-requests` from 2.33.0.20260508 to 2.33.0.20260518\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest-socket` from 0.7.0 to 0.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/miketheman/pytest-socket/releases\"\u003epytest-socket's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.8.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eEnhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBlock DNS resolution (\u003ccode\u003egetaddrinfo\u003c/code\u003e, \u003ccode\u003egethostbyname\u003c/code\u003e) when sockets are disabled \u003ca href=\"https://redirect.github.com/miketheman/pytest-socket/issues/482\"\u003e#482\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport CIDR network ranges in \u003ccode\u003eallow_hosts\u003c/code\u003e \u003ca href=\"https://redirect.github.com/miketheman/pytest-socket/issues/479\"\u003e#479\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWarn before raising on a blocked socket call \u003ca href=\"https://redirect.github.com/miketheman/pytest-socket/issues/468\"\u003e#468\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCache hostname resolutions during a test run \u003ca href=\"https://redirect.github.com/miketheman/pytest-socket/issues/369\"\u003e#369\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRemoved support for Python 3.8 and 3.9.\u003c/strong\u003e Python 3.10 is now the minimum.\u003c/li\u003e\n\u003cli\u003eTest against Python 3.13, 3.14, and free-threaded 3.13t/3.14t\u003c/li\u003e\n\u003cli\u003eReplaced Poetry with uv \u003ca href=\"https://redirect.github.com/miketheman/pytest-socket/issues/429\"\u003e#429\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded type hints \u003ca href=\"https://redirect.github.com/miketheman/pytest-socket/issues/465\"\u003e#465\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwapped \u003ccode\u003epytest-httpbin\u003c/code\u003e for a local test fixture \u003ca href=\"https://redirect.github.com/miketheman/pytest-socket/issues/467\"\u003e#467\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency, CI, and development updates\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/twm\"\u003e\u003ccode\u003e@​twm\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/miketheman/pytest-socket/pull/369\"\u003emiketheman/pytest-socket#369\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/miketheman/pytest-socket/compare/0.7.0...0.8.0\"\u003ehttps://github.com/miketheman/pytest-socket/compare/0.7.0...0.8.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/miketheman/pytest-socket/blob/main/CHANGELOG.md\"\u003epytest-socket's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[0.8.0][] (2026-05-21)\u003c/h2\u003e\n\u003cp\u003eEnhancements:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eBlock DNS resolution (\u003ccode\u003egetaddrinfo\u003c/code\u003e, \u003ccode\u003egethostbyname\u003c/code\u003e) when sockets are disabled \u003ca href=\"https://redirect.github.com/miketheman/pytest-socket/issues/482\"\u003e#482\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport CIDR network ranges in \u003ccode\u003eallow_hosts\u003c/code\u003e \u003ca href=\"https://redirect.github.com/miketheman/pytest-socket/issues/479\"\u003e#479\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWarn before raising on a blocked socket call \u003ca href=\"https://redirect.github.com/miketheman/pytest-socket/issues/468\"\u003e#468\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCache hostname resolutions during a test run \u003ca href=\"https://redirect.github.com/miketheman/pytest-socket/issues/369\"\u003e#369\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eChanges:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRemoved support for Python 3.8 and 3.9.\u003c/strong\u003e Python 3.10 is now the minimum.\u003c/li\u003e\n\u003cli\u003eTest against Python 3.13, 3.14, and free-threaded 3.13t/3.14t\u003c/li\u003e\n\u003cli\u003eReplaced Poetry with uv \u003ca href=\"https://redirect.github.com/miketheman/pytest-socket/issues/429\"\u003e#429\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded type hints \u003ca href=\"https://redirect.github.com/miketheman/pytest-socket/issues/465\"\u003e#465\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwapped \u003ccode\u003epytest-httpbin\u003c/code\u003e for a local test fixture \u003ca href=\"https://redirect.github.com/miketheman/pytest-socket/issues/467\"\u003e#467\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency, CI, and development updates\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/miketheman/pytest-socket/commit/f9ec1395f4b060c095d6cb28dc1d03d6ca4e0f47\"\u003e\u003ccode\u003ef9ec139\u003c/code\u003e\u003c/a\u003e pytest-socket, v0.8.0 (\u003ca href=\"https://redirect.github.com/miketheman/pytest-socket/issues/484\"\u003e#484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/miketheman/pytest-socket/commit/3930df85c15d93ad3d56ccf21dd81fafcc3e107f\"\u003e\u003ccode\u003e3930df8\u003c/code\u003e\u003c/a\u003e chore(ci): add publish workflow, update others (\u003ca href=\"https://redirect.github.com/miketheman/pytest-socket/issues/483\"\u003e#483\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/miketheman/pytest-socket/commit/aae7f44b24475f2fbdc49fac8f2fa6d63b67f48b\"\u003e\u003ccode\u003eaae7f44\u003c/code\u003e\u003c/a\u003e feat: also block DNS resolution (\u003ca href=\"https://redirect.github.com/miketheman/pytest-socket/issues/482\"\u003e#482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/miketheman/pytest-socket/commit/f0700d23791fafc2aefa92bfd0b3e49d99de4582\"\u003e\u003ccode\u003ef0700d2\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/miketheman/pytest-socket/issues/481\"\u003e#481\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/miketheman/pytest-socket/commit/09ba021cd3c276ba75d6cb726ef355d75c68c13d\"\u003e\u003ccode\u003e09ba021\u003c/code\u003e\u003c/a\u003e chore(deps): full sweep of all dependency upgrades (\u003ca href=\"https://redirect.github.com/miketheman/pytest-socket/issues/480\"\u003e#480\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/miketheman/pytest-socket/commit/8dc62860f3d0cf2104f50acee8ac91d42dd29950\"\u003e\u003ccode\u003e8dc6286\u003c/code\u003e\u003c/a\u003e feat(allow_hosts): support CIDR network entries (\u003ca href=\"https://redirect.github.com/miketheman/pytest-socket/issues/479\"\u003e#479\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/miketheman/pytest-socket/commit/06ed8a1562be753238bcf7c35d960816b7e9fa62\"\u003e\u003ccode\u003e06ed8a1\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump starlette from 0.49.1 to 1.0.0 (\u003ca href=\"https://redirect.github.com/miketheman/pytest-socket/issues/478\"\u003e#478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/miketheman/pytest-socket/commit/b3132108f9ba20f8e1c3a8a5caa6f8e66a7ce6cc\"\u003e\u003ccode\u003eb313210\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump mypy from 1.20.0 to 1.20.2 (\u003ca href=\"https://redirect.github.com/miketheman/pytest-socket/issues/477\"\u003e#477\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/miketheman/pytest-socket/commit/f7e85f788b5db0a7cb832414f5d04ea6124305a2\"\u003e\u003ccode\u003ef7e85f7\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump pytest-randomly from 3.16.0 to 4.0.1 (\u003ca href=\"https://redirect.github.com/miketheman/pytest-socket/issues/476\"\u003e#476\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/miketheman/pytest-socket/commit/89690a6c31d200c9463c7e41e7ba51139de67c29\"\u003e\u003ccode\u003e89690a6\u003c/code\u003e\u003c/a\u003e chore: dependabot config (\u003ca href=\"https://redirect.github.com/miketheman/pytest-socket/issues/475\"\u003e#475\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/miketheman/pytest-socket/compare/0.7.0...0.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest-rerunfailures` from 16.1 to 16.3\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest-rerunfailures/blob/master/CHANGES.rst\"\u003epytest-rerunfailures's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e16.3 (2026-05-22)\u003c/h2\u003e\n\u003cp\u003eFeatures\n++++++++\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAdd \u003ccode\u003e--reruns-mode\u003c/code\u003e option (\u003ccode\u003estrict\u003c/code\u003e or \u003ccode\u003eappend\u003c/code\u003e). With \u003ccode\u003eappend\u003c/code\u003e,\nmarker reruns and the global \u003ccode\u003e--reruns\u003c/code\u003e / \u003ccode\u003ereruns\u003c/code\u003e ini setting are summed\ninstead of the marker taking strict priority. Default is \u003ccode\u003estrict\u003c/code\u003e so\nexisting behaviour is unchanged.\nFixes \u003ccode\u003e[#321](https://github.com/pytest-dev/pytest-rerunfailures/issues/321) \u0026lt;https://github.com/pytest-dev/pytest-rerunfailures/issues/321\u0026gt;\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd \u003ccode\u003e--rerun-show-tracebacks\u003c/code\u003e option to display tracebacks from failed\nattempts that were retried, including tests that eventually passed. The\nrerun summary section is emitted automatically when the flag is set, so\n\u003ccode\u003e-rR\u003c/code\u003e is no longer required to see the tracebacks.\nFixes \u003ccode\u003e[#156](https://github.com/pytest-dev/pytest-rerunfailures/issues/156) \u0026lt;https://github.com/pytest-dev/pytest-rerunfailures/issues/156\u0026gt;\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e16.2 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003eBreaking changes\n++++++++++++++++\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for pytest 8.0. Minimum pytest version is now 8.1.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFeatures\n++++++++\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for pytest 9.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes\n+++++++++\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix missing teardown for session and module scoped fixtures when fixture teardown fails.\nFixes \u003ccode\u003e[#314](https://github.com/pytest-dev/pytest-rerunfailures/issues/314) \u0026lt;https://github.com/pytest-dev/pytest-rerunfailures/issues/314\u0026gt;\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eClear fixture finalizers when removing cached results from failed fixtures\nto fix compatibility with pytest \u0026gt;= 9, which asserts that \u003ccode\u003e_finalizers\u003c/code\u003e is\nempty before executing a fixture.\nFixes \u003ccode\u003e[#323](https://github.com/pytest-dev/pytest-rerunfailures/issues/323) \u0026lt;https://github.com/pytest-dev/pytest-rerunfailures/issues/323\u0026gt;\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAccept exception classes (not only regex strings) in the \u003ccode\u003eonly_rerun\u003c/code\u003e and\n\u003ccode\u003ererun_except\u003c/code\u003e marker keyword arguments instead of crashing with an\ninternal error.\nFixes \u003ccode\u003e[#275](https://github.com/pytest-dev/pytest-rerunfailures/issues/275) \u0026lt;https://github.com/pytest-dev/pytest-rerunfailures/issues/275\u0026gt;\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-rerunfailures/commit/4b3a2200b07b357cecfe192f4997f35764869c6f\"\u003e\u003ccode\u003e4b3a220\u003c/code\u003e\u003c/a\u003e Preparing release 16.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-rerunfailures/commit/d17f3be1c8cc257c29cd7d7e815d3c52867b1276\"\u003e\u003ccode\u003ed17f3be\u003c/code\u003e\u003c/a\u003e feat: add --reruns-mode option to sum marker and global reruns (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest-rerunfailures/issues/321\"\u003e#321\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest-rerunfailures/issues/328\"\u003e#328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-rerunfailures/commit/4a00facae37246c00801390039286d322df6e322\"\u003e\u003ccode\u003e4a00fac\u003c/code\u003e\u003c/a\u003e Add --rerun-show-tracebacks to surface retried failures (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest-rerunfailures/issues/329\"\u003e#329\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-rerunfailures/commit/9f792d9efe6bf0218e7ba2734257af2d5165ca3f\"\u003e\u003ccode\u003e9f792d9\u003c/code\u003e\u003c/a\u003e Back to development: 16.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-rerunfailures/commit/88a84d8471219ae517dfd3752a181b22e51a2b8c\"\u003e\u003ccode\u003e88a84d8\u003c/code\u003e\u003c/a\u003e Preparing release 16.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-rerunfailures/commit/5e0ad6a3080d778f2d3de8975aceafed0c843b12\"\u003e\u003ccode\u003e5e0ad6a\u003c/code\u003e\u003c/a\u003e fix: accept exception classes in only_rerun and rerun_except markers (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest-rerunfailures/issues/327\"\u003e#327\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-rerunfailures/commit/928aa2bb654b18157e6614c15f22091e9997d540\"\u003e\u003ccode\u003e928aa2b\u003c/code\u003e\u003c/a\u003e Update minimum pytest version to 8.1 and add support for pytest 9.0 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest-rerunfailures/issues/325\"\u003e#325\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-rerunfailures/commit/b53ef720219427c569bddee7e37d92cc3423e2c9\"\u003e\u003ccode\u003eb53ef72\u003c/code\u003e\u003c/a\u003e Fix support for pytest-main. (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest-rerunfailures/issues/324\"\u003e#324\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-rerunfailures/commit/d9ef70e5451f604dcc764861f4b0a65dc9dfd202\"\u003e\u003ccode\u003ed9ef70e\u003c/code\u003e\u003c/a\u003e Preserve session and module teardown when fixture teardown fails (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest-rerunfailures/issues/319\"\u003e#319\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-rerunfailures/commit/a22edc3de88eeb17f3dcdf482b3f5a13ea9af874\"\u003e\u003ccode\u003ea22edc3\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4 to 5 in the actions group (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest-rerunfailures/issues/317\"\u003e#317\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest-rerunfailures/compare/16.1...16.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this grou...\n\n_Description has been truncated_","html_url":"https://github.com/mongodb/mongodb-kubernetes/pull/1138","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/mongodb%2Fmongodb-kubernetes/issues/1138","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1138/packages"}},{"old_version":"6.0.12.20260510","new_version":"6.0.12.20260518","update_type":null,"path":null,"pr_created_at":"2026-05-24T03:38:07.000Z","version_change":"6.0.12.20260510 → 6.0.12.20260518","issue":{"uuid":"4510383985","node_id":"PR_kwDOPi-pts7euQYz","number":1808,"state":"open","title":"deps(deps-dev): bump types-pyyaml from 6.0.12.20260510 to 6.0.12.20260518","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":["Katsiarynakavaleuskaya"],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-24T03:38:07.000Z","updated_at":"2026-05-24T03:38:26.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(deps-dev)","packages":[{"name":"types-pyyaml","old_version":"6.0.12.20260510","new_version":"6.0.12.20260518","repository_url":"https://github.com/python/typeshed"}],"path":null,"ecosystem":"pip"},"body":"Bumps [types-pyyaml](https://github.com/python/typeshed) from 6.0.12.20260510 to 6.0.12.20260518.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=types-pyyaml\u0026package-manager=pip\u0026previous-version=6.0.12.20260510\u0026new-version=6.0.12.20260518)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e\n\n\u003c!-- This is an auto-generated description by cubic. --\u003e\n---\n## Summary by cubic\nUpdate `types-pyyaml` to 6.0.12.20260518 to keep YAML typing stubs current and maintain reliable type checking. Also pins `pip` in dev requirements for reproducible tooling.\n\n- **Dependencies**\n  - Bump `types-pyyaml` from 6.0.12.20260510 to 6.0.12.20260518.\n  - Pin `pip` to 26.1.1 (used by `pip-tools`/`pip-api`).\n\n\u003csup\u003eWritten for commit 3e254baae1c749d9b4f43901b463fcc4caa44485. Summary will update on new commits. \u003ca href=\"https://cubic.dev/pr/Katsiarynakavaleuskaya/PulsePlate/pull/1808?utm_source=github\"\u003eReview in cubic\u003c/a\u003e\u003c/sup\u003e\n\n\u003c!-- End of auto-generated description by cubic. --\u003e\n\n","html_url":"https://github.com/Katsiarynakavaleuskaya/PulsePlate/pull/1808","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Katsiarynakavaleuskaya%2FPulsePlate/issues/1808","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1808/packages"}},{"old_version":"\u003e=6.0.12","new_version":"\u003e=6.0.12.20260518","update_type":null,"path":null,"pr_created_at":"2026-05-22T05:43:31.000Z","version_change":"\u003e=6.0.12 → \u003e=6.0.12.20260518","issue":{"uuid":"4500177100","node_id":"PR_kwDOSCxzCs7eODvo","number":9,"state":"open","title":"Update types-pyyaml requirement from \u003e=6.0.12 to \u003e=6.0.12.20260518","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-22T05:43:31.000Z","updated_at":"2026-05-22T05:44:44.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Update","packages":[{"name":"types-pyyaml","old_version":"\u003e=6.0.12","new_version":"\u003e=6.0.12.20260518","repository_url":"https://github.com/python/typeshed"}],"path":null,"ecosystem":"pip"},"body":"Updates the requirements on [types-pyyaml](https://github.com/python/typeshed) to permit the latest version.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/pointmatic/learningfoundry/pull/9","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/pointmatic%2Flearningfoundry/issues/9","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9/packages"}},{"old_version":"6.0.12.20260408","new_version":"6.0.12.20260510","update_type":null,"path":null,"pr_created_at":"2026-05-22T05:26:07.000Z","version_change":"6.0.12.20260408 → 6.0.12.20260510","issue":{"uuid":"4500080464","node_id":"PR_kwDOLzxzKM7eNvd4","number":342,"state":"open","title":"chore(deps): bump the dependencies group across 1 directory with 45 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":["matmair"],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-22T05:26:07.000Z","updated_at":"2026-05-22T05:28:54.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"dependencies","update_count":45,"packages":[{"name":"bleach","old_version":"4.1.0","new_version":"6.3.0","repository_url":"https://github.com/mozilla/bleach"},{"name":"blessed","old_version":"1.38.0","new_version":"1.39.0","repository_url":"https://github.com/jquast/blessed"},{"name":"boto3","old_version":"1.42.96","new_version":"1.43.8","repository_url":"https://github.com/boto/boto3"},{"name":"botocore","old_version":"1.42.96","new_version":"1.43.8","repository_url":"https://github.com/boto/botocore"},{"name":"cryptography","old_version":"47.0.0","new_version":"48.0.0","repository_url":"https://github.com/pyca/cryptography"},{"name":"django","old_version":"5.2.13","new_version":"6.0.5","repository_url":"https://github.com/django/django"},{"name":"django-allauth","old_version":"65.14.3","new_version":"65.16.1","repository_url":"https://github.com/sponsors/pennersr"},{"name":"django-otp","old_version":"1.3.0","new_version":"1.7.0","repository_url":"https://github.com/django-otp/django-otp"},{"name":"django-q2","old_version":"1.9.0","new_version":"1.10.0","repository_url":"https://github.com/GDay/django-q2"},{"name":"dulwich","old_version":"1.2.0","new_version":"1.2.1","repository_url":"https://github.com/dulwich/dulwich"},{"name":"fonttools","old_version":"4.62.1","new_version":"4.63.0","repository_url":"https://github.com/fonttools/fonttools"},{"name":"googleapis-common-protos","old_version":"1.74.0","new_version":"1.75.0","repository_url":"https://github.com/googleapis/google-cloud-python"},{"name":"gunicorn","old_version":"25.3.0","new_version":"26.0.0","repository_url":"https://github.com/benoitc/gunicorn"},{"name":"icalendar","old_version":"7.0.3","new_version":"7.1.0","repository_url":"https://github.com/collective/icalendar"},{"name":"idna","old_version":"3.13","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"importlib-metadata","old_version":"8.7.1","new_version":"9.0.0","repository_url":"https://github.com/python/importlib_metadata"},{"name":"nh3","old_version":"0.3.4","new_version":"0.3.5","repository_url":"https://github.com/messense/nh3"},{"name":"opentelemetry-exporter-otlp-proto-common","old_version":"1.40.0","new_version":"1.41.1","repository_url":"https://github.com/open-telemetry/opentelemetry-python"},{"name":"opentelemetry-exporter-otlp-proto-grpc","old_version":"1.40.0","new_version":"1.41.1","repository_url":"https://github.com/open-telemetry/opentelemetry-python"},{"name":"opentelemetry-exporter-otlp-proto-http","old_version":"1.40.0","new_version":"1.41.1","repository_url":"https://github.com/open-telemetry/opentelemetry-python"},{"name":"opentelemetry-instrumentation","old_version":"0.61b0","new_version":"0.62b1","repository_url":"https://github.com/open-telemetry/opentelemetry-python-contrib"},{"name":"opentelemetry-instrumentation-dbapi","old_version":"0.61b0","new_version":"0.62b1","repository_url":"https://github.com/open-telemetry/opentelemetry-python-contrib"},{"name":"opentelemetry-proto","old_version":"1.40.0","new_version":"1.41.1","repository_url":"https://github.com/open-telemetry/opentelemetry-python"},{"name":"opentelemetry-semantic-conventions","old_version":"0.61b0","new_version":"0.62b1","repository_url":"https://github.com/open-telemetry/opentelemetry-python"},{"name":"opentelemetry-util-http","old_version":"0.61b0","new_version":"0.62b1","repository_url":"https://github.com/open-telemetry/opentelemetry-python-contrib"},{"name":"paramiko","old_version":"4.0.0","new_version":"5.0.0","repository_url":"https://github.com/paramiko/paramiko"},{"name":"protobuf","old_version":"6.33.6","new_version":"7.34.1","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"pypdf","old_version":"6.10.2","new_version":"6.11.0","repository_url":"https://github.com/py-pdf/pypdf"},{"name":"requests","old_version":"2.33.1","new_version":"2.34.2","repository_url":"https://github.com/psf/requests"},{"name":"s3transfer","old_version":"0.16.1","new_version":"0.17.0","repository_url":"https://github.com/boto/s3transfer"},{"name":"sentry-sdk","old_version":"2.58.0","new_version":"2.60.0","repository_url":"https://github.com/getsentry/sentry-python"},{"name":"urllib3","old_version":"2.6.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"wcwidth","old_version":"0.6.0","new_version":"0.7.0","repository_url":"https://github.com/jquast/wcwidth"},{"name":"wrapt","old_version":"1.17.3","new_version":"2.1.2","repository_url":"https://github.com/GrahamDumpleton/wrapt"},{"name":"coverage","old_version":"7.13.5","new_version":"7.14.0","repository_url":"https://github.com/coveragepy/coveragepy"},{"name":"django-stubs","old_version":"6.0.3","new_version":"6.0.4","repository_url":"https://github.com/typeddjango/django-stubs"},{"name":"django-stubs-ext","old_version":"6.0.3","new_version":"6.0.4","repository_url":"https://github.com/typeddjango/django-stubs"},{"name":"markdown-it-py","old_version":"4.0.0","new_version":"4.2.0","repository_url":"https://github.com/executablebooks/markdown-it-py"},{"name":"pip","old_version":"26.1","new_version":"26.1.1","repository_url":"https://github.com/pypa/pip"},{"name":"pytest-codspeed","old_version":"4.4.0","new_version":"5.0.2","repository_url":"https://github.com/CodSpeedHQ/pytest-codspeed"},{"name":"python-discovery","old_version":"1.2.2","new_version":"1.3.1","repository_url":"https://github.com/tox-dev/python-discovery"},{"name":"ty","old_version":"0.0.1a21","new_version":"0.0.35","repository_url":"https://github.com/astral-sh/ty"},{"name":"types-psycopg2","old_version":"2.9.21.20260422","new_version":"2.9.21.20260509","repository_url":"https://github.com/python/typeshed"},{"name":"types-pyyaml","old_version":"6.0.12.20260408","new_version":"6.0.12.20260510","repository_url":"https://github.com/python/typeshed"},{"name":"virtualenv","old_version":"21.2.4","new_version":"21.3.3","repository_url":"https://github.com/pypa/virtualenv"}],"path":null,"ecosystem":"pip"},"body":"Bumps the dependencies group with 45 updates in the /src/backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [bleach](https://github.com/mozilla/bleach) | `4.1.0` | `6.3.0` |\n| [blessed](https://github.com/jquast/blessed) | `1.38.0` | `1.39.0` |\n| [boto3](https://github.com/boto/boto3) | `1.42.96` | `1.43.8` |\n| [botocore](https://github.com/boto/botocore) | `1.42.96` | `1.43.8` |\n| [cryptography](https://github.com/pyca/cryptography) | `47.0.0` | `48.0.0` |\n| [django](https://github.com/django/django) | `5.2.13` | `6.0.5` |\n| [django-allauth](https://github.com/sponsors/pennersr) | `65.14.3` | `65.16.1` |\n| [django-otp](https://github.com/django-otp/django-otp) | `1.3.0` | `1.7.0` |\n| [django-q2](https://github.com/GDay/django-q2) | `1.9.0` | `1.10.0` |\n| [dulwich](https://github.com/dulwich/dulwich) | `1.2.0` | `1.2.1` |\n| [fonttools](https://github.com/fonttools/fonttools) | `4.62.1` | `4.63.0` |\n| [googleapis-common-protos](https://github.com/googleapis/google-cloud-python) | `1.74.0` | `1.75.0` |\n| [gunicorn](https://github.com/benoitc/gunicorn) | `25.3.0` | `26.0.0` |\n| [icalendar](https://github.com/collective/icalendar) | `7.0.3` | `7.1.0` |\n| [idna](https://github.com/kjd/idna) | `3.13` | `3.15` |\n| [importlib-metadata](https://github.com/python/importlib_metadata) | `8.7.1` | `9.0.0` |\n| [nh3](https://github.com/messense/nh3) | `0.3.4` | `0.3.5` |\n| [opentelemetry-exporter-otlp-proto-common](https://github.com/open-telemetry/opentelemetry-python) | `1.40.0` | `1.41.1` |\n| [opentelemetry-exporter-otlp-proto-grpc](https://github.com/open-telemetry/opentelemetry-python) | `1.40.0` | `1.41.1` |\n| [opentelemetry-exporter-otlp-proto-http](https://github.com/open-telemetry/opentelemetry-python) | `1.40.0` | `1.41.1` |\n| [opentelemetry-instrumentation](https://github.com/open-telemetry/opentelemetry-python-contrib) | `0.61b0` | `0.62b1` |\n| [opentelemetry-instrumentation-dbapi](https://github.com/open-telemetry/opentelemetry-python-contrib) | `0.61b0` | `0.62b1` |\n| [opentelemetry-proto](https://github.com/open-telemetry/opentelemetry-python) | `1.40.0` | `1.41.1` |\n| [opentelemetry-semantic-conventions](https://github.com/open-telemetry/opentelemetry-python) | `0.61b0` | `0.62b1` |\n| [opentelemetry-util-http](https://github.com/open-telemetry/opentelemetry-python-contrib) | `0.61b0` | `0.62b1` |\n| [paramiko](https://github.com/paramiko/paramiko) | `4.0.0` | `5.0.0` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `6.33.6` | `7.34.1` |\n| [pypdf](https://github.com/py-pdf/pypdf) | `6.10.2` | `6.11.0` |\n| [requests](https://github.com/psf/requests) | `2.33.1` | `2.34.2` |\n| [s3transfer](https://github.com/boto/s3transfer) | `0.16.1` | `0.17.0` |\n| [sentry-sdk](https://github.com/getsentry/sentry-python) | `2.58.0` | `2.60.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.6.3` | `2.7.0` |\n| [wcwidth](https://github.com/jquast/wcwidth) | `0.6.0` | `0.7.0` |\n| [wrapt](https://github.com/GrahamDumpleton/wrapt) | `1.17.3` | `2.1.2` |\n| [coverage](https://github.com/coveragepy/coveragepy) | `7.13.5` | `7.14.0` |\n| [django-stubs](https://github.com/typeddjango/django-stubs) | `6.0.3` | `6.0.4` |\n| [django-stubs-ext](https://github.com/typeddjango/django-stubs) | `6.0.3` | `6.0.4` |\n| [markdown-it-py](https://github.com/executablebooks/markdown-it-py) | `4.0.0` | `4.2.0` |\n| [pip](https://github.com/pypa/pip) | `26.1` | `26.1.1` |\n| [pytest-codspeed](https://github.com/CodSpeedHQ/pytest-codspeed) | `4.4.0` | `5.0.2` |\n| [python-discovery](https://github.com/tox-dev/python-discovery) | `1.2.2` | `1.3.1` |\n| [ty](https://github.com/astral-sh/ty) | `0.0.1a21` | `0.0.35` |\n| [types-psycopg2](https://github.com/python/typeshed) | `2.9.21.20260422` | `2.9.21.20260509` |\n| [types-pyyaml](https://github.com/python/typeshed) | `6.0.12.20260408` | `6.0.12.20260510` |\n| [virtualenv](https://github.com/pypa/virtualenv) | `21.2.4` | `21.3.3` |\n\n\nUpdates `bleach` from 4.1.0 to 6.3.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mozilla/bleach/blob/main/CHANGES\"\u003ebleach's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.3.0 (October 27th, 2025)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBackwards incompatible changes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/756\"\u003e#756\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity fixes\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eNone\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eBug fixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.14. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/758\"\u003e#758\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix wbr handling. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/488\"\u003e#488\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 6.2.0 (October 29th, 2024)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBackwards incompatible changes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.8. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/737\"\u003e#737\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity fixes\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eNone\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eBug fixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.13. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/736\"\u003e#736\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove six depdenncy. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/618\"\u003e#618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate known-good versions for tinycss2. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/732\"\u003e#732\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix additional \u0026lt; followed by characters and EOF issues. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/728\"\u003e#728\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 6.1.0 (October 6th, 2023)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBackwards incompatible changes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.7. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/709\"\u003e#709\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity fixes\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eNone\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eBug fixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.12. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/710\"\u003e#710\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/5546d5dbce60d08ccb99d981778d74044d646d4e\"\u003e\u003ccode\u003e5546d5d\u003c/code\u003e\u003c/a\u003e chore: prep for 6.3.0 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/88df3ff23fb2a43e174b3fdfe9191ef516de868a\"\u003e\u003ccode\u003e88df3ff\u003c/code\u003e\u003c/a\u003e chore: fix readthedocs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/d8b2fb45b2606515c58787c223d6605c6c70868f\"\u003e\u003ccode\u003ed8b2fb4\u003c/code\u003e\u003c/a\u003e fix: fix wbr handling (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/488\"\u003e#488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/55e48cedb20bda23940ab34753a1fb378d5d30b9\"\u003e\u003ccode\u003e55e48ce\u003c/code\u003e\u003c/a\u003e chore: add support for Python 3.14 (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/758\"\u003e#758\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/a4d6cddac6e338c3d6f84c755a5fcb32e9e18fba\"\u003e\u003ccode\u003ea4d6cdd\u003c/code\u003e\u003c/a\u003e chore: drop support for Python 3.9 (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/756\"\u003e#756\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/172d92faef543a83c6760c63c32749586cdd564b\"\u003e\u003ccode\u003e172d92f\u003c/code\u003e\u003c/a\u003e Bump actions/setup-python from 5.6.0 to 6.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/df88612f2e9daf8f4ee23cf0e29b712d9d9147b6\"\u003e\u003ccode\u003edf88612\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4.2.2 to 5.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/cbcf6b18d19aeb7777699f9385013d0a04052b68\"\u003e\u003ccode\u003ecbcf6b1\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4.2.3 to 4.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/d9aa7ef592d57dda56e26ba31d06e1b279c58eca\"\u003e\u003ccode\u003ed9aa7ef\u003c/code\u003e\u003c/a\u003e Switch from dependabot reviewers to CODEOWNERS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/06f0f76cc68112bda3fa101d1730d5ba914d54a1\"\u003e\u003ccode\u003e06f0f76\u003c/code\u003e\u003c/a\u003e Update setuptools, wheel, and twine for devs\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/mozilla/bleach/compare/v4.1.0...v6.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `blessed` from 1.38.0 to 1.39.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jquast/blessed/releases\"\u003eblessed's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.17.9: Initial support for Python 3.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebugfix: Now imports on 3.10+\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.15.0: Disable various integration tests, support python 3.7\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003e1.14.0: bugfix term.wrap for text containing newlines\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebugfix: term.wrap misbehaved for text containing newlines, \u003ca href=\"https://redirect.github.com/jquast/blessed/issues/74\"\u003e#74\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.13.0: new Terminal.split_seqs() function, speed enhancement\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eenhancement: method \u003ccode\u003eTerminal.split_seqs\u003c/code\u003e introduced, and 4x cost reduction in related sequence-aware functions, \u003ca href=\"https://redirect.github.com/jquast/blessed/issues/29\"\u003e#29\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003edeprecated: function \u003ccode\u003eblessed.sequences.measure_length\u003c/code\u003e superseded by \u003ccode\u003eblessed.sequences.iter_parse\u003c/code\u003e if necessary.\u003c/li\u003e\n\u003cli\u003edeprecated: warnings about \u0026quot;binary-packed capabilities\u0026quot; are no longer emitted on strange terminal types, making best effort.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.12.0: add Terminal.get_location() method\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eenhancement: method Terminal.get_location\u003ccode\u003ereturns the\u003c/code\u003e(row, col)`` position of the cursor at the time of call for attached terminal.\u003c/li\u003e\n\u003cli\u003eenhancement: a keyboard now detected as \u003cem\u003estdin\u003c/em\u003e when \u003ccode\u003estream\u003c/code\u003e is \u003ccode\u003esys.stderr\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jquast/blessed/blob/master/docs/history.rst\"\u003eblessed's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e.. py:currentmodule:: blessed.terminal\u003c/p\u003e\n\u003ch1\u003eVersion History\u003c/h1\u003e\n\u003cp\u003e1.42\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebugfix: regression in :meth:\u003ccode\u003e~.Terminal.cbreak\u003c/code\u003e and :meth:\u003ccode\u003e~.Terminal.raw\u003c/code\u003e were not thread-safe\nbroken in versions 1.40 and 1.41, remove signal ignore of SIGTTOU :ghissue:\u003ccode\u003e380\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e1.41\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebugfix: :meth:\u003ccode\u003e~.Terminal.get_location\u003c/code\u003e broken in 1.40, returned a generator instead of a tuple.\n:ghissue:\u003ccode\u003e378\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e1.40\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eimproved: jinxed_ is \u003cstrong\u003enow required on all platforms\u003c/strong\u003e, providing a curses-free and\n\u003ccode\u003esingleton-free \u0026lt;https://jinxed.readthedocs.io/en/stable/capabilities.html#singleton-free\u0026gt;\u003c/code\u003e_\nimplementation of the subset of curses_ used by blessed.  The jinxed_ 1.5.0 release provides a\nterminal \u003ccode\u003ecapability database \u0026lt;https://jinxed.readthedocs.io/en/stable/capabilities.html#database\u0026gt;\u003c/code\u003e of 45 terminals and their\ncommon aliases.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eimproved: Class initialization of :class:\u003ccode\u003e~.Terminal()\u003c/code\u003e now uses \u003ccode\u003eXTGETTCAP\u003c/code\u003e_ to determine\npreferred terminal name \u003ccode\u003eTN\u003c/code\u003e, 24-bit color support \u003ccode\u003eRGB\u003c/code\u003e, number of colors \u003ccode\u003eCo\u003c/code\u003e, \u003ccode\u003eitalic\u003c/code\u003e,\nand \u003ccode\u003eblink\u003c/code\u003e capabilities.\u003c/p\u003e\n\u003cp\u003eThis improves detection of Terminal \u003ccode\u003ekind\u003c/code\u003e and \u003ccode\u003enumber_of_colors\u003c/code\u003e over protocols like serial\nthat cannot forward any environment variables or ssh that do not forward \u003ccode\u003eCOLORTERM\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eintroduced: A :exc:\u003ccode\u003eUserWarning\u003c/code\u003e is emitted when :meth:\u003ccode\u003e~.Terminal.__getattr__\u003c/code\u003e resolves an\nunknown terminal capability name, helping developers catch typos like \u003ccode\u003eterm.bld\u003c/code\u003e\n(missing \u003ccode\u003ebold\u003c/code\u003e).  The warning can be suppressed by setting the environment variable\n\u003ccode\u003eBLESSED_NOWARN_UNKNOWN_CAPS\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ebugfix: Fixed internal typo \u003ccode\u003esusimpleript\u003c/code\u003e to the correct terminfo name \u003ccode\u003essubm\u003c/code\u003e for the\n\u003ccode\u003eenter_susimpleript_mode\u003c/code\u003e capability.  This was previously masked by curses_ returning\nan empty string for unknown capabilities.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e1.39\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eintroduced: :meth:\u003ccode\u003e~.Terminal.progress_bar\u003c/code\u003e for \u003ccode\u003eOSC 9;4 sequence \u0026lt;https://ghostty.org/docs/vt/osc/conemu#change-progress-state-(osc-94)\u0026gt;\u003c/code\u003e_.\u003c/li\u003e\n\u003cli\u003eintroduced: :meth:\u003ccode\u003e~.Terminal.text_sized\u003c/code\u003e -- wrap text in Kitty text sizing protocol (OSC 66)\nescape sequences, with graceful fallback to plain text when the terminal does not support\nthe protocol.\u003c/li\u003e\n\u003cli\u003eintroduced: :class:\u003ccode\u003e~.Keystroke\u003c/code\u003e of name \u003ccode\u003eCPR_RESPONSE\u003c/code\u003e for asynchronous capture of Cursor\nPosition Report responses via :meth:\u003ccode\u003e~.Terminal.inkey\u003c/code\u003e.  New argument\n\u003ccode\u003ecapture_cpr=True\u003c/code\u003e resolves the legacy F3 key ambiguity and matches against\n\u003ccode\u003eCPR_RESPONSE\u003c/code\u003e.  New properties :attr:\u003ccode\u003e~.Keystroke.cpr_yx\u003c/code\u003e and :attr:\u003ccode\u003e~.Keystroke.cpr_xy\u003c/code\u003e\nreturn the decoded cursor coordinates.  :ghpull:\u003ccode\u003e369\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eimproved: :meth:\u003ccode\u003e~.Terminal.inkey\u003c/code\u003e raises :exc:\u003ccode\u003eEOFError\u003c/code\u003e when keyboard fd is at EOF, rather\nthan returning an empty :class:\u003ccode\u003e~.Keystroke\u003c/code\u003e.  :ghpull:\u003ccode\u003e371\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eimproved: :meth:\u003ccode\u003e~.Terminal.ljust\u003c/code\u003e, :meth:\u003ccode\u003e~.Terminal.rjust\u003c/code\u003e, and :meth:\u003ccode\u003e~.Terminal.center\u003c/code\u003e\nnow measure text containing hyperlinks, Kitty text sizing protocol sequences, and overtyping\n(backspace/cursor-left with painter's algorithm), introduced by wcwidth_ 0.7.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jquast/blessed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `boto3` from 1.42.96 to 1.43.8\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/7a82579873d86998d560b8d06b3564c743918cd8\"\u003e\u003ccode\u003e7a82579\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.8'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/06a1d63a58620d394cc26a5e8582ed67eed3cb62\"\u003e\u003ccode\u003e06a1d63\u003c/code\u003e\u003c/a\u003e Bumping version to 1.43.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/2b6e7bd9d0d24c20f02df91f161ef2214fb53628\"\u003e\u003ccode\u003e2b6e7bd\u003c/code\u003e\u003c/a\u003e Add changelog entries from botocore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/e6aee5dccd2169966814e328eaebdd14b742a0e2\"\u003e\u003ccode\u003ee6aee5d\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.7'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/05566d2cd7e3d191a37a663c842eb849418ae7e9\"\u003e\u003ccode\u003e05566d2\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.7' into develop\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/37e8136684e7107a6f7343770873a3630d347731\"\u003e\u003ccode\u003e37e8136\u003c/code\u003e\u003c/a\u003e Bumping version to 1.43.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/4418d43f69ee005bf066dc5401b7cda83458c750\"\u003e\u003ccode\u003e4418d43\u003c/code\u003e\u003c/a\u003e Add changelog entries from botocore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/5e2df6190560507ab8ff05b4ea7712d0c4bfaf48\"\u003e\u003ccode\u003e5e2df61\u003c/code\u003e\u003c/a\u003e Bump urllib3 from 2.6.3 to 2.7.0 (\u003ca href=\"https://redirect.github.com/boto/boto3/issues/4787\"\u003e#4787\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/81a86c9b8923634ee3e9f887c3f7f5e1e312d693\"\u003e\u003ccode\u003e81a86c9\u003c/code\u003e\u003c/a\u003e Add CI for 3.14t (\u003ca href=\"https://redirect.github.com/boto/boto3/issues/4786\"\u003e#4786\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/f2ccf9f3738028afa9d5a6545e52f8520a31afe1\"\u003e\u003ccode\u003ef2ccf9f\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.6'\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/boto/boto3/compare/1.42.96...1.43.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `botocore` from 1.42.96 to 1.43.8\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/bd1fb2372c4cecbc93a44be838bb4a38fd23c3ee\"\u003e\u003ccode\u003ebd1fb23\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.8'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/d15b1246894c2be8ccaa8084abff4b6be9269f54\"\u003e\u003ccode\u003ed15b124\u003c/code\u003e\u003c/a\u003e Bumping version to 1.43.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/b9f0f7fc6f0dc0541b14d8aadec4d92c64dc585f\"\u003e\u003ccode\u003eb9f0f7f\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/ec174c1f3b8580736cbd783c9f79ed70cf9eb4c7\"\u003e\u003ccode\u003eec174c1\u003c/code\u003e\u003c/a\u003e Update to latest models\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/74501ceccf44a7def602007d2a870a17b7b742ec\"\u003e\u003ccode\u003e74501ce\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.7'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/d6831a55afbdfa2dc51314e73997ce89dc533836\"\u003e\u003ccode\u003ed6831a5\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.7' into develop\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/0e63dbed5a6270383200219af4a55e41f08ae72d\"\u003e\u003ccode\u003e0e63dbe\u003c/code\u003e\u003c/a\u003e Bumping version to 1.43.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/840e09fa3d9c0bd4b84601bdd1bb34e1ea2beb57\"\u003e\u003ccode\u003e840e09f\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/8228777f8858256515a6875366425acdc74b1c41\"\u003e\u003ccode\u003e8228777\u003c/code\u003e\u003c/a\u003e Update to latest models\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/b63fa4bfc0587ca55a8684d18a82b86904ab234e\"\u003e\u003ccode\u003eb63fa4b\u003c/code\u003e\u003c/a\u003e Bump urllib3 from 2.6.3 to 2.7.0 (\u003ca href=\"https://redirect.github.com/boto/botocore/issues/3702\"\u003e#3702\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/boto/botocore/compare/1.42.96...1.43.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 47.0.0 to 48.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e48.0.0 - 2026-05-04\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **BACKWARDS INCOMPATIBLE:** Support for Python 3.8 has been removed.\n  ``cryptography`` now requires Python 3.9 or later.\n* **BACKWARDS INCOMPATIBLE:** Loading an X.509 CRL whose inner\n  ``TBSCertList.signature`` algorithm does not match the outer\n  ``signatureAlgorithm`` now raises ``ValueError``. Previously, such CRLs\n  were parsed successfully and only rejected during signature validation.\n* Added support for :doc:`/hazmat/primitives/asymmetric/mlkem` and\n  :doc:`/hazmat/primitives/asymmetric/mldsa` when using OpenSSL 3.5.0 or\n  later, in addition to the existing AWS-LC and BoringSSL support. This means\n  post-quantum algorithms are now available to users of our wheels.\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Going forward, we do not guarantee that all functionality\u003cbr /\u003e\nin \u003ccode\u003ecryptography\u003c/code\u003e will be available when building against\u003cbr /\u003e\nOpenSSL. See :doc:\u003ccode\u003e/statements/state-of-openssl\u003c/code\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v47-0-0:\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/8e03e30e3aae01632a697e903e3593c924f0139d\"\u003e\u003ccode\u003e8e03e30\u003c/code\u003e\u003c/a\u003e bump for 48.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14796\"\u003e#14796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/295e0d254ef31ab864730aa41312ec355416ee71\"\u003e\u003ccode\u003e295e0d2\u003c/code\u003e\u003c/a\u003e Add AGENTS.md with CLAUDE.md symlink (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14794\"\u003e#14794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/104a2de19e268a433e6da92be9cb872dcf0003c8\"\u003e\u003ccode\u003e104a2de\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14793\"\u003e#14793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/67ec1e51988195e17993d2edef5258b27509b926\"\u003e\u003ccode\u003e67ec1e5\u003c/code\u003e\u003c/a\u003e call check_length early on AesSiv::encrypt (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14792\"\u003e#14792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/b2da57a0d9e4bfd2b95364299091a18f74127b26\"\u003e\u003ccode\u003eb2da57a\u003c/code\u003e\u003c/a\u003e changelog for mldsa/mlkem for openssl (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14791\"\u003e#14791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/3cf44adee25c368d4a136e072fa9f80465d91eb0\"\u003e\u003ccode\u003e3cf44ad\u003c/code\u003e\u003c/a\u003e ML-KEM OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14781\"\u003e#14781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e31639666766f846fbab2c605879db0fa64fe83\"\u003e\u003ccode\u003e2e31639\u003c/code\u003e\u003c/a\u003e ML-DSA OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14773\"\u003e#14773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/5affe5a286a986fdf512c4a5cb280d28a96c10e3\"\u003e\u003ccode\u003e5affe5a\u003c/code\u003e\u003c/a\u003e fix rust nightly clippy (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14790\"\u003e#14790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e73ca448eaf64b6f0d4ffbb794cf96170cef5ec\"\u003e\u003ccode\u003e2e73ca4\u003c/code\u003e\u003c/a\u003e bump rust-openssl dep and update EcPoint::mul_generator to mul_generator2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/82ebd3b9f49d49ad5fd8b4b1f1dd02487b6e1466\"\u003e\u003ccode\u003e82ebd3b\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14785\"\u003e#14785\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/47.0.0...48.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `django` from 5.2.13 to 6.0.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/8f8ad09659d728423a00e0a3b5f16da5c3a38e24\"\u003e\u003ccode\u003e8f8ad09\u003c/code\u003e\u003c/a\u003e [6.0.x] Bumped version for 6.0.5 release.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/44ad76efcbe3c4ca0f08bb9dabe916f6374596c9\"\u003e\u003ccode\u003e44ad76e\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed CVE-2026-6907 -- Prevented caching of requests when Vary header...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/1b0184aa657bc3f5859aeb0206e7c1e94e48b103\"\u003e\u003ccode\u003e1b0184a\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed CVE-2026-35192 -- Ensured Vary header is sent when setting sess...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/ad8f9e19e0897ea45ded7c046ff28daf6f773e92\"\u003e\u003ccode\u003ead8f9e1\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed CVE-2026-5766 -- Enforced DATA_UPLOAD_MAX_MEMORY_SIZE in Memory...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/990ab01e70fd8f55e867b4a234c0ee242fd33fec\"\u003e\u003ccode\u003e990ab01\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed \u003ca href=\"https://redirect.github.com/django/django/issues/37039\"\u003e#37039\u003c/a\u003e -- Removed outdated note from QuerySet.iterator() docs.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/f0c269f285ab58bfb4a120141d7dd41ff4f42b45\"\u003e\u003ccode\u003ef0c269f\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed typo in stub release notes for 5.2.14.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/8bcd15beeff6542acc381b83f50b061d62284c2b\"\u003e\u003ccode\u003e8bcd15b\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed \u003ca href=\"https://redirect.github.com/django/django/issues/37067\"\u003e#37067\u003c/a\u003e -- Added trailing slash in django_file_prefixes().\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/3cdec6454fb86e8d03a06944c0c68025733ed93f\"\u003e\u003ccode\u003e3cdec64\u003c/code\u003e\u003c/a\u003e [6.0.x] Refs CVE-2026-25674 -- Clarified role of umask in upload permissions.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/5dd5c70cf1056e8e04badb687f773e8f16bba257\"\u003e\u003ccode\u003e5dd5c70\u003c/code\u003e\u003c/a\u003e [6.0.x] Added stub release notes and release date for 6.0.5 and 5.2.14.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/8ee73415270a1a54daaec9bb529ad82c6f7a6d4c\"\u003e\u003ccode\u003e8ee7341\u003c/code\u003e\u003c/a\u003e [6.0.x] Refs \u003ca href=\"https://redirect.github.com/django/django/issues/373\"\u003e#373\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/django/django/issues/34122\"\u003e#34122\u003c/a\u003e -- Removed warning that ForeignObject is an interna...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/django/django/compare/5.2.13...6.0.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `django-allauth` from 65.14.3 to 65.16.1\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sponsors/pennersr/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `django-otp` from 1.3.0 to 1.7.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/django-otp/django-otp/blob/master/CHANGES.rst\"\u003edjango-otp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.7.0 - January 07, 2026 - Async support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[#185](https://github.com/django-otp/django-otp/issues/185)\u003c/code\u003e_: Make OTPMiddleware async capable\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Aljosha Papsch.\u003c/p\u003e\n\u003cp\u003e.. _\u003ca href=\"https://redirect.github.com/django-otp/django-otp/issues/185\"\u003e#185\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/django-otp/django-otp/pull/185\"\u003edjango-otp/django-otp#185\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.6.3 - October 25, 2025 - Spanish update\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[#182](https://github.com/django-otp/django-otp/issues/182)\u003c/code\u003e_: Correct missing Spanish translations\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[#181](https://github.com/django-otp/django-otp/issues/181)\u003c/code\u003e_: Wrong :rtype: in StaticToken.random_token docstring\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _\u003ca href=\"https://redirect.github.com/django-otp/django-otp/issues/181\"\u003e#181\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/django-otp/django-otp/issues/181\"\u003edjango-otp/django-otp#181\u003c/a\u003e\n.. _\u003ca href=\"https://redirect.github.com/django-otp/django-otp/issues/182\"\u003e#182\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/django-otp/django-otp/pull/182\"\u003edjango-otp/django-otp#182\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.6.2 - October 21, 2025 - Cleanup\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[#179](https://github.com/django-otp/django-otp/issues/179)\u003c/code\u003e_: Add missing gettext strings\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[#180](https://github.com/django-otp/django-otp/issues/180)\u003c/code\u003e_: Remove tests from wheels\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _\u003ca href=\"https://redirect.github.com/django-otp/django-otp/issues/179\"\u003e#179\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/django-otp/django-otp/pull/179\"\u003edjango-otp/django-otp#179\u003c/a\u003e\n.. _\u003ca href=\"https://redirect.github.com/django-otp/django-otp/issues/180\"\u003e#180\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/django-otp/django-otp/pull/180\"\u003edjango-otp/django-otp#180\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.6.1 - July 08, 2025 - Small improvements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAllow a {token} placeholder in :setting:\u003ccode\u003eOTP_EMAIL_SUBJECT\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.0 - April 02, 2025 - Django 5.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate test matrix for Django 5.2.\u003c/li\u003e\n\u003cli\u003eRemove support for Django 3.2.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.5.4 - September 06, 2024 - Ignore proxy models when enumerating device classes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[#161](https://github.com/django-otp/django-otp/issues/161)\u003c/code\u003e_: Discard proxied models when iterating device models\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _\u003ca href=\"https://redirect.github.com/django-otp/django-otp/issues/161\"\u003e#161\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/django-otp/django-otp/pull/161\"\u003edjango-otp/django-otp#161\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/fc0d50b6f66da10fad250ce1640f0385f3229f48\"\u003e\u003ccode\u003efc0d50b\u003c/code\u003e\u003c/a\u003e Version 1.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/56e4ce3b5618de5d5a8a24c9eb709b51802ad06b\"\u003e\u003ccode\u003e56e4ce3\u003c/code\u003e\u003c/a\u003e Refactor test utilities\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/8c4d4c23649316c55dad6a79fb06fa975e5e4702\"\u003e\u003ccode\u003e8c4d4c2\u003c/code\u003e\u003c/a\u003e Update test matrix for Django 6.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/0ac4ff33aa88fa73c12aa60713881481116a6d5f\"\u003e\u003ccode\u003e0ac4ff3\u003c/code\u003e\u003c/a\u003e Cleanup and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/b10df0d8cb94c8242ca48bbcea3d307b553808a5\"\u003e\u003ccode\u003eb10df0d\u003c/code\u003e\u003c/a\u003e Make OTPMiddleware async capable. (\u003ca href=\"https://redirect.github.com/django-otp/django-otp/issues/185\"\u003e#185\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/81211794b8cc9c8befc6c8330b6652d3c4e78fd5\"\u003e\u003ccode\u003e8121179\u003c/code\u003e\u003c/a\u003e Raise requires-python to 3.8.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/38b7ebabd7b4817aec92f884d448eeb462e82108\"\u003e\u003ccode\u003e38b7eba\u003c/code\u003e\u003c/a\u003e Version 1.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/b9026d7025da45b0144c99e91b5286c734448012\"\u003e\u003ccode\u003eb9026d7\u003c/code\u003e\u003c/a\u003e Correct Missing Spanish Translations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/ae18ba95bd03534e15583d456572f86ea2f41442\"\u003e\u003ccode\u003eae18ba9\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/django-otp/django-otp/issues/181\"\u003e#181\u003c/a\u003e: misdocumented return type.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/c9eef89240985293e0c9f197d0257a5352cfb62d\"\u003e\u003ccode\u003ec9eef89\u003c/code\u003e\u003c/a\u003e Version 1.6.2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/django-otp/django-otp/compare/v1.3.0...v1.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `django-q2` from 1.9.0 to 1.10.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/GDay/django-q2/releases\"\u003edjango-q2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.10.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Fix incorrect signal import by \u003ca href=\"https://github.com/noHairMan\"\u003e\u003ccode\u003e@​noHairMan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/308\"\u003edjango-q2/django-q2#308\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd worker-process post-execute signal by \u003ca href=\"https://github.com/prollings\"\u003e\u003ccode\u003e@​prollings\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/309\"\u003edjango-q2/django-q2#309\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003easync_iter: fix BadSignature after the default Django cache expires by \u003ca href=\"https://github.com/mbachry\"\u003e\u003ccode\u003e@​mbachry\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/311\"\u003edjango-q2/django-q2#311\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat:add Simplified Chinese Translation by \u003ca href=\"https://github.com/lybcyd\"\u003e\u003ccode\u003e@​lybcyd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/314\"\u003edjango-q2/django-q2#314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocs: Update Django Q2 compatibility information by \u003ca href=\"https://github.com/nikodunk\"\u003e\u003ccode\u003e@​nikodunk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/316\"\u003edjango-q2/django-q2#316\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDon't close DB connection if async_task was called with \u003ccode\u003esync=True\u003c/code\u003e by \u003ca href=\"https://github.com/Eroica\"\u003e\u003ccode\u003e@​Eroica\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/301\"\u003edjango-q2/django-q2#301\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix: qmonitor crash when passing int values to term.center by \u003ca href=\"https://github.com/thesophile\"\u003e\u003ccode\u003e@​thesophile\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/319\"\u003edjango-q2/django-q2#319\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix unbounded growth of Broker.set_stat cluster master list by \u003ca href=\"https://github.com/Nick-Yawn\"\u003e\u003ccode\u003e@​Nick-Yawn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/322\"\u003edjango-q2/django-q2#322\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Python base image to 3.9-slim-bookworm by \u003ca href=\"https://github.com/7576457\"\u003e\u003ccode\u003e@​7576457\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/325\"\u003edjango-q2/django-q2#325\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add \u003ccode\u003eru\u003c/code\u003e locale and improve translations by \u003ca href=\"https://github.com/7576457\"\u003e\u003ccode\u003e@​7576457\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/320\"\u003edjango-q2/django-q2#320\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/noHairMan\"\u003e\u003ccode\u003e@​noHairMan\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/308\"\u003edjango-q2/django-q2#308\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prollings\"\u003e\u003ccode\u003e@​prollings\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/309\"\u003edjango-q2/django-q2#309\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mbachry\"\u003e\u003ccode\u003e@​mbachry\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/311\"\u003edjango-q2/django-q2#311\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lybcyd\"\u003e\u003ccode\u003e@​lybcyd\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/314\"\u003edjango-q2/django-q2#314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nikodunk\"\u003e\u003ccode\u003e@​nikodunk\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/316\"\u003edjango-q2/django-q2#316\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Eroica\"\u003e\u003ccode\u003e@​Eroica\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/301\"\u003edjango-q2/django-q2#301\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thesophile\"\u003e\u003ccode\u003e@​thesophile\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/319\"\u003edjango-q2/django-q2#319\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Nick-Yawn\"\u003e\u003ccode\u003e@​Nick-Yawn\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/322\"\u003edjango-q2/django-q2#322\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/7576457\"\u003e\u003ccode\u003e@​7576457\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/325\"\u003edjango-q2/django-q2#325\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/django-q2/django-q2/compare/v1.9.0...v1.10.0\"\u003ehttps://github.com/django-q2/django-q2/compare/v1.9.0...v1.10.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/django-q2/django-q2/blob/master/CHANGELOG.md\"\u003edjango-q2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/django-q2/django-q2/tree/v1.10.0\"\u003ev1.10.0\u003c/a\u003e (2026-05-01)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Fix incorrect signal import (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/308\"\u003e#308\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/308\"\u003edjango-q2/django-q2#308\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd post_execute_in_worker signal (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/309\"\u003e#309\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/309\"\u003edjango-q2/django-q2#309\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix BadSignature after the default Django cache expires (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/311\"\u003e#311\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/311\"\u003edjango-q2/django-q2#311\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat:add Simplified Chinese Translation (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/314\"\u003e#314\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/314\"\u003edjango-q2/django-q2#314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Django Q2 compatibility information (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/316\"\u003e#316\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/316\"\u003edjango-q2/django-q2#316\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDon't close DB connection if async_task was called with sync=True (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/301\"\u003e#301\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/301\"\u003edjango-q2/django-q2#301\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConvert queue size and count to string in monitor (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/319\"\u003e#319\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/319\"\u003edjango-q2/django-q2#319\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix unbounded growth of Broker.set_stat cluster master list (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/322\"\u003e#322\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/322\"\u003edjango-q2/django-q2#322\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Python base image to 3.9-slim-bookworm (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/325\"\u003e#325\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/325\"\u003edjango-q2/django-q2#325\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add ru locale and improve translations (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/320\"\u003e#320\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/320\"\u003edjango-q2/django-q2#320\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/a699578c345f78b5f7faa5e34b6ccaf886ae7fd8\"\u003e\u003ccode\u003ea699578\u003c/code\u003e\u003c/a\u003e Release v1.10.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/5975a2d081db4fd6582f829e0df0dd9263ca4e28\"\u003e\u003ccode\u003e5975a2d\u003c/code\u003e\u003c/a\u003e feat: add \u003ccode\u003eru\u003c/code\u003e locale and improve translations (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/320\"\u003e#320\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/936fdd10b134dca4c5de020ca74b178742fd923e\"\u003e\u003ccode\u003e936fdd1\u003c/code\u003e\u003c/a\u003e Update Python base image to 3.9-slim-bookworm (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/325\"\u003e#325\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/fab97463c2e724e46204fe8eab92a1a9bb8aebb2\"\u003e\u003ccode\u003efab9746\u003c/code\u003e\u003c/a\u003e Fix unbounded growth of Broker.set_stat cluster master list (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/322\"\u003e#322\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/1abdc5b653d9d5c362a6fb4a73df2d08acdc642e\"\u003e\u003ccode\u003e1abdc5b\u003c/code\u003e\u003c/a\u003e Convert queue size and count to string in monitor (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/319\"\u003e#319\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/01df35c92332801c21d8f12351e6b02c72608490\"\u003e\u003ccode\u003e01df35c\u003c/code\u003e\u003c/a\u003e Don't close DB connection if async_task was called with \u003ccode\u003esync=True\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/301\"\u003e#301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/573b8da528c00a1fe8accf959d14e3af4a8f4e2a\"\u003e\u003ccode\u003e573b8da\u003c/code\u003e\u003c/a\u003e Update Django Q2 compatibility information (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/316\"\u003e#316\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/8a563d289dc63f587d23237437f84af0f611d049\"\u003e\u003ccode\u003e8a563d2\u003c/code\u003e\u003c/a\u003e feat:add Simplified Chinese Translation (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/314\"\u003e#314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/1b0f71a39b80c49f0fcbb9a41b54b5dfaff0c175\"\u003e\u003ccode\u003e1b0f71a\u003c/code\u003e\u003c/a\u003e Fix BadSignature after the default Django cache expires (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/311\"\u003e#311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/b51575a4b03dfd4c22da6b948dddb35e2a243bef\"\u003e\u003ccode\u003eb51575a\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003epost_execute_in_worker\u003c/code\u003e signal (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/309\"\u003e#309\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/GDay/django-q2/compare/v1.9.0...v1.10.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dulwich` from 1.2.0 to 1.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dulwich/dulwich/releases\"\u003edulwich's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003edulwich-1.2.1\u003c/h2\u003e\n\u003ch2\u003eChanges since 1.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDerive the LFS endpoint as the remote's on-disk LFS store\n(\u003ccode\u003e\u0026lt;remote\u0026gt;/.git/lfs\u003c/code\u003e for worktrees, \u003ccode\u003e\u0026lt;remote\u0026gt;/lfs\u003c/code\u003e for bare repos)\nwhen \u003ccode\u003eremote.origin.url\u003c/code\u003e points at a local filesystem path or\n\u003ccode\u003efile://\u003c/code\u003e URL, matching git-lfs behaviour. Previously the built-in\nsmudge filter constructed an HTTP-style \u003ccode\u003e\u0026lt;remote\u0026gt;.git/info/lfs\u003c/code\u003e path\nthat did not exist on disk, leaving LFS-tracked files as pointers\nwhen cloning from a local repo.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeduplicate objects when writing a multi-pack-index. Objects present\nin multiple packs (e.g. after \u003ccode\u003egit gc\u003c/code\u003e creates a cruft pack) would\notherwise produce an OIDL chunk with repeated SHAs, causing\n\u003ccode\u003egit multi-pack-index verify\u003c/code\u003e to fail with \u0026quot;oid lookup out of order\u0026quot;.\n(\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2152\"\u003e#2152\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eExtend ignorecase and precomposeunicode support to index lookups.\n(\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/1807\"\u003e#1807\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jelmer/dulwich/blob/main/NEWS\"\u003edulwich's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e1.2.1\t2026-04-29\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRecover from concurrent pack removals (e.g. a racing \u003ccode\u003egit repack\u003c/code\u003e or\n\u003ccode\u003egit gc --auto\u003c/code\u003e) instead of raising spurious \u003ccode\u003eKeyError\u003c/code\u003e /\n\u003ccode\u003eFileNotFoundError\u003c/code\u003e. \u003ccode\u003ePack.index\u003c/code\u003e and \u003ccode\u003ePack.data\u003c/code\u003e now translate\n\u003ccode\u003eFileNotFoundError\u003c/code\u003e during lazy load into \u003ccode\u003ePackFileDisappeared\u003c/code\u003e,\nand \u003ccode\u003ePackBasedObjectStore\u003c/code\u003e evicts the stale pack and rescans the\npack directory before retrying — equivalent to git's\n\u003ccode\u003ereprepare_packed_git()\u003c/code\u003e. (Jelmer Vernooij, \u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2159\"\u003e#2159\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDerive the LFS endpoint as the remote's on-disk LFS store\n(\u003ccode\u003e\u0026lt;remote\u0026gt;/.git/lfs\u003c/code\u003e for worktrees, \u003ccode\u003e\u0026lt;remote\u0026gt;/lfs\u003c/code\u003e for bare repos)\nwhen \u003ccode\u003eremote.origin.url\u003c/code\u003e points at a local filesystem path or\n\u003ccode\u003efile://\u003c/code\u003e URL, matching git-lfs behaviour. Previously the built-in\nsmudge filter constructed an HTTP-style \u003ccode\u003e\u0026lt;remote\u0026gt;.git/info/lfs\u003c/code\u003e path\nthat did not exist on disk, leaving LFS-tracked files as pointers when\ncloning from a local repo. (Jelmer Vernooij)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeduplicate objects when writing a multi-pack-index. Objects present\nin multiple packs (e.g. after \u003ccode\u003egit gc\u003c/code\u003e creates a cruft pack) would\notherwise produce an OIDL chunk with repeated SHAs, causing \u003ccode\u003egit multi-pack-index verify\u003c/code\u003e to fail with \u0026quot;oid lookup out of order\u0026quot;.\n(Jelmer Vernooij, \u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2152\"\u003e#2152\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eExtend ignorecase and precomposeunicode support to index lookups.\n(Jelmer Vernooij, \u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/1807\"\u003e#1807\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/57806b8a4d041cd18bf84ba8d715f4dd0bc5e200\"\u003e\u003ccode\u003e57806b8\u003c/code\u003e\u003c/a\u003e Release 1.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/a127d330de1ef497935146bcd978211d9894787f\"\u003e\u003ccode\u003ea127d33\u003c/code\u003e\u003c/a\u003e Honor GIT_PROTOCOL env var when picking default protocol version (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/1862\"\u003e#1862\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2149\"\u003e#2149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/6c1697a108757766aba71624422a93900f2a867a\"\u003e\u003ccode\u003e6c1697a\u003c/code\u003e\u003c/a\u003e lfs: derive correct file:// LFS endpoint from local remote URL (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2161\"\u003e#2161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/6685fde81a717d91d747953c2f9277939ea5ab6b\"\u003e\u003ccode\u003e6685fde\u003c/code\u003e\u003c/a\u003e lfs: use pathlib.Path.as_uri() for portable file:// URLs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/0d0b9f8d205eb45660d81d1efc5b7ff1fc579e61\"\u003e\u003ccode\u003e0d0b9f8\u003c/code\u003e\u003c/a\u003e Migrate from testrepository to inquest (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2160\"\u003e#2160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/a0dac57db7ba8a6d9fe67d1cf4303cef306647a2\"\u003e\u003ccode\u003ea0dac57\u003c/code\u003e\u003c/a\u003e Migrate from testrepository to inquest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/cd6ebd90fc8f2f1b267db29c418c12c7ebb971a3\"\u003e\u003ccode\u003ecd6ebd9\u003c/code\u003e\u003c/a\u003e lfs: derive correct file:// LFS endpoint from local remote URL\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/bfaf192aaba90df54e4e7b07bba11a28cf36012b\"\u003e\u003ccode\u003ebfaf192\u003c/code\u003e\u003c/a\u003e Disable background processes to prevent issues with races (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2158\"\u003e#2158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/06d7afdeb87f742bdfff93563fd0acd042473b0a\"\u003e\u003ccode\u003e06d7afd\u003c/code\u003e\u003c/a\u003e Move GIT_SSH/GIT_SSH_COMMAND env lookup from client.py to cli.py (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2156\"\u003e#2156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/e60e0c1a4d44441d2f6edfc01ba5098d2ed24cf0\"\u003e\u003ccode\u003ee60e0c1\u003c/code\u003e\u003c/a\u003e Disable background processes to prevent issues with races\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/dulwich/dulwich/compare/dulwich-1.2.0...dulwich-1.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fonttools` from 4.62.1 to 4.63.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fonttools/fonttools/releases\"\u003efonttools's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.63.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[ttLib] Add support for Apple Color Emoji \u003ccode\u003ebgcl\u003c/code\u003e table (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4065\"\u003e#4065\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[ttLib] Add support for \u003ccode\u003eIFT\u003c/code\u003e and \u003ccode\u003eIFTX\u003c/code\u003e tables (Incremental Font Transfer, PatchMapFormat2) (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4070\"\u003e#4070\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4072\"\u003e#4072\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[otData] Introduce \u003ccode\u003eFieldSpec\u003c/code\u003e dataclass for OpenType table schema definitions, replacing raw tuples in \u003ccode\u003eotData.py\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4076\"\u003e#4076\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[Feat] Show \u003ccode\u003ename\u003c/code\u003e table strings as comments next to label IDs in TTX output, matching the convention used by \u003ccode\u003efvar\u003c/code\u003e, \u003ccode\u003eSTAT\u003c/code\u003e, \u003ccode\u003etrak\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4089\"\u003e#4089\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cu2qu] Fix Cython complex-division rounding difference in \u003ccode\u003esplit_cubic_into_three\u003c/code\u003e that could cause ±1 off-curve coordinate shifts (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/3928\"\u003e#3928\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4083\"\u003e#4083\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[designspaceLib] Fix \u003ccode\u003emap_backward\u003c/code\u003e\u003ccode\u003egooglefonts/ufo2ft#978\u003c/code\u003e\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4085\"\u003e#4085\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[OS/2] Fix \u003ccode\u003esetUnicodeRanges\u003c/code\u003e to accept reserved bits 123-127, restoring round-trip with \u003ccode\u003egetUnicodeRanges\u003c/code\u003e and fixing \u003ccode\u003erecalcUnicodeRanges\u003c/code\u003e crash in the subsetter (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4087\"\u003e#4087\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4088\"\u003e#4088\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cython] Declare Cython extensions as free-threading compatible on Python 3.13+, so that importing them on free-threaded Python no longer re-enables the GIL (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4073\"\u003e#4073\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4090\"\u003e#4090\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fonttools/fonttools/blob/main/NEWS.rst\"\u003efonttools's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.63.0 (released 2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[ttLib] Add support for Apple Color Emoji \u003ccode\u003ebgcl\u003c/code\u003e table (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4065\"\u003e#4065\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[ttLib] Add support for \u003ccode\u003eIFT\u003c/code\u003e and \u003ccode\u003eIFTX\u003c/code\u003e tables (Incremental Font Transfer,\nPatchMapFormat2) (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4070\"\u003e#4070\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4072\"\u003e#4072\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[otData] Introduce \u003ccode\u003eFieldSpec\u003c/code\u003e dataclass for OpenType table schema definitions,\nreplacing raw tuples in \u003ccode\u003eotData.py\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4076\"\u003e#4076\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[Feat] Show \u003ccode\u003ename\u003c/code\u003e table strings as comments next to label IDs in TTX output,\nmatching the convention used by \u003ccode\u003efvar\u003c/code\u003e, \u003ccode\u003eSTAT\u003c/code\u003e, \u003ccode\u003etrak\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4089\"\u003e#4089\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cu2qu] Fix Cython complex-division rounding difference in\n\u003ccode\u003esplit_cubic_into_three\u003c/code\u003e that could cause ±1 off-curve coordinate shifts\n(\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/3928\"\u003e#3928\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4083\"\u003e#4083\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[designspaceLib] Fix \u003ccode\u003emap_backward\u003c/code\u003e for many-to-one (flat-segment) axis maps\nthat silently dropped entries via dict comprehension\n\u003ccode\u003egooglefonts/ufo2ft#978\u003c/code\u003e\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4085\"\u003e#4085\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[OS/2] Fix \u003ccode\u003esetUnicodeRanges\u003c/code\u003e to accept reserved bits 123-127, restoring\nround-trip with \u003ccode\u003egetUnicodeRanges\u003c/code\u003e and fixing \u003ccode\u003erecalcUnicodeRanges\u003c/code\u003e crash\nin the subsetter (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4087\"\u003e#4087\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4088\"\u003e#4088\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cython] Declare Cython extensions as free-threading compatible on Python 3.13+,\nso that importing them on free-threaded Python no longer re-enables the GIL\n(\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4073\"\u003e#4073\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4090\"\u003e#4090\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/978d9edccb60ea0e5fbad7015cb11817c3532328\"\u003e\u003ccode\u003e978d9ed\u003c/code\u003e\u003c/a\u003e Release 4.63.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/6b40ecb6f13e076916044ecd8f0fc13ab5f957f6\"\u003e\u003ccode\u003e6b40ecb\u003c/code\u003e\u003c/a\u003e Add changelog entries for 4.63.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/382a35fb5e96c6ff38a1e7775a24e20bf122a66d\"\u003e\u003ccode\u003e382a35f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4090\"\u003e#4090\u003c/a\u003e from fonttools/fix-freethreading-compat\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/0e999b55f05ad0dd8423f389673a32de9c5199bb\"\u003e\u003ccode\u003e0e999b5\u003c/code\u003e\u003c/a\u003e Declare Cython extensions as free-threading compatible\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/9e55ea54c184b0d4c0830525f72e69c6c1a32691\"\u003e\u003ccode\u003e9e55ea5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4089\"\u003e#4089\u003c/a\u003e from fonttools/graphite-feat-labels\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/e84db3ab426a251256ebec7904c03dc73e25932b\"\u003e\u003ccode\u003ee84db3a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4088\"\u003e#4088\u003c/a\u003e from fonttools/fix-setUnicodeRanges-bits-123-127\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/d6eabd1edf7bfa950b6b85c393e4c185dee36d7f\"\u003e\u003ccode\u003ed6eabd1\u003c/code\u003e\u003c/a\u003e Feat: show name table strings as comments next to label IDs in ttx\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/7d0902b2e27ec1433b015b3b8a79391d7c8604cb\"\u003e\u003ccode\u003e7d0902b\u003c/code\u003e\u003c/a\u003e OS/2: fix setUnicodeRanges round-trip for reserved bits 123-127\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/06e266ce70ec578d549c2df0e180a84d9323baf2\"\u003e\u003ccode\u003e06e266c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4085\"\u003e#4085\u003c/a\u003e from fonttools/fix-map-backward-non-injective\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/6d64598a63f83bcd59d29cf3f22dd25343bd9688\"\u003e\u003ccode\u003e6d64598\u003c/code\u003e\u003c/a\u003e Add more tests for map_backward with many-to-one axis maps\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fonttools/fonttools/compare/4.62.1...4.63.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `googleapis-common-protos` from 1.74.0 to 1.75.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/google-cloud-python/releases\"\u003egoogleapis-common-protos's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003egoogleapis-common-protos: v1.75.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/compare/googleapis-common-protos-v1.74.0...googleapis-common-protos-v1.75.0\"\u003ev1.75.0\u003c/a\u003e (2026-05-06)\u003c/h2\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/3997a108c45e1c1df8e844746eb2af4b1a77e154\"\u003e\u003ccode\u003e3997a10\u003c/code\u003e\u003c/a\u003e chore: librarian release pull request: 20260506T163115Z (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16964\"\u003e#16964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/f655e492c0879684b60a7d06e90501dd49e96252\"\u003e\u003ccode\u003ef655e49\u003c/code\u003e\u003c/a\u003e chore: add type annotation to SYNCPOINTS (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16973\"\u003e#16973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/f149bd7dd30489c3165bf03a2343dc9f75875451\"\u003e\u003ccode\u003ef149bd7\u003c/code\u003e\u003c/a\u003e refactor(bigframes): Modularize compiler routing as proxy executor (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16907\"\u003e#16907\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/19db82f5cb033215531e5b65239e45275e3ed568\"\u003e\u003ccode\u003e19db82f\u003c/code\u003e\u003c/a\u003e chore(bigframes): remove leftover support for Python \u0026lt;= 3.9 (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16961\"\u003e#16961\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/2dedaacf0666ade39ae89194ad8dbc34761bd1df\"\u003e\u003ccode\u003e2dedaac\u003c/code\u003e\u003c/a\u003e chore: test CommonResource resource name alias (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16965\"\u003e#16965\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/9652a08cb89441fac779eb4fa4d6f48f33b55d3b\"\u003e\u003ccode\u003e9652a08\u003c/code\u003e\u003c/a\u003e fix: pass resource aliases to file-level CommonResources (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16945\"\u003e#16945\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/78a48b040a2abc0bf19ebe267aba0a1f410df2e6\"\u003e\u003ccode\u003e78a48b0\u003c/code\u003e\u003c/a\u003e fix(google-cloud-core): Drop support for Python 3.9 (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16953\"\u003e#16953\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/5975c48186dd8798b172ac442fd55bc7fece1612\"\u003e\u003ccode\u003e5975c48\u003c/code\u003e\u003c/a\u003e fix(dns): Drop support for Python 3.9 (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16954\"\u003e#16954\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/d5bea2e99b435b8b3d75321679072db092001de6\"\u003e\u003ccode\u003ed5bea2e\u003c/code\u003e\u003c/a\u003e fix(crc32c): Drop support for Python 3.8 and 3.9 (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16955\"\u003e#16955\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/63f6d96c1c5569b5fdaea85dfe995ce280907b98\"\u003e\u003ccode\u003e63f6d96\u003c/code\u003e\u003c/a\u003e fix(sqlalchemy-bigquery): Drop support for Python 3.8 and 3.9 (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16956\"\u003e#16956\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/googleapis/google-cloud-python/compare/googleapis-common-protos-v1.74.0...googleapis-common-protos-v1.75.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `gunicorn` from 25.3.0 to 26.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/benoitc/gunicorn/releases\"\u003egunicorn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.0.0\u003c/h2\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eEventlet worker removed\u003c/strong\u003e: The \u003ccode\u003eeventlet\u003c/code\u003e worker class has been dropped. Migrate to \u003ccode\u003egevent\u003c/code\u003e, \u003ccode\u003egthread\u003c/code\u003e, or \u003ccode\u003etornado\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eASGI Framework Compatibility Suite\u003c/strong\u003e: New end-to-end compatibility test harness covering Starlette, FastAPI, Litestar, Quart, Sanic, and BlackSheep. Current grid passes 438/444 tests (98%).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eASGI Test Suite Expansion\u003c/strong\u003e: 134 additional ASGI unit tests covering protocol semantics, lifespan, websockets, and chunked framing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP/1.1 Request-Target Validation\u003c/strong\u003e (RFC 9112 sections 3.2.3, 3.2.4):\n\u003cul\u003e\n\u003cli\u003eReject \u003ccode\u003eauthority-form\u003c/code\u003e request-target outside \u003ccode\u003eCONNECT\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eReject \u003ccode\u003easterisk-form\u003c/code\u003e request-target outside \u003ccode\u003eOPTIONS\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eReject \u003ccode\u003erelative-reference\u003c/code\u003e request-targets\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHeader Field Hardening\u003c/strong\u003e (RFC 9110):\n\u003cul\u003e\n\u003cli\u003eReject control characters in header field-value (section 5.5)\u003c/li\u003e\n\u003cli\u003eReject forbidden trailer field-names (section 6.5.1)\u003c/li\u003e\n\u003cli\u003eReject \u003ccode\u003eContent-Length\u003c/code\u003e list form (RFC 9112 section 6.3)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRequest Smuggling Hardening\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eTighten keepalive gate and scope \u003ccode\u003efinish_body\u003c/code\u003e byte cap\u003c/li\u003e\n\u003cli\u003eKeep \u003ccode\u003e_body_receiver\u003c/code\u003e alive across the keepalive smuggling gate so pipelined requests cannot re-enter a closed body\u003c/li\u003e\n\u003cli\u003eAddress parser/protocol findings from a six-point WSGI/ASGI audit\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePROXY Protocol (ASGI)\u003c/strong\u003e: Enforce \u003ccode\u003eproxy_allow_ips\u003c/code\u003e and tighten v1/v2 parsing in the ASGI callback parser.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eConnection Draining\u003c/strong\u003e: Drain the connection on close per RFC 9112 section 9.6 to prevent reset-on-close truncation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBody Framing on HEAD/204/304\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eKeep \u003ccode\u003eContent-Length\u003c/code\u003e on HEAD and 304 responses (\u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3621\"\u003e#3621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop body framing on HEAD/204/304 even when the framework set it\u003c/li\u003e\n\u003cli\u003eWarn once when an ASGI app emits a body for a no-body response\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP/2 ASGI\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003e_handle_stream_ended\u003c/code\u003e to set \u003ccode\u003e_body_complete\u003c/code\u003e in the async HTTP/2 handler so request bodies finalize correctly on stream end\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eInvalidChunkExtension\u003c/code\u003e mapping and fast-parser support in ASGI tests (\u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3565\"\u003e#3565\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP/1.1 100-Continue\u003c/strong\u003e: Stop adding \u003ccode\u003eTransfer-Encoding: chunked\u003c/code\u003e to 100-Continue interim responses.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eWebSocket Close Handshake\u003c/strong\u003e (RFC 6455):\n\u003cul\u003e\n\u003cli\u003eComply with the close handshake state machine\u003c/li\u003e\n\u003cli\u003eClose the transport after the close handshake completes\u003c/li\u003e\n\u003cli\u003eFix binary send when the \u003ccode\u003etext\u003c/code\u003e key is \u003ccode\u003eNone\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eEarly Hints\u003c/strong\u003e: Validate headers in the \u003ccode\u003eearly_hints\u003c/code\u003e callback to match \u003ccode\u003eprocess_headers\u003c/code\u003e; pass only the header name to \u003ccode\u003eInvalidHeader\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3588\"\u003e#3588\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eASGI Framework Fixes\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eFix ASGI disconnect handling for Django-style apps\u003c/li\u003e\n\u003cli\u003eFix Litestar request handling (use raw ASGI receive for body/headers)\u003c/li\u003e\n\u003cli\u003eFix Litestar HTTP endpoints for compatibility tests\u003c/li\u003e\n\u003cli\u003eFix Quart headers endpoint to normalize keys to lowercase\u003c/li\u003e\n\u003cli\u003eFix Quart WebSocket close test app (missing \u003ccode\u003eaccept()\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eFix duplicate \u003ccode\u003eTransfer-Encoding\u003c/code\u003e header for BlackSheep streaming\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/5d819cf36040f6cc6175fcc804d703fb899509dd\"\u003e\u003ccode\u003e5d819cf\u003c/code\u003e\u003c/a\u003e release: 26.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/b45c70df105f7d5dcbc5abfb732804d6464edc21\"\u003e\u003ccode\u003eb45c70d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3611\"\u003e#3611\u003c/a\u003e from zc-mattcen/docs-typo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/99c8d48acf453deb5c49fe12e195dbc00d888d1e\"\u003e\u003ccode\u003e99c8d48\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3623\"\u003e#3623\u003c/a\u003e from benoitc/chore/drop-eventlet-add-h2-uvloop-test-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/5a655af50f20e005dd9e32e6078dc82fa45f3d4b\"\u003e\u003ccode\u003e5a655af\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3622\"\u003e#3622\u003c/a\u003e from benoitc/test/docker-port-and-ipv4-fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/201df19a8011c0a1d6a0e75ebe22e89d48eb935e\"\u003e\u003ccode\u003e201df19\u003c/code\u003e\u003c/a\u003e chore: remove eventlet worker; add h2 and uvloop to test deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/f4ac8e1f1bf1d365e77f41915da55bec31873f84\"\u003e\u003ccode\u003ef4ac8e1\u003c/code\u003e\u003c/a\u003e test: pass action name to dirty client and stabilize after TTOU spam\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/54d38afddf1f0db0c15b5f4ff63f3c7bfad96961\"\u003e\u003ccode\u003e54d38af\u003c/code\u003e\u003c/a\u003e test: unblock docker fixtures on macOS hosts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/68843c8893dd938456f0a2da62085ab5776f8871\"\u003e\u003ccode\u003e68843c8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3621\"\u003e#3621\u003c/a\u003e from benoitc/fix/asgi-preserve-content-length-on-hea...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/31f2618f733cc0c78690df63f4e344aaf3f56b20\"\u003e\u003ccode\u003e31f2618\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3620\"\u003e#3620\u003c/a\u003e from benoitc/fix/asgi-proxy-protocol-trust-and-parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/41ec7527dbd8a9e52728477700707ad40e41d9dc\"\u003e\u003ccode\u003e41ec752\u003c/code\u003e\u003c/a\u003e fix: keep Content-Length on HEAD and 304 responses\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/benoitc/gunicorn/compare/25.3.0...26.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `icalendar` from 7.0.3 to 7.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/collective/icalendar/releases\"\u003eicalendar's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.1.0\u003c/h2\u003e\n\u003cp\u003eTo view the changes, please see the \u003ca href=\"https://icalendar.readthedocs.io/en/latest/changelog.html\"\u003eChangelog\u003c/a\u003e. This release can be installed from \u003ca href=\"https://pypi.org/project/icalendar/#history\"\u003ePyPI\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/collective/icalendar/blob/main/CHANGES.rst\"\u003eicalendar's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e7.1.0 (2026-04-30)\u003c/h2\u003e\n\u003cp\u003eMinor changes\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Deprecate ``icalendar.parser.escape_string`` and ``icalendar.parser.unescape_string`` for icalendar version 8. Use ``_escape_string`` and ``_unescape_string`` internally. :issue:`1011`\n- Added behavioral tests for :class:`~icalendar.cal.lazy.LazyCalendar` covering serialization round-trips, ``.todos``, ``.journals``, forward timezone references, and ``with_uid()`` substring false-positives. :issue:`1050`\n- Added edge case tests for :class:`~icalendar.prop.conference.Conference` parameter normalization covering string passthrough, empty list filtering, and ``None`` omission. :issue:`925`\n- Make icalendar an explicit editable install for clarity. :pr:`1268`\n- Do not run some tests until a pull request is approved. :pr:`1246`\n- Mark skipped CI tasks as skipped instead of running them. :issue:`1286`\n- Created an :meth:`~icalendar.prop.boolean.vBoolean.ical_value` property for the :class:`~icalendar.prop.boolean.vBoolean` component. :issue:`876`\n- Created an :meth:`~icalendar.prop.float.vFloat.ical_value` property for the :class:`~icalendar.prop.float.vFloat` component. :issue:`876`\n- Created an :meth:`~icalendar.prop.integer.vInt.ical_value` property for the :class:`~icalendar.prop.integer.vInt` component. :issue:`876`\n- Created an :meth:`~icalendar.prop.binary.vBinary.ical_value` property for the :class:`~icalendar.prop.binary.vBinary` component. :issue:`876`\n- Put the link check as the last documentation CI task, allowing the documentation build and Vale to run first and fail faster. :pr:`1295`\n- Extended :func:`~icalendar.timezone.tzp.TZP.localize` to support localizing both :class:`datetime.datetime` and :class:`datetime.time` objects, returning timezone-aware :class:`datetime.time` objects for the latter. :issue:`1142`\n- Add type hints to tests directory functions. :issue:`938`\n- Update to Contributor Covenant 3.0 Code of Conduct, hosted at https://pycal.org/code-of-conduct/.\n\u003cp\u003eNew features\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Added :class:`~icalendar.cal.lazy.LazyCalendar` for lazy parsing of subcomponents. :issue:`158`, :issue:`1050`\n- Updated :func:`icalendar.prop.dt.time.vTime.from_ical` to support parsing time values with TZID parameters, returning timezone-aware :class:`datetime.time` objects. :issue:`1142`\n- Added ``subcomponents`` parameter to :meth:`Component.new \u0026amp;lt;icalendar.cal.component.Component.new\u0026amp;gt;`, :meth:`Event.new \u0026amp;lt;icalendar.cal.event.Event.new\u0026amp;gt;`, :meth:`Todo.new \u0026amp;lt;icalendar.cal.todo.Todo.new\u0026amp;gt;`, and :meth:`Availability.new \u0026amp;lt;icalendar.cal.availability.Availability.new\u0026amp;gt;`. :issue:`1065`\n- Switch to uv for development. :issue:`1102`\n\nBug fixes\n~~~~~~~~~\n\n- Allow lenient parsing of content lines with optional whitespace around property and parameter delimiters (for example, ``REFRESH - INTERVAL; VALUE = DURATION:PT48H``) when parsing calendars with ``strict=False``. :issue:`351`\n- X-properties with a ``VALUE`` parameter are now parsed using the correct type instead of falling back to :class:`~icalendar.prop.unkown.vUnkno...\n\n_Description has been truncated_","html_url":"https://github.com/invenhost/InvenTree/pull/342","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/invenhost%2FInvenTree/issues/342","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/342/packages"}},{"old_version":"6.0.12.20260508","new_version":"6.0.12.20260518","update_type":null,"path":null,"pr_created_at":"2026-05-22T00:02:19.000Z","version_change":"6.0.12.20260508 → 6.0.12.20260518","issue":{"uuid":"4498714060","node_id":"PR_kwDOF71pj87eJaX7","number":4587,"state":"closed","title":"build(deps): bump the dependencies group across 2 directories with 8 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-27T02:59:26.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-22T00:02:19.000Z","updated_at":"2026-05-27T02:59:29.000Z","time_to_close":442627,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"dependencies","update_count":8,"packages":[{"name":"pyjwt","old_version":"2.12.1","new_version":"2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"},{"name":"envoy-base-utils","old_version":"0.6.4","new_version":"0.6.5","repository_url":"https://github.com/envoyproxy/toolshed"},{"name":"protobuf","old_version":"7.34.1","new_version":"7.35.0","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"types-aiofiles","old_version":"25.1.0.20260508","new_version":"25.1.0.20260518","repository_url":"https://github.com/python/typeshed"},{"name":"types-protobuf","old_version":"7.34.1.20260508","new_version":"7.34.1.20260518","repository_url":"https://github.com/python/typeshed"},{"name":"types-pygments","old_version":"2.20.0.20260508","new_version":"2.20.0.20260518","repository_url":"https://github.com/python/typeshed"},{"name":"types-pyyaml","old_version":"6.0.12.20260508","new_version":"6.0.12.20260518","repository_url":"https://github.com/python/typeshed"}],"path":null,"ecosystem":"pip"},"body":"Bumps the dependencies group with 2 updates in the /ci directory: [envoy-code-check](https://github.com/envoyproxy/toolshed) and [pyjwt](https://github.com/jpadilla/pyjwt).\nBumps the dependencies group with 7 updates in the /py/deps directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.12.1` | `2.13.0` |\n| [envoy-base-utils](https://github.com/envoyproxy/toolshed) | `0.6.4` | `0.6.5` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `7.34.1` | `7.35.0` |\n| [types-aiofiles](https://github.com/python/typeshed) | `25.1.0.20260508` | `25.1.0.20260518` |\n| [types-protobuf](https://github.com/python/typeshed) | `7.34.1.20260508` | `7.34.1.20260518` |\n| [types-pygments](https://github.com/python/typeshed) | `2.20.0.20260508` | `2.20.0.20260518` |\n| [types-pyyaml](https://github.com/python/typeshed) | `6.0.12.20260508` | `6.0.12.20260518` |\n\n\nUpdates `envoy-code-check` from 0.5.14 to 0.6.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/envoyproxy/toolshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyjwt` from 2.12.1 to 2.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/releases\"\u003epyjwt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.13.0\u003c/h2\u003e\n\u003ch1\u003ePyJWT 2.13.0 — Security Release\u003c/h1\u003e\n\u003cp\u003eThis release bundles five security fixes plus three additional hardening / spec-compliance changes. We recommend all users upgrade.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\"\u003e\u003ccode\u003eGHSA-xgmm-8j9v-c9wx\u003c/code\u003e\u003c/a\u003e — JWK JSON accepted as HMAC secret (algorithm confusion).\u003c/strong\u003e \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e previously rejected PEM- and SSH-formatted asymmetric keys but did not catch a JWK passed as a raw JSON string. In a verifier configured with both symmetric and asymmetric algorithms in \u003ccode\u003ealgorithms=[…]\u003c/code\u003e and a raw-JSON JWK as the key, an attacker could forge HS256 tokens using the JWK text as the HMAC secret. The guard has been extended to reject any JWK-shaped JSON. \u003cem\u003eReported by \u003ca href=\"https://github.com/aradona91\"\u003e\u003ccode\u003e@​aradona91\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\"\u003e\u003ccode\u003eGHSA-jq35-7prp-9v3f\u003c/code\u003e\u003c/a\u003e — Algorithm allow-list bypass with \u003ccode\u003ePyJWK\u003c/code\u003e / \u003ccode\u003ePyJWKClient\u003c/code\u003e.\u003c/strong\u003e When verifying with a \u003ccode\u003ePyJWK\u003c/code\u003e, the caller's \u003ccode\u003ealgorithms=[…]\u003c/code\u003e allow-list was checked against the token header \u003ccode\u003ealg\u003c/code\u003e as a string only; actual verification used the algorithm bound to the \u003ccode\u003ePyJWK\u003c/code\u003e. An attacker who controlled a registered JWKS key could sign with one algorithm and advertise another on the header. PyJWT now requires the token header \u003ccode\u003ealg\u003c/code\u003e to match the \u003ccode\u003ePyJWK\u003c/code\u003e's algorithm before verification. \u003cem\u003eReported by \u003ca href=\"https://github.com/sushi-gif\"\u003e\u003ccode\u003e@​sushi-gif\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\"\u003e\u003ccode\u003eGHSA-w7vc-732c-9m39\u003c/code\u003e\u003c/a\u003e — DoS via base64 decode of unused payload segment when \u003ccode\u003eb64=false\u003c/code\u003e.\u003c/strong\u003e For detached-payload JWS (\u003ccode\u003eb64=false\u003c/code\u003e), the compact-form payload segment was base64-decoded before being discarded in favor of the caller-supplied \u003ccode\u003edetached_payload\u003c/code\u003e. An attacker could inflate the unused segment to force CPU + memory cost without holding a valid signature. The segment is now required to be empty per RFC 7515 Appendix F, and is no longer decoded. \u003cem\u003eReported by \u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\"\u003e\u003ccode\u003eGHSA-993g-76c3-p5m4\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e accepts non-HTTP(S) URIs.\u003c/strong\u003e \u003ccode\u003ePyJWKClient.fetch_data\u003c/code\u003e passed its URI to \u003ccode\u003eurllib.request.urlopen\u003c/code\u003e, which by default also handles \u003ccode\u003efile://\u003c/code\u003e, \u003ccode\u003eftp://\u003c/code\u003e, and \u003ccode\u003edata:\u003c/code\u003e schemes. An application that fed an attacker-influenced URI into \u003ccode\u003ePyJWKClient\u003c/code\u003e could be coerced into reading local files or reaching other unintended schemes. \u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects any URI whose scheme isn't \u003ccode\u003ehttp\u003c/code\u003e or \u003ccode\u003ehttps\u003c/code\u003e. \u003cem\u003eReported by \u003ca href=\"https://github.com/KEIJOT\"\u003e\u003ccode\u003e@​KEIJOT\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\"\u003e\u003ccode\u003eGHSA-fhv5-28vv-h8m8\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e cache wiped on fetch error.\u003c/strong\u003e A \u003ccode\u003efinally\u003c/code\u003e-block \u003ccode\u003eput(jwk_set=None)\u003c/code\u003e cleared the JWK Set cache whenever a fetch raised, turning a transient JWKS-endpoint outage into application-wide auth failure. The cache write was moved into the success path; transient errors no longer evict valid cached keys. \u003cem\u003eReported by \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReject empty HMAC keys outright in \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e with \u003ccode\u003eInvalidKeyError\u003c/code\u003e instead of accepting them with only a warning. Defends against the \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e footgun. \u003cem\u003eThanks to \u003ca href=\"https://github.com/SnailSploit\"\u003e\u003ccode\u003e@​SnailSploit\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/spartan8806\"\u003e\u003ccode\u003e@​spartan8806\u003c/code\u003e\u003c/a\u003e for the reports.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003eForward per-call \u003ccode\u003eoptions\u003c/code\u003e (including \u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e) from \u003ccode\u003ePyJWT.decode\u003c/code\u003e through to \u003ccode\u003ePyJWS._verify_signature\u003c/code\u003e. The option was previously silently dropped between the two layers, so it only took effect when set on the \u003ccode\u003ePyJWT\u003c/code\u003e instance. \u003cem\u003eThanks to \u003ca href=\"https://github.com/WLUB\"\u003e\u003ccode\u003e@​WLUB\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRFC 7797 §3 compliance for \u003ccode\u003eb64=false\u003c/code\u003e:\u003c/strong\u003e the encoder now auto-adds \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e to \u003ccode\u003ecrit\u003c/code\u003e, and the decoder rejects tokens that set \u003ccode\u003eb64=false\u003c/code\u003e without listing it in \u003ccode\u003ecrit\u003c/code\u003e. \u003cem\u003eThanks to \u003ca href=\"https://github.com/MachineLearning-Nerd\"\u003e\u003ccode\u003e@​MachineLearning-Nerd\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups, by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/pull/1152\"\u003e#1152\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUpgrade notes\u003c/h2\u003e\n\u003cp\u003eMost fixes are invisible to correctly-configured callers. A few behavioral changes you may encounter:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eEmpty HMAC keys now raise.\u003c/strong\u003e If your app passed \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e or \u003ccode\u003eb\u0026quot;\u0026quot;\u003c/code\u003e as a secret (often via a missing env var, e.g. \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e), \u003ccode\u003eencode\u003c/code\u003e/\u003ccode\u003edecode\u003c/code\u003e will now raise \u003ccode\u003eInvalidKeyError\u003c/code\u003e. This is the intended behavior — fix the configuration.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWK\u003c/code\u003e decoding now requires the token's \u003ccode\u003ealg\u003c/code\u003e to match the JWK's algorithm.\u003c/strong\u003e Previously a mismatch was silently honored if the header \u003ccode\u003ealg\u003c/code\u003e appeared in the allow-list. Tokens that relied on this mismatch will now fail with \u003ccode\u003eInvalidAlgorithmError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects non-HTTP(S) URIs at construction time.\u003c/strong\u003e Tests or dev environments that fetched JWKS from \u003ccode\u003efile://\u003c/code\u003e URIs need to switch to a local HTTP server or load the JWKS by other means (e.g. construct \u003ccode\u003ePyJWKSet.from_dict(...)\u003c/code\u003e directly).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eb64=false\u003c/code\u003e tokens are now strictly RFC 7515 / 7797 compliant.\u003c/strong\u003e Tokens with a non-empty compact-form payload segment, or that omit \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e from \u003ccode\u003ecrit\u003c/code\u003e, will be rejected. PyJWT-produced tokens always satisfy both invariants, so round-trips through PyJWT are unaffected.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e set per-call now takes effect.\u003c/strong\u003e Callers who passed \u003ccode\u003eoptions={\u0026quot;enforce_minimum_key_length\u0026quot;: True}\u003c/code\u003e to \u003ccode\u003ejwt.decode()\u003c/code\u003e previously got no enforcement; they will now get \u003ccode\u003eInvalidKeyError\u003c/code\u003e on undersized keys, as documented.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull changelog:\u003c/strong\u003e \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ehttps://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst\"\u003epyjwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003ev2.13.0 \u0026lt;https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u0026gt;\u003c/code\u003e__\u003c/h2\u003e\n\u003cp\u003eSecurity\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject JWK JSON documents passed as raw HMAC secrets in\n  ``HMACAlgorithm.prepare_key`` to close an algorithm-confusion gap that\n  the existing PEM/SSH guard did not cover. Reported by @aradona91 in\n  `GHSA-xgmm-8j9v-c9wx \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\u0026gt;`__.\n- Bind the JWT header ``alg`` to ``PyJWK.algorithm_name`` during\n  verification so the caller's ``algorithms=[...]`` allow-list cannot be\n  bypassed when decoding with a ``PyJWK`` / ``PyJWKClient`` key. Reported\n  by @sushi-gif in `GHSA-jq35-7prp-9v3f \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\u0026gt;`__.\n- Reject non-``http(s)`` URI schemes in ``PyJWKClient`` so attacker-\n  influenced URIs cannot read local files or reach unintended schemes via\n  urllib's default ``file://`` / ``ftp://`` / ``data:`` handlers. Reported\n  by @KEIJOT in `GHSA-993g-76c3-p5m4 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\u0026gt;`__.\n- Preserve the cached JWK Set on fetch errors in ``PyJWKClient.fetch_data``.\n  The previous ``finally``-block ``put(None)`` pattern cleared the cache\n  on any transient outage, turning one bad JWKS request into application-\n  wide auth failure. Reported by @eddieran in `GHSA-fhv5-28vv-h8m8 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\u0026gt;`__.\n- Skip the unconditional base64 decode of the compact-form payload segment\n  when ``b64=false`` is set in the protected header, and require that\n  segment to be empty (RFC 7515 Appendix F detached form). Closes an\n  unauthenticated DoS amplifier. Reported by @thesmartshadow in\n  `GHSA-w7vc-732c-9m39 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\u0026gt;`__.\n\u003cp\u003eFixed\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject empty HMAC keys outright in ``HMACAlgorithm.prepare_key`` with\n  ``InvalidKeyError`` instead of accepting them with only a warning.\n  Thanks to @SnailSploit and @spartan8806 for independently flagging the\n  footgun.\n- Forward per-call ``options`` (including ``enforce_minimum_key_length``)\n  from ``PyJWT.decode`` through to ``PyJWS._verify_signature`` so the\n  option actually takes effect when set at the call site rather than only\n  on the ``PyJWT`` instance. Thanks to @WLUB for the report.\n- RFC 7797 §3 compliance for ``b64=false``: the encoder now auto-adds\n  ``\u0026amp;quot;b64\u0026amp;quot;`` to the ``crit`` header parameter, and the decoder rejects\n  tokens that set ``b64=false`` without listing it in ``crit``. Thanks to\n  @MachineLearning-Nerd for the report.\n\nChanged\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ccode\u003e[#1152](https://github.com/jpadilla/pyjwt/issues/1152) \u0026amp;lt;https://github.com/jpadilla/pyjwt/pull/1152\u0026amp;gt;\u003c/code\u003e__\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/7144e4534c34810f4525dc4578a32addd8212cff\"\u003e\u003ccode\u003e7144e45\u003c/code\u003e\u003c/a\u003e Apply ruff format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/d2f4bec4963897c0ef96ef64a875894f2c8542ab\"\u003e\u003ccode\u003ed2f4bec\u003c/code\u003e\u003c/a\u003e Restore \u003ccode\u003ecast()\u003c/code\u003e calls with cross-version \u003ccode\u003etype: ignore\u003c/code\u003e for \u003ccode\u003eprepare_key\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/22f478cebddd8294259c30f037ecb92b0b348774\"\u003e\u003ccode\u003e22f478c\u003c/code\u003e\u003c/a\u003e Remove redundant casts in \u003ccode\u003eRSAAlgorithm.prepare_key\u003c/code\u003e and `ECAlgorithm.prepare...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/95791b1759b8aa4f2203575d344d5c78564cdc81\"\u003e\u003ccode\u003e95791b1\u003c/code\u003e\u003c/a\u003e Bundle security fixes and hardening into 2.13.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/dcc27a9d3182a2349c30b160758785c6ce7a6508\"\u003e\u003ccode\u003edcc27a9\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1155\"\u003e#1155\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/9d08a9a1896845ed8eaf88e6f6ac61e5800c3e7a\"\u003e\u003ccode\u003e9d08a9a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1146\"\u003e#1146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/b87c10014d4109f0214fea188d00faaaf8a80e64\"\u003e\u003ccode\u003eb87c100\u003c/code\u003e\u003c/a\u003e Bump codecov/codecov-action from 5 to 6 (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1154\"\u003e#1154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/40e3147eb5f790d8d041772e5fc00728a176c812\"\u003e\u003ccode\u003e40e3147\u003c/code\u003e\u003c/a\u003e Migrate development extras to dependency groups (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1152\"\u003e#1152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyjwt` from 2.12.1 to 2.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/releases\"\u003epyjwt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.13.0\u003c/h2\u003e\n\u003ch1\u003ePyJWT 2.13.0 — Security Release\u003c/h1\u003e\n\u003cp\u003eThis release bundles five security fixes plus three additional hardening / spec-compliance changes. We recommend all users upgrade.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\"\u003e\u003ccode\u003eGHSA-xgmm-8j9v-c9wx\u003c/code\u003e\u003c/a\u003e — JWK JSON accepted as HMAC secret (algorithm confusion).\u003c/strong\u003e \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e previously rejected PEM- and SSH-formatted asymmetric keys but did not catch a JWK passed as a raw JSON string. In a verifier configured with both symmetric and asymmetric algorithms in \u003ccode\u003ealgorithms=[…]\u003c/code\u003e and a raw-JSON JWK as the key, an attacker could forge HS256 tokens using the JWK text as the HMAC secret. The guard has been extended to reject any JWK-shaped JSON. \u003cem\u003eReported by \u003ca href=\"https://github.com/aradona91\"\u003e\u003ccode\u003e@​aradona91\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\"\u003e\u003ccode\u003eGHSA-jq35-7prp-9v3f\u003c/code\u003e\u003c/a\u003e — Algorithm allow-list bypass with \u003ccode\u003ePyJWK\u003c/code\u003e / \u003ccode\u003ePyJWKClient\u003c/code\u003e.\u003c/strong\u003e When verifying with a \u003ccode\u003ePyJWK\u003c/code\u003e, the caller's \u003ccode\u003ealgorithms=[…]\u003c/code\u003e allow-list was checked against the token header \u003ccode\u003ealg\u003c/code\u003e as a string only; actual verification used the algorithm bound to the \u003ccode\u003ePyJWK\u003c/code\u003e. An attacker who controlled a registered JWKS key could sign with one algorithm and advertise another on the header. PyJWT now requires the token header \u003ccode\u003ealg\u003c/code\u003e to match the \u003ccode\u003ePyJWK\u003c/code\u003e's algorithm before verification. \u003cem\u003eReported by \u003ca href=\"https://github.com/sushi-gif\"\u003e\u003ccode\u003e@​sushi-gif\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\"\u003e\u003ccode\u003eGHSA-w7vc-732c-9m39\u003c/code\u003e\u003c/a\u003e — DoS via base64 decode of unused payload segment when \u003ccode\u003eb64=false\u003c/code\u003e.\u003c/strong\u003e For detached-payload JWS (\u003ccode\u003eb64=false\u003c/code\u003e), the compact-form payload segment was base64-decoded before being discarded in favor of the caller-supplied \u003ccode\u003edetached_payload\u003c/code\u003e. An attacker could inflate the unused segment to force CPU + memory cost without holding a valid signature. The segment is now required to be empty per RFC 7515 Appendix F, and is no longer decoded. \u003cem\u003eReported by \u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\"\u003e\u003ccode\u003eGHSA-993g-76c3-p5m4\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e accepts non-HTTP(S) URIs.\u003c/strong\u003e \u003ccode\u003ePyJWKClient.fetch_data\u003c/code\u003e passed its URI to \u003ccode\u003eurllib.request.urlopen\u003c/code\u003e, which by default also handles \u003ccode\u003efile://\u003c/code\u003e, \u003ccode\u003eftp://\u003c/code\u003e, and \u003ccode\u003edata:\u003c/code\u003e schemes. An application that fed an attacker-influenced URI into \u003ccode\u003ePyJWKClient\u003c/code\u003e could be coerced into reading local files or reaching other unintended schemes. \u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects any URI whose scheme isn't \u003ccode\u003ehttp\u003c/code\u003e or \u003ccode\u003ehttps\u003c/code\u003e. \u003cem\u003eReported by \u003ca href=\"https://github.com/KEIJOT\"\u003e\u003ccode\u003e@​KEIJOT\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\"\u003e\u003ccode\u003eGHSA-fhv5-28vv-h8m8\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e cache wiped on fetch error.\u003c/strong\u003e A \u003ccode\u003efinally\u003c/code\u003e-block \u003ccode\u003eput(jwk_set=None)\u003c/code\u003e cleared the JWK Set cache whenever a fetch raised, turning a transient JWKS-endpoint outage into application-wide auth failure. The cache write was moved into the success path; transient errors no longer evict valid cached keys. \u003cem\u003eReported by \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReject empty HMAC keys outright in \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e with \u003ccode\u003eInvalidKeyError\u003c/code\u003e instead of accepting them with only a warning. Defends against the \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e footgun. \u003cem\u003eThanks to \u003ca href=\"https://github.com/SnailSploit\"\u003e\u003ccode\u003e@​SnailSploit\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/spartan8806\"\u003e\u003ccode\u003e@​spartan8806\u003c/code\u003e\u003c/a\u003e for the reports.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003eForward per-call \u003ccode\u003eoptions\u003c/code\u003e (including \u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e) from \u003ccode\u003ePyJWT.decode\u003c/code\u003e through to \u003ccode\u003ePyJWS._verify_signature\u003c/code\u003e. The option was previously silently dropped between the two layers, so it only took effect when set on the \u003ccode\u003ePyJWT\u003c/code\u003e instance. \u003cem\u003eThanks to \u003ca href=\"https://github.com/WLUB\"\u003e\u003ccode\u003e@​WLUB\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRFC 7797 §3 compliance for \u003ccode\u003eb64=false\u003c/code\u003e:\u003c/strong\u003e the encoder now auto-adds \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e to \u003ccode\u003ecrit\u003c/code\u003e, and the decoder rejects tokens that set \u003ccode\u003eb64=false\u003c/code\u003e without listing it in \u003ccode\u003ecrit\u003c/code\u003e. \u003cem\u003eThanks to \u003ca href=\"https://github.com/MachineLearning-Nerd\"\u003e\u003ccode\u003e@​MachineLearning-Nerd\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups, by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/pull/1152\"\u003e#1152\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUpgrade notes\u003c/h2\u003e\n\u003cp\u003eMost fixes are invisible to correctly-configured callers. A few behavioral changes you may encounter:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eEmpty HMAC keys now raise.\u003c/strong\u003e If your app passed \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e or \u003ccode\u003eb\u0026quot;\u0026quot;\u003c/code\u003e as a secret (often via a missing env var, e.g. \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e), \u003ccode\u003eencode\u003c/code\u003e/\u003ccode\u003edecode\u003c/code\u003e will now raise \u003ccode\u003eInvalidKeyError\u003c/code\u003e. This is the intended behavior — fix the configuration.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWK\u003c/code\u003e decoding now requires the token's \u003ccode\u003ealg\u003c/code\u003e to match the JWK's algorithm.\u003c/strong\u003e Previously a mismatch was silently honored if the header \u003ccode\u003ealg\u003c/code\u003e appeared in the allow-list. Tokens that relied on this mismatch will now fail with \u003ccode\u003eInvalidAlgorithmError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects non-HTTP(S) URIs at construction time.\u003c/strong\u003e Tests or dev environments that fetched JWKS from \u003ccode\u003efile://\u003c/code\u003e URIs need to switch to a local HTTP server or load the JWKS by other means (e.g. construct \u003ccode\u003ePyJWKSet.from_dict(...)\u003c/code\u003e directly).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eb64=false\u003c/code\u003e tokens are now strictly RFC 7515 / 7797 compliant.\u003c/strong\u003e Tokens with a non-empty compact-form payload segment, or that omit \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e from \u003ccode\u003ecrit\u003c/code\u003e, will be rejected. PyJWT-produced tokens always satisfy both invariants, so round-trips through PyJWT are unaffected.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e set per-call now takes effect.\u003c/strong\u003e Callers who passed \u003ccode\u003eoptions={\u0026quot;enforce_minimum_key_length\u0026quot;: True}\u003c/code\u003e to \u003ccode\u003ejwt.decode()\u003c/code\u003e previously got no enforcement; they will now get \u003ccode\u003eInvalidKeyError\u003c/code\u003e on undersized keys, as documented.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull changelog:\u003c/strong\u003e \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ehttps://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst\"\u003epyjwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003ev2.13.0 \u0026lt;https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u0026gt;\u003c/code\u003e__\u003c/h2\u003e\n\u003cp\u003eSecurity\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject JWK JSON documents passed as raw HMAC secrets in\n  ``HMACAlgorithm.prepare_key`` to close an algorithm-confusion gap that\n  the existing PEM/SSH guard did not cover. Reported by @aradona91 in\n  `GHSA-xgmm-8j9v-c9wx \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\u0026gt;`__.\n- Bind the JWT header ``alg`` to ``PyJWK.algorithm_name`` during\n  verification so the caller's ``algorithms=[...]`` allow-list cannot be\n  bypassed when decoding with a ``PyJWK`` / ``PyJWKClient`` key. Reported\n  by @sushi-gif in `GHSA-jq35-7prp-9v3f \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\u0026gt;`__.\n- Reject non-``http(s)`` URI schemes in ``PyJWKClient`` so attacker-\n  influenced URIs cannot read local files or reach unintended schemes via\n  urllib's default ``file://`` / ``ftp://`` / ``data:`` handlers. Reported\n  by @KEIJOT in `GHSA-993g-76c3-p5m4 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\u0026gt;`__.\n- Preserve the cached JWK Set on fetch errors in ``PyJWKClient.fetch_data``.\n  The previous ``finally``-block ``put(None)`` pattern cleared the cache\n  on any transient outage, turning one bad JWKS request into application-\n  wide auth failure. Reported by @eddieran in `GHSA-fhv5-28vv-h8m8 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\u0026gt;`__.\n- Skip the unconditional base64 decode of the compact-form payload segment\n  when ``b64=false`` is set in the protected header, and require that\n  segment to be empty (RFC 7515 Appendix F detached form). Closes an\n  unauthenticated DoS amplifier. Reported by @thesmartshadow in\n  `GHSA-w7vc-732c-9m39 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\u0026gt;`__.\n\u003cp\u003eFixed\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject empty HMAC keys outright in ``HMACAlgorithm.prepare_key`` with\n  ``InvalidKeyError`` instead of accepting them with only a warning.\n  Thanks to @SnailSploit and @spartan8806 for independently flagging the\n  footgun.\n- Forward per-call ``options`` (including ``enforce_minimum_key_length``)\n  from ``PyJWT.decode`` through to ``PyJWS._verify_signature`` so the\n  option actually takes effect when set at the call site rather than only\n  on the ``PyJWT`` instance. Thanks to @WLUB for the report.\n- RFC 7797 §3 compliance for ``b64=false``: the encoder now auto-adds\n  ``\u0026amp;quot;b64\u0026amp;quot;`` to the ``crit`` header parameter, and the decoder rejects\n  tokens that set ``b64=false`` without listing it in ``crit``. Thanks to\n  @MachineLearning-Nerd for the report.\n\nChanged\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ccode\u003e[#1152](https://github.com/jpadilla/pyjwt/issues/1152) \u0026amp;lt;https://github.com/jpadilla/pyjwt/pull/1152\u0026amp;gt;\u003c/code\u003e__\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/7144e4534c34810f4525dc4578a32addd8212cff\"\u003e\u003ccode\u003e7144e45\u003c/code\u003e\u003c/a\u003e Apply ruff format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/d2f4bec4963897c0ef96ef64a875894f2c8542ab\"\u003e\u003ccode\u003ed2f4bec\u003c/code\u003e\u003c/a\u003e Restore \u003ccode\u003ecast()\u003c/code\u003e calls with cross-version \u003ccode\u003etype: ignore\u003c/code\u003e for \u003ccode\u003eprepare_key\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/22f478cebddd8294259c30f037ecb92b0b348774\"\u003e\u003ccode\u003e22f478c\u003c/code\u003e\u003c/a\u003e Remove redundant casts in \u003ccode\u003eRSAAlgorithm.prepare_key\u003c/code\u003e and `ECAlgorithm.prepare...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/95791b1759b8aa4f2203575d344d5c78564cdc81\"\u003e\u003ccode\u003e95791b1\u003c/code\u003e\u003c/a\u003e Bundle security fixes and hardening into 2.13.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/dcc27a9d3182a2349c30b160758785c6ce7a6508\"\u003e\u003ccode\u003edcc27a9\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1155\"\u003e#1155\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/9d08a9a1896845ed8eaf88e6f6ac61e5800c3e7a\"\u003e\u003ccode\u003e9d08a9a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1146\"\u003e#1146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/b87c10014d4109f0214fea188d00faaaf8a80e64\"\u003e\u003ccode\u003eb87c100\u003c/code\u003e\u003c/a\u003e Bump codecov/codecov-action from 5 to 6 (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1154\"\u003e#1154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/40e3147eb5f790d8d041772e5fc00728a176c812\"\u003e\u003ccode\u003e40e3147\u003c/code\u003e\u003c/a\u003e Migrate development extras to dependency groups (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1152\"\u003e#1152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyjwt` from 2.12.1 to 2.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/releases\"\u003epyjwt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.13.0\u003c/h2\u003e\n\u003ch1\u003ePyJWT 2.13.0 — Security Release\u003c/h1\u003e\n\u003cp\u003eThis release bundles five security fixes plus three additional hardening / spec-compliance changes. We recommend all users upgrade.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\"\u003e\u003ccode\u003eGHSA-xgmm-8j9v-c9wx\u003c/code\u003e\u003c/a\u003e — JWK JSON accepted as HMAC secret (algorithm confusion).\u003c/strong\u003e \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e previously rejected PEM- and SSH-formatted asymmetric keys but did not catch a JWK passed as a raw JSON string. In a verifier configured with both symmetric and asymmetric algorithms in \u003ccode\u003ealgorithms=[…]\u003c/code\u003e and a raw-JSON JWK as the key, an attacker could forge HS256 tokens using the JWK text as the HMAC secret. The guard has been extended to reject any JWK-shaped JSON. \u003cem\u003eReported by \u003ca href=\"https://github.com/aradona91\"\u003e\u003ccode\u003e@​aradona91\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\"\u003e\u003ccode\u003eGHSA-jq35-7prp-9v3f\u003c/code\u003e\u003c/a\u003e — Algorithm allow-list bypass with \u003ccode\u003ePyJWK\u003c/code\u003e / \u003ccode\u003ePyJWKClient\u003c/code\u003e.\u003c/strong\u003e When verifying with a \u003ccode\u003ePyJWK\u003c/code\u003e, the caller's \u003ccode\u003ealgorithms=[…]\u003c/code\u003e allow-list was checked against the token header \u003ccode\u003ealg\u003c/code\u003e as a string only; actual verification used the algorithm bound to the \u003ccode\u003ePyJWK\u003c/code\u003e. An attacker who controlled a registered JWKS key could sign with one algorithm and advertise another on the header. PyJWT now requires the token header \u003ccode\u003ealg\u003c/code\u003e to match the \u003ccode\u003ePyJWK\u003c/code\u003e's algorithm before verification. \u003cem\u003eReported by \u003ca href=\"https://github.com/sushi-gif\"\u003e\u003ccode\u003e@​sushi-gif\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\"\u003e\u003ccode\u003eGHSA-w7vc-732c-9m39\u003c/code\u003e\u003c/a\u003e — DoS via base64 decode of unused payload segment when \u003ccode\u003eb64=false\u003c/code\u003e.\u003c/strong\u003e For detached-payload JWS (\u003ccode\u003eb64=false\u003c/code\u003e), the compact-form payload segment was base64-decoded before being discarded in favor of the caller-supplied \u003ccode\u003edetached_payload\u003c/code\u003e. An attacker could inflate the unused segment to force CPU + memory cost without holding a valid signature. The segment is now required to be empty per RFC 7515 Appendix F, and is no longer decoded. \u003cem\u003eReported by \u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\"\u003e\u003ccode\u003eGHSA-993g-76c3-p5m4\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e accepts non-HTTP(S) URIs.\u003c/strong\u003e \u003ccode\u003ePyJWKClient.fetch_data\u003c/code\u003e passed its URI to \u003ccode\u003eurllib.request.urlopen\u003c/code\u003e, which by default also handles \u003ccode\u003efile://\u003c/code\u003e, \u003ccode\u003eftp://\u003c/code\u003e, and \u003ccode\u003edata:\u003c/code\u003e schemes. An application that fed an attacker-influenced URI into \u003ccode\u003ePyJWKClient\u003c/code\u003e could be coerced into reading local files or reaching other unintended schemes. \u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects any URI whose scheme isn't \u003ccode\u003ehttp\u003c/code\u003e or \u003ccode\u003ehttps\u003c/code\u003e. \u003cem\u003eReported by \u003ca href=\"https://github.com/KEIJOT\"\u003e\u003ccode\u003e@​KEIJOT\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\"\u003e\u003ccode\u003eGHSA-fhv5-28vv-h8m8\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e cache wiped on fetch error.\u003c/strong\u003e A \u003ccode\u003efinally\u003c/code\u003e-block \u003ccode\u003eput(jwk_set=None)\u003c/code\u003e cleared the JWK Set cache whenever a fetch raised, turning a transient JWKS-endpoint outage into application-wide auth failure. The cache write was moved into the success path; transient errors no longer evict valid cached keys. \u003cem\u003eReported by \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReject empty HMAC keys outright in \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e with \u003ccode\u003eInvalidKeyError\u003c/code\u003e instead of accepting them with only a warning. Defends against the \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e footgun. \u003cem\u003eThanks to \u003ca href=\"https://github.com/SnailSploit\"\u003e\u003ccode\u003e@​SnailSploit\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/spartan8806\"\u003e\u003ccode\u003e@​spartan8806\u003c/code\u003e\u003c/a\u003e for the reports.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003eForward per-call \u003ccode\u003eoptions\u003c/code\u003e (including \u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e) from \u003ccode\u003ePyJWT.decode\u003c/code\u003e through to \u003ccode\u003ePyJWS._verify_signature\u003c/code\u003e. The option was previously silently dropped between the two layers, so it only took effect when set on the \u003ccode\u003ePyJWT\u003c/code\u003e instance. \u003cem\u003eThanks to \u003ca href=\"https://github.com/WLUB\"\u003e\u003ccode\u003e@​WLUB\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRFC 7797 §3 compliance for \u003ccode\u003eb64=false\u003c/code\u003e:\u003c/strong\u003e the encoder now auto-adds \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e to \u003ccode\u003ecrit\u003c/code\u003e, and the decoder rejects tokens that set \u003ccode\u003eb64=false\u003c/code\u003e without listing it in \u003ccode\u003ecrit\u003c/code\u003e. \u003cem\u003eThanks to \u003ca href=\"https://github.com/MachineLearning-Nerd\"\u003e\u003ccode\u003e@​MachineLearning-Nerd\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups, by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/pull/1152\"\u003e#1152\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUpgrade notes\u003c/h2\u003e\n\u003cp\u003eMost fixes are invisible to correctly-configured callers. A few behavioral changes you may encounter:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eEmpty HMAC keys now raise.\u003c/strong\u003e If your app passed \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e or \u003ccode\u003eb\u0026quot;\u0026quot;\u003c/code\u003e as a secret (often via a missing env var, e.g. \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e), \u003ccode\u003eencode\u003c/code\u003e/\u003ccode\u003edecode\u003c/code\u003e will now raise \u003ccode\u003eInvalidKeyError\u003c/code\u003e. This is the intended behavior — fix the configuration.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWK\u003c/code\u003e decoding now requires the token's \u003ccode\u003ealg\u003c/code\u003e to match the JWK's algorithm.\u003c/strong\u003e Previously a mismatch was silently honored if the header \u003ccode\u003ealg\u003c/code\u003e appeared in the allow-list. Tokens that relied on this mismatch will now fail with \u003ccode\u003eInvalidAlgorithmError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects non-HTTP(S) URIs at construction time.\u003c/strong\u003e Tests or dev environments that fetched JWKS from \u003ccode\u003efile://\u003c/code\u003e URIs need to switch to a local HTTP server or load the JWKS by other means (e.g. construct \u003ccode\u003ePyJWKSet.from_dict(...)\u003c/code\u003e directly).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eb64=false\u003c/code\u003e tokens are now strictly RFC 7515 / 7797 compliant.\u003c/strong\u003e Tokens with a non-empty compact-form payload segment, or that omit \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e from \u003ccode\u003ecrit\u003c/code\u003e, will be rejected. PyJWT-produced tokens always satisfy both invariants, so round-trips through PyJWT are unaffected.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e set per-call now takes effect.\u003c/strong\u003e Callers who passed \u003ccode\u003eoptions={\u0026quot;enforce_minimum_key_length\u0026quot;: True}\u003c/code\u003e to \u003ccode\u003ejwt.decode()\u003c/code\u003e previously got no enforcement; they will now get \u003ccode\u003eInvalidKeyError\u003c/code\u003e on undersized keys, as documented.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull changelog:\u003c/strong\u003e \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ehttps://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst\"\u003epyjwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003ev2.13.0 \u0026lt;https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u0026gt;\u003c/code\u003e__\u003c/h2\u003e\n\u003cp\u003eSecurity\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject JWK JSON documents passed as raw HMAC secrets in\n  ``HMACAlgorithm.prepare_key`` to close an algorithm-confusion gap that\n  the existing PEM/SSH guard did not cover. Reported by @aradona91 in\n  `GHSA-xgmm-8j9v-c9wx \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\u0026gt;`__.\n- Bind the JWT header ``alg`` to ``PyJWK.algorithm_name`` during\n  verification so the caller's ``algorithms=[...]`` allow-list cannot be\n  bypassed when decoding with a ``PyJWK`` / ``PyJWKClient`` key. Reported\n  by @sushi-gif in `GHSA-jq35-7prp-9v3f \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\u0026gt;`__.\n- Reject non-``http(s)`` URI schemes in ``PyJWKClient`` so attacker-\n  influenced URIs cannot read local files or reach unintended schemes via\n  urllib's default ``file://`` / ``ftp://`` / ``data:`` handlers. Reported\n  by @KEIJOT in `GHSA-993g-76c3-p5m4 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\u0026gt;`__.\n- Preserve the cached JWK Set on fetch errors in ``PyJWKClient.fetch_data``.\n  The previous ``finally``-block ``put(None)`` pattern cleared the cache\n  on any transient outage, turning one bad JWKS request into application-\n  wide auth failure. Reported by @eddieran in `GHSA-fhv5-28vv-h8m8 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\u0026gt;`__.\n- Skip the unconditional base64 decode of the compact-form payload segment\n  when ``b64=false`` is set in the protected header, and require that\n  segment to be empty (RFC 7515 Appendix F detached form). Closes an\n  unauthenticated DoS amplifier. Reported by @thesmartshadow in\n  `GHSA-w7vc-732c-9m39 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\u0026gt;`__.\n\u003cp\u003eFixed\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject empty HMAC keys outright in ``HMACAlgorithm.prepare_key`` with\n  ``InvalidKeyError`` instead of accepting them with only a warning.\n  Thanks to @SnailSploit and @spartan8806 for independently flagging the\n  footgun.\n- Forward per-call ``options`` (including ``enforce_minimum_key_length``)\n  from ``PyJWT.decode`` through to ``PyJWS._verify_signature`` so the\n  option actually takes effect when set at the call site rather than only\n  on the ``PyJWT`` instance. Thanks to @WLUB for the report.\n- RFC 7797 §3 compliance for ``b64=false``: the encoder now auto-adds\n  ``\u0026amp;quot;b64\u0026amp;quot;`` to the ``crit`` header parameter, and the decoder rejects\n  tokens that set ``b64=false`` without listing it in ``crit``. Thanks to\n  @MachineLearning-Nerd for the report.\n\nChanged\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ccode\u003e[#1152](https://github.com/jpadilla/pyjwt/issues/1152) \u0026amp;lt;https://github.com/jpadilla/pyjwt/pull/1152\u0026amp;gt;\u003c/code\u003e__\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/7144e4534c34810f4525dc4578a32addd8212cff\"\u003e\u003ccode\u003e7144e45\u003c/code\u003e\u003c/a\u003e Apply ruff format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/d2f4bec4963897c0ef96ef64a875894f2c8542ab\"\u003e\u003ccode\u003ed2f4bec\u003c/code\u003e\u003c/a\u003e Restore \u003ccode\u003ecast()\u003c/code\u003e calls with cross-version \u003ccode\u003etype: ignore\u003c/code\u003e for \u003ccode\u003eprepare_key\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/22f478cebddd8294259c30f037ecb92b0b348774\"\u003e\u003ccode\u003e22f478c\u003c/code\u003e\u003c/a\u003e Remove redundant casts in \u003ccode\u003eRSAAlgorithm.prepare_key\u003c/code\u003e and `ECAlgorithm.prepare...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/95791b1759b8aa4f2203575d344d5c78564cdc81\"\u003e\u003ccode\u003e95791b1\u003c/code\u003e\u003c/a\u003e Bundle security fixes and hardening into 2.13.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/dcc27a9d3182a2349c30b160758785c6ce7a6508\"\u003e\u003ccode\u003edcc27a9\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1155\"\u003e#1155\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/9d08a9a1896845ed8eaf88e6f6ac61e5800c3e7a\"\u003e\u003ccode\u003e9d08a9a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1146\"\u003e#1146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/b87c10014d4109f0214fea188d00faaaf8a80e64\"\u003e\u003ccode\u003eb87c100\u003c/code\u003e\u003c/a\u003e Bump codecov/codecov-action from 5 to 6 (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1154\"\u003e#1154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/40e3147eb5f790d8d041772e5fc00728a176c812\"\u003e\u003ccode\u003e40e3147\u003c/code\u003e\u003c/a\u003e Migrate development extras to dependency groups (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1152\"\u003e#1152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `envoy-base-utils` from 0.6.4 to 0.6.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/envoyproxy/toolshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobuf` from 7.34.1 to 7.35.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make generator headers private (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add [[nodiscard]] to many APIs. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make the arena-enabled constructors of \u003ccode\u003eRepeatedField\u003c/code\u003e, \u003ccode\u003eRepeatedPtrField\u003c/code\u003e, and \u003ccode\u003eMap\u003c/code\u003e private. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() \u0026amp;\u0026amp; !is_repeated()) instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] All entity names have length limit (2afb0dc)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003egenerate_minimal_imports\u003c/code\u003e generation option warning (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Fix nullability annotations on some \u003ccode\u003eGPB*Dictionary\u003c/code\u003e types. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003e-[GPBFieldDescriptor optional]\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Other] Remove deprecated flag for enabling MSVC support (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  Add PHP typehints for setters and remove redundant GPBUtil checks (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25296\"\u003eprotocolbuffers/protobuf#25296\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  support default values for editions/proto2 (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25161\"\u003eprotocolbuffers/protobuf#25161\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_format/double_format from python proto text_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_precision from python proto json_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor.label (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/news/\"\u003eProtobuf News\u003c/a\u003e may include additional announcements or pre-announcements for upcoming changes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/support/migration/\"\u003eMigration Guide\u003c/a\u003e may include additional guidance for breaking changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBazel\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/25168\"\u003e#25168\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBreaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFeat(bazel): wire up prebuilt protoc toolchain (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/24115\"\u003e#24115\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrate \u003ccode\u003eproto_descriptor_set\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/23369\"\u003e#23369\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eCompiler\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRuby codegen: support generation of rbs files (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/15633\"\u003e#15633\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid collision name problems between a message named \u003ccode\u003eXyz\u003c/code\u003e and a direct sibling enum named \u003ccode\u003eXyzView\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneralizing and implementing ValidateFeatureSupport for both Options and Features during proto parsing (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug with custom features outside of the \u003ccode\u003epb\u003c/code\u003e package. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix import option handling when include_imports isn't set. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug in STRICT check of namespaced enums to properly check for 'reserved 1 to max' (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent accidental stripping of \u003ccode\u003edebug_redact\u003c/code\u003e options via import option. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eC++\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd EnumerateEnumValues function. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyjwt` from 2.12.1 to 2.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/releases\"\u003epyjwt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.13.0\u003c/h2\u003e\n\u003ch1\u003ePyJWT 2.13.0 — Security Release\u003c/h1\u003e\n\u003cp\u003eThis release bundles five security fixes plus three additional hardening / spec-compliance changes. We recommend all users upgrade.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\"\u003e\u003ccode\u003eGHSA-xgmm-8j9v-c9wx\u003c/code\u003e\u003c/a\u003e — JWK JSON accepted as HMAC secret (algorithm confusion).\u003c/strong\u003e \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e previously rejected PEM- and SSH-formatted asymmetric keys but did not catch a JWK passed as a raw JSON string. In a verifier configured with both symmetric and asymmetric algorithms in \u003ccode\u003ealgorithms=[…]\u003c/code\u003e and a raw-JSON JWK as the key, an attacker could forge HS256 tokens using the JWK text as the HMAC secret. The guard has been extended to reject any JWK-shaped JSON. \u003cem\u003eReported by \u003ca href=\"https://github.com/aradona91\"\u003e\u003ccode\u003e@​aradona91\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\"\u003e\u003ccode\u003eGHSA-jq35-7prp-9v3f\u003c/code\u003e\u003c/a\u003e — Algorithm allow-list bypass with \u003ccode\u003ePyJWK\u003c/code\u003e / \u003ccode\u003ePyJWKClient\u003c/code\u003e.\u003c/strong\u003e When verifying with a \u003ccode\u003ePyJWK\u003c/code\u003e, the caller's \u003ccode\u003ealgorithms=[…]\u003c/code\u003e allow-list was checked against the token header \u003ccode\u003ealg\u003c/code\u003e as a string only; actual verification used the algorithm bound to the \u003ccode\u003ePyJWK\u003c/code\u003e. An attacker who controlled a registered JWKS key could sign with one algorithm and advertise another on the header. PyJWT now requires the token header \u003ccode\u003ealg\u003c/code\u003e to match the \u003ccode\u003ePyJWK\u003c/code\u003e's algorithm before verification. \u003cem\u003eReported by \u003ca href=\"https://github.com/sushi-gif\"\u003e\u003ccode\u003e@​sushi-gif\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\"\u003e\u003ccode\u003eGHSA-w7vc-732c-9m39\u003c/code\u003e\u003c/a\u003e — DoS via base64 decode of unused payload segment when \u003ccode\u003eb64=false\u003c/code\u003e.\u003c/strong\u003e For detached-payload JWS (\u003ccode\u003eb64=false\u003c/code\u003e), the compact-form payload segment was base64-decoded before being discarded in favor of the caller-supplied \u003ccode\u003edetached_payload\u003c/code\u003e. An attacker could inflate the unused segment to force CPU + memory cost without holding a valid signature. The segment is now required to be empty per RFC 7515 Appendix F, and is no longer decoded. \u003cem\u003eReported by \u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\"\u003e\u003ccode\u003eGHSA-993g-76c3-p5m4\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e accepts non-HTTP(S) URIs.\u003c/strong\u003e \u003ccode\u003ePyJWKClient.fetch_data\u003c/code\u003e passed its URI to \u003ccode\u003eurllib.request.urlopen\u003c/code\u003e, which by default also handles \u003ccode\u003efile://\u003c/code\u003e, \u003ccode\u003eftp://\u003c/code\u003e, and \u003ccode\u003edata:\u003c/code\u003e schemes. An application that fed an attacker-influenced URI into \u003ccode\u003ePyJWKClient\u003c/code\u003e could be coerced into reading local files or reaching other unintended schemes. \u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects any URI whose scheme isn't \u003ccode\u003ehttp\u003c/code\u003e or \u003ccode\u003ehttps\u003c/code\u003e. \u003cem\u003eReported by \u003ca href=\"https://github.com/KEIJOT\"\u003e\u003ccode\u003e@​KEIJOT\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\"\u003e\u003ccode\u003eGHSA-fhv5-28vv-h8m8\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e cache wiped on fetch error.\u003c/strong\u003e A \u003ccode\u003efinally\u003c/code\u003e-block \u003ccode\u003eput(jwk_set=None)\u003c/code\u003e cleared the JWK Set cache whenever a fetch raised, turning a transient JWKS-endpoint outage into application-wide auth failure. The cache write was moved into the success path; transient errors no longer evict valid cached keys. \u003cem\u003eReported by \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReject empty HMAC keys outright in \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e with \u003ccode\u003eInvalidKeyError\u003c/code\u003e instead of accepting them with only a warning. Defends against the \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e footgun. \u003cem\u003eThanks to \u003ca href=\"https://github.com/SnailSploit\"\u003e\u003ccode\u003e@​SnailSploit\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/spartan8806\"\u003e\u003ccode\u003e@​spartan8806\u003c/code\u003e\u003c/a\u003e for the reports.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003eForward per-call \u003ccode\u003eoptions\u003c/code\u003e (including \u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e) from \u003ccode\u003ePyJWT.decode\u003c/code\u003e through to \u003ccode\u003ePyJWS._verify_signature\u003c/code\u003e. The option was previously silently dropped between the two layers, so it only took effect when set on the \u003ccode\u003ePyJWT\u003c/code\u003e instance. \u003cem\u003eThanks to \u003ca href=\"https://github.com/WLUB\"\u003e\u003ccode\u003e@​WLUB\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRFC 7797 §3 compliance for \u003ccode\u003eb64=false\u003c/code\u003e:\u003c/strong\u003e the encoder now auto-adds \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e to \u003ccode\u003ecrit\u003c/code\u003e, and the decoder rejects tokens that set \u003ccode\u003eb64=false\u003c/code\u003e without listing it in \u003ccode\u003ecrit\u003c/code\u003e. \u003cem\u003eThanks to \u003ca href=\"https://github.com/MachineLearning-Nerd\"\u003e\u003ccode\u003e@​MachineLearning-Nerd\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups, by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/pull/1152\"\u003e#1152\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUpgrade notes\u003c/h2\u003e\n\u003cp\u003eMost fixes are invisible to correctly-configured callers. A few behavioral changes you may encounter:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eEmpty HMAC keys now raise.\u003c/strong\u003e If your app passed \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e or \u003ccode\u003eb\u0026quot;\u0026quot;\u003c/code\u003e as a secret (often via a missing env var, e.g. \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e), \u003ccode\u003eencode\u003c/code\u003e/\u003ccode\u003edecode\u003c/code\u003e will now raise \u003ccode\u003eInvalidKeyError\u003c/code\u003e. This is the intended behavior — fix the configuration.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWK\u003c/code\u003e decoding now requires the token's \u003ccode\u003ealg\u003c/code\u003e to match the JWK's algorithm.\u003c/strong\u003e Previously a mismatch was silently honored if the header \u003ccode\u003ealg\u003c/code\u003e appeared in the allow-list. Tokens that relied on this mismatch will now fail with \u003ccode\u003eInvalidAlgorithmError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects non-HTTP(S) URIs at construction time.\u003c/strong\u003e Tests or dev environments that fetched JWKS from \u003ccode\u003efile://\u003c/code\u003e URIs need to switch to a local HTTP server or load the JWKS by other means (e.g. construct \u003ccode\u003ePyJWKSet.from_dict(...)\u003c/code\u003e directly).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eb64=false\u003c/code\u003e tokens are now strictly RFC 7515 / 7797 compliant.\u003c/strong\u003e Tokens with a non-empty compact-form payload segment, or that omit \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e from \u003ccode\u003ecrit\u003c/code\u003e, will be rejected. PyJWT-produced tokens always satisfy both invariants, so round-trips through PyJWT are unaffected.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e set per-call now takes effect.\u003c/strong\u003e Callers who passed \u003ccode\u003eoptions={\u0026quot;enforce_minimum_key_length\u0026quot;: True}\u003c/code\u003e to \u003ccode\u003ejwt.decode()\u003c/code\u003e previously got no enforcement; they will now get \u003ccode\u003eInvalidKeyError\u003c/code\u003e on undersized keys, as documented.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull changelog:\u003c/strong\u003e \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ehttps://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst\"\u003epyjwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003ev2.13.0 \u0026lt;https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u0026gt;\u003c/code\u003e__\u003c/h2\u003e\n\u003cp\u003eSecurity\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject JWK JSON documents passed as raw HMAC secrets in\n  ``HMACAlgorithm.prepare_key`` to close an algorithm-confusion gap that\n  the existing PEM/SSH guard did not cover. Reported by @aradona91 in\n  `GHSA-xgmm-8j9v-c9wx \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\u0026gt;`__.\n- Bind the JWT header ``alg`` to ``PyJWK.algorithm_name`` during\n  verification so the caller's ``algorithms=[...]`` allow-list cannot be\n  bypassed when decoding with a ``PyJWK`` / ``PyJWKClient`` key. Reported\n  by @sushi-gif in `GHSA-jq35-7prp-9v3f \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\u0026gt;`__.\n- Reject non-``http(s)`` URI schemes in ``PyJWKClient`` so attacker-\n  influenced URIs cannot read local files or reach unintended schemes via\n  urllib's default ``file://`` / ``ftp://`` / ``data:`` handlers. Reported\n  by @KEIJOT in `GHSA-993g-76c3-p5m4 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\u0026gt;`__.\n- Preserve the cached JWK Set on fetch errors in ``PyJWKClient.fetch_data``.\n  The previous ``finally``-block ``put(None)`` pattern cleared the cache\n  on any transient outage, turning one bad JWKS request into application-\n  wide auth failure. Reported by @eddieran in `GHSA-fhv5-28vv-h8m8 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\u0026gt;`__.\n- Skip the unconditional base64 decode of the compact-form payload segment\n  when ``b64=false`` is set in the protected header, and require that\n  segment to be empty (RFC 7515 Appendix F detached form). Closes an\n  unauthenticated DoS amplifier. Reported by @thesmartshadow in\n  `GHSA-w7vc-732c-9m39 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\u0026gt;`__.\n\u003cp\u003eFixed\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject empty HMAC keys outright in ``HMACAlgorithm.prepare_key`` with\n  ``InvalidKeyError`` instead of accepting them with only a warning.\n  Thanks to @SnailSploit and @spartan8806 for independently flagging the\n  footgun.\n- Forward per-call ``options`` (including ``enforce_minimum_key_length``)\n  from ``PyJWT.decode`` through to ``PyJWS._verify_signature`` so the\n  option actually takes effect when set at the call site rather than only\n  on the ``PyJWT`` instance. Thanks to @WLUB for the report.\n- RFC 7797 §3 compliance for ``b64=false``: the encoder now auto-adds\n  ``\u0026amp;quot;b64\u0026amp;quot;`` to the ``crit`` header parameter, and the decoder rejects\n  tokens that set ``b64=false`` without listing it in ``crit``. Thanks to\n  @MachineLearning-Nerd for the report.\n\nChanged\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ccode\u003e[#1152](https://github.com/jpadilla/pyjwt/issues/1152) \u0026amp;lt;https://github.com/jpadilla/pyjwt/pull/1152\u0026amp;gt;\u003c/code\u003e__\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/7144e4534c34810f4525dc4578a32addd8212cff\"\u003e\u003ccode\u003e7144e45\u003c/code\u003e\u003c/a\u003e Apply ruff format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/d2f4bec4963897c0ef96ef64a875894f2c8542ab\"\u003e\u003ccode\u003ed2f4bec\u003c/code\u003e\u003c/a\u003e Restore \u003ccode\u003ecast()\u003c/code\u003e calls with cross-version \u003ccode\u003etype: ignore\u003c/code\u003e for \u003ccode\u003eprepare_key\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/22f478cebddd8294259c30f037ecb92b0b348774\"\u003e\u003ccode\u003e22f478c\u003c/code\u003e\u003c/a\u003e Remove redundant casts in \u003ccode\u003eRSAAlgorithm.prepare_key\u003c/code\u003e and `ECAlgorithm.prepare...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/95791b1759b8aa4f2203575d344d5c78564cdc81\"\u003e\u003ccode\u003e95791b1\u003c/code\u003e\u003c/a\u003e Bundle security fixes and hardening into 2.13.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/dcc27a9d3182a2349c30b160758785c6ce7a6508\"\u003e\u003ccode\u003edcc27a9\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1155\"\u003e#1155\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/9d08a9a1896845ed8eaf88e6f6ac61e5800c3e7a\"\u003e\u003ccode\u003e9d08a9a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1146\"\u003e#1146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/b87c10014d4109f0214fea188d00faaaf8a80e64\"\u003e\u003ccode\u003eb87c100\u003c/code\u003e\u003c/a\u003e Bump codecov/codecov-action from 5 to 6 (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1154\"\u003e#1154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/40e3147eb5f790d8d041772e5fc00728a176c812\"\u003e\u003ccode\u003e40e3147\u003c/code\u003e\u003c/a\u003e Migrate development extras to dependency groups (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1152\"\u003e#1152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-aiofiles` from 25.1.0.20260508 to 25.1.0.20260518\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eS...\n\n_Description has been truncated_","html_url":"https://github.com/envoyproxy/toolshed/pull/4587","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/envoyproxy%2Ftoolshed/issues/4587","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/4587/packages"}},{"old_version":"6.0.12.20260408","new_version":"6.0.12.20260518","update_type":null,"path":null,"pr_created_at":"2026-05-21T23:21:28.000Z","version_change":"6.0.12.20260408 → 6.0.12.20260518","issue":{"uuid":"4498540037","node_id":"PR_kwDOQqG8is7eI1ly","number":422,"state":"closed","title":"chore(deps): bump the python-dependencies group across 1 directory with 18 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-05-28T23:56:03.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-21T23:21:28.000Z","updated_at":"2026-05-28T23:56:05.000Z","time_to_close":606875,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"python-dependencies","update_count":18,"packages":[{"name":"numpy","old_version":"2.4.4","new_version":"2.4.6","repository_url":"https://github.com/numpy/numpy"},{"name":"pandas","old_version":"3.0.2","new_version":"3.0.3","repository_url":"https://github.com/pandas-dev/pandas"},{"name":"astropy-iers-data","old_version":"0.2026.5.4.1.4.54","new_version":"0.2026.5.18.1.11.28","repository_url":"https://github.com/astropy/astropy-iers-data"},{"name":"certifi","old_version":"2026.4.22","new_version":"2026.5.20","repository_url":"https://github.com/certifi/python-certifi"},{"name":"click","old_version":"8.3.3","new_version":"8.4.0","repository_url":"https://github.com/pallets/click"},{"name":"coverage","old_version":"7.13.5","new_version":"7.14.0","repository_url":"https://github.com/coveragepy/coveragepy"},{"name":"decorator","old_version":"5.2.1","new_version":"5.3.1","repository_url":"https://github.com/micheles/decorator"},{"name":"fonttools","old_version":"4.62.1","new_version":"4.63.0","repository_url":"https://github.com/fonttools/fonttools"},{"name":"idna","old_version":"3.13","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"librt","old_version":"0.10.0","new_version":"0.11.0","repository_url":"https://github.com/mypyc/librt"},{"name":"matplotlib-inline","old_version":"0.2.1","new_version":"0.2.2","repository_url":"https://github.com/ipython/matplotlib-inline"},{"name":"mypy","old_version":"2.0.0","new_version":"2.1.0","repository_url":"https://github.com/python/mypy"},{"name":"pyjwt","old_version":"2.12.1","new_version":"2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"},{"name":"regex","old_version":"2026.4.4","new_version":"2026.5.9","repository_url":"https://github.com/mrabarnett/mrab-regex"},{"name":"requests","old_version":"2.33.1","new_version":"2.34.2","repository_url":"https://github.com/psf/requests"},{"name":"ruff","old_version":"0.15.12","new_version":"0.15.14","repository_url":"https://github.com/astral-sh/ruff"},{"name":"types-pyyaml","old_version":"6.0.12.20260408","new_version":"6.0.12.20260518","repository_url":"https://github.com/python/typeshed"},{"name":"types-requests","old_version":"2.33.0.20260503","new_version":"2.33.0.20260518","repository_url":"https://github.com/python/typeshed"}],"path":null,"ecosystem":"pip"},"body":"Bumps the python-dependencies group with 18 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [numpy](https://github.com/numpy/numpy) | `2.4.4` | `2.4.6` |\n| [pandas](https://github.com/pandas-dev/pandas) | `3.0.2` | `3.0.3` |\n| [astropy-iers-data](https://github.com/astropy/astropy-iers-data) | `0.2026.5.4.1.4.54` | `0.2026.5.18.1.11.28` |\n| [certifi](https://github.com/certifi/python-certifi) | `2026.4.22` | `2026.5.20` |\n| [click](https://github.com/pallets/click) | `8.3.3` | `8.4.0` |\n| [coverage](https://github.com/coveragepy/coveragepy) | `7.13.5` | `7.14.0` |\n| [decorator](https://github.com/micheles/decorator) | `5.2.1` | `5.3.1` |\n| [fonttools](https://github.com/fonttools/fonttools) | `4.62.1` | `4.63.0` |\n| [idna](https://github.com/kjd/idna) | `3.13` | `3.15` |\n| [librt](https://github.com/mypyc/librt) | `0.10.0` | `0.11.0` |\n| [matplotlib-inline](https://github.com/ipython/matplotlib-inline) | `0.2.1` | `0.2.2` |\n| [mypy](https://github.com/python/mypy) | `2.0.0` | `2.1.0` |\n| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.12.1` | `2.13.0` |\n| [regex](https://github.com/mrabarnett/mrab-regex) | `2026.4.4` | `2026.5.9` |\n| [requests](https://github.com/psf/requests) | `2.33.1` | `2.34.2` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.15.12` | `0.15.14` |\n| [types-pyyaml](https://github.com/python/typeshed) | `6.0.12.20260408` | `6.0.12.20260518` |\n| [types-requests](https://github.com/python/typeshed) | `2.33.0.20260503` | `2.33.0.20260518` |\n\n\nUpdates `numpy` from 2.4.4 to 2.4.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/numpy/numpy/releases\"\u003enumpy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.4.6 (May 18, 2026)\u003c/h2\u003e\n\u003ch1\u003eNumPy 2.4.6 Release Notes\u003c/h1\u003e\n\u003cp\u003eNumPy 2.4.6 is a quick release that fixes a regression discovered in the 2.4.5\nrelease.\u003c/p\u003e\n\u003cp\u003eThis release supports Python versions 3.11-3.14\u003c/p\u003e\n\u003ch2\u003eContributors\u003c/h2\u003e\n\u003cp\u003eA total of 4 people contributed to this release. People with a \u0026quot;+\u0026quot; by their\nnames contributed a patch for the first time.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e!EarlMilktea\u003c/li\u003e\n\u003cli\u003eCharles Harris\u003c/li\u003e\n\u003cli\u003eSebastian Berg\u003c/li\u003e\n\u003cli\u003eWarren Weckesser\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ePull requests merged\u003c/h2\u003e\n\u003cp\u003eA total of 4 pull requests were merged for this release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31444\"\u003e#31444\u003c/a\u003e: MAINT: Prepare 2.4.x for further development\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31453\"\u003e#31453\u003c/a\u003e: BUG: Fix regression in \u003ccode\u003earr.conj()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31459\"\u003e#31459\u003c/a\u003e: BUG: \u003ccode\u003enp.linalg.svd(..., hermitian=True)\u003c/code\u003e returns non-unitary...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31460\"\u003e#31460\u003c/a\u003e: BUG: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator...\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.4.5 (May 15, 2026)\u003c/h2\u003e\n\u003ch1\u003eNumPy 2.4.5 Release Notes\u003c/h1\u003e\n\u003cp\u003eNumPy 2.4.5 is a patch release that fixes bugs discovered after the 2.4.4\nrelease, has some typing improvements, and maintains infrastructure.\u003c/p\u003e\n\u003cp\u003eThis release supports Python versions 3.11-3.14\u003c/p\u003e\n\u003ch2\u003eContributors\u003c/h2\u003e\n\u003cp\u003eA total of 17 people contributed to this release. People with a \u0026quot;+\u0026quot; by their\nnames contributed a patch for the first time.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAleksei Nikiforov\u003c/li\u003e\n\u003cli\u003eAnarion Zuo +\u003c/li\u003e\n\u003cli\u003eAnkit Ahlawat\u003c/li\u003e\n\u003cli\u003eBreno Favaretto +\u003c/li\u003e\n\u003cli\u003eCharles Harris\u003c/li\u003e\n\u003cli\u003eIgor Krivenko +\u003c/li\u003e\n\u003cli\u003eIjtihed Kilani +\u003c/li\u003e\n\u003cli\u003eJoren Hammudoglu\u003c/li\u003e\n\u003cli\u003eMaarten Baert +\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/b832a09cf2a169c833dd2371e7c07aa00b293242\"\u003e\u003ccode\u003eb832a09\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31462\"\u003e#31462\u003c/a\u003e from charris/prepare-2.4.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/57cc147d2ceacffc6534642bfbdebb3a80428e1e\"\u003e\u003ccode\u003e57cc147\u003c/code\u003e\u003c/a\u003e REL: Prepare for the NumPy 2.4.6 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/0c72b0b53b6b83c004e434b2c7855e73c000d21e\"\u003e\u003ccode\u003e0c72b0b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31459\"\u003e#31459\u003c/a\u003e from charris/backport-31347\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/9778d26e0475d381ccb7817c3b4dd8cacef2b9eb\"\u003e\u003ccode\u003e9778d26\u003c/code\u003e\u003c/a\u003e BUG: core: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator. (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/e0e38767d5d0f848ab44befeedcad71e8ef589c7\"\u003e\u003ccode\u003ee0e3876\u003c/code\u003e\u003c/a\u003e BUG: core: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator. (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/d1bffeb9ec4ec0bf029c94ea35abffa92d5c30f2\"\u003e\u003ccode\u003ed1bffeb\u003c/code\u003e\u003c/a\u003e BUG: \u003ccode\u003enp.linalg.svd(..., hermitian=True)\u003c/code\u003e returns non-unitary \u003ccode\u003evh\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31347\"\u003e#31347\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/8d8d7e5a14a1da0bfb0faf609a7a7610c431e6e9\"\u003e\u003ccode\u003e8d8d7e5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31453\"\u003e#31453\u003c/a\u003e from seberg/issue-31452\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/bddaab7ace45f90148d8f2bb6e67daab2d45ec76\"\u003e\u003ccode\u003ebddaab7\u003c/code\u003e\u003c/a\u003e BUG: Fix regression in \u003ccode\u003earr.conj()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/37a1ecca8dff09b2c579a991194ac55b9971f3a7\"\u003e\u003ccode\u003e37a1ecc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31444\"\u003e#31444\u003c/a\u003e from charris/begin-2.4.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/3c0e043217a759a8a948ade158fec14348c3b459\"\u003e\u003ccode\u003e3c0e043\u003c/code\u003e\u003c/a\u003e MAINT: Prepare 2.4.x for further development\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/numpy/numpy/compare/v2.4.4...v2.4.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pandas` from 3.0.2 to 3.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pandas-dev/pandas/releases\"\u003epandas's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003epandas 3.0.3\u003c/h2\u003e\n\u003cp\u003eWe are pleased to announce the release of pandas 3.0.3.\nThis is a patch release in the 3.0.x series and includes some regression fixes and bug fixes. We recommend that all users of the 3.0.x series upgrade to this version.\u003c/p\u003e\n\u003cp\u003eSee the \u003ca href=\"https://pandas.pydata.org/docs/whatsnew/v3.0.3.html\"\u003efull whatsnew\u003c/a\u003e for a list of all the changes.\u003c/p\u003e\n\u003cp\u003ePandas 3.0 supports Python 3.11 and higher.\nThe release can be installed from PyPI:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epython -m pip install --upgrade pandas==3.0.*\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eOr from conda-forge\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge pandas=3.0\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003ePlease report any issues with the release on the \u003ca href=\"https://github.com/pandas-dev/pandas/issues\"\u003epandas issue tracker\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThanks to all the contributors who made this release possible.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/72f2fea91530b5abb3cf2100cb22d84e504695c0\"\u003e\u003ccode\u003e72f2fea\u003c/code\u003e\u003c/a\u003e RLS: 3.0.3 (\u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/65590\"\u003e#65590\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/2897590094c2b6e3962d01a82665936f30be563d\"\u003e\u003ccode\u003e2897590\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/65436\"\u003e#65436\u003c/a\u003e on branch 3.0.x (Account for privatization of matplotlib `...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/49894b5b6037c50f6444504070d9b1e8e514001a\"\u003e\u003ccode\u003e49894b5\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/65499\"\u003e#65499\u003c/a\u003e on branch 3.0.x (BUG: fix check if pyarrow is installed in...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/1c6d1e30cc4b80bedb769a8b3731b0788f69c9dc\"\u003e\u003ccode\u003e1c6d1e3\u003c/code\u003e\u003c/a\u003e [backport 3.0.x] PERF: remove special casing for zoneinfo in tz_localize_to_u...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/2a547116afc46d88d4e6584670fd793949222a1e\"\u003e\u003ccode\u003e2a54711\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/64379\"\u003e#64379\u003c/a\u003e on branch 3.0.x (PERF: improve performance with ZoneInfo t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/036bb7c0e7160b9d5a7f6bd26a9fc00921fa6977\"\u003e\u003ccode\u003e036bb7c\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/65482\"\u003e#65482\u003c/a\u003e on branch 3.0.x (PERF: don't call unique on dtypes for che...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/bf4c182b09251f5b469e8e246ae3ea3e1ae07164\"\u003e\u003ccode\u003ebf4c182\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/65410\"\u003e#65410\u003c/a\u003e on branch 3.0.x (TST: also convert str index to object in ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/dd02d75ce219135f9f3f65c13644d4be35585d42\"\u003e\u003ccode\u003edd02d75\u003c/code\u003e\u003c/a\u003e [backport 3.0.x] BUG: keep fsspec OpenFile alive for chained URL reads (\u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/6547\"\u003e#6547\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/aef3d0f6698667262c6d6ffc69180b280b0fa86a\"\u003e\u003ccode\u003eaef3d0f\u003c/code\u003e\u003c/a\u003e [backport 3.0.x] CI: lowercase types-pymysql/types-pyyaml to fix mamba 2.6.0 ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/bb8e24876273a14322047f4b89e648f6a4abebae\"\u003e\u003ccode\u003ebb8e248\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/65399\"\u003e#65399\u003c/a\u003e on branch 3.0.x (DOC: fix source link for classes in the r...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pandas-dev/pandas/compare/v3.0.2...v3.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `astropy-iers-data` from 0.2026.5.4.1.4.54 to 0.2026.5.18.1.11.28\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astropy/astropy-iers-data/releases\"\u003eastropy-iers-data's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.2026.5.18.1.11.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/astropy/astropy-iers-data/compare/v0.2026.5.11.1.8.52...v0.2026.5.18.1.11.28\"\u003ehttps://github.com/astropy/astropy-iers-data/compare/v0.2026.5.11.1.8.52...v0.2026.5.18.1.11.28\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.2026.5.11.1.8.52\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/astropy/astropy-iers-data/compare/v0.2026.5.4.1.4.54...v0.2026.5.11.1.8.52\"\u003ehttps://github.com/astropy/astropy-iers-data/compare/v0.2026.5.4.1.4.54...v0.2026.5.11.1.8.52\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astropy/astropy-iers-data/commit/6fa1a100b2560cef129bbde0c274bacbbac60ce5\"\u003e\u003ccode\u003e6fa1a10\u003c/code\u003e\u003c/a\u003e Update IERS Earth rotation and leap second tables\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astropy/astropy-iers-data/commit/f21a227f08b656a5dd03d7244f14c1c57a0737c1\"\u003e\u003ccode\u003ef21a227\u003c/code\u003e\u003c/a\u003e Update IERS Earth rotation and leap second tables\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/astropy/astropy-iers-data/compare/v0.2026.5.4.1.4.54...v0.2026.5.18.1.11.28\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `certifi` from 2026.4.22 to 2026.5.20\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/d7ea151afc2ce6bef0555b9349902bd867e928dd\"\u003e\u003ccode\u003ed7ea151\u003c/code\u003e\u003c/a\u003e 2026.05.20 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/413\"\u003e#413\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/certifi/python-certifi/compare/2026.04.22...2026.05.20\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `click` from 8.3.3 to 8.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/releases\"\u003eclick's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.4.0\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.4.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecation, or introduce potentially breaking changes.\u003c/p\u003e\n\u003cp\u003eWe encourage everyone to upgrade. You can read more about our \u003ca href=\"https://palletsprojects.com/versions\"\u003eVersion Support Policy\u003c/a\u003e on our website.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.4.0/\"\u003ehttps://pypi.org/project/click/8.4.0/\u003c/a\u003e\nChanges:  \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-4-0\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-4-0\u003c/a\u003e\nMilestone \u003ca href=\"https://github.com/pallets/click/milestone/30\"\u003ehttps://github.com/pallets/click/milestone/30\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eParamType\u003c/code\u003e typing improvements. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3371\"\u003e#3371\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e is now a generic abstract base class,\nparameterized by its converted value type.\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.convert\u003c/code\u003e return types are narrowed on all\nconcrete types (\u003ccode\u003estr\u003c/code\u003e for :class:\u003ccode\u003eSTRING\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e for\n:class:\u003ccode\u003eINT\u003c/code\u003e, etc.).\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.to_info_dict\u003c/code\u003e returns specific\n:class:\u003ccode\u003e~typing.TypedDict\u003c/code\u003e subclasses instead of\n\u003ccode\u003edict[str, Any]\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e:class:\u003ccode\u003eCompositeParamType\u003c/code\u003e and the number-range base are now\ngeneric with abstract methods.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor \u003ccode\u003econvert_type\u003c/code\u003e to extract type inference into a private\n\u003ccode\u003e_guess_type\u003c/code\u003e helper, and add :func:\u003ccode\u003etyping.overload\u003c/code\u003e signatures.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/3372\"\u003e#3372\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eParameter\u003c/code\u003e typing improvements. \u003ca href=\"https://redirect.github.com/pallets/click/issues/2805\"\u003e#2805\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e is now an abstract base class, making explicit\nthat it cannot be instantiated directly.\u003c/li\u003e\n\u003cli\u003e:attr:\u003ccode\u003eParameter.name\u003c/code\u003e is now \u003ccode\u003estr\u003c/code\u003e instead of \u003ccode\u003estr | None\u003c/code\u003e.\nWhen \u003ccode\u003eexpose_value=False\u003c/code\u003e, the name is set to \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e instead\nof \u003ccode\u003eNone\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ectx\u003c/code\u003e parameter of :meth:\u003ccode\u003eParameter.get_error_hint\u003c/code\u003e is now\ntyped as \u003ccode\u003eContext | None\u003c/code\u003e, matching the runtime behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSplit string values from \u003ccode\u003edefault_map\u003c/code\u003e for parameters with \u003ccode\u003enargs \u0026gt; 1\u003c/code\u003e\nor :class:\u003ccode\u003eTuple\u003c/code\u003e type, matching environment variable behavior.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/2745\"\u003e#2745\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3364\"\u003e#3364\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAuto-detect \u003ccode\u003etype=UNPROCESSED\u003c/code\u003e for \u003ccode\u003eflag_value\u003c/code\u003e of non-basic types\n(not \u003ccode\u003estr\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e, \u003ccode\u003efloat\u003c/code\u003e, or \u003ccode\u003ebool\u003c/code\u003e), so programmer-provided\nPython objects like classes and enum members are passed through unchanged\ninstead of being stringified. Previously \u003ccode\u003etype=click.UNPROCESSED\u003c/code\u003e had\nto be set explicitly. \u003ca href=\"https://redirect.github.com/pallets/click/issues/2012\"\u003e#2012\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3363\"\u003e#3363\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe error hint now uses \u003ccode\u003eCommand.get_help_option_names\u003c/code\u003e to pick\nnon-shadowed help option names, so \u003ccode\u003eTry '... -h'\u003c/code\u003e no longer points to a\nsubcommand option that shadows \u003ccode\u003e-h\u003c/code\u003e. All surviving names are shown\n(\u003ccode\u003e-h/--help\u003c/code\u003e). \u003ca href=\"https://redirect.github.com/pallets/click/issues/2790\"\u003e#2790\u003c/a\u003e  \u003ca href=\"https://redirect.github.com/pallets/click/issues/3208\"\u003e#3208\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix readline functionality on non-Windows platforms. Prompt text is now\npassed directly to readline instead of being printed separately, allowing\nproper backspace, line editing, and line wrapping behavior. \u003ca href=\"https://redirect.github.com/pallets/click/issues/2968\"\u003e#2968\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/blob/main/CHANGES.rst\"\u003eclick's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 8.4.0\u003c/h2\u003e\n\u003cp\u003eReleased 2026-05-17\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e typing improvements. :pr:\u003ccode\u003e3371\u003c/code\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e is now a generic abstract base class,\nparameterized by its converted value type.\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.convert\u003c/code\u003e return types are narrowed on all\nconcrete types (\u003ccode\u003estr\u003c/code\u003e for :class:\u003ccode\u003eSTRING\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e for\n:class:\u003ccode\u003eINT\u003c/code\u003e, etc.).\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.to_info_dict\u003c/code\u003e returns specific\n:class:\u003ccode\u003e~typing.TypedDict\u003c/code\u003e subclasses instead of\n\u003ccode\u003edict[str, Any]\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e:class:\u003ccode\u003eCompositeParamType\u003c/code\u003e and the number-range base are now\ngeneric with abstract methods.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor \u003ccode\u003econvert_type\u003c/code\u003e to extract type inference into a private\n\u003ccode\u003e_guess_type\u003c/code\u003e helper, and add :func:\u003ccode\u003etyping.overload\u003c/code\u003e signatures.\n:pr:\u003ccode\u003e3372\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e typing improvements. :pr:\u003ccode\u003e2805\u003c/code\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e is now an abstract base class, making explicit\nthat it cannot be instantiated directly.\u003c/li\u003e\n\u003cli\u003e:attr:\u003ccode\u003eParameter.name\u003c/code\u003e is now \u003ccode\u003estr\u003c/code\u003e instead of \u003ccode\u003estr | None\u003c/code\u003e.\nWhen \u003ccode\u003eexpose_value=False\u003c/code\u003e, the name is set to \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e instead\nof \u003ccode\u003eNone\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ectx\u003c/code\u003e parameter of :meth:\u003ccode\u003eParameter.get_error_hint\u003c/code\u003e is now\ntyped as \u003ccode\u003eContext | None\u003c/code\u003e, matching the runtime behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSplit string values from \u003ccode\u003edefault_map\u003c/code\u003e for parameters with \u003ccode\u003enargs \u0026gt; 1\u003c/code\u003e\nor :class:\u003ccode\u003eTuple\u003c/code\u003e type, matching environment variable behavior.\n:issue:\u003ccode\u003e2745\u003c/code\u003e :pr:\u003ccode\u003e3364\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAuto-detect \u003ccode\u003etype=UNPROCESSED\u003c/code\u003e for \u003ccode\u003eflag_value\u003c/code\u003e of non-basic types\n(not \u003ccode\u003estr\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e, \u003ccode\u003efloat\u003c/code\u003e, or \u003ccode\u003ebool\u003c/code\u003e), so programmer-provided\nPython objects like classes and enum members are passed through unchanged\ninstead of being stringified. Previously \u003ccode\u003etype=click.UNPROCESSED\u003c/code\u003e had\nto be set explicitly. :issue:\u003ccode\u003e2012\u003c/code\u003e :pr:\u003ccode\u003e3363\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe error hint now uses :meth:\u003ccode\u003eCommand.get_help_option_names\u003c/code\u003e to pick\nnon-shadowed help option names, so \u003ccode\u003eTry '... -h'\u003c/code\u003e no longer points to a\nsubcommand option that shadows \u003ccode\u003e-h\u003c/code\u003e. All surviving names are shown\n(\u003ccode\u003e-h/--help\u003c/code\u003e). :issue:\u003ccode\u003e2790\u003c/code\u003e :pr:\u003ccode\u003e3208\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix readline functionality on non-Windows platforms. Prompt text is now\npassed directly to readline instead of being printed separately, allowing\nproper backspace, line editing, and line wrapping behavior. :issue:\u003ccode\u003e2968\u003c/code\u003e\n:pr:\u003ccode\u003e2969\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse :func:\u003ccode\u003eos.startfile\u003c/code\u003e on Windows to open URLs in :func:\u003ccode\u003eopen_url\u003c/code\u003e,\nreplacing the \u003ccode\u003estart\u003c/code\u003e built-in which cannot be invoked without\n\u003ccode\u003eshell=True\u003c/code\u003e. :issue:\u003ccode\u003e3164\u003c/code\u003e :pr:\u003ccode\u003e3186\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix Fish shell completion errors when option help text contains newlines.\n:issue:\u003ccode\u003e3043\u003c/code\u003e :pr:\u003ccode\u003e3126\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/41f410fb7528305d7e87c8cfa704f6c2456f57fc\"\u003e\u003ccode\u003e41f410f\u003c/code\u003e\u003c/a\u003e Release 8.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/e3e69e3bf8d749ac1a632f2ece4d38ec7f6588f5\"\u003e\u003ccode\u003ee3e69e3\u003c/code\u003e\u003c/a\u003e Add type annotations for instance attributes in \u003ccode\u003eutils\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3422\"\u003e#3422\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/3bb230dcd5d751f8605b46e9df5a541639d5fd4e\"\u003e\u003ccode\u003e3bb230d\u003c/code\u003e\u003c/a\u003e WIP: Fix \u003ccode\u003eHelpFormatter.write_usage\u003c/code\u003e producing spurious characters (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3434\"\u003e#3434\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/63274a79d08fdc5c19220696144489f7144a8547\"\u003e\u003ccode\u003e63274a7\u003c/code\u003e\u003c/a\u003e \u003ccode\u003eclick.get_pager_file\u003c/code\u003e: add tests (\u003ca href=\"https://redirect.github.com/pallets/click/issues/1572\"\u003e#1572\u003c/a\u003e followup) (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3405\"\u003e#3405\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/0551bf53588ae87f462d336f24f853a156fefe3a\"\u003e\u003ccode\u003e0551bf5\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eHelpFormatter.write_usage\u003c/code\u003e producing spurious characters\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/fc41aa1d0b62494eb93e92ff3929601221e3abf4\"\u003e\u003ccode\u003efc41aa1\u003c/code\u003e\u003c/a\u003e Apply class-body annotations to \u003ccode\u003eKeepOpenFile\u003c/code\u003e for consistency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/b761eda3bad977ec2f485451d85fd8ec365f0bf4\"\u003e\u003ccode\u003eb761eda\u003c/code\u003e\u003c/a\u003e Skip some tests on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/98302ac4f49e443a48abd3fbb95c86202b89547d\"\u003e\u003ccode\u003e98302ac\u003c/code\u003e\u003c/a\u003e Check \u003ccode\u003ePAGER\u003c/code\u003e usage, color preservation and edge-cases\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/dbdae170879d460e78963f8af35c5cb9c5b86e89\"\u003e\u003ccode\u003edbdae17\u003c/code\u003e\u003c/a\u003e Fix documentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/1aa2d53d63ff68bf14b35931177aac9270e39713\"\u003e\u003ccode\u003e1aa2d53\u003c/code\u003e\u003c/a\u003e Redesigned tests and get_pager_file branching to be more clear and not set color\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/click/compare/8.3.3...8.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `coverage` from 7.13.5 to 7.14.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst\"\u003ecoverage's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 7.14.0 — 2026-05-10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeature: now when running one of the reporting commands, if there are\nparallel data files that need combining, they will be implicitly combined\nbefore creating the report. There is no option to avoid the combination; let\nus know if you have a use case that requires it.  Thanks, \u003ccode\u003eTim Hatch \u0026lt;pull 2162_\u0026gt;\u003c/code\u003e\u003cem\u003e. Closes \u003ccode\u003eissue 1781\u003c/code\u003e\u003c/em\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the output from \u003ccode\u003ecombine\u003c/code\u003e was too verbose, listing each file\nconsidered. Now it shows a single line with the counts of files combined,\nfiles skipped, and files with errors. The \u003ccode\u003e-q\u003c/code\u003e flag suppresses this line.\nThe old detailed lines are available with the new \u003ccode\u003e--debug=combine\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: running a Python file through a symlink now sets the sys.path correctly,\nmatching regular Python behavior. Fixes \u003ccode\u003eissue 2157\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: \u003ccode\u003eCollector.flush_data\u003c/code\u003e could fail with \u0026quot;RuntimeError: Set changed\nsize during iteration\u0026quot; when a tracer in another thread added a line to the\nper-file set that \u003ccode\u003eadd_lines\u003c/code\u003e (or \u003ccode\u003eadd_arcs\u003c/code\u003e) was iterating. The values\npassed to \u003ccode\u003eCoverageData\u003c/code\u003e are now snapshotted via \u003ccode\u003edict.copy()\u003c/code\u003e and\n\u003ccode\u003eset.copy()\u003c/code\u003e, which are atomic under the GIL. Thanks, \u003ccode\u003eAlex Vandiver \u0026lt;pull 2165_\u0026gt;\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the soft keyword \u003ccode\u003elazy\u003c/code\u003e is now bolded in HTML reports.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWe are no longer testing eventlet support. Eventlet started issuing stern\ndeprecation warnings that break our tests. Our support code is still there.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _issue 1781: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/1781\"\u003ecoveragepy/coveragepy#1781\u003c/a\u003e\n.. _issue 2157: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2157\"\u003ecoveragepy/coveragepy#2157\u003c/a\u003e\n.. _pull 2162: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/pull/2162\"\u003ecoveragepy/coveragepy#2162\u003c/a\u003e\n.. _pull 2165: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/pull/2165\"\u003ecoveragepy/coveragepy#2165\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e.. _changes_7-13-5:\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/646351b60429f1b5760af6c1b97b28483244a955\"\u003e\u003ccode\u003e646351b\u003c/code\u003e\u003c/a\u003e docs: sample HTML for 7.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/39cd015505c8b04369c5b06e34fc22449a697370\"\u003e\u003ccode\u003e39cd015\u003c/code\u003e\u003c/a\u003e docs: prep for 7.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/649e8aa34af7d80c386ae82e8a3a6c9a3acb0dab\"\u003e\u003ccode\u003e649e8aa\u003c/code\u003e\u003c/a\u003e docs: thanks Alex Vandiver for \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2165\"\u003e#2165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/8cd392e3b5c4bc15d534aaec0c21714f9f518469\"\u003e\u003ccode\u003e8cd392e\u003c/code\u003e\u003c/a\u003e fix: snapshot data in Collector.flush_data to avoid threading race (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2165\"\u003e#2165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/c48e0edc2ebe44621b0053176e90f77b0c79bec1\"\u003e\u003ccode\u003ec48e0ed\u003c/code\u003e\u003c/a\u003e fix: less output for combining\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/c2a3a284078556c911e0d9b6c6af1b7082a363ea\"\u003e\u003ccode\u003ec2a3a28\u003c/code\u003e\u003c/a\u003e docs: explain the change from \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2162\"\u003e#2162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/1cd47aa6ac1da4e150da44055295d4e4f3a014e8\"\u003e\u003ccode\u003e1cd47aa\u003c/code\u003e\u003c/a\u003e fix: implicit combine-during-report now removes the combined data files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/2d99fd7696e0bccec8037479a4e45c1ecccb8058\"\u003e\u003ccode\u003e2d99fd7\u003c/code\u003e\u003c/a\u003e feat: automatically combine coverage in report, thanks Tim Hatch (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2162\"\u003e#2162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/9fbdcdfee1c122fac43f1bf9a5e2d1f4d835f21c\"\u003e\u003ccode\u003e9fbdcdf\u003c/code\u003e\u003c/a\u003e fix: lazy soft keywords are bolded\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/5de7d0267b9466d59995aaae1a7e707c8c6f66e7\"\u003e\u003ccode\u003e5de7d02\u003c/code\u003e\u003c/a\u003e build: oops, misplaced quote\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/coveragepy/coveragepy/compare/7.13.5...7.14.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `decorator` from 5.2.1 to 5.3.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micheles/decorator/blob/master/CHANGES.md\"\u003edecorator's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.1 (2026-05-18)\u003c/h2\u003e\n\u003cp\u003eAdded license SPDX identifier to pyproject.toml (reported by\nChristian Lackas).\u003c/p\u003e\n\u003ch2\u003e5.3.0 (2026-05-17)\u003c/h2\u003e\n\u003cp\u003eAdded official support for Python 3.14 (thanks to Hugo van Kemenade,\nDavid Cain and the GitHub user bersbersbers).\nFixed a bug with \u0026quot;return await\u0026quot; contributed by Kadir Can Ozden.\nMoved decorator.py to a package structure (\u003ccode\u003edecorator/__init__.py\u003c/code\u003e) and\nadded a stub file (\u003ccode\u003edecorator/__init__.pyi\u003c/code\u003e) contributed by Marco Gorelli.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/426e9e35d563ffe356e54bd0f970d153b8f25370\"\u003e\u003ccode\u003e426e9e3\u003c/code\u003e\u003c/a\u003e Bumped the version to 5.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/062ff0e0c33733f2148a5590d118a8570df846d5\"\u003e\u003ccode\u003e062ff0e\u003c/code\u003e\u003c/a\u003e Fixed the dependency on setuptools\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/086ff5d95d4dc550117c12647a4427d70bf8833d\"\u003e\u003ccode\u003e086ff5d\u003c/code\u003e\u003c/a\u003e Updated license\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/5807a83ead31f0de5303fa950ddea49d850d7355\"\u003e\u003ccode\u003e5807a83\u003c/code\u003e\u003c/a\u003e Updated license\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/093aced11439251e496b47a9a9369501075e8d1a\"\u003e\u003ccode\u003e093aced\u003c/code\u003e\u003c/a\u003e Updated changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/e9ced7e63ad9502b3e2a3e3db5f5f1ccc16c5fd6\"\u003e\u003ccode\u003ee9ced7e\u003c/code\u003e\u003c/a\u003e Added license SPDX\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/b3e82ddc04e8d0c18c51eecb30b4a59aee5aac1d\"\u003e\u003ccode\u003eb3e82dd\u003c/code\u003e\u003c/a\u003e Fixed CHANGES.md [ci skip]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/f1ce8da8522193421436c368849afe886666b4e5\"\u003e\u003ccode\u003ef1ce8da\u003c/code\u003e\u003c/a\u003e Doc fix [ci skip]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/c924d7c6aa2e47a0627706c385101ff8d558d091\"\u003e\u003ccode\u003ec924d7c\u003c/code\u003e\u003c/a\u003e Updated supported versions [ci skip]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/8b83e8cca35f5c773654ce4ae89b4e3f84f430d3\"\u003e\u003ccode\u003e8b83e8c\u003c/code\u003e\u003c/a\u003e Fixed CHANGES [ci skip]\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micheles/decorator/compare/5.2.1...5.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fonttools` from 4.62.1 to 4.63.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fonttools/fonttools/releases\"\u003efonttools's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.63.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[ttLib] Add support for Apple Color Emoji \u003ccode\u003ebgcl\u003c/code\u003e table (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4065\"\u003e#4065\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[ttLib] Add support for \u003ccode\u003eIFT\u003c/code\u003e and \u003ccode\u003eIFTX\u003c/code\u003e tables (Incremental Font Transfer, PatchMapFormat2) (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4070\"\u003e#4070\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4072\"\u003e#4072\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[otData] Introduce \u003ccode\u003eFieldSpec\u003c/code\u003e dataclass for OpenType table schema definitions, replacing raw tuples in \u003ccode\u003eotData.py\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4076\"\u003e#4076\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[Feat] Show \u003ccode\u003ename\u003c/code\u003e table strings as comments next to label IDs in TTX output, matching the convention used by \u003ccode\u003efvar\u003c/code\u003e, \u003ccode\u003eSTAT\u003c/code\u003e, \u003ccode\u003etrak\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4089\"\u003e#4089\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cu2qu] Fix Cython complex-division rounding difference in \u003ccode\u003esplit_cubic_into_three\u003c/code\u003e that could cause ±1 off-curve coordinate shifts (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/3928\"\u003e#3928\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4083\"\u003e#4083\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[designspaceLib] Fix \u003ccode\u003emap_backward\u003c/code\u003e\u003ccode\u003egooglefonts/ufo2ft#978\u003c/code\u003e\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4085\"\u003e#4085\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[OS/2] Fix \u003ccode\u003esetUnicodeRanges\u003c/code\u003e to accept reserved bits 123-127, restoring round-trip with \u003ccode\u003egetUnicodeRanges\u003c/code\u003e and fixing \u003ccode\u003erecalcUnicodeRanges\u003c/code\u003e crash in the subsetter (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4087\"\u003e#4087\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4088\"\u003e#4088\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cython] Declare Cython extensions as free-threading compatible on Python 3.13+, so that importing them on free-threaded Python no longer re-enables the GIL (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4073\"\u003e#4073\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4090\"\u003e#4090\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fonttools/fonttools/blob/main/NEWS.rst\"\u003efonttools's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.63.0 (released 2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[ttLib] Add support for Apple Color Emoji \u003ccode\u003ebgcl\u003c/code\u003e table (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4065\"\u003e#4065\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[ttLib] Add support for \u003ccode\u003eIFT\u003c/code\u003e and \u003ccode\u003eIFTX\u003c/code\u003e tables (Incremental Font Transfer,\nPatchMapFormat2) (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4070\"\u003e#4070\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4072\"\u003e#4072\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[otData] Introduce \u003ccode\u003eFieldSpec\u003c/code\u003e dataclass for OpenType table schema definitions,\nreplacing raw tuples in \u003ccode\u003eotData.py\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4076\"\u003e#4076\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[Feat] Show \u003ccode\u003ename\u003c/code\u003e table strings as comments next to label IDs in TTX output,\nmatching the convention used by \u003ccode\u003efvar\u003c/code\u003e, \u003ccode\u003eSTAT\u003c/code\u003e, \u003ccode\u003etrak\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4089\"\u003e#4089\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cu2qu] Fix Cython complex-division rounding difference in\n\u003ccode\u003esplit_cubic_into_three\u003c/code\u003e that could cause ±1 off-curve coordinate shifts\n(\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/3928\"\u003e#3928\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4083\"\u003e#4083\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[designspaceLib] Fix \u003ccode\u003emap_backward\u003c/code\u003e for many-to-one (flat-segment) axis maps\nthat silently dropped entries via dict comprehension\n\u003ccode\u003egooglefonts/ufo2ft#978\u003c/code\u003e\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4085\"\u003e#4085\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[OS/2] Fix \u003ccode\u003esetUnicodeRanges\u003c/code\u003e to accept reserved bits 123-127, restoring\nround-trip with \u003ccode\u003egetUnicodeRanges\u003c/code\u003e and fixing \u003ccode\u003erecalcUnicodeRanges\u003c/code\u003e crash\nin the subsetter (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4087\"\u003e#4087\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4088\"\u003e#4088\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cython] Declare Cython extensions as free-threading compatible on Python 3.13+,\nso that importing them on free-threaded Python no longer re-enables the GIL\n(\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4073\"\u003e#4073\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4090\"\u003e#4090\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/978d9edccb60ea0e5fbad7015cb11817c3532328\"\u003e\u003ccode\u003e978d9ed\u003c/code\u003e\u003c/a\u003e Release 4.63.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/6b40ecb6f13e076916044ecd8f0fc13ab5f957f6\"\u003e\u003ccode\u003e6b40ecb\u003c/code\u003e\u003c/a\u003e Add changelog entries for 4.63.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/382a35fb5e96c6ff38a1e7775a24e20bf122a66d\"\u003e\u003ccode\u003e382a35f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4090\"\u003e#4090\u003c/a\u003e from fonttools/fix-freethreading-compat\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/0e999b55f05ad0dd8423f389673a32de9c5199bb\"\u003e\u003ccode\u003e0e999b5\u003c/code\u003e\u003c/a\u003e Declare Cython extensions as free-threading compatible\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/9e55ea54c184b0d4c0830525f72e69c6c1a32691\"\u003e\u003ccode\u003e9e55ea5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4089\"\u003e#4089\u003c/a\u003e from fonttools/graphite-feat-labels\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/e84db3ab426a251256ebec7904c03dc73e25932b\"\u003e\u003ccode\u003ee84db3a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4088\"\u003e#4088\u003c/a\u003e from fonttools/fix-setUnicodeRanges-bits-123-127\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/d6eabd1edf7bfa950b6b85c393e4c185dee36d7f\"\u003e\u003ccode\u003ed6eabd1\u003c/code\u003e\u003c/a\u003e Feat: show name table strings as comments next to label IDs in ttx\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/7d0902b2e27ec1433b015b3b8a79391d7c8604cb\"\u003e\u003ccode\u003e7d0902b\u003c/code\u003e\u003c/a\u003e OS/2: fix setUnicodeRanges round-trip for reserved bits 123-127\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/06e266ce70ec578d549c2df0e180a84d9323baf2\"\u003e\u003ccode\u003e06e266c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4085\"\u003e#4085\u003c/a\u003e from fonttools/fix-map-backward-non-injective\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/6d64598a63f83bcd59d29cf3f22dd25343bd9688\"\u003e\u003ccode\u003e6d64598\u003c/code\u003e\u003c/a\u003e Add more tests for map_backward with many-to-one axis maps\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fonttools/fonttools/compare/4.62.1...4.63.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.13 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.13...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `librt` from 0.10.0 to 0.11.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mypyc/librt/commit/862679a0492f4433a286b2d53965ec2603623be1\"\u003e\u003ccode\u003e862679a\u003c/code\u003e\u003c/a\u003e Sync mypy and bump version to 0.11.0 (\u003ca href=\"https://redirect.github.com/mypyc/librt/issues/40\"\u003e#40\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/mypyc/librt/compare/v0.10.0...v0.11.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `matplotlib-inline` from 0.2.1 to 0.2.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/e6e197523ecfabfff1d976e5b6958c3ede948ccb\"\u003e\u003ccode\u003ee6e1975\u003c/code\u003e\u003c/a\u003e release 0.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/0aac2e223483ffbfb5a6076d8c2ca83545cca440\"\u003e\u003ccode\u003e0aac2e2\u003c/code\u003e\u003c/a\u003e Bump the actions group across 1 directory with 2 updates (\u003ca href=\"https://redirect.github.com/ipython/matplotlib-inline/issues/65\"\u003e#65\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/6eb2bd89dc8d4d6678478c6b2ec15be7b20d3374\"\u003e\u003ccode\u003e6eb2bd8\u003c/code\u003e\u003c/a\u003e Bump the actions group across 1 directory with 2 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/631d7dd26be1287f64c5bd4bbb84888903e419b0\"\u003e\u003ccode\u003e631d7dd\u003c/code\u003e\u003c/a\u003e Zizmor hardening (\u003ca href=\"https://redirect.github.com/ipython/matplotlib-inline/issues/66\"\u003e#66\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/8d45c8fc427d39750751bdaa0ffe5abc8e30cd50\"\u003e\u003ccode\u003e8d45c8f\u003c/code\u003e\u003c/a\u003e Zizmor hardening\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/f830b37c728146dca4f947de6cbdb420ee9c69fb\"\u003e\u003ccode\u003ef830b37\u003c/code\u003e\u003c/a\u003e Specify BSD license and add license files (\u003ca href=\"https://redirect.github.com/ipython/matplotlib-inline/issues/62\"\u003e#62\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/e3b8bb10d275d5caa97d8d1b584d48797e494de4\"\u003e\u003ccode\u003ee3b8bb1\u003c/code\u003e\u003c/a\u003e Deprecate Python 3.9 in CI pipeline\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/c783ae72ed581f24fa136f34e6df4f6e99c3f785\"\u003e\u003ccode\u003ec783ae7\u003c/code\u003e\u003c/a\u003e Deprecate Python 3.9 in CI pipeline\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/8ac056c5730a6adbc9dd5e049b85163ba6a09a28\"\u003e\u003ccode\u003e8ac056c\u003c/code\u003e\u003c/a\u003e Update workflow to include matplotlib for tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/0cc8a2e91306c94e36f0a9cd8e31a38299b1c126\"\u003e\u003ccode\u003e0cc8a2e\u003c/code\u003e\u003c/a\u003e Use valid SPDX ID\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ipython/matplotlib-inline/compare/0.2.1...0.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mypy` from 2.0.0 to 2.1.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python/mypy/blob/master/CHANGELOG.md\"\u003emypy's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eMypy Release Notes\u003c/h1\u003e\n\u003ch2\u003eNext Release\u003c/h2\u003e\n\u003ch2\u003eMypy 2.1\u003c/h2\u003e\n\u003cp\u003eWe’ve just uploaded mypy 2.1.0 to the Python Package Index (\u003ca href=\"https://pypi.org/project/mypy/\"\u003ePyPI\u003c/a\u003e).\nMypy is a static type checker for Python. This release includes new features, performance\nimprovements and bug fixes. You can install it as follows:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epython3 -m pip install -U mypy\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eYou can read the full documentation for this release on \u003ca href=\"http://mypy.readthedocs.io\"\u003eRead the Docs\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003elibrt.vecs: Fast Growable Array Type for Mypyc\u003c/h3\u003e\n\u003cp\u003eThe new \u003ccode\u003elibrt.vecs\u003c/code\u003e module provides an efficient growable array type \u003ccode\u003evec\u003c/code\u003e that is\noptimized for mypyc use. It provides fast, packed arrays with integer and floating point\nvalue types, which can be \u003cstrong\u003eseveral times faster\u003c/strong\u003e than \u003ccode\u003elist\u003c/code\u003e, and tens of times faster\nthan \u003ccode\u003earray.array\u003c/code\u003e in code compiled using mypyc. It also supports nested \u003ccode\u003evec\u003c/code\u003e objects and\nnon-value-type items, such as \u003ccode\u003evec[vec[str]]\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eRefer to the \u003ca href=\"https://mypyc.readthedocs.io/en/latest/librt_vecs.html\"\u003edocumentation\u003c/a\u003e for\nthe details.\u003c/p\u003e\n\u003cp\u003eContributed by Jukka Lehtosalo.\u003c/p\u003e\n\u003ch3\u003elibrt.random: Fast Pseudo-Random Number Generation\u003c/h3\u003e\n\u003cp\u003eThe new \u003ccode\u003elibrt.random\u003c/code\u003e module provides fast pseudo-random number generation that is\noptimized for code compiled using mypyc. It can be 3x to 10x faster than the stdlib\n\u003ccode\u003erandom\u003c/code\u003e module in compiled code.\u003c/p\u003e\n\u003cp\u003eRefer to the \u003ca href=\"https://mypyc.readthedocs.io/en/latest/librt_random.html\"\u003edocumentation\u003c/a\u003e for\nthe details.\u003c/p\u003e\n\u003cp\u003eContributed by Jukka Lehtosalo (PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21433\"\u003e21433\u003c/a\u003e).\u003c/p\u003e\n\u003ch3\u003eMypyc Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMake compilation order with multiple files consistent (Piotr Sawicki, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21419\"\u003e21419\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash on accessing \u003ccode\u003eStopAsyncIteration\u003c/code\u003e (Piotr Sawicki, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21406\"\u003e21406\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix incremental compilation with \u003ccode\u003eseparate\u003c/code\u003e flag (Vaggelis Danias, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21299\"\u003e21299\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes to Crashes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix crash on partial type with \u003ccode\u003e--allow-redefinition\u003c/code\u003e and \u003ccode\u003eglobal\u003c/code\u003e declaration (Jukka Lehtosalo, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21428\"\u003e21428\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix broken awaitable generator patching (Ivan Levkivskyi, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21435\"\u003e21435\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges to Messages\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/c1c336d7e34eb313080c79b156518c58d27c7234\"\u003e\u003ccode\u003ec1c336d\u003c/code\u003e\u003c/a\u003e Remove +dev from version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/74df14b7cbf08140236aa45bbb7f42219b0b1df7\"\u003e\u003ccode\u003e74df14b\u003c/code\u003e\u003c/a\u003e Add changelog for mypy 2.1 (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21464\"\u003e#21464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/022d9bc96f86c40f338a5cf150f1806cc8f300ff\"\u003e\u003ccode\u003e022d9bc\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;TypeForm: Enable by default (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21262\"\u003e#21262\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/8826288214f1cb31496e610667481221e025359c\"\u003e\u003ccode\u003e8826288\u003c/code\u003e\u003c/a\u003e [mypyc] Document librt.random (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21463\"\u003e#21463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/3f4067b699dbe52d08e42ef3b3ebfdebdc06bd96\"\u003e\u003ccode\u003e3f4067b\u003c/code\u003e\u003c/a\u003e Bump librt version to 0.11.0 (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21458\"\u003e#21458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/2b1eb58a250c5f1eb4ef5fb1f312ff528c5a1d4e\"\u003e\u003ccode\u003e2b1eb58\u003c/code\u003e\u003c/a\u003e [mypyc] Enable incremental self-compilation (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21369\"\u003e#21369\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/8152f4af3f6c03beaf2660026240f0fdce7feecc\"\u003e\u003ccode\u003e8152f4a\u003c/code\u003e\u003c/a\u003e Respect file config comments for stale modules (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21444\"\u003e#21444\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/116d60bdd3fdfe8d97c6afe99370910db56f1b92\"\u003e\u003ccode\u003e116d60b\u003c/code\u003e\u003c/a\u003e Fix nondeterminism from nonassociativity of overload joins (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21455\"\u003e#21455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/6c4af8e42110cea3f84bc02add2ca7b89c268210\"\u003e\u003ccode\u003e6c4af8e\u003c/code\u003e\u003c/a\u003e Fix function call message change for small number of args (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21432\"\u003e#21432\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/4b8fdcaf24032592510e8f15421fb32d82a71800\"\u003e\u003ccode\u003e4b8fdca\u003c/code\u003e\u003c/a\u003e [mypyc] Add librt.random module (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21433\"\u003e#21433\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python/mypy/compare/v2.0.0...v2.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyjwt` from 2.12.1 to 2.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/releases\"\u003epyjwt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.13.0\u003c/h2\u003e\n\u003ch1\u003ePyJWT 2.13.0 — Security Release\u003c/h1\u003e\n\u003cp\u003eThis release bundles five security fixes plus three additional hardening / spec-compliance changes. We recommend all users upgrade.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\"\u003e\u003ccode\u003eGHSA-xgmm-8j9v-c9wx\u003c/code\u003e\u003c/a\u003e — JWK JSON accepted as HMAC secret (algorithm confusion).\u003c/strong\u003e \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e previously rejected PEM- and SSH-formatted asymmetric keys but did not catch a JWK passed as a raw JSON string. In a verifier configured with both symmetric and asymmetric algorithms in \u003ccode\u003ealgorithms=[…]\u003c/code\u003e and a raw-JSON JWK as the key, an attacker could forge HS256 tokens using the JWK text as the HMAC secret. The guard has been extended to reject any JWK-shaped JSON. \u003cem\u003eReported by \u003ca href=\"https://github.com/aradona91\"\u003e\u003ccode\u003e@​aradona91\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\"\u003e\u003ccode\u003eGHSA-jq35-7prp-9v3f\u003c/code\u003e\u003c/a\u003e — Algorithm allow-list bypass with \u003ccode\u003ePyJWK\u003c/code\u003e / \u003ccode\u003ePyJWKClient\u003c/code\u003e.\u003c/strong\u003e When verifying with a \u003ccode\u003ePyJWK\u003c/code\u003e, the caller's \u003ccode\u003ealgorithms=[…]\u003c/code\u003e allow-list was checked against the token header \u003ccode\u003ealg\u003c/code\u003e as a string only; actual verification used the algorithm bound to the \u003ccode\u003ePyJWK\u003c/code\u003e. An attacker who controlled a registered JWKS key could sign with one algorithm and advertise another on the header. PyJWT now requires the token header \u003ccode\u003ealg\u003c/code\u003e to match the \u003ccode\u003ePyJWK\u003c/code\u003e's algorithm before verification. \u003cem\u003eReported by \u003ca href=\"https://github.com/sushi-gif\"\u003e\u003ccode\u003e@​sushi-gif\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\"\u003e\u003ccode\u003eGHSA-w7vc-732c-9m39\u003c/code\u003e\u003c/a\u003e — DoS via base64 decode of unused payload segment when \u003ccode\u003eb64=false\u003c/code\u003e.\u003c/strong\u003e For detached-payload JWS (\u003ccode\u003eb64=false\u003c/code\u003e), the compact-form payload segment was base64-decoded before being discarded in favor of the caller-supplied \u003ccode\u003edetached_payload\u003c/code\u003e. An attacker could inflate the unused segment to force CPU + memory cost without holding a valid signature. The segment is now required to be empty per RFC 7515 Appendix F, and is no longer decoded. \u003cem\u003eReported by \u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\"\u003e\u003ccode\u003eGHSA-993g-76c3-p5m4\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e accepts non-HTTP(S) URIs.\u003c/strong\u003e \u003ccode\u003ePyJWKClient.fetch_data\u003c/code\u003e passed its URI to \u003ccode\u003eurllib.request.urlopen\u003c/code\u003e, which by default also handles \u003ccode\u003efile://\u003c/code\u003e, \u003ccode\u003eftp://\u003c/code\u003e, and \u003ccode\u003edata:\u003c/code\u003e schemes. An application that fed an attacker-influenced URI into \u003ccode\u003ePyJWKClient\u003c/code\u003e could be coerced into reading local files or reaching other unintended schemes. \u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects any URI whose scheme isn't \u003ccode\u003ehttp\u003c/code\u003e or \u003ccode\u003ehttps\u003c/code\u003e. \u003cem\u003eReported by \u003ca href=\"https://github.com/KEIJOT\"\u003e\u003ccode\u003e@​KEIJOT\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\"\u003e\u003ccode\u003eGHSA-fhv5-28vv-h8m8\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e cache wiped on fetch error.\u003c/strong\u003e A \u003ccode\u003efinally\u003c/code\u003e-block \u003ccode\u003eput(jwk_set=None)\u003c/code\u003e cleared the JWK Set cache whenever a fetch raised, turning a transient JWKS-endpoint outage into application-wide auth failure. The cache write was moved into the success path; transient errors no longer evict valid cached keys. \u003cem\u003eReported by \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReject empty HMAC keys outright in \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e with \u003ccode\u003eInvalidKeyError\u003c/code\u003e instead of accepting them with only a warning. Defends against the \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e footgun. \u003cem\u003eThanks to \u003ca href=\"https://github.com/SnailSploit\"\u003e\u003ccode\u003e@​SnailSploit\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/spartan8806\"\u003e\u003ccode\u003e@​spartan8806\u003c/code\u003e\u003c/a\u003e for the reports.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003eForward per-call \u003ccode\u003eoptions\u003c/code\u003e (including \u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e) from \u003ccode\u003ePyJWT.decode\u003c/code\u003e through to \u003ccode\u003ePyJWS._verify_signature\u003c/code\u003e. The option was previously silently dropped between the two layers, so it only took effect when set on the \u003ccode\u003ePyJWT\u003c/code\u003e instance. \u003cem\u003eThanks to \u003ca href=\"https://github.com/WLUB\"\u003e\u003ccode\u003e@​WLUB\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRFC 7797 §3 compliance for \u003ccode\u003eb64=false\u003c/code\u003e:\u003c/strong\u003e the encoder now auto-adds \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e to \u003ccode\u003ecrit\u003c/code\u003e, and the decoder rejects tokens that set \u003ccode\u003eb64=false\u003c/code\u003e without listing it in \u003ccode\u003ecrit\u003c/code\u003e. \u003cem\u003eThanks to \u003ca href=\"https://github.com/MachineLearning-Nerd\"\u003e\u003ccode\u003e@​MachineLearning-Nerd\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups, by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/pull/1152\"\u003e#1152\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUpgrade notes\u003c/h2\u003e\n\u003cp\u003eMost fixes are invisible to correctly-configured callers. A few behavioral changes you may encounter:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eEmpty HMAC keys now raise.\u003c/strong\u003e If your app passed \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e or \u003ccode\u003eb\u0026quot;\u0026quot;\u003c/code\u003e as a secret (often via a missing env var, e.g. \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e), \u003ccode\u003eencode\u003c/code\u003e/\u003ccode\u003edecode\u003c/code\u003e will now raise \u003ccode\u003eInvalidKeyError\u003c/code\u003e. This is the intended behavior — fix the configuration.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWK\u003c/code\u003e decoding now requires the token's \u003ccode\u003ealg\u003c/code\u003e to match the JWK's algorithm.\u003c/strong\u003e Previously a mismatch was silently honored if the header \u003ccode\u003ealg\u003c/code\u003e appeared in the allow-list. Tokens that relied on this mismatch will now fail with \u003ccode\u003eInvalidAlgorithmError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects non-HTTP(S) URIs at construction time.\u003c/strong\u003e Tests or dev environments that fetched JWKS from \u003ccode\u003efile://\u003c/code\u003e URIs need to switch to a local HTTP server or load the JWKS by other means (e.g. construct \u003ccode\u003ePyJWKSet.from_dict(...)\u003c/code\u003e directly).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eb64=false\u003c/code\u003e tokens are now strictly RFC 7515 / 7797 compliant.\u003c/strong\u003e Tokens with a non-empty compact-form payload segment, or that omit \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e from \u003ccode\u003ecrit\u003c/code\u003e, will be rejected. PyJWT-produced tokens always satisfy both invariants, so round-trips through PyJWT are unaffected.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e set per-call now takes effect.\u003c/strong\u003e Callers who passed \u003ccode\u003eoptions={\u0026quot;enforce_minimum_key_length\u0026quot;: True}\u003c/code\u003e to \u003ccode\u003ejwt.decode()\u003c/code\u003e previously got no enforcement; they will now get \u003ccode\u003eInvalidKeyError\u003c/code\u003e on undersized keys, as documented.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull changelog:\u003c/strong\u003e \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ehttps://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst\"\u003epyjwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003ev2.13.0 \u0026lt;https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u0026gt;\u003c/code\u003e__\u003c/h2\u003e\n\u003cp\u003eSecurity\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject JWK JSON documents passed as raw HMAC secrets in\n  ``HMACAlgorithm.prepare_key`` to close an algorithm-confusion gap that\n  the existing PEM/SSH guard did not cover. Reported by @aradona91 in\n  `GHSA-xgmm-8j9v-c9wx \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\u0026gt;`__.\n- Bind the JWT header ``alg`` to ``PyJWK.algorithm_name`` during\n  verification so the caller's ``algorithms=[...]`` allow-list cannot be\n  bypassed when decoding with a ``PyJWK`` / ``PyJWKClient`` key. Reported\n  by @sushi-gif in `GHSA-jq35-7prp-9v3f \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\u0026gt;`__.\n- Reject non-``http(s)`` URI schemes in ``PyJWKClient`` so attacker-\n  influenced URIs cannot read local files or reach unintended schemes via\n  urllib's default ``file://`` / ``ftp://`` / ``data:`` handlers. Reported\n  by @KEIJOT in `GHSA-993g-76c3-p5m4 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\u0026gt;`__.\n- Preserve the cached JWK Set on fetch errors in ``PyJWKClient.fetch_data``.\n  The previous ``finally``-block ``put(None)`` pattern cleared the cache\n  on any transient outage, turning one bad JWKS request into application-\n  wide auth failure. Reported by @eddieran in `GHSA-fhv5-28vv-h8m8 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\u0026gt;`__.\n- Skip the unconditional base64 decode of the compact-form payload segment\n  when ``b64=false`` is set in the protected header, and require that\n  segment to be empty (RFC 7515 Appendix F detached form). Closes an\n  unauthenticated DoS amplifier. Reported by @thesmartshadow in\n  `GHSA-w7vc-732c-9m39 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\u0026gt;`__.\n\u003cp\u003eFixed\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject empty HMAC keys outright in ``HMACAlgorithm.prepare_key`` with\n  ``InvalidKeyError`` instead of accepting them with only a warning.\n  Thanks to @SnailSploit and @spartan8806 for independently flagging the\n  footgun.\n- Forward per-call ``options`` (including ``enforce_minimum_key_length``)\n  from ``PyJWT.decode`` through to ``PyJWS._verify_signature`` so the\n  option actually takes effect when set at the call site rather than only\n  on the ``PyJWT`` instance. Thanks to @WLUB for the report.\n- RFC 7797 §3 compliance for ``b64=false``: the encoder now auto-adds\n  ``\u0026amp;quot;b64\u0026amp;quot;`` to the ``crit`` header parameter, and the decoder rejects\n  tokens that set ``b64=false`` without listing it in ``crit``. Thanks to\n  @MachineLearning-Nerd for the report.\n\nChanged\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ccode\u003e[#1152](https://github.com/jpadilla/pyjwt/issues/1152) \u0026amp;lt;https://github.com/jpadilla/pyjwt/pull/1152\u0026amp;gt;\u003c/code\u003e__\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/7144e4534c34810f4525dc4578a32addd8212cff\"\u003e\u003ccode\u003e7144e45\u003c/code\u003e\u003c/a\u003e Apply ruff format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/d2f4bec4963897c0ef96ef64a875894f2c8542ab\"\u003e\u003ccode\u003ed2f4bec\u003c/code\u003e\u003c/a\u003e Restore \u003ccode\u003ecast()\u003c/code\u003e calls with cross-version \u003ccode\u003etype: ignore\u003c/code\u003e for \u003ccode\u003eprepare_key\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/22f478cebddd8294259c30f037ecb92b0b348774\"\u003e\u003ccode\u003e22f478c\u003c/code\u003e\u003c/a\u003e Remove redundant casts in \u003ccode\u003eRSAAlgorithm.prepare_key\u003c/code\u003e and `ECAlgorithm.prepare...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/95791b1759b8aa4f2203575d344d5c78564cdc81\"\u003e\u003ccode\u003e95791b1\u003c/code\u003e\u003c/a\u003e Bundle security fixes and hardening into 2.13.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/dcc27a9d3182a2349c30b160758785c6ce7a6508\"\u003e\u003ccode\u003edcc27a9\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1155\"\u003e#1155\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/9d08a9a1896845ed8eaf88e6f6ac61e5800c3e7a\"\u003e\u003ccode\u003e9d08a9a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1146\"\u003e#1146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/b87c10014d4109f0214fea188d00faaaf8a80e64\"\u003e\u003ccode\u003eb87c100\u003c/code\u003e\u003c/a\u003e Bump codecov/codecov-action from 5 to 6 (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1154\"\u003e#1154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/40e3147eb5f790d8d041772e5fc00728a176c812\"\u003e\u003ccode\u003e40e3147\u003c/code\u003e\u003c/a\u003e Migrate development extras to dependency groups (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1152\"\u003e#1152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `regex` from 2026.4.4 to 2026.5.9\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mrabarnett/mrab-regex/blob/hg/changelog.txt\"\u003eregex's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eVersion: 2026.5.9\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eReverse matching with full unicode casefolding could lead to out-of-range string indexes.\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eVersion: 2026.4.4\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eA fix for older Python versions before free-threading was  supported.\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eVersion: 2026.4.3\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eMore fixes for free-threading.\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eVersion: 2026.3.32\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eFixed segfault.\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eVersion: 2026.3.31\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eFixed bug again.\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eVersion: 2026.3.30\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eFixed bug.\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eVersion: 2026.3.28\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eFixed version.\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eVersion: 2026.3.27\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eVarious fixes, including ones to improve free-threading support.\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eVersion: 2026.2.28\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eReplaced atomic operations with mutex on pattern object for free-threaded Python.\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eVersion: 2026.2.26\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003ePR [#598](https://github.com/mrabarnett/mrab-regex/issues/598): Fix race condition in storage caching with atomic operations.\n\u003cp\u003eReplaced use of PyUnicode_GET_LENGTH with PyUnicode_GetLength.\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eVersion: 2026.2.19\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eAdded \\z as alias of \\Z, like in re module.\n\u003cp\u003eAdded prefixmatch as alias of match, like in re module.\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eVersion: 2026.1.15\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mrabarnett/mrab-regex/commit/e57d185bb711729091907b23edac5dcba0426243\"\u003e\u003ccode\u003ee57d185\u003c/code\u003e\u003c/a\u003e Reverse matching with full unicode casefolding lead to out-of-range string in...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/mrabarnett/mrab-regex/compare/2026.4.4...2026.5.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.33.1 to 2.34.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.34.2\u003c/h2\u003e\n\u003ch2\u003e2.34.2 (2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMoved \u003ccode\u003eheaders\u003c/code\u003e input type back to \u003ccode\u003eMapping\u003c/code\u003e to avoid invariance issues with \u003ccode\u003eMutableMapping\u003c/code\u003e and inferred dict types. Users calling \u003ccode\u003eRequest.headers.update()\u003c/code\u003e may need to narrow typing in their code. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.34.1\u003c/h2\u003e\n\u003ch2\u003e2.34.1 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWidened \u003ccode\u003ejson\u003c/code\u003e input type from \u003ccode\u003edict\u003c/code\u003e and \u003ccode\u003elist\u003c/code\u003e to \u003ccode\u003eMapping\u003c/code\u003e\nand \u003ccode\u003eSequence\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanged \u003ccode\u003eheaders\u003c/code\u003e input type to MutableMapping and removed \u003ccode\u003eNone\u003c/code\u003e from\n\u003ccode\u003eRequest.headers\u003c/code\u003e typing to improve handling for users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.reason\u003c/code\u003e moved from \u003ccode\u003estr | None\u003c/code\u003e to \u003ccode\u003estr\u003c/code\u003e to improve handling\nfor users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where some bodies with custom \u003ccode\u003e__getattr__\u003c/code\u003e implementations\nweren't being properly detected as Iterables. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7433\"\u003e#7433\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/k223kim\"\u003e\u003ccode\u003e@​k223kim\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7433\"\u003epsf/requests#7433\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.34.0\u003c/h2\u003e\n\u003ch2\u003e2.34.0 (2026-05-11)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRequests 2.34.0 introduces inline types, replacing those provided by\ntypeshed. Public API types should be fully compatible with mypy, pyright,\nand ty. \u003cstrong\u003eWe believe types are comprehensive but if you find issues, please\nreport them to the \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003epinned tracking issue\u003c/a\u003e.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eSpecial thanks to \u003ca href=\"https://github.com/bastimeyer\"\u003e\u003ccode\u003e@​bastimeyer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/ct...\n\n_Description has been truncated_","html_url":"https://github.com/tatsuki-washimi/gwexpy/pull/422","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/tatsuki-washimi%2Fgwexpy/issues/422","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/422/packages"}},{"old_version":"6.0.12.20260508","new_version":"6.0.12.20260518","update_type":null,"path":null,"pr_created_at":"2026-05-21T01:13:46.000Z","version_change":"6.0.12.20260508 → 6.0.12.20260518","issue":{"uuid":"4490934272","node_id":"PR_kwDOF71pj87dwCD0","number":4583,"state":"open","title":"build(deps): bump the dependencies group across 2 directories with 7 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-21T01:13:46.000Z","updated_at":"2026-05-21T01:14:07.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"dependencies","update_count":7,"packages":[{"name":"envoy-base-utils","old_version":"0.6.4","new_version":"0.6.5","repository_url":"https://github.com/envoyproxy/toolshed"},{"name":"protobuf","old_version":"7.34.1","new_version":"7.35.0","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"types-aiofiles","old_version":"25.1.0.20260508","new_version":"25.1.0.20260518","repository_url":"https://github.com/python/typeshed"},{"name":"types-protobuf","old_version":"7.34.1.20260508","new_version":"7.34.1.20260518","repository_url":"https://github.com/python/typeshed"},{"name":"types-pygments","old_version":"2.20.0.20260508","new_version":"2.20.0.20260518","repository_url":"https://github.com/python/typeshed"},{"name":"types-pyyaml","old_version":"6.0.12.20260508","new_version":"6.0.12.20260518","repository_url":"https://github.com/python/typeshed"}],"path":null,"ecosystem":"pip"},"body":"Bumps the dependencies group with 1 update in the /ci directory: [envoy-code-check](https://github.com/envoyproxy/toolshed).\nBumps the dependencies group with 6 updates in the /py/deps directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [envoy-base-utils](https://github.com/envoyproxy/toolshed) | `0.6.4` | `0.6.5` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `7.34.1` | `7.35.0` |\n| [types-aiofiles](https://github.com/python/typeshed) | `25.1.0.20260508` | `25.1.0.20260518` |\n| [types-protobuf](https://github.com/python/typeshed) | `7.34.1.20260508` | `7.34.1.20260518` |\n| [types-pygments](https://github.com/python/typeshed) | `2.20.0.20260508` | `2.20.0.20260518` |\n| [types-pyyaml](https://github.com/python/typeshed) | `6.0.12.20260508` | `6.0.12.20260518` |\n\n\nUpdates `envoy-code-check` from 0.5.14 to 0.6.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/envoyproxy/toolshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `envoy-base-utils` from 0.6.4 to 0.6.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/envoyproxy/toolshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobuf` from 7.34.1 to 7.35.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make generator headers private (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add [[nodiscard]] to many APIs. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make the arena-enabled constructors of \u003ccode\u003eRepeatedField\u003c/code\u003e, \u003ccode\u003eRepeatedPtrField\u003c/code\u003e, and \u003ccode\u003eMap\u003c/code\u003e private. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() \u0026amp;\u0026amp; !is_repeated()) instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] All entity names have length limit (2afb0dc)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003egenerate_minimal_imports\u003c/code\u003e generation option warning (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Fix nullability annotations on some \u003ccode\u003eGPB*Dictionary\u003c/code\u003e types. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003e-[GPBFieldDescriptor optional]\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Other] Remove deprecated flag for enabling MSVC support (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  Add PHP typehints for setters and remove redundant GPBUtil checks (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25296\"\u003eprotocolbuffers/protobuf#25296\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  support default values for editions/proto2 (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25161\"\u003eprotocolbuffers/protobuf#25161\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_format/double_format from python proto text_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_precision from python proto json_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor.label (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/news/\"\u003eProtobuf News\u003c/a\u003e may include additional announcements or pre-announcements for upcoming changes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/support/migration/\"\u003eMigration Guide\u003c/a\u003e may include additional guidance for breaking changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBazel\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/25168\"\u003e#25168\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBreaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFeat(bazel): wire up prebuilt protoc toolchain (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/24115\"\u003e#24115\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrate \u003ccode\u003eproto_descriptor_set\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/23369\"\u003e#23369\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eCompiler\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRuby codegen: support generation of rbs files (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/15633\"\u003e#15633\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid collision name problems between a message named \u003ccode\u003eXyz\u003c/code\u003e and a direct sibling enum named \u003ccode\u003eXyzView\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneralizing and implementing ValidateFeatureSupport for both Options and Features during proto parsing (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug with custom features outside of the \u003ccode\u003epb\u003c/code\u003e package. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix import option handling when include_imports isn't set. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug in STRICT check of namespaced enums to properly check for 'reserved 1 to max' (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent accidental stripping of \u003ccode\u003edebug_redact\u003c/code\u003e options via import option. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eC++\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd EnumerateEnumValues function. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-aiofiles` from 25.1.0.20260508 to 25.1.0.20260518\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-protobuf` from 7.34.1.20260508 to 7.34.1.20260518\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-pygments` from 2.20.0.20260508 to 2.20.0.20260518\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-pyyaml` from 6.0.12.20260508 to 6.0.12.20260518\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/envoyproxy/toolshed/pull/4583","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/envoyproxy%2Ftoolshed/issues/4583","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/4583/packages"}},{"old_version":"6.0.12.20260508","new_version":"6.0.12.20260518","update_type":null,"path":null,"pr_created_at":"2026-05-20T05:22:09.000Z","version_change":"6.0.12.20260508 → 6.0.12.20260518","issue":{"uuid":"4483400513","node_id":"PR_kwDOF71pj87dXrY0","number":4573,"state":"closed","title":"build(deps): bump the dependencies group across 2 directories with 6 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-21T01:13:26.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-20T05:22:09.000Z","updated_at":"2026-05-21T01:13:28.000Z","time_to_close":71477,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"dependencies","update_count":6,"packages":[{"name":"protobuf","old_version":"7.34.1","new_version":"7.35.0","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"types-aiofiles","old_version":"25.1.0.20260508","new_version":"25.1.0.20260518","repository_url":"https://github.com/python/typeshed"},{"name":"types-protobuf","old_version":"7.34.1.20260508","new_version":"7.34.1.20260518","repository_url":"https://github.com/python/typeshed"},{"name":"types-pygments","old_version":"2.20.0.20260508","new_version":"2.20.0.20260518","repository_url":"https://github.com/python/typeshed"},{"name":"types-pyyaml","old_version":"6.0.12.20260508","new_version":"6.0.12.20260518","repository_url":"https://github.com/python/typeshed"}],"path":null,"ecosystem":"pip"},"body":"Bumps the dependencies group with 1 update in the /ci directory: [envoy-code-check](https://github.com/envoyproxy/toolshed).\nBumps the dependencies group with 5 updates in the /py/deps directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `7.34.1` | `7.35.0` |\n| [types-aiofiles](https://github.com/python/typeshed) | `25.1.0.20260508` | `25.1.0.20260518` |\n| [types-protobuf](https://github.com/python/typeshed) | `7.34.1.20260508` | `7.34.1.20260518` |\n| [types-pygments](https://github.com/python/typeshed) | `2.20.0.20260508` | `2.20.0.20260518` |\n| [types-pyyaml](https://github.com/python/typeshed) | `6.0.12.20260508` | `6.0.12.20260518` |\n\n\nUpdates `envoy-code-check` from 0.5.14 to 0.6.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/envoyproxy/toolshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobuf` from 7.34.1 to 7.35.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make generator headers private (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add [[nodiscard]] to many APIs. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make the arena-enabled constructors of \u003ccode\u003eRepeatedField\u003c/code\u003e, \u003ccode\u003eRepeatedPtrField\u003c/code\u003e, and \u003ccode\u003eMap\u003c/code\u003e private. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() \u0026amp;\u0026amp; !is_repeated()) instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] All entity names have length limit (2afb0dc)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003egenerate_minimal_imports\u003c/code\u003e generation option warning (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Fix nullability annotations on some \u003ccode\u003eGPB*Dictionary\u003c/code\u003e types. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003e-[GPBFieldDescriptor optional]\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Other] Remove deprecated flag for enabling MSVC support (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  Add PHP typehints for setters and remove redundant GPBUtil checks (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25296\"\u003eprotocolbuffers/protobuf#25296\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  support default values for editions/proto2 (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25161\"\u003eprotocolbuffers/protobuf#25161\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_format/double_format from python proto text_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_precision from python proto json_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor.label (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/news/\"\u003eProtobuf News\u003c/a\u003e may include additional announcements or pre-announcements for upcoming changes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/support/migration/\"\u003eMigration Guide\u003c/a\u003e may include additional guidance for breaking changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBazel\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/25168\"\u003e#25168\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBreaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFeat(bazel): wire up prebuilt protoc toolchain (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/24115\"\u003e#24115\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrate \u003ccode\u003eproto_descriptor_set\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/23369\"\u003e#23369\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eCompiler\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRuby codegen: support generation of rbs files (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/15633\"\u003e#15633\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid collision name problems between a message named \u003ccode\u003eXyz\u003c/code\u003e and a direct sibling enum named \u003ccode\u003eXyzView\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneralizing and implementing ValidateFeatureSupport for both Options and Features during proto parsing (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug with custom features outside of the \u003ccode\u003epb\u003c/code\u003e package. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix import option handling when include_imports isn't set. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug in STRICT check of namespaced enums to properly check for 'reserved 1 to max' (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent accidental stripping of \u003ccode\u003edebug_redact\u003c/code\u003e options via import option. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eC++\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd EnumerateEnumValues function. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-aiofiles` from 25.1.0.20260508 to 25.1.0.20260518\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-protobuf` from 7.34.1.20260508 to 7.34.1.20260518\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-pygments` from 2.20.0.20260508 to 2.20.0.20260518\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-pyyaml` from 6.0.12.20260508 to 6.0.12.20260518\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/envoyproxy/toolshed/pull/4573","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/envoyproxy%2Ftoolshed/issues/4573","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/4573/packages"}},{"old_version":"6.0.12.20260408","new_version":"6.0.12.20260518","update_type":null,"path":null,"pr_created_at":"2026-05-19T14:06:45.000Z","version_change":"6.0.12.20260408 → 6.0.12.20260518","issue":{"uuid":"4478068786","node_id":"PR_kwDONdBYDM7dGeL0","number":456,"state":"open","title":"Bump types-pyyaml from 6.0.12.20260408 to 6.0.12.20260518","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-19T14:06:45.000Z","updated_at":"2026-05-22T06:34:52.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"types-pyyaml","old_version":"6.0.12.20260408","new_version":"6.0.12.20260518","repository_url":"https://github.com/python/typeshed"}],"path":null,"ecosystem":"pip"},"body":"[//]: # (dependabot-start)\n⚠️  **Dependabot is rebasing this PR** ⚠️ \n\nRebasing might not happen immediately, so don't worry if this takes some time.\n\nNote: if you make any changes to this PR yourself, they will take precedence over the rebase.\n\n---\n\n[//]: # (dependabot-end)\n\nBumps [types-pyyaml](https://github.com/python/typeshed) from 6.0.12.20260408 to 6.0.12.20260518.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=types-pyyaml\u0026package-manager=pip\u0026previous-version=6.0.12.20260408\u0026new-version=6.0.12.20260518)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/neuro-inc/app-types/pull/456","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/neuro-inc%2Fapp-types/issues/456","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/456/packages"}},{"old_version":"6.0.12.20260510","new_version":"6.0.12.20260518","update_type":null,"path":null,"pr_created_at":"2026-05-19T06:39:30.000Z","version_change":"6.0.12.20260510 → 6.0.12.20260518","issue":{"uuid":"4475021954","node_id":"PR_kwDOCSpQdM7c8nMU","number":556,"state":"closed","title":"build(deps-dev): Bump the python-dev group with 8 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-22T04:58:44.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-19T06:39:30.000Z","updated_at":"2026-05-22T04:58:46.000Z","time_to_close":253154,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps-dev): Bump","group_name":"python-dev","update_count":8,"packages":[{"name":"basedpyright","old_version":"1.39.4","new_version":"1.39.5","repository_url":"https://github.com/detachhead/basedpyright"},{"name":"ruff","old_version":"0.15.12","new_version":"0.15.13","repository_url":"https://github.com/astral-sh/ruff"},{"name":"types-cffi","old_version":"2.0.0.20260508","new_version":"2.0.0.20260518","repository_url":"https://github.com/python/typeshed"},{"name":"types-markdown","old_version":"3.10.2.20260508","new_version":"3.10.2.20260518","repository_url":"https://github.com/python/typeshed"},{"name":"types-pexpect","old_version":"4.9.0.20260508","new_version":"4.9.0.20260518","repository_url":"https://github.com/python/typeshed"},{"name":"types-pygments","old_version":"2.20.0.20260508","new_version":"2.20.0.20260518","repository_url":"https://github.com/python/typeshed"},{"name":"types-pyyaml","old_version":"6.0.12.20260510","new_version":"6.0.12.20260518","repository_url":"https://github.com/python/typeshed"},{"name":"types-setuptools","old_version":"82.0.0.20260508","new_version":"82.0.0.20260518","repository_url":"https://github.com/python/typeshed"}],"path":null,"ecosystem":"pip"},"body":"Bumps the python-dev group with 8 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [basedpyright](https://github.com/detachhead/basedpyright) | `1.39.4` | `1.39.5` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.15.12` | `0.15.13` |\n| [types-cffi](https://github.com/python/typeshed) | `2.0.0.20260508` | `2.0.0.20260518` |\n| [types-markdown](https://github.com/python/typeshed) | `3.10.2.20260508` | `3.10.2.20260518` |\n| [types-pexpect](https://github.com/python/typeshed) | `4.9.0.20260508` | `4.9.0.20260518` |\n| [types-pygments](https://github.com/python/typeshed) | `2.20.0.20260508` | `2.20.0.20260518` |\n| [types-pyyaml](https://github.com/python/typeshed) | `6.0.12.20260510` | `6.0.12.20260518` |\n| [types-setuptools](https://github.com/python/typeshed) | `82.0.0.20260508` | `82.0.0.20260518` |\n\nUpdates `basedpyright` from 1.39.4 to 1.39.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/a511b786acd28e190b1a8ba5e683de31e2a690e7\"\u003e\u003ccode\u003ea511b78\u003c/code\u003e\u003c/a\u003e 1.39.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/009e953c1d1e880bc07ce926282627e8f33519e4\"\u003e\u003ccode\u003e009e953\u003c/code\u003e\u003c/a\u003e fix error attempting to baseline diagnostics from the new `string.templatelib...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/9ff98486dfd844968a46d7cb13e6e5b32345dceb\"\u003e\u003ccode\u003e9ff9848\u003c/code\u003e\u003c/a\u003e fix \u0026quot;Pyright current file\u0026quot; vscode launch config when node isn't installed glo...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/detachhead/basedpyright/compare/v1.39.4...v1.39.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ruff` from 0.15.12 to 0.15.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/releases\"\u003eruff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.13\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-14.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a rule to flag lazy imports that are eagerly evaluated (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25016\"\u003e#25016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Standardize diagnostic message (\u003ccode\u003ePLR0914\u003c/code\u003e, \u003ccode\u003ePLR0917\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24996\"\u003e#24996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eF811\u003c/code\u003e false positive for class methods (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24933\"\u003e#24933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix setting selection for multi-folder workspace (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24819\"\u003e#24819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eeradicate\u003c/code\u003e] Fix false positive for lines with leading whitespace (\u003ccode\u003eERA001\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25122\"\u003e#25122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-pyi\u003c/code\u003e] Fix false positive for f-string debug specifier (\u003ccode\u003ePYI016\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24098\"\u003e#24098\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways include panic payload in panic diagnostic message (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24873\"\u003e#24873\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRestrict \u003ccode\u003ePYI034\u003c/code\u003e for in-place operations to enclosing class (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24511\"\u003e#24511\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove error message for parameters that are declared \u003ccode\u003eglobal\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24902\"\u003e#24902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate known stdlib (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25103\"\u003e#25103\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eisort\u003c/code\u003e] Avoid constructing \u003ccode\u003eglob::Pattern\u003c/code\u003es for literal known modules (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25123\"\u003e#25123\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCLI\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd TOML examples to \u003ccode\u003e--config\u003c/code\u003e help text (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25013\"\u003e#25013\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eColorize ruff check 'All checks passed' (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25085\"\u003e#25085\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIncrease max allowed value of \u003ccode\u003eline-length\u003c/code\u003e setting (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24962\"\u003e#24962\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eD203\u003c/code\u003e to rules that conflict with the formatter (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25044\"\u003e#25044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClarify \u003ccode\u003eCOM819\u003c/code\u003e and formatter interaction (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25045\"\u003e#25045\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClarify that \u003ccode\u003eNotImplemented\u003c/code\u003e is a value, not an exception (\u003ccode\u003eF901\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25054\"\u003e#25054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate number of lint rules supported (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24942\"\u003e#24942\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSimplify the playground's markdown template (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24924\"\u003e#24924\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md\"\u003eruff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.13\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-14.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a rule to flag lazy imports that are eagerly evaluated (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25016\"\u003e#25016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Standardize diagnostic message (\u003ccode\u003ePLR0914\u003c/code\u003e, \u003ccode\u003ePLR0917\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24996\"\u003e#24996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eF811\u003c/code\u003e false positive for class methods (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24933\"\u003e#24933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix setting selection for multi-folder workspace (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24819\"\u003e#24819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eeradicate\u003c/code\u003e] Fix false positive for lines with leading whitespace (\u003ccode\u003eERA001\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25122\"\u003e#25122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-pyi\u003c/code\u003e] Fix false positive for f-string debug specifier (\u003ccode\u003ePYI016\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24098\"\u003e#24098\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways include panic payload in panic diagnostic message (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24873\"\u003e#24873\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRestrict \u003ccode\u003ePYI034\u003c/code\u003e for in-place operations to enclosing class (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24511\"\u003e#24511\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove error message for parameters that are declared \u003ccode\u003eglobal\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24902\"\u003e#24902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate known stdlib (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25103\"\u003e#25103\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eisort\u003c/code\u003e] Avoid constructing \u003ccode\u003eglob::Pattern\u003c/code\u003es for literal known modules (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25123\"\u003e#25123\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCLI\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd TOML examples to \u003ccode\u003e--config\u003c/code\u003e help text (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25013\"\u003e#25013\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eColorize ruff check 'All checks passed' (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25085\"\u003e#25085\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIncrease max allowed value of \u003ccode\u003eline-length\u003c/code\u003e setting (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24962\"\u003e#24962\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eD203\u003c/code\u003e to rules that conflict with the formatter (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25044\"\u003e#25044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClarify \u003ccode\u003eCOM819\u003c/code\u003e and formatter interaction (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25045\"\u003e#25045\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClarify that \u003ccode\u003eNotImplemented\u003c/code\u003e is a value, not an exception (\u003ccode\u003eF901\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25054\"\u003e#25054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate number of lint rules supported (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24942\"\u003e#24942\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSimplify the playground's markdown template (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24924\"\u003e#24924\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MichaReiser\"\u003e\u003ccode\u003e@​MichaReiser\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/2afb467ce397e4a89c13a0a814c62cfecb0e9e49\"\u003e\u003ccode\u003e2afb467\u003c/code\u003e\u003c/a\u003e Bump 0.15.13 (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25157\"\u003e#25157\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/300879600fa3af7cde1e675c63de6ad9d0797d1b\"\u003e\u003ccode\u003e3008796\u003c/code\u003e\u003c/a\u003e [ty] classify TypeVar semantic tokens as type parameters (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24891\"\u003e#24891\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/79470e31877acb6074f3bbff2a49e508822ae4e8\"\u003e\u003ccode\u003e79470e3\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003eisort\u003c/code\u003e] Avoid constructing \u003ccode\u003eglob::Pattern\u003c/code\u003es for literal known modules (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25123\"\u003e#25123\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/2522549901d50f18775999f0fb802b19229417f0\"\u003e\u003ccode\u003e2522549\u003c/code\u003e\u003c/a\u003e Remove shellcheck from prek (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25154\"\u003e#25154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/7db7170020f539d6d2bc01dbd0b0c09fab91dc06\"\u003e\u003ccode\u003e7db7170\u003c/code\u003e\u003c/a\u003e [ty] Support TypedDict key completions in incomplete, anonymous contexts (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25\"\u003e#25\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/bb3dd535f1c5a83e2e56ac93a771fadbeeceebd0\"\u003e\u003ccode\u003ebb3dd53\u003c/code\u003e\u003c/a\u003e [ty] Run full iteration analysis on narrowed typevars (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25143\"\u003e#25143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/828cdb7732efcb16a53f4ee5f011cf653b834d1a\"\u003e\u003ccode\u003e828cdb7\u003c/code\u003e\u003c/a\u003e [ty] Isolate file-watching test environment (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25151\"\u003e#25151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/89e1d8670ea4d3af60c8143ee552dc750200718d\"\u003e\u003ccode\u003e89e1d86\u003c/code\u003e\u003c/a\u003e [ty] Preserve TypedDict keys through dict unpacking (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24523\"\u003e#24523\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/86f3064d6fffa5697d174f26b840bd6857b381da\"\u003e\u003ccode\u003e86f3064\u003c/code\u003e\u003c/a\u003e [ty] Avoid accessing \u003ccode\u003eargs[0]\u003c/code\u003e for \u003ccode\u003estatic_assert\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25149\"\u003e#25149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/ed819f947dc27e36eac8bb3134153c4668d76a3a\"\u003e\u003ccode\u003eed819f9\u003c/code\u003e\u003c/a\u003e [ty] Treat custom enum \u003ccode\u003e__new__\u003c/code\u003e values as dynamic (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25136\"\u003e#25136\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/astral-sh/ruff/compare/0.15.12...0.15.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-cffi` from 2.0.0.20260508 to 2.0.0.20260518\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-markdown` from 3.10.2.20260508 to 3.10.2.20260518\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-pexpect` from 4.9.0.20260508 to 4.9.0.20260518\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-pygments` from 2.20.0.20260508 to 2.20.0.20260518\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-pyyaml` from 6.0.12.20260510 to 6.0.12.20260518\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-setuptools` from 82.0.0.20260508 to 82.0.0.20260518\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/Nadock/rileychase.net/pull/556","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Nadock%2Frileychase.net/issues/556","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/556/packages"}},{"old_version":"6.0.12.20250915","new_version":"6.0.12.20260518","update_type":null,"path":null,"pr_created_at":"2026-05-19T00:43:14.000Z","version_change":"6.0.12.20250915 → 6.0.12.20260518","issue":{"uuid":"4473563058","node_id":"PR_kwDOL_1trs7c3-Q4","number":203,"state":"open","title":"fix(deps): bump the python-packages group across 1 directory with 11 updates","user":"dependabot[bot]","labels":["bug","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-19T00:43:14.000Z","updated_at":"2026-05-19T00:44:17.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"fix(deps): bump","group_name":"python-packages","update_count":11,"packages":[{"name":"click","old_version":"8.3.3","new_version":"8.4.0","repository_url":"https://github.com/pallets/click"},{"name":"ruff","old_version":"0.15.12","new_version":"0.15.13","repository_url":"https://github.com/astral-sh/ruff"},{"name":"mypy","old_version":"1.20.2","new_version":"2.1.0","repository_url":"https://github.com/python/mypy"},{"name":"yamllint","old_version":"1.37.1","new_version":"1.38.0","repository_url":"https://github.com/adrienverge/yamllint"},{"name":"conventional-pre-commit","old_version":"4.3.0","new_version":"4.4.0","repository_url":"https://github.com/compilerla/conventional-pre-commit"},{"name":"coverage","old_version":"7.13.1","new_version":"7.14.0","repository_url":"https://github.com/coveragepy/coveragepy"},{"name":"tox","old_version":"4.33.0","new_version":"4.54.0","repository_url":"https://github.com/tox-dev/tox"},{"name":"types-pyyaml","old_version":"6.0.12.20250915","new_version":"6.0.12.20260518","repository_url":"https://github.com/python/typeshed"},{"name":"types-toml","old_version":"0.10.8.20240310","new_version":"0.10.8.20260518","repository_url":"https://github.com/python/typeshed"},{"name":"types-colorama","old_version":"0.4.15.20250801","new_version":"0.4.15.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"commitizen","old_version":"4.13.10","new_version":"4.16.2","repository_url":"https://github.com/commitizen-tools/commitizen"}],"path":null,"ecosystem":"pip"},"body":"Bumps the python-packages group with 11 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [click](https://github.com/pallets/click) | `8.3.3` | `8.4.0` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.15.12` | `0.15.13` |\n| [mypy](https://github.com/python/mypy) | `1.20.2` | `2.1.0` |\n| [yamllint](https://github.com/adrienverge/yamllint) | `1.37.1` | `1.38.0` |\n| [conventional-pre-commit](https://github.com/compilerla/conventional-pre-commit) | `4.3.0` | `4.4.0` |\n| [coverage](https://github.com/coveragepy/coveragepy) | `7.13.1` | `7.14.0` |\n| [tox](https://github.com/tox-dev/tox) | `4.33.0` | `4.54.0` |\n| [types-pyyaml](https://github.com/python/typeshed) | `6.0.12.20250915` | `6.0.12.20260518` |\n| [types-toml](https://github.com/python/typeshed) | `0.10.8.20240310` | `0.10.8.20260518` |\n| [types-colorama](https://github.com/python/typeshed) | `0.4.15.20250801` | `0.4.15.20260508` |\n| [commitizen](https://github.com/commitizen-tools/commitizen) | `4.13.10` | `4.16.2` |\n\n\nUpdates `click` from 8.3.3 to 8.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/releases\"\u003eclick's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.4.0\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.4.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecation, or introduce potentially breaking changes.\u003c/p\u003e\n\u003cp\u003eWe encourage everyone to upgrade. You can read more about our \u003ca href=\"https://palletsprojects.com/versions\"\u003eVersion Support Policy\u003c/a\u003e on our website.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.4.0/\"\u003ehttps://pypi.org/project/click/8.4.0/\u003c/a\u003e\nChanges:  \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-4-0\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-4-0\u003c/a\u003e\nMilestone \u003ca href=\"https://github.com/pallets/click/milestone/30\"\u003ehttps://github.com/pallets/click/milestone/30\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eParamType\u003c/code\u003e typing improvements. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3371\"\u003e#3371\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e is now a generic abstract base class,\nparameterized by its converted value type.\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.convert\u003c/code\u003e return types are narrowed on all\nconcrete types (\u003ccode\u003estr\u003c/code\u003e for :class:\u003ccode\u003eSTRING\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e for\n:class:\u003ccode\u003eINT\u003c/code\u003e, etc.).\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.to_info_dict\u003c/code\u003e returns specific\n:class:\u003ccode\u003e~typing.TypedDict\u003c/code\u003e subclasses instead of\n\u003ccode\u003edict[str, Any]\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e:class:\u003ccode\u003eCompositeParamType\u003c/code\u003e and the number-range base are now\ngeneric with abstract methods.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor \u003ccode\u003econvert_type\u003c/code\u003e to extract type inference into a private\n\u003ccode\u003e_guess_type\u003c/code\u003e helper, and add :func:\u003ccode\u003etyping.overload\u003c/code\u003e signatures.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/3372\"\u003e#3372\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eParameter\u003c/code\u003e typing improvements. \u003ca href=\"https://redirect.github.com/pallets/click/issues/2805\"\u003e#2805\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e is now an abstract base class, making explicit\nthat it cannot be instantiated directly.\u003c/li\u003e\n\u003cli\u003e:attr:\u003ccode\u003eParameter.name\u003c/code\u003e is now \u003ccode\u003estr\u003c/code\u003e instead of \u003ccode\u003estr | None\u003c/code\u003e.\nWhen \u003ccode\u003eexpose_value=False\u003c/code\u003e, the name is set to \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e instead\nof \u003ccode\u003eNone\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ectx\u003c/code\u003e parameter of :meth:\u003ccode\u003eParameter.get_error_hint\u003c/code\u003e is now\ntyped as \u003ccode\u003eContext | None\u003c/code\u003e, matching the runtime behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSplit string values from \u003ccode\u003edefault_map\u003c/code\u003e for parameters with \u003ccode\u003enargs \u0026gt; 1\u003c/code\u003e\nor :class:\u003ccode\u003eTuple\u003c/code\u003e type, matching environment variable behavior.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/2745\"\u003e#2745\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3364\"\u003e#3364\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAuto-detect \u003ccode\u003etype=UNPROCESSED\u003c/code\u003e for \u003ccode\u003eflag_value\u003c/code\u003e of non-basic types\n(not \u003ccode\u003estr\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e, \u003ccode\u003efloat\u003c/code\u003e, or \u003ccode\u003ebool\u003c/code\u003e), so programmer-provided\nPython objects like classes and enum members are passed through unchanged\ninstead of being stringified. Previously \u003ccode\u003etype=click.UNPROCESSED\u003c/code\u003e had\nto be set explicitly. \u003ca href=\"https://redirect.github.com/pallets/click/issues/2012\"\u003e#2012\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3363\"\u003e#3363\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe error hint now uses \u003ccode\u003eCommand.get_help_option_names\u003c/code\u003e to pick\nnon-shadowed help option names, so \u003ccode\u003eTry '... -h'\u003c/code\u003e no longer points to a\nsubcommand option that shadows \u003ccode\u003e-h\u003c/code\u003e. All surviving names are shown\n(\u003ccode\u003e-h/--help\u003c/code\u003e). \u003ca href=\"https://redirect.github.com/pallets/click/issues/2790\"\u003e#2790\u003c/a\u003e  \u003ca href=\"https://redirect.github.com/pallets/click/issues/3208\"\u003e#3208\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix readline functionality on non-Windows platforms. Prompt text is now\npassed directly to readline instead of being printed separately, allowing\nproper backspace, line editing, and line wrapping behavior. \u003ca href=\"https://redirect.github.com/pallets/click/issues/2968\"\u003e#2968\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/blob/main/CHANGES.rst\"\u003eclick's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 8.4.0\u003c/h2\u003e\n\u003cp\u003eReleased 2026-05-17\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e typing improvements. :pr:\u003ccode\u003e3371\u003c/code\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e is now a generic abstract base class,\nparameterized by its converted value type.\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.convert\u003c/code\u003e return types are narrowed on all\nconcrete types (\u003ccode\u003estr\u003c/code\u003e for :class:\u003ccode\u003eSTRING\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e for\n:class:\u003ccode\u003eINT\u003c/code\u003e, etc.).\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.to_info_dict\u003c/code\u003e returns specific\n:class:\u003ccode\u003e~typing.TypedDict\u003c/code\u003e subclasses instead of\n\u003ccode\u003edict[str, Any]\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e:class:\u003ccode\u003eCompositeParamType\u003c/code\u003e and the number-range base are now\ngeneric with abstract methods.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor \u003ccode\u003econvert_type\u003c/code\u003e to extract type inference into a private\n\u003ccode\u003e_guess_type\u003c/code\u003e helper, and add :func:\u003ccode\u003etyping.overload\u003c/code\u003e signatures.\n:pr:\u003ccode\u003e3372\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e typing improvements. :pr:\u003ccode\u003e2805\u003c/code\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e is now an abstract base class, making explicit\nthat it cannot be instantiated directly.\u003c/li\u003e\n\u003cli\u003e:attr:\u003ccode\u003eParameter.name\u003c/code\u003e is now \u003ccode\u003estr\u003c/code\u003e instead of \u003ccode\u003estr | None\u003c/code\u003e.\nWhen \u003ccode\u003eexpose_value=False\u003c/code\u003e, the name is set to \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e instead\nof \u003ccode\u003eNone\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ectx\u003c/code\u003e parameter of :meth:\u003ccode\u003eParameter.get_error_hint\u003c/code\u003e is now\ntyped as \u003ccode\u003eContext | None\u003c/code\u003e, matching the runtime behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSplit string values from \u003ccode\u003edefault_map\u003c/code\u003e for parameters with \u003ccode\u003enargs \u0026gt; 1\u003c/code\u003e\nor :class:\u003ccode\u003eTuple\u003c/code\u003e type, matching environment variable behavior.\n:issue:\u003ccode\u003e2745\u003c/code\u003e :pr:\u003ccode\u003e3364\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAuto-detect \u003ccode\u003etype=UNPROCESSED\u003c/code\u003e for \u003ccode\u003eflag_value\u003c/code\u003e of non-basic types\n(not \u003ccode\u003estr\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e, \u003ccode\u003efloat\u003c/code\u003e, or \u003ccode\u003ebool\u003c/code\u003e), so programmer-provided\nPython objects like classes and enum members are passed through unchanged\ninstead of being stringified. Previously \u003ccode\u003etype=click.UNPROCESSED\u003c/code\u003e had\nto be set explicitly. :issue:\u003ccode\u003e2012\u003c/code\u003e :pr:\u003ccode\u003e3363\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe error hint now uses :meth:\u003ccode\u003eCommand.get_help_option_names\u003c/code\u003e to pick\nnon-shadowed help option names, so \u003ccode\u003eTry '... -h'\u003c/code\u003e no longer points to a\nsubcommand option that shadows \u003ccode\u003e-h\u003c/code\u003e. All surviving names are shown\n(\u003ccode\u003e-h/--help\u003c/code\u003e). :issue:\u003ccode\u003e2790\u003c/code\u003e :pr:\u003ccode\u003e3208\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix readline functionality on non-Windows platforms. Prompt text is now\npassed directly to readline instead of being printed separately, allowing\nproper backspace, line editing, and line wrapping behavior. :issue:\u003ccode\u003e2968\u003c/code\u003e\n:pr:\u003ccode\u003e2969\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse :func:\u003ccode\u003eos.startfile\u003c/code\u003e on Windows to open URLs in :func:\u003ccode\u003eopen_url\u003c/code\u003e,\nreplacing the \u003ccode\u003estart\u003c/code\u003e built-in which cannot be invoked without\n\u003ccode\u003eshell=True\u003c/code\u003e. :issue:\u003ccode\u003e3164\u003c/code\u003e :pr:\u003ccode\u003e3186\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix Fish shell completion errors when option help text contains newlines.\n:issue:\u003ccode\u003e3043\u003c/code\u003e :pr:\u003ccode\u003e3126\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/41f410fb7528305d7e87c8cfa704f6c2456f57fc\"\u003e\u003ccode\u003e41f410f\u003c/code\u003e\u003c/a\u003e Release 8.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/e3e69e3bf8d749ac1a632f2ece4d38ec7f6588f5\"\u003e\u003ccode\u003ee3e69e3\u003c/code\u003e\u003c/a\u003e Add type annotations for instance attributes in \u003ccode\u003eutils\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3422\"\u003e#3422\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/3bb230dcd5d751f8605b46e9df5a541639d5fd4e\"\u003e\u003ccode\u003e3bb230d\u003c/code\u003e\u003c/a\u003e WIP: Fix \u003ccode\u003eHelpFormatter.write_usage\u003c/code\u003e producing spurious characters (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3434\"\u003e#3434\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/63274a79d08fdc5c19220696144489f7144a8547\"\u003e\u003ccode\u003e63274a7\u003c/code\u003e\u003c/a\u003e \u003ccode\u003eclick.get_pager_file\u003c/code\u003e: add tests (\u003ca href=\"https://redirect.github.com/pallets/click/issues/1572\"\u003e#1572\u003c/a\u003e followup) (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3405\"\u003e#3405\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/0551bf53588ae87f462d336f24f853a156fefe3a\"\u003e\u003ccode\u003e0551bf5\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eHelpFormatter.write_usage\u003c/code\u003e producing spurious characters\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/fc41aa1d0b62494eb93e92ff3929601221e3abf4\"\u003e\u003ccode\u003efc41aa1\u003c/code\u003e\u003c/a\u003e Apply class-body annotations to \u003ccode\u003eKeepOpenFile\u003c/code\u003e for consistency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/b761eda3bad977ec2f485451d85fd8ec365f0bf4\"\u003e\u003ccode\u003eb761eda\u003c/code\u003e\u003c/a\u003e Skip some tests on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/98302ac4f49e443a48abd3fbb95c86202b89547d\"\u003e\u003ccode\u003e98302ac\u003c/code\u003e\u003c/a\u003e Check \u003ccode\u003ePAGER\u003c/code\u003e usage, color preservation and edge-cases\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/dbdae170879d460e78963f8af35c5cb9c5b86e89\"\u003e\u003ccode\u003edbdae17\u003c/code\u003e\u003c/a\u003e Fix documentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/1aa2d53d63ff68bf14b35931177aac9270e39713\"\u003e\u003ccode\u003e1aa2d53\u003c/code\u003e\u003c/a\u003e Redesigned tests and get_pager_file branching to be more clear and not set color\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/click/compare/8.3.3...8.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ruff` from 0.15.12 to 0.15.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/releases\"\u003eruff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.13\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-14.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a rule to flag lazy imports that are eagerly evaluated (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25016\"\u003e#25016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Standardize diagnostic message (\u003ccode\u003ePLR0914\u003c/code\u003e, \u003ccode\u003ePLR0917\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24996\"\u003e#24996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eF811\u003c/code\u003e false positive for class methods (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24933\"\u003e#24933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix setting selection for multi-folder workspace (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24819\"\u003e#24819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eeradicate\u003c/code\u003e] Fix false positive for lines with leading whitespace (\u003ccode\u003eERA001\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25122\"\u003e#25122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-pyi\u003c/code\u003e] Fix false positive for f-string debug specifier (\u003ccode\u003ePYI016\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24098\"\u003e#24098\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways include panic payload in panic diagnostic message (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24873\"\u003e#24873\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRestrict \u003ccode\u003ePYI034\u003c/code\u003e for in-place operations to enclosing class (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24511\"\u003e#24511\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove error message for parameters that are declared \u003ccode\u003eglobal\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24902\"\u003e#24902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate known stdlib (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25103\"\u003e#25103\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eisort\u003c/code\u003e] Avoid constructing \u003ccode\u003eglob::Pattern\u003c/code\u003es for literal known modules (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25123\"\u003e#25123\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCLI\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd TOML examples to \u003ccode\u003e--config\u003c/code\u003e help text (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25013\"\u003e#25013\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eColorize ruff check 'All checks passed' (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25085\"\u003e#25085\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIncrease max allowed value of \u003ccode\u003eline-length\u003c/code\u003e setting (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24962\"\u003e#24962\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eD203\u003c/code\u003e to rules that conflict with the formatter (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25044\"\u003e#25044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClarify \u003ccode\u003eCOM819\u003c/code\u003e and formatter interaction (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25045\"\u003e#25045\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClarify that \u003ccode\u003eNotImplemented\u003c/code\u003e is a value, not an exception (\u003ccode\u003eF901\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25054\"\u003e#25054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate number of lint rules supported (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24942\"\u003e#24942\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSimplify the playground's markdown template (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24924\"\u003e#24924\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md\"\u003eruff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.13\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-14.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a rule to flag lazy imports that are eagerly evaluated (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25016\"\u003e#25016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Standardize diagnostic message (\u003ccode\u003ePLR0914\u003c/code\u003e, \u003ccode\u003ePLR0917\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24996\"\u003e#24996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eF811\u003c/code\u003e false positive for class methods (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24933\"\u003e#24933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix setting selection for multi-folder workspace (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24819\"\u003e#24819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eeradicate\u003c/code\u003e] Fix false positive for lines with leading whitespace (\u003ccode\u003eERA001\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25122\"\u003e#25122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-pyi\u003c/code\u003e] Fix false positive for f-string debug specifier (\u003ccode\u003ePYI016\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24098\"\u003e#24098\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways include panic payload in panic diagnostic message (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24873\"\u003e#24873\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRestrict \u003ccode\u003ePYI034\u003c/code\u003e for in-place operations to enclosing class (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24511\"\u003e#24511\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove error message for parameters that are declared \u003ccode\u003eglobal\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24902\"\u003e#24902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate known stdlib (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25103\"\u003e#25103\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eisort\u003c/code\u003e] Avoid constructing \u003ccode\u003eglob::Pattern\u003c/code\u003es for literal known modules (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25123\"\u003e#25123\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCLI\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd TOML examples to \u003ccode\u003e--config\u003c/code\u003e help text (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25013\"\u003e#25013\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eColorize ruff check 'All checks passed' (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25085\"\u003e#25085\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIncrease max allowed value of \u003ccode\u003eline-length\u003c/code\u003e setting (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24962\"\u003e#24962\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eD203\u003c/code\u003e to rules that conflict with the formatter (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25044\"\u003e#25044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClarify \u003ccode\u003eCOM819\u003c/code\u003e and formatter interaction (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25045\"\u003e#25045\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClarify that \u003ccode\u003eNotImplemented\u003c/code\u003e is a value, not an exception (\u003ccode\u003eF901\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25054\"\u003e#25054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate number of lint rules supported (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24942\"\u003e#24942\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSimplify the playground's markdown template (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24924\"\u003e#24924\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MichaReiser\"\u003e\u003ccode\u003e@​MichaReiser\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/2afb467ce397e4a89c13a0a814c62cfecb0e9e49\"\u003e\u003ccode\u003e2afb467\u003c/code\u003e\u003c/a\u003e Bump 0.15.13 (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25157\"\u003e#25157\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/300879600fa3af7cde1e675c63de6ad9d0797d1b\"\u003e\u003ccode\u003e3008796\u003c/code\u003e\u003c/a\u003e [ty] classify TypeVar semantic tokens as type parameters (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24891\"\u003e#24891\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/79470e31877acb6074f3bbff2a49e508822ae4e8\"\u003e\u003ccode\u003e79470e3\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003eisort\u003c/code\u003e] Avoid constructing \u003ccode\u003eglob::Pattern\u003c/code\u003es for literal known modules (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25123\"\u003e#25123\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/2522549901d50f18775999f0fb802b19229417f0\"\u003e\u003ccode\u003e2522549\u003c/code\u003e\u003c/a\u003e Remove shellcheck from prek (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25154\"\u003e#25154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/7db7170020f539d6d2bc01dbd0b0c09fab91dc06\"\u003e\u003ccode\u003e7db7170\u003c/code\u003e\u003c/a\u003e [ty] Support TypedDict key completions in incomplete, anonymous contexts (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25\"\u003e#25\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/bb3dd535f1c5a83e2e56ac93a771fadbeeceebd0\"\u003e\u003ccode\u003ebb3dd53\u003c/code\u003e\u003c/a\u003e [ty] Run full iteration analysis on narrowed typevars (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25143\"\u003e#25143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/828cdb7732efcb16a53f4ee5f011cf653b834d1a\"\u003e\u003ccode\u003e828cdb7\u003c/code\u003e\u003c/a\u003e [ty] Isolate file-watching test environment (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25151\"\u003e#25151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/89e1d8670ea4d3af60c8143ee552dc750200718d\"\u003e\u003ccode\u003e89e1d86\u003c/code\u003e\u003c/a\u003e [ty] Preserve TypedDict keys through dict unpacking (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24523\"\u003e#24523\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/86f3064d6fffa5697d174f26b840bd6857b381da\"\u003e\u003ccode\u003e86f3064\u003c/code\u003e\u003c/a\u003e [ty] Avoid accessing \u003ccode\u003eargs[0]\u003c/code\u003e for \u003ccode\u003estatic_assert\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25149\"\u003e#25149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/ed819f947dc27e36eac8bb3134153c4668d76a3a\"\u003e\u003ccode\u003eed819f9\u003c/code\u003e\u003c/a\u003e [ty] Treat custom enum \u003ccode\u003e__new__\u003c/code\u003e values as dynamic (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25136\"\u003e#25136\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/astral-sh/ruff/compare/0.15.12...0.15.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mypy` from 1.20.2 to 2.1.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python/mypy/blob/master/CHANGELOG.md\"\u003emypy's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eMypy Release Notes\u003c/h1\u003e\n\u003ch2\u003eNext Release\u003c/h2\u003e\n\u003ch2\u003eMypy 2.1\u003c/h2\u003e\n\u003cp\u003eWe’ve just uploaded mypy 2.1.0 to the Python Package Index (\u003ca href=\"https://pypi.org/project/mypy/\"\u003ePyPI\u003c/a\u003e).\nMypy is a static type checker for Python. This release includes new features, performance\nimprovements and bug fixes. You can install it as follows:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epython3 -m pip install -U mypy\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eYou can read the full documentation for this release on \u003ca href=\"http://mypy.readthedocs.io\"\u003eRead the Docs\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003elibrt.vecs: Fast Growable Array Type for Mypyc\u003c/h3\u003e\n\u003cp\u003eThe new \u003ccode\u003elibrt.vecs\u003c/code\u003e module provides an efficient growable array type \u003ccode\u003evec\u003c/code\u003e that is\noptimized for mypyc use. It provides fast, packed arrays with integer and floating point\nvalue types, which can be \u003cstrong\u003eseveral times faster\u003c/strong\u003e than \u003ccode\u003elist\u003c/code\u003e, and tens of times faster\nthan \u003ccode\u003earray.array\u003c/code\u003e in code compiled using mypyc. It also supports nested \u003ccode\u003evec\u003c/code\u003e objects and\nnon-value-type items, such as \u003ccode\u003evec[vec[str]]\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eRefer to the \u003ca href=\"https://mypyc.readthedocs.io/en/latest/librt_vecs.html\"\u003edocumentation\u003c/a\u003e for\nthe details.\u003c/p\u003e\n\u003cp\u003eContributed by Jukka Lehtosalo.\u003c/p\u003e\n\u003ch3\u003elibrt.random: Fast Pseudo-Random Number Generation\u003c/h3\u003e\n\u003cp\u003eThe new \u003ccode\u003elibrt.random\u003c/code\u003e module provides fast pseudo-random number generation that is\noptimized for code compiled using mypyc. It can be 3x to 10x faster than the stdlib\n\u003ccode\u003erandom\u003c/code\u003e module in compiled code.\u003c/p\u003e\n\u003cp\u003eRefer to the \u003ca href=\"https://mypyc.readthedocs.io/en/latest/librt_random.html\"\u003edocumentation\u003c/a\u003e for\nthe details.\u003c/p\u003e\n\u003cp\u003eContributed by Jukka Lehtosalo (PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21433\"\u003e21433\u003c/a\u003e).\u003c/p\u003e\n\u003ch3\u003eMypyc Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMake compilation order with multiple files consistent (Piotr Sawicki, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21419\"\u003e21419\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash on accessing \u003ccode\u003eStopAsyncIteration\u003c/code\u003e (Piotr Sawicki, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21406\"\u003e21406\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix incremental compilation with \u003ccode\u003eseparate\u003c/code\u003e flag (Vaggelis Danias, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21299\"\u003e21299\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes to Crashes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix crash on partial type with \u003ccode\u003e--allow-redefinition\u003c/code\u003e and \u003ccode\u003eglobal\u003c/code\u003e declaration (Jukka Lehtosalo, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21428\"\u003e21428\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix broken awaitable generator patching (Ivan Levkivskyi, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21435\"\u003e21435\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges to Messages\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/c1c336d7e34eb313080c79b156518c58d27c7234\"\u003e\u003ccode\u003ec1c336d\u003c/code\u003e\u003c/a\u003e Remove +dev from version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/74df14b7cbf08140236aa45bbb7f42219b0b1df7\"\u003e\u003ccode\u003e74df14b\u003c/code\u003e\u003c/a\u003e Add changelog for mypy 2.1 (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21464\"\u003e#21464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/022d9bc96f86c40f338a5cf150f1806cc8f300ff\"\u003e\u003ccode\u003e022d9bc\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;TypeForm: Enable by default (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21262\"\u003e#21262\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/8826288214f1cb31496e610667481221e025359c\"\u003e\u003ccode\u003e8826288\u003c/code\u003e\u003c/a\u003e [mypyc] Document librt.random (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21463\"\u003e#21463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/3f4067b699dbe52d08e42ef3b3ebfdebdc06bd96\"\u003e\u003ccode\u003e3f4067b\u003c/code\u003e\u003c/a\u003e Bump librt version to 0.11.0 (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21458\"\u003e#21458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/2b1eb58a250c5f1eb4ef5fb1f312ff528c5a1d4e\"\u003e\u003ccode\u003e2b1eb58\u003c/code\u003e\u003c/a\u003e [mypyc] Enable incremental self-compilation (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21369\"\u003e#21369\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/8152f4af3f6c03beaf2660026240f0fdce7feecc\"\u003e\u003ccode\u003e8152f4a\u003c/code\u003e\u003c/a\u003e Respect file config comments for stale modules (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21444\"\u003e#21444\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/116d60bdd3fdfe8d97c6afe99370910db56f1b92\"\u003e\u003ccode\u003e116d60b\u003c/code\u003e\u003c/a\u003e Fix nondeterminism from nonassociativity of overload joins (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21455\"\u003e#21455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/6c4af8e42110cea3f84bc02add2ca7b89c268210\"\u003e\u003ccode\u003e6c4af8e\u003c/code\u003e\u003c/a\u003e Fix function call message change for small number of args (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21432\"\u003e#21432\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/4b8fdcaf24032592510e8f15421fb32d82a71800\"\u003e\u003ccode\u003e4b8fdca\u003c/code\u003e\u003c/a\u003e [mypyc] Add librt.random module (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21433\"\u003e#21433\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python/mypy/compare/v1.20.2...v2.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `yamllint` from 1.37.1 to 1.38.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/adrienverge/yamllint/blob/master/CHANGELOG.rst\"\u003eyamllint's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.38.0 (2026-01-13)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.14, drop support for Python 3.9\u003c/li\u003e\n\u003cli\u003eRequire pathspec ≥ 1.0.0\u003c/li\u003e\n\u003cli\u003eConfig: Follow gitignore implementation in \u003ccode\u003eyaml-files\u003c/code\u003e and \u003ccode\u003eignore\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eConfig: Use \u0026quot;mapping\u0026quot; instead of \u0026quot;dict\u0026quot; for user-facing errors\u003c/li\u003e\n\u003cli\u003eRule \u003ccode\u003eindentation\u003c/code\u003e: Fix error message for \u003ccode\u003echeck-multi-line-strings\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRule \u003ccode\u003equoted-strings\u003c/code\u003e: Add \u003ccode\u003equote-type: consistent\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDocs: Update the name of BSD ports\u003c/li\u003e\n\u003cli\u003eDocs: Enhance wording of recursive directory lint in README\u003c/li\u003e\n\u003cli\u003eDocs: Add Alpine Linux installation instructions in README\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adrienverge/yamllint/commit/cba56bcde1fdd01c1deb3f945e69764c291a6530\"\u003e\u003ccode\u003ecba56bc\u003c/code\u003e\u003c/a\u003e yamllint version 1.38.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adrienverge/yamllint/commit/9dc506b5a1e22a728a95321a7cdb829ba17de0e0\"\u003e\u003ccode\u003e9dc506b\u003c/code\u003e\u003c/a\u003e Require pathspec ≥ 1.0.0 and follow Git's gitignore implementation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adrienverge/yamllint/commit/73b9c0b54270076e2c76e2e6bfd428aa4203ed3a\"\u003e\u003ccode\u003e73b9c0b\u003c/code\u003e\u003c/a\u003e Drop support for Python 3.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adrienverge/yamllint/commit/22d07edd4903c71c4ea63d2e2e3880adde4604d6\"\u003e\u003ccode\u003e22d07ed\u003c/code\u003e\u003c/a\u003e indentation: Fix error message for check-multi-line-strings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adrienverge/yamllint/commit/cfbfe9b076b877fb9276a22ffb3d2726ead5866d\"\u003e\u003ccode\u003ecfbfe9b\u003c/code\u003e\u003c/a\u003e README: Add Alpine Linux installation instructions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adrienverge/yamllint/commit/a3b3bb31bb0e79fb6c43676314c89de00c667334\"\u003e\u003ccode\u003ea3b3bb3\u003c/code\u003e\u003c/a\u003e README: Enhance wording of recursive directory lint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adrienverge/yamllint/commit/e3b72f585b1bf8c779b7bae2f773b11a5fb80eb1\"\u003e\u003ccode\u003ee3b72f5\u003c/code\u003e\u003c/a\u003e quoted-strings: Add missing quote-type: consistent docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adrienverge/yamllint/commit/e3d54cc100f892fe79eac820ce35cfd633603e37\"\u003e\u003ccode\u003ee3d54cc\u003c/code\u003e\u003c/a\u003e quoted-strings: Add quote-type: consistent\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adrienverge/yamllint/commit/0b4ddc88c05ab3f20e3f8e5ffca7d04eccd290d6\"\u003e\u003ccode\u003e0b4ddc8\u003c/code\u003e\u003c/a\u003e CI: Update GitHub Actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adrienverge/yamllint/commit/866f805cbfaa4c89de8b92c3839eb80d46001eda\"\u003e\u003ccode\u003e866f805\u003c/code\u003e\u003c/a\u003e build: Remove license-files from pyproject.toml\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/adrienverge/yamllint/compare/v1.37.1...v1.38.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `conventional-pre-commit` from 4.3.0 to 4.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/compilerla/conventional-pre-commit/releases\"\u003econventional-pre-commit's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore(pre-commit): autoupdate hooks by \u003ca href=\"https://github.com/pre-commit-ci\"\u003e\u003ccode\u003e@​pre-commit-ci\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/compilerla/conventional-pre-commit/pull/141\"\u003ecompilerla/conventional-pre-commit#141\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: allow # in scope by \u003ca href=\"https://github.com/aeyoll\"\u003e\u003ccode\u003e@​aeyoll\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/compilerla/conventional-pre-commit/pull/148\"\u003ecompilerla/conventional-pre-commit#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(pre-commit): autoupdate hooks by \u003ca href=\"https://github.com/pre-commit-ci\"\u003e\u003ccode\u003e@​pre-commit-ci\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/compilerla/conventional-pre-commit/pull/144\"\u003ecompilerla/conventional-pre-commit#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/compilerla/conventional-pre-commit/pull/143\"\u003ecompilerla/conventional-pre-commit#143\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aeyoll\"\u003e\u003ccode\u003e@​aeyoll\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/compilerla/conventional-pre-commit/pull/148\"\u003ecompilerla/conventional-pre-commit#148\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/compilerla/conventional-pre-commit/compare/v4.3.0...v4.4.0\"\u003ehttps://github.com/compilerla/conventional-pre-commit/compare/v4.3.0...v4.4.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.4.0-pre1\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/compilerla/conventional-pre-commit/commit/91ab4bf57e58b32adf1a122681f6ebe164d081c8\"\u003e\u003ccode\u003e91ab4bf\u003c/code\u003e\u003c/a\u003e chore(deps): bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/compilerla/conventional-pre-commit/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/compilerla/conventional-pre-commit/commit/d397bc73fe8308af0ad8d8a05ad2d1bd135a845a\"\u003e\u003ccode\u003ed397bc7\u003c/code\u003e\u003c/a\u003e chore(pre-commit): autoupdate hooks (\u003ca href=\"https://redirect.github.com/compilerla/conventional-pre-commit/issues/144\"\u003e#144\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/compilerla/conventional-pre-commit/commit/800557d620dc67d8f45eedc2044072b25035db3f\"\u003e\u003ccode\u003e800557d\u003c/code\u003e\u003c/a\u003e feat: allow # in scope (\u003ca href=\"https://redirect.github.com/compilerla/conventional-pre-commit/issues/148\"\u003e#148\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/compilerla/conventional-pre-commit/commit/aed2b93edc89e7113ac4349f64a334c92ebe77b0\"\u003e\u003ccode\u003eaed2b93\u003c/code\u003e\u003c/a\u003e feat: allow # in scope\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/compilerla/conventional-pre-commit/commit/e20efe8e7d4849b03607afb9c2ed52bef773413b\"\u003e\u003ccode\u003ee20efe8\u003c/code\u003e\u003c/a\u003e chore(pre-commit): autofix run\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/compilerla/conventional-pre-commit/commit/980e24dc68bc3a507163d5a129041727df6d0f18\"\u003e\u003ccode\u003e980e24d\u003c/code\u003e\u003c/a\u003e chore(pre-commit): autoupdate hooks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/compilerla/conventional-pre-commit/commit/2ef4033308b9f783b3571433dfd1774d5ae58347\"\u003e\u003ccode\u003e2ef4033\u003c/code\u003e\u003c/a\u003e chore(deps): bump actions/checkout from 5 to 6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/compilerla/conventional-pre-commit/commit/fdde5f0251edbfc554795afdd6df71826d6602f3\"\u003e\u003ccode\u003efdde5f0\u003c/code\u003e\u003c/a\u003e chore(pre-commit): autoupdate hooks (\u003ca href=\"https://redirect.github.com/compilerla/conventional-pre-commit/issues/141\"\u003e#141\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/compilerla/conventional-pre-commit/commit/98b43bfa83970bdf88a7b27025b89f18886d6b1f\"\u003e\u003ccode\u003e98b43bf\u003c/code\u003e\u003c/a\u003e chore(pre-commit): autoupdate hooks\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/compilerla/conventional-pre-commit/compare/v4.3.0...v4.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `coverage` from 7.13.1 to 7.14.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst\"\u003ecoverage's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 7.14.0 — 2026-05-10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeature: now when running one of the reporting commands, if there are\nparallel data files that need combining, they will be implicitly combined\nbefore creating the report. There is no option to avoid the combination; let\nus know if you have a use case that requires it.  Thanks, \u003ccode\u003eTim Hatch \u0026lt;pull 2162_\u0026gt;\u003c/code\u003e\u003cem\u003e. Closes \u003ccode\u003eissue 1781\u003c/code\u003e\u003c/em\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the output from \u003ccode\u003ecombine\u003c/code\u003e was too verbose, listing each file\nconsidered. Now it shows a single line with the counts of files combined,\nfiles skipped, and files with errors. The \u003ccode\u003e-q\u003c/code\u003e flag suppresses this line.\nThe old detailed lines are available with the new \u003ccode\u003e--debug=combine\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: running a Python file through a symlink now sets the sys.path correctly,\nmatching regular Python behavior. Fixes \u003ccode\u003eissue 2157\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: \u003ccode\u003eCollector.flush_data\u003c/code\u003e could fail with \u0026quot;RuntimeError: Set changed\nsize during iteration\u0026quot; when a tracer in another thread added a line to the\nper-file set that \u003ccode\u003eadd_lines\u003c/code\u003e (or \u003ccode\u003eadd_arcs\u003c/code\u003e) was iterating. The values\npassed to \u003ccode\u003eCoverageData\u003c/code\u003e are now snapshotted via \u003ccode\u003edict.copy()\u003c/code\u003e and\n\u003ccode\u003eset.copy()\u003c/code\u003e, which are atomic under the GIL. Thanks, \u003ccode\u003eAlex Vandiver \u0026lt;pull 2165_\u0026gt;\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the soft keyword \u003ccode\u003elazy\u003c/code\u003e is now bolded in HTML reports.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWe are no longer testing eventlet support. Eventlet started issuing stern\ndeprecation warnings that break our tests. Our support code is still there.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _issue 1781: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/1781\"\u003ecoveragepy/coveragepy#1781\u003c/a\u003e\n.. _issue 2157: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2157\"\u003ecoveragepy/coveragepy#2157\u003c/a\u003e\n.. _pull 2162: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/pull/2162\"\u003ecoveragepy/coveragepy#2162\u003c/a\u003e\n.. _pull 2165: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/pull/2165\"\u003ecoveragepy/coveragepy#2165\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e.. _changes_7-13-5:\u003c/p\u003e\n\u003ch2\u003eVersion 7.13.5 — 2026-03-17\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix: \u003ccode\u003eissue 2138\u003c/code\u003e_ describes a memory leak that happened when repeatedly\nusing the Coverage API with in-memory data. This is now fixed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the markdown-formatted coverage report didn't fully escape special\ncharacters in file paths (\u003ccode\u003eissue 2141\u003c/code\u003e\u003cem\u003e). This would be very unlikely to\ncause a problem, but now it's done properly, thanks to \u003ccode\u003eEllie Ayla \u0026lt;pull 2142_\u0026gt;\u003c/code\u003e\u003c/em\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the C extension wouldn't build on VS2019, but now it does (\u003ccode\u003eissue 2145\u003c/code\u003e_).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/646351b60429f1b5760af6c1b97b28483244a955\"\u003e\u003ccode\u003e646351b\u003c/code\u003e\u003c/a\u003e docs: sample HTML for 7.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/39cd015505c8b04369c5b06e34fc22449a697370\"\u003e\u003ccode\u003e39cd015\u003c/code\u003e\u003c/a\u003e docs: prep for 7.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/649e8aa34af7d80c386ae82e8a3a6c9a3acb0dab\"\u003e\u003ccode\u003e649e8aa\u003c/code\u003e\u003c/a\u003e docs: thanks Alex Vandiver for \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2165\"\u003e#2165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/8cd392e3b5c4bc15d534aaec0c21714f9f518469\"\u003e\u003ccode\u003e8cd392e\u003c/code\u003e\u003c/a\u003e fix: snapshot data in Collector.flush_data to avoid threading race (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2165\"\u003e#2165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/c48e0edc2ebe44621b0053176e90f77b0c79bec1\"\u003e\u003ccode\u003ec48e0ed\u003c/code\u003e\u003c/a\u003e fix: less output for combining\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/c2a3a284078556c911e0d9b6c6af1b7082a363ea\"\u003e\u003ccode\u003ec2a3a28\u003c/code\u003e\u003c/a\u003e docs: explain the change from \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2162\"\u003e#2162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/1cd47aa6ac1da4e150da44055295d4e4f3a014e8\"\u003e\u003ccode\u003e1cd47aa\u003c/code\u003e\u003c/a\u003e fix: implicit combine-during-report now removes the combined data files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/2d99fd7696e0bccec8037479a4e45c1ecccb8058\"\u003e\u003ccode\u003e2d99fd7\u003c/code\u003e\u003c/a\u003e feat: automatically combine coverage in report, thanks Tim Hatch (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2162\"\u003e#2162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/9fbdcdfee1c122fac43f1bf9a5e2d1f4d835f21c\"\u003e\u003ccode\u003e9fbdcdf\u003c/code\u003e\u003c/a\u003e fix: lazy soft keywords are bolded\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/5de7d0267b9466d59995aaae1a7e707c8c6f66e7\"\u003e\u003ccode\u003e5de7d02\u003c/code\u003e\u003c/a\u003e build: oops, misplaced quote\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/coveragepy/coveragepy/compare/7.13.1...7.14.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tox` from 4.33.0 to 4.54.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/tox/releases\"\u003etox's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.54.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e🧪 test(conftest): strip broken nspkg.pth files under py3.15 by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/tox/pull/3937\"\u003etox-dev/tox#3937\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e✨ feat(packaging): declare tox.pytest deps via a testing extra by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/tox/pull/3940\"\u003etox-dev/tox#3940\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(schema): cover every replace form in the TOML schema by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/tox/pull/3941\"\u003etox-dev/tox#3941\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/tox/compare/4.53.1...4.54.0\"\u003ehttps://github.com/tox-dev/tox/compare/4.53.1...4.54.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.53.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(security): harden user-facing logs and untrusted inputs by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/tox/pull/3924\"\u003etox-dev/tox#3924\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(type): correct argparse override signatures for ty 0.0.33 by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/tox/pull/3932\"\u003etox-dev/tox#3932\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: allow deps arrays in TOML schema by \u003ca href=\"https://github.com/cyphercodes\"\u003e\u003ccode\u003e@​cyphercodes\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/tox/pull/3931\"\u003etox-dev/tox#3931\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphercodes\"\u003e\u003ccode\u003e@​cyphercodes\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/tox/pull/3931\"\u003etox-dev/tox#3931\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/tox/compare/4.53.0...4.53.1\"\u003ehttps://github.com/tox-dev/tox/compare/4.53.0...4.53.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.53.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e✨ feat(toml): allow bare range/labeled dicts in env_list by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/tox/pull/3923\"\u003etox-dev/tox#3923\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/tox/compare/4.52.1...4.53.0\"\u003ehttps://github.com/tox-dev/tox/compare/4.52.1...4.53.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.52.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003euse normalize_isa for architecture factor matching by \u003ca href=\"https://github.com/rahuldevikar\"\u003e\u003ccode\u003e@​rahuldevikar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/tox/pull/3919\"\u003etox-dev/tox#3919\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(pip): invalidate install cache on resolution env var changes by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/tox/pull/3921\"\u003etox-dev/tox#3921\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/tox/compare/4.52.0...4.52.1\"\u003ehttps://github.com/tox-dev/tox/compare/4.52.0...4.52.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.52.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eremove unsupported --remote flag from gh repo fork by \u003ca href=\"https://github.com/rahuldevikar\"\u003e\u003ccode\u003e@​rahuldevikar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/tox/pull/3908\"\u003etox-dev/tox#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e✨ feat(config): support escaped dots in -x override keys by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/tox/pull/3910\"\u003etox-dev/tox#3910\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(docs): auto-generate manpage from CLI parser by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/tox/pull/3911\"\u003etox-dev/tox#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/tox/blob/main/docs/changelog.rst\"\u003etox's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eFeatures - 4.54.0\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eDeclare the runtime dependencies of the \u003ccode\u003etox.pytest\u003c/code\u003e plugin (\u003ccode\u003epytest\u003c/code\u003e, \u003ccode\u003edevpi-process\u003c/code\u003e and \u003ccode\u003epytest-mock\u003c/code\u003e)\nunder a new \u003ccode\u003etesting\u003c/code\u003e extra, so plugin authors can pull them in via \u003ccode\u003etox[testing]\u003c/code\u003e - by :user:\u003ccode\u003egaborbernat\u003c/code\u003e.\n(:issue:\u003ccode\u003e3938\u003c/code\u003e, :issue:\u003ccode\u003e3940\u003c/code\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug fixes - 4.54.0\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eExtend the generated TOML schema to cover every \u003ccode\u003ereplace\u003c/code\u003e table form (\u003ccode\u003eenv\u003c/code\u003e, \u003ccode\u003eref\u003c/code\u003e, \u003ccode\u003eposargs\u003c/code\u003e, \u003ccode\u003eglob\u003c/code\u003e,\n\u003ccode\u003eif\u003c/code\u003e), including conditional replacements used inside \u003ccode\u003ecommands\u003c/code\u003e. A guard test asserts the schema stays in sync\nwith the loader implementation so future replace types cannot be added without a corresponding schema entry.\n(:issue:\u003ccode\u003e3939\u003c/code\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003ev4.53.1 (2026-05-02)\u003c/p\u003e\n\u003chr /\u003e\n\u003ch1\u003eBug fixes - 4.53.1\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eHardening pass on user-facing logging and config parsing:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMask secret-looking \u003ccode\u003e--key=value\u003c/code\u003e flag values in command logs (terminal warnings, \u003ccode\u003e.tox/\u0026lt;env\u0026gt;/log/*.log\u003c/code\u003e, and\n\u003ccode\u003eOutcome\u003c/code\u003e \u003ccode\u003e__repr__\u003c/code\u003e) using the same keyword regex previously applied to environment variable values.\u003c/li\u003e\n\u003cli\u003eResolve PEP 723 \u003ccode\u003escript\u003c/code\u003e paths and reject any that escape \u003ccode\u003etox_root\u003c/code\u003e; cap the script read at 5 MiB so a symlink\nto \u003ccode\u003e/dev/zero\u003c/code\u003e cannot exhaust memory.\u003c/li\u003e\n\u003cli\u003eReplace \u003ccode\u003eeval()\u003c/code\u003e of a constructed \u003ccode\u003eLiteral[...]\u003c/code\u003e string in the CLI parser with a direct\n\u003ccode\u003eLiteral[tuple(action.choices)]\u003c/code\u003e subscript.\u003c/li\u003e\n\u003cli\u003ePass \u003ccode\u003etimeout=30\u003c/code\u003e to \u003ccode\u003eurlopen\u003c/code\u003e when fetching a remote requirements file so a slow or unresponsive mirror cannot\nhang \u003ccode\u003etox\u003c/code\u003e indefinitely. (:issue:\u003ccode\u003e3924\u003c/code\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow the generated TOML schema to validate array values for \u003ccode\u003edeps\u003c/code\u003e. (:issue:\u003ccode\u003e3929\u003c/code\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCorrect type annotations for \u003ccode\u003eArgumentParser.parse_args\u003c/code\u003e and \u003ccode\u003eparse_known_args\u003c/code\u003e overrides following \u003ccode\u003etypeshed PR [#15613](https://github.com/tox-dev/tox/issues/15613) \u0026lt;https://github.com/python/typeshed/pull/15613\u0026gt;\u003c/code\u003e_, which widened the \u003ccode\u003eargs\u003c/code\u003e parameter from \u003ccode\u003eSequence[str]\u003c/code\u003e\nto \u003ccode\u003eIterable[str]\u003c/code\u003e. The narrower type in tox's overrides violated the Liskov substitution principle and caused\n\u003ccode\u003einvalid-method-override\u003c/code\u003e errors with \u003ccode\u003ety\u003c/code\u003e 0.0.33. Also correct the \u003ccode\u003eoption_spec\u003c/code\u003e annotation in\n\u003ccode\u003edocs/tox_conf.py\u003c/code\u003e to \u003ccode\u003eClassVar[dict[str, Callable[[str], Any]]]\u003c/code\u003e matching the docutils stubs type.\n(:issue:\u003ccode\u003e3932\u003c/code\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003ev4.53.0 (2026-04-14)\u003c/p\u003e\n\u003chr /\u003e\n\u003ch1\u003eFeatures - 4.53.0\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eTOML \u003ccode\u003eenv_list\u003c/code\u003e now accepts bare range dicts (\u003ccode\u003e{ prefix = \u0026quot;3.\u0026quot;, start = 12, stop = 14 }\u003c/code\u003e) and bare labeled dicts\n(\u003ccode\u003e{ ecosystem = [\u0026quot;oci\u0026quot;, \u0026quot;python\u0026quot;] }\u003c/code\u003e) as top-level items, removing the \u003ccode\u003e{ product = [...] }\u003c/code\u003e wrapper when there is\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/tox/commit/1f1fcc7a53665a827d8a304190696c6926ebb2eb\"\u003e\u003ccode\u003e1f1fcc7\u003c/code\u003e\u003c/a\u003e release 4.54.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/tox/commit/b35c8eedaf94906ed0e7938c7526dced550e6fa0\"\u003e\u003ccode\u003eb35c8ee\u003c/code\u003e\u003c/a\u003e 🐛 fix(schema): cover every replace form in the TOML schema (\u003ca href=\"https://redirect.github.com/tox-dev/tox/issues/3941\"\u003e#3941\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/tox/commit/6eb5c4f5eec439b3924d6adb3d9d16ea7fc88a20\"\u003e\u003ccode\u003e6eb5c4f\u003c/code\u003e\u003c/a\u003e ✨ feat(packaging): declare tox.pytest deps via a testing extra (\u003ca href=\"https://redirect.github.com/tox-dev/tox/issues/3940\"\u003e#3940\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/tox/commit/1ad47ddaab21c891f136a9627d1c6cdb6ea655d7\"\u003e\u003ccode\u003e1ad47dd\u003c/code\u003e\u003c/a\u003e 🧪 test(conftest): strip broken nspkg.pth files under py3.15 (\u003ca href=\"https://redirect.github.com/tox-dev/tox/issues/3937\"\u003e#3937\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/tox/commit/dfba9661b10aa5148daf7267b80fec50f4faa9d2\"\u003e\u003ccode\u003edfba966\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/tox/issues/3936\"\u003e#3936\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/tox/commit/21069af5f5b93774f88c271d5deb1389cd2caf12\"\u003e\u003ccode\u003e21069af\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/tox/issues/3933\"\u003e#3933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/tox/commit/2b177917e4c0208c3e380e43f8d32d507180d82e\"\u003e\u003ccode\u003e2b17791\u003c/code\u003e\u003c/a\u003e release 4.53.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/tox/commit/86234dd57fc6a6dbf801aa98a91642cb9daf1dc8\"\u003e\u003ccode\u003e86234dd\u003c/code\u003e\u003c/a\u003e fix: allow deps arrays in TOML schema (\u003ca href=\"https://redirect.github.com/tox-dev/tox/issues/3931\"\u003e#3931\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/tox/commit/dd305fe8f347c49fcd3bd63d5e56c912e4c428f2\"\u003e\u003ccode\u003edd305fe\u003c/code\u003e\u003c/a\u003e 🐛 fix(type): correct argparse override signatures for ty 0.0.33 (\u003ca href=\"https://redirect.github.com/tox-dev/tox/issues/3932\"\u003e#3932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/tox/commit/3aa3cd5d4226dfdb54de3de810cd9367390c6424\"\u003e\u003ccode\u003e3aa3cd5\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tox-dev/tox/compare/4.33.0...4.54.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-pyyaml` from 6.0.12.20250915 to 6.0.12.20260518\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-toml` from 0.10.8.20240310 to 0.10.8.20260518\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-colorama` from 0.4.15.20250801 to 0.4.15.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `commitizen` from 4.13.10 to 4.16.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/commitizen-tools/commitizen/releases\"\u003ecommitizen's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.16.2 (2026-05-15)\u003c/h2\u003e\n\u003ch3\u003eFix\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003etags\u003c/strong\u003e: widen prerelease and devrelease tag regexes for SemVer2 (\u003ca href=\"https://redirect.github.com/commitizen-tools/commitizen/issues/1972\"\u003e#1972\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.16.1 (2026-05-15)\u003c/h2\u003e\n\u003ch3\u003eFix\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecz_customize\u003c/strong\u003e: derive bump_map_major_version_zero from bump_map (\u003ca href=\"https://redirect.github.com/commitizen-tools/commitizen/issues/1977\"\u003e#1977\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.16.0 (2026-05-12)\u003c/h2\u003e\n\u003ch3\u003eFeat\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ehooks\u003c/strong\u003e: support interactive hooks scripts\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.15.1 (2026-05-06)\u003c/h2\u003e\n\u003ch3\u003eFix\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003esecurity\u003c/strong\u003e: prevent command injection via shell=True (CWE-78) (\u003ca href=\"https://redirect.github.com/commitizen-tools/commitizen/issues/1941\"\u003e#1941\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.15.0 (2026-05-03)\u003c/h2\u003e\n\u003ch3\u003eFeat\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eversion\u003c/strong\u003e: add MANUAL_VERSION, --next and --patch to version command (\u003ca href=\"https://redirect.github.com/commitizen-tools/commitizen/issues/1724\"\u003e#1724\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.14.0 (2026-05-03)\u003c/h2\u003e\n\u003ch3\u003eFeat\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003e--allow-no-commit\u003c/code\u003e to \u003ccode\u003echangelog\u003c/code\u003e command (\u003ca href=\"https://redirect.github.com/commitizen-tools/commitizen/issues/1868\"\u003e#1868\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/commitizen-tools/commitizen/commit/953e1ba4599cc3143122ed5c3e8de3d6dfd5524d\"\u003e\u003ccode\u003e953e1ba\u003c/code\u003e\u003c/a\u003e bump: version 4.16.1 → 4.16.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/commitizen-tools/commitizen/commit/c6b8c4455d8867d2b4fc31f4598f25f7a99968fe\"\u003e\u003ccode\u003ec6b8c44\u003c/code\u003e\u003c/a\u003e fix(tags): widen prerelease and devrelease tag regexes for SemVer2 (\u003ca href=\"https://redirect.github.com/commitizen-tools/commitizen/issues/1972\"\u003e#1972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/commitizen-tools/commitizen/commit/67151641260a5fd05fd61a1cddbf336a01108f6c\"\u003e\u003ccode\u003e6715164\u003c/code\u003e\u003c/a\u003e bump: version 4.16.0 → 4.16.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/commitizen-tools/commitizen/commit/3f8b8ca6f16c204c473c0aa17ccbee4970921da1\"\u003e\u003ccode\u003e3f8b8ca\u003c/code\u003e\u003c/a\u003e fix(cz_customize): derive bump_map_major_version_zero from bump_map (\u003ca href=\"https://redirect.github.com/commitizen-tools/commitizen/issues/1977\"\u003e#1977\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/commitizen-tools/commitizen/commit/1d89cc5f840c08e721431d2971bfa2b43fc4a633\"\u003e\u003ccode\u003e1d89cc5\u003c/code\u003e\u003c/a\u003e docs(cli/screenshots): update CLI screenshots\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/commitizen-tools/commitizen/commit/9707a58ba8c850259ece0fafc8108ba2f350e005\"\u003e\u003ccode\u003e9707a58\u003c/code\u003e\u003c/a\u003e bump: version 4.15.1 → 4.16.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/commitizen-tools/commitizen/commit/80b92f1e603912c89dd756f387df847c4338cd24\"\u003e\u003ccode\u003e80b92f1\u003c/code\u003e\u003c/a\u003e ci: place --no-raise before bump subcommand (\u003ca href=\"https://redirect.github.com/commitizen-tools/commitizen/issues/1954\"\u003e#1954\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/commitizen-tools/commitizen/commit/ecc4da436adac1e769d035a5f4684f6f087e6c39\"\u003e\u003ccode\u003eecc4da4\u003c/code\u003e\u003c/a\u003e docs(cli/screenshots): update CLI screenshots\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/commitizen-tools/commitizen/commit/ce07c7728c74600939244b649dd5754ef2b79507\"\u003e\u003ccode\u003ece07c77\u003c/code\u003e\u003c/a\u003e test: use match in pytest.raises (\u003ca href=\"https://redirect.github.com/commitizen-tools/commitizen/issues/1846\"\u003e#1846\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/commitizen-tools/commitizen/commit/9bd9e8b281e0e2229497f14b4d170e35b6f6be8f\"\u003e\u003ccode\u003e9bd9e8b\u003c/code\u003e\u003c/a\u003e docs(cli/screenshots): update CLI screenshots\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/commitizen-tools/commitizen/compare/v4.13.10...v4.16.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/bolajiwahab/pgrubic/pull/203","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/bolajiwahab%2Fpgrubic/issues/203","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/203/packages"}},{"old_version":"6.0.12.20260510","new_version":"6.0.12.20260518","update_type":null,"path":null,"pr_created_at":"2026-05-18T16:23:20.000Z","version_change":"6.0.12.20260510 → 6.0.12.20260518","issue":{"uuid":"4470752108","node_id":"PR_kwDOP_kul87cu2Q2","number":479,"state":"open","title":"deps(python)(deps-dev): bump types-pyyaml from 6.0.12.20260510 to 6.0.12.20260518","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":6,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-18T16:23:20.000Z","updated_at":"2026-05-21T00:03:09.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(python)(deps-dev)","packages":[{"name":"types-pyyaml","old_version":"6.0.12.20260510","new_version":"6.0.12.20260518","repository_url":"https://github.com/python/typeshed"}],"path":null,"ecosystem":"pip"},"body":"Bumps [types-pyyaml](https://github.com/python/typeshed) from 6.0.12.20260510 to 6.0.12.20260518.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e","html_url":"https://github.com/jimmy058910/jmo-security-repo/pull/479","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/jimmy058910%2Fjmo-security-repo/issues/479","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/479/packages"}},{"old_version":"6.0.12.20260408","new_version":"6.0.12.20260510","update_type":null,"path":null,"pr_created_at":"2026-05-17T18:11:01.000Z","version_change":"6.0.12.20260408 → 6.0.12.20260510","issue":{"uuid":"4464481432","node_id":"PR_kwDOCbJ3R87ca4Cv","number":4419,"state":"open","title":"deps(python)(deps-dev): bump the all-dependencies group with 9 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-17T18:11:01.000Z","updated_at":"2026-05-17T18:12:34.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(python)(deps-dev): bump","group_name":"all-dependencies","update_count":9,"packages":[{"name":"python-multipart","old_version":"0.0.27","new_version":"0.0.28","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"pydantic","old_version":"2.13.3","new_version":"2.13.4","repository_url":"https://github.com/pydantic/pydantic"},{"name":"types-aiofiles","old_version":"25.1.0.20260409","new_version":"25.1.0.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-python-dateutil","old_version":"2.9.0.20260408","new_version":"2.9.0.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-toml","old_version":"0.10.8.20260408","new_version":"0.10.8.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-protobuf","old_version":"7.34.1.20260503","new_version":"7.34.1.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-deprecated","old_version":"1.3.1.20260408","new_version":"1.3.1.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-pyyaml","old_version":"6.0.12.20260408","new_version":"6.0.12.20260510","repository_url":"https://github.com/python/typeshed"},{"name":"mypy","old_version":"1.20.2","new_version":"2.0.0","repository_url":"https://github.com/python/mypy"}],"path":null,"ecosystem":"pip"},"body":"Bumps the all-dependencies group with 9 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.27` | `0.0.28` |\n| [pydantic](https://github.com/pydantic/pydantic) | `2.13.3` | `2.13.4` |\n| [types-aiofiles](https://github.com/python/typeshed) | `25.1.0.20260409` | `25.1.0.20260508` |\n| [types-python-dateutil](https://github.com/python/typeshed) | `2.9.0.20260408` | `2.9.0.20260508` |\n| [types-toml](https://github.com/python/typeshed) | `0.10.8.20260408` | `0.10.8.20260508` |\n| [types-protobuf](https://github.com/python/typeshed) | `7.34.1.20260503` | `7.34.1.20260508` |\n| [types-deprecated](https://github.com/python/typeshed) | `1.3.1.20260408` | `1.3.1.20260508` |\n| [types-pyyaml](https://github.com/python/typeshed) | `6.0.12.20260408` | `6.0.12.20260510` |\n| [mypy](https://github.com/python/mypy) | `1.20.2` | `2.0.0` |\n\nUpdates `python-multipart` from 0.0.27 to 0.0.28\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.28\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up partial-boundary tail scan via \u003ccode\u003ebytes.find\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/281\"\u003eKludex/python-multipart#281\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCap multipart boundary length at 256 bytes by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/282\"\u003eKludex/python-multipart#282\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.27...0.0.28\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.27...0.0.28\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.28 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up partial-boundary tail scan via \u003ccode\u003ebytes.find\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/281\"\u003e#281\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCap multipart boundary length at 256 bytes \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/282\"\u003e#282\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/7d8d28b210ac6cb055399562b0dc0e5cf9aef14a\"\u003e\u003ccode\u003e7d8d28b\u003c/code\u003e\u003c/a\u003e Version 0.0.28 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/284\"\u003e#284\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/b0dd125457d0f98de23bf2f894aedb1a54639d4e\"\u003e\u003ccode\u003eb0dd125\u003c/code\u003e\u003c/a\u003e Cap multipart boundary length at 256 bytes (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/282\"\u003e#282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/d1b57392cf7d0c19235ba454eb5686fd27dc2384\"\u003e\u003ccode\u003ed1b5739\u003c/code\u003e\u003c/a\u003e Speed up partial-boundary tail scan via \u003ccode\u003ebytes.find\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/281\"\u003e#281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/09cb8c3da7638d45ecdf7c154832303214bba829\"\u003e\u003ccode\u003e09cb8c3\u003c/code\u003e\u003c/a\u003e Make the long_boundary benchmark dominated by the patched code path (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/280\"\u003e#280\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/a6467c93c14aa4b09ef65450ead8011c45e5c7a0\"\u003e\u003ccode\u003ea6467c9\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Switch CodSpeed benchmarks to walltime mode\u0026quot; (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/279\"\u003e#279\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/9a9690035a956fbdcca06f98461244cf790375a7\"\u003e\u003ccode\u003e9a96900\u003c/code\u003e\u003c/a\u003e Switch CodSpeed benchmarks to walltime mode (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/278\"\u003e#278\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/1fc7a626f566ae11bc63165260262b9a30af9008\"\u003e\u003ccode\u003e1fc7a62\u003c/code\u003e\u003c/a\u003e Make benchmark coverage trigger the partial-boundary fallback (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/277\"\u003e#277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/03df045810a216dceabbefc9dca7a33a264307bc\"\u003e\u003ccode\u003e03df045\u003c/code\u003e\u003c/a\u003e Add CodSpeed benchmark suite for parser hot paths (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/276\"\u003e#276\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/79a7c614953d0c91a1d6dc69759b4fbcd0fb44f3\"\u003e\u003ccode\u003e79a7c61\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 3 updates (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/273\"\u003e#273\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/bd29332f23429d06cf16226819f89b28a8288915\"\u003e\u003ccode\u003ebd29332\u003c/code\u003e\u003c/a\u003e Bump the github-actions group with 5 updates (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/274\"\u003e#274\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.27...0.0.28\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pydantic` from 2.13.3 to 2.13.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic/releases\"\u003epydantic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.13.4 2026-05-06\u003c/h2\u003e\n\u003ch2\u003ev2.13.4 (2026-05-06)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003ePackaging\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBump libc from 0.2.155 to 0.2.185 by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13109\"\u003e#13109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS by \u003ca href=\"https://github.com/washingtoneg\"\u003e\u003ccode\u003e@​washingtoneg\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13147\"\u003e#13147\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13129\"\u003e#13129\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic/blob/v2.13.4/HISTORY.md\"\u003epydantic's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.13.4 (2026-05-06)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.4\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003ePackaging\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBump libc from 0.2.155 to 0.2.185 by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13109\"\u003e#13109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS by \u003ca href=\"https://github.com/washingtoneg\"\u003e\u003ccode\u003e@​washingtoneg\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13147\"\u003e#13147\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13129\"\u003e#13129\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/cf67d4b3193c3fe43ede18612ed62785eee11382\"\u003e\u003ccode\u003ecf67d4b\u003c/code\u003e\u003c/a\u003e Fix linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/f0d8a214a5803036db46a56b1f62f1e56b81d662\"\u003e\u003ccode\u003ef0d8a21\u003c/code\u003e\u003c/a\u003e Prepare release v2.13.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/5e3fe1d41a00f441204241c66078003ae0391f9a\"\u003e\u003ccode\u003e5e3fe1d\u003c/code\u003e\u003c/a\u003e Check for pydantic tag pattern in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/7f9edcc2a191d2eaa9751220eb910914e716a686\"\u003e\u003ccode\u003e7f9edcc\u003c/code\u003e\u003c/a\u003e Document tagging conventions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/b46a0c9b8a4dd967fda8ec1a92f6437076bf262c\"\u003e\u003ccode\u003eb46a0c9\u003c/code\u003e\u003c/a\u003e Adapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/50629c851e61d887d5420452c311ec6203f1f400\"\u003e\u003ccode\u003e50629c8\u003c/code\u003e\u003c/a\u003e Update to PyPy 7.3.22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/8522ebb71e5e9a6f7188af5f009f01785b8cf725\"\u003e\u003ccode\u003e8522ebb\u003c/code\u003e\u003c/a\u003e Preserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/a37f3aff090ca342dc5f48304889963530b993f8\"\u003e\u003ccode\u003ea37f3af\u003c/code\u003e\u003c/a\u003e Adapt \u003ccode\u003eMISSING\u003c/code\u003e sentinel test to work with unreleased \u003ccode\u003etyping_extensions\u003c/code\u003e ver...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/909259a9df660518033aa686b689f045a6eaf9d2\"\u003e\u003ccode\u003e909259a\u003c/code\u003e\u003c/a\u003e Remove Logfire example in documentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/2c4174c366606fc2dc46cb806833a080aefa77df\"\u003e\u003ccode\u003e2c4174c\u003c/code\u003e\u003c/a\u003e Bump libc from 0.2.155 to 0.2.185\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-aiofiles` from 25.1.0.20260409 to 25.1.0.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-python-dateutil` from 2.9.0.20260408 to 2.9.0.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-toml` from 0.10.8.20260408 to 0.10.8.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-protobuf` from 7.34.1.20260503 to 7.34.1.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-deprecated` from 1.3.1.20260408 to 1.3.1.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-pyyaml` from 6.0.12.20260408 to 6.0.12.20260510\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mypy` from 1.20.2 to 2.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python/mypy/blob/master/CHANGELOG.md\"\u003emypy's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eMypy Release Notes\u003c/h1\u003e\n\u003ch2\u003eNext Release\u003c/h2\u003e\n\u003ch2\u003eMypy 2.1\u003c/h2\u003e\n\u003cp\u003eWe’ve just uploaded mypy 2.1.0 to the Python Package Index (\u003ca href=\"https://pypi.org/project/mypy/\"\u003ePyPI\u003c/a\u003e).\nMypy is a static type checker for Python. This release includes new features, performance\nimprovements and bug fixes. You can install it as follows:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epython3 -m pip install -U mypy\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eYou can read the full documentation for this release on \u003ca href=\"http://mypy.readthedocs.io\"\u003eRead the Docs\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003elibrt.vecs: Fast Growable Array Type for Mypyc\u003c/h3\u003e\n\u003cp\u003eThe new \u003ccode\u003elibrt.vecs\u003c/code\u003e module provides an efficient growable array type \u003ccode\u003evec\u003c/code\u003e that is\noptimized for mypyc use. It provides fast, packed arrays with integer and floating point\nvalue types, which can be \u003cstrong\u003eseveral times faster\u003c/strong\u003e than \u003ccode\u003elist\u003c/code\u003e, and tens of times faster\nthan \u003ccode\u003earray.array\u003c/code\u003e in code compiled using mypyc. It also supports nested \u003ccode\u003evec\u003c/code\u003e objects and\nnon-value-type items, such as \u003ccode\u003evec[vec[str]]\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eRefer to the \u003ca href=\"https://mypyc.readthedocs.io/en/latest/librt_vecs.html\"\u003edocumentation\u003c/a\u003e for\nthe details.\u003c/p\u003e\n\u003cp\u003eContributed by Jukka Lehtosalo.\u003c/p\u003e\n\u003ch3\u003elibrt.random: Fast Pseudo-Random Number Generation\u003c/h3\u003e\n\u003cp\u003eThe new \u003ccode\u003elibrt.random\u003c/code\u003e module provides fast pseudo-random number generation that is\noptimized for code compiled using mypyc. It can be 3x to 10x faster than the stdlib\n\u003ccode\u003erandom\u003c/code\u003e module in compiled code.\u003c/p\u003e\n\u003cp\u003eRefer to the \u003ca href=\"https://mypyc.readthedocs.io/en/latest/librt_random.html\"\u003edocumentation\u003c/a\u003e for\nthe details.\u003c/p\u003e\n\u003cp\u003eContributed by Jukka Lehtosalo (PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21433\"\u003e21433\u003c/a\u003e).\u003c/p\u003e\n\u003ch3\u003eMypyc Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMake compilation order with multiple files consistent (Piotr Sawicki, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21419\"\u003e21419\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash on accessing \u003ccode\u003eStopAsyncIteration\u003c/code\u003e (Piotr Sawicki, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21406\"\u003e21406\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix incremental compilation with \u003ccode\u003eseparate\u003c/code\u003e flag (Vaggelis Danias, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21299\"\u003e21299\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes to Crashes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix crash on partial type with \u003ccode\u003e--allow-redefinition\u003c/code\u003e and \u003ccode\u003eglobal\u003c/code\u003e declaration (Jukka Lehtosalo, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21428\"\u003e21428\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix broken awaitable generator patching (Ivan Levkivskyi, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21435\"\u003e21435\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges to Messages\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/7a765008a138ec46c579bfc6ef608860cab36033\"\u003e\u003ccode\u003e7a76500\u003c/code\u003e\u003c/a\u003e Remove +dev from version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/5a3ab3b29f03d8baafeced3761e1afc8bd58be79\"\u003e\u003ccode\u003e5a3ab3b\u003c/code\u003e\u003c/a\u003e Changelog for mypy 2.0 (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21422\"\u003e#21422\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/f9c86e21e88f96806c65790d604bf1264db39434\"\u003e\u003ccode\u003ef9c86e2\u003c/code\u003e\u003c/a\u003e Some changelog updates for 2.0 (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21413\"\u003e#21413\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/519eaf15e0ceafae30337083577a54c7d3f3b4fe\"\u003e\u003ccode\u003e519eaf1\u003c/code\u003e\u003c/a\u003e Bump librt to 0.10.0 (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21415\"\u003e#21415\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/158a6207d6e221cc403e1d556097b5abf5157cdd\"\u003e\u003ccode\u003e158a620\u003c/code\u003e\u003c/a\u003e Fix negative narrowing for containers (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21411\"\u003e#21411\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/e556eb93a3c551a320a536879ce0a1608d14d490\"\u003e\u003ccode\u003ee556eb9\u003c/code\u003e\u003c/a\u003e Try fixing mypy mypyc wheels (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21392\"\u003e#21392\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/f2c97971f5f4dcd749cf87df1e1308ab5754490a\"\u003e\u003ccode\u003ef2c9797\u003c/code\u003e\u003c/a\u003e Expose --num-workers and --native-parser (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21387\"\u003e#21387\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/db0cb2f7c68b0f9d43d6ee1ab68117c1550dac39\"\u003e\u003ccode\u003edb0cb2f\u003c/code\u003e\u003c/a\u003e Bump ast-serialize cache version (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21388\"\u003e#21388\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/1090ca6d476f629c566250a41204450043a47cf5\"\u003e\u003ccode\u003e1090ca6\u003c/code\u003e\u003c/a\u003e Bump ast-serialize version to 0.3.0 only (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21391\"\u003e#21391\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/714ca9f2ac76e7c6dd56e26fd555f69313ba47ab\"\u003e\u003ccode\u003e714ca9f\u003c/code\u003e\u003c/a\u003e [mypyc] Add note about librt.strings thread safety (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21383\"\u003e#21383\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python/mypy/compare/v1.20.2...v2.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/strawberry-graphql/strawberry/pull/4419","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/strawberry-graphql%2Fstrawberry/issues/4419","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/4419/packages"}},{"old_version":"6.0.12.20260408","new_version":"6.0.12.20260510","update_type":null,"path":null,"pr_created_at":"2026-05-16T09:46:34.000Z","version_change":"6.0.12.20260408 → 6.0.12.20260510","issue":{"uuid":"4459469007","node_id":"PR_kwDOSGPLhc7cMKOp","number":24,"state":"open","title":"Bump the uv group across 1 directory with 7 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-16T09:46:34.000Z","updated_at":"2026-05-16T09:47:08.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"uv","update_count":7,"packages":[{"name":"orjson","old_version":"3.11.8","new_version":"3.11.9","repository_url":"https://github.com/ijl/orjson"},{"name":"pydantic-settings","old_version":"2.14.0","new_version":"2.14.1","repository_url":"https://github.com/pydantic/pydantic-settings"},{"name":"litellm","old_version":"1.83.14","new_version":"1.84.0","repository_url":"https://github.com/BerriAI/litellm"},{"name":"uv","old_version":"0.11.8","new_version":"0.11.14","repository_url":"https://github.com/astral-sh/uv"},{"name":"types-pyyaml","old_version":"6.0.12.20260408","new_version":"6.0.12.20260510","repository_url":"https://github.com/python/typeshed"},{"name":"coverage","old_version":"7.13.5","new_version":"7.14.0","repository_url":"https://github.com/coveragepy/coveragepy"},{"name":"zensical","old_version":"0.0.39","new_version":"0.0.42","repository_url":"https://github.com/zensical/zensical"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 7 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [orjson](https://github.com/ijl/orjson) | `3.11.8` | `3.11.9` |\n| [pydantic-settings](https://github.com/pydantic/pydantic-settings) | `2.14.0` | `2.14.1` |\n| [litellm](https://github.com/BerriAI/litellm) | `1.83.14` | `1.84.0` |\n| [uv](https://github.com/astral-sh/uv) | `0.11.8` | `0.11.14` |\n| [types-pyyaml](https://github.com/python/typeshed) | `6.0.12.20260408` | `6.0.12.20260510` |\n| [coverage](https://github.com/coveragepy/coveragepy) | `7.13.5` | `7.14.0` |\n| [zensical](https://github.com/zensical/zensical) | `0.0.39` | `0.0.42` |\n\n\nUpdates `orjson` from 3.11.8 to 3.11.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ijl/orjson/releases\"\u003eorjson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.11.9\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBuild now depends on Rust 1.95 or later instead of 1.89.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix building on Rust 1.95.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ijl/orjson/blob/master/CHANGELOG.md\"\u003eorjson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.11.9 - 2026-05-06\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBuild now depends on Rust 1.95 or later instead of 1.89.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix building on Rust 1.95.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/705515d77b28429d0b7c30c3d781abe52e8a1e5a\"\u003e\u003ccode\u003e705515d\u003c/code\u003e\u003c/a\u003e 3.11.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/d19055d5bab432f98d53b71606a9c6c23fb21bf6\"\u003e\u003ccode\u003ed19055d\u003c/code\u003e\u003c/a\u003e build update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/77e2d96c3febe099cde2447856fe2523d68c71b0\"\u003e\u003ccode\u003e77e2d96\u003c/code\u003e\u003c/a\u003e MSRV 1.95, remove compiler feature detection\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ijl/orjson/compare/3.11.8...3.11.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pydantic-settings` from 2.14.0 to 2.14.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic-settings/releases\"\u003epydantic-settings's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the python-packages group with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/850\"\u003epydantic/pydantic-settings#850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 5 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/854\"\u003epydantic/pydantic-settings#854\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the github-actions group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/853\"\u003epydantic/pydantic-settings#853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/856\"\u003epydantic/pydantic-settings#856\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix field named \u003ccode\u003ecls\u003c/code\u003e conflicting with classmethod parameter by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/858\"\u003epydantic/pydantic-settings#858\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare release 2.14.1 by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/859\"\u003epydantic/pydantic-settings#859\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic-settings/compare/v2.14.0...v2.14.1\"\u003ehttps://github.com/pydantic/pydantic-settings/compare/v2.14.0...v2.14.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/e95c30bec8cfaee88ee275138c064aea97a25bdf\"\u003e\u003ccode\u003ee95c30b\u003c/code\u003e\u003c/a\u003e Prepare release 2.14.1 (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/859\"\u003e#859\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/0c8734581b6cf70a995afad603ac456631d00621\"\u003e\u003ccode\u003e0c87345\u003c/code\u003e\u003c/a\u003e Fix field named \u003ccode\u003ecls\u003c/code\u003e conflicting with classmethod parameter (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/858\"\u003e#858\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/7bd0072795a800065b42210b6dca90fc9b83daf7\"\u003e\u003ccode\u003e7bd0072\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 2 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/856\"\u003e#856\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/b03e573d017ed48e1c2774a5e0b715db9766c76b\"\u003e\u003ccode\u003eb03e573\u003c/code\u003e\u003c/a\u003e Bump the github-actions group with 3 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/853\"\u003e#853\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/eaa3b434938411ec8a3717ea646614561e713f51\"\u003e\u003ccode\u003eeaa3b43\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 5 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/854\"\u003e#854\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/9f95615c24c6813c1d7d203576581a79cb6d9e8e\"\u003e\u003ccode\u003e9f95615\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 4 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/850\"\u003e#850\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pydantic/pydantic-settings/compare/v2.14.0...v2.14.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `litellm` from 1.83.14 to 1.84.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/BerriAI/litellm/commits/v1.84.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uv` from 0.11.8 to 0.11.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/uv/releases\"\u003euv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.11.14\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-12.\u003c/p\u003e\n\u003ch3\u003eEnhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Astral mirror URL override (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19206\"\u003e#19206\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIgnore \u003ccode\u003etop_level.txt\u003c/code\u003e entries in uninstall that are not valid Python identifiers (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19340\"\u003e#19340\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid applying \u003ccode\u003e.env\u003c/code\u003e files in parent process (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19343\"\u003e#19343\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFilter ANSI codes in logging output (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19311\"\u003e#19311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003euv tree\u003c/code\u003e showing extra-conditional deps for packages required without extras (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19332\"\u003e#19332\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRespect build options (e.g., \u003ccode\u003e--no-build\u003c/code\u003e) during lock validation (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19366\"\u003e#19366\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eInstall uv 0.11.14\u003c/h2\u003e\n\u003ch3\u003eInstall prebuilt binaries via shell script\u003c/h3\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003ecurl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-installer.sh | sh\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch3\u003eInstall prebuilt binaries via powershell script\u003c/h3\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003epowershell -ExecutionPolicy Bypass -c \u0026quot;irm https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-installer.ps1 | iex\u0026quot;\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eDownload uv 0.11.14\u003c/h2\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003eFile\u003c/th\u003e\n\u003cth\u003ePlatform\u003c/th\u003e\n\u003cth\u003eChecksum\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-aarch64-apple-darwin.tar.gz\"\u003euv-aarch64-apple-darwin.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eApple Silicon macOS\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-aarch64-apple-darwin.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-x86_64-apple-darwin.tar.gz\"\u003euv-x86_64-apple-darwin.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eIntel macOS\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-x86_64-apple-darwin.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-aarch64-pc-windows-msvc.zip\"\u003euv-aarch64-pc-windows-msvc.zip\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eARM64 Windows\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-aarch64-pc-windows-msvc.zip.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-i686-pc-windows-msvc.zip\"\u003euv-i686-pc-windows-msvc.zip\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003ex86 Windows\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-i686-pc-windows-msvc.zip.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-x86_64-pc-windows-msvc.zip\"\u003euv-x86_64-pc-windows-msvc.zip\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003ex64 Windows\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-x86_64-pc-windows-msvc.zip.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-aarch64-unknown-linux-gnu.tar.gz\"\u003euv-aarch64-unknown-linux-gnu.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eARM64 Linux\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-aarch64-unknown-linux-gnu.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-i686-unknown-linux-gnu.tar.gz\"\u003euv-i686-unknown-linux-gnu.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003ex86 Linux\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-i686-unknown-linux-gnu.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-powerpc64le-unknown-linux-gnu.tar.gz\"\u003euv-powerpc64le-unknown-linux-gnu.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003ePPC64LE Linux\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-powerpc64le-unknown-linux-gnu.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-riscv64gc-unknown-linux-gnu.tar.gz\"\u003euv-riscv64gc-unknown-linux-gnu.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eRISCV Linux\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-riscv64gc-unknown-linux-gnu.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-s390x-unknown-linux-gnu.tar.gz\"\u003euv-s390x-unknown-linux-gnu.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eS390x Linux\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-s390x-unknown-linux-gnu.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-x86_64-unknown-linux-gnu.tar.gz\"\u003euv-x86_64-unknown-linux-gnu.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003ex64 Linux\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-x86_64-unknown-linux-gnu.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-armv7-unknown-linux-gnueabihf.tar.gz\"\u003euv-armv7-unknown-linux-gnueabihf.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eARMv7 Linux\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-armv7-unknown-linux-gnueabihf.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-aarch64-unknown-linux-musl.tar.gz\"\u003euv-aarch64-unknown-linux-musl.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eARM64 MUSL Linux\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-aarch64-unknown-linux-musl.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-i686-unknown-linux-musl.tar.gz\"\u003euv-i686-unknown-linux-musl.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003ex86 MUSL Linux\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-i686-unknown-linux-musl.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-riscv64gc-unknown-linux-musl.tar.gz\"\u003euv-riscv64gc-unknown-linux-musl.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eRISCV MUSL Linux\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.14/uv-riscv64gc-unknown-linux-musl.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/uv/blob/main/CHANGELOG.md\"\u003euv's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.11.14\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-12.\u003c/p\u003e\n\u003ch3\u003eEnhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Astral mirror URL override (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19206\"\u003e#19206\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIgnore \u003ccode\u003etop_level.txt\u003c/code\u003e entries in uninstall that are not valid Python identifiers (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19340\"\u003e#19340\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid applying \u003ccode\u003e.env\u003c/code\u003e files in parent process (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19343\"\u003e#19343\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFilter ANSI codes in logging output (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19311\"\u003e#19311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003euv tree\u003c/code\u003e showing extra-conditional deps for packages required without extras (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19332\"\u003e#19332\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRespect build options (e.g., \u003ccode\u003e--no-build\u003c/code\u003e) during lock validation (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19366\"\u003e#19366\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.11.13\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-10.\u003c/p\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eInclude data files in editable builds (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19312\"\u003e#19312\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRespect \u003ccode\u003e--require-hashes\u003c/code\u003e when installing from \u003ccode\u003epylock.toml\u003c/code\u003e files (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19334\"\u003e#19334\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePython\u003c/h3\u003e\n\u003ch3\u003ePython\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd CPython 3.14.5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.11.12\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-08.\u003c/p\u003e\n\u003ch3\u003ePython\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd CPython 3.15.0b1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003e--no-editable\u003c/code\u003e support to \u003ccode\u003euv pip install\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19306\"\u003e#19306\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequire git refs in URLs to be percent-encoded (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19320\"\u003e#19320\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRespect \u003ccode\u003e--no-dev\u003c/code\u003e over \u003ccode\u003eUV_DEV=1\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19313\"\u003e#19313\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't suggest non-existent \u003ccode\u003e--no-frozen\u003c/code\u003e flag (\u003ca href=\"https://redirect.github.com/astral-sh/uv/issues/19290\"\u003e#19290\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19294\"\u003e#19294\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/uv/commit/3fdfdc7d4a63c9f283eb751823b7628b13116684\"\u003e\u003ccode\u003e3fdfdc7\u003c/code\u003e\u003c/a\u003e Bump version to 0.11.14 (\u003ca href=\"https://redirect.github.com/astral-sh/uv/issues/19377\"\u003e#19377\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/uv/commit/634b03f972330183295adae438ec90e76105593e\"\u003e\u003ccode\u003e634b03f\u003c/code\u003e\u003c/a\u003e Document \u003ccode\u003euv auth helper\u003c/code\u003e for Bazel credential helper use (\u003ca href=\"https://redirect.github.com/astral-sh/uv/issues/19358\"\u003e#19358\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/uv/commit/601c2b80421544fc0f18bedd2d141308e8acbfd1\"\u003e\u003ccode\u003e601c2b8\u003c/code\u003e\u003c/a\u003e Respect build options (e.g., \u003ccode\u003e--no-build\u003c/code\u003e) during lock validation (\u003ca href=\"https://redirect.github.com/astral-sh/uv/issues/19366\"\u003e#19366\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/uv/commit/7d6590313139e075eac190a3611238072e7c3cdf\"\u003e\u003ccode\u003e7d65903\u003c/code\u003e\u003c/a\u003e Add Astral mirror URL override (\u003ca href=\"https://redirect.github.com/astral-sh/uv/issues/19206\"\u003e#19206\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/uv/commit/685c32c51de5f21cdffe1311d6265b9dbebe2a03\"\u003e\u003ccode\u003e685c32c\u003c/code\u003e\u003c/a\u003e Ignore \u003ccode\u003etop_level.txt\u003c/code\u003e entries in uninstall that are not valid Python identif...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/uv/commit/374fcaa56aa46a2923eed31fe0df7a4a7a14c477\"\u003e\u003ccode\u003e374fcaa\u003c/code\u003e\u003c/a\u003e Fix JUnit upload on Windows runners (\u003ca href=\"https://redirect.github.com/astral-sh/uv/issues/19370\"\u003e#19370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/uv/commit/96b43afadc2add190895b20282e83023a08bd0e7\"\u003e\u003ccode\u003e96b43af\u003c/code\u003e\u003c/a\u003e Ensure publish to crates.io is idempotent (\u003ca href=\"https://redirect.github.com/astral-sh/uv/issues/19361\"\u003e#19361\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/uv/commit/b2bd71a82c172926d6fb76ecbbad9c61c6e706b1\"\u003e\u003ccode\u003eb2bd71a\u003c/code\u003e\u003c/a\u003e Filter ANSI codes in logging output (\u003ca href=\"https://redirect.github.com/astral-sh/uv/issues/19311\"\u003e#19311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/uv/commit/81e7f8ccbbd3ed407f32312743fe138d36411cff\"\u003e\u003ccode\u003e81e7f8c\u003c/code\u003e\u003c/a\u003e Update Rust crate junction to v2 (\u003ca href=\"https://redirect.github.com/astral-sh/uv/issues/19353\"\u003e#19353\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/uv/commit/9f21ff88867f59e84bc82f7422492b998aba6e30\"\u003e\u003ccode\u003e9f21ff8\u003c/code\u003e\u003c/a\u003e Avoid applying \u003ccode\u003e.env\u003c/code\u003e files in parent process (\u003ca href=\"https://redirect.github.com/astral-sh/uv/issues/19343\"\u003e#19343\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/astral-sh/uv/compare/0.11.8...0.11.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-pyyaml` from 6.0.12.20260408 to 6.0.12.20260510\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `coverage` from 7.13.5 to 7.14.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst\"\u003ecoverage's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 7.14.0 — 2026-05-10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeature: now when running one of the reporting commands, if there are\nparallel data files that need combining, they will be implicitly combined\nbefore creating the report. There is no option to avoid the combination; let\nus know if you have a use case that requires it.  Thanks, \u003ccode\u003eTim Hatch \u0026lt;pull 2162_\u0026gt;\u003c/code\u003e\u003cem\u003e. Closes \u003ccode\u003eissue 1781\u003c/code\u003e\u003c/em\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the output from \u003ccode\u003ecombine\u003c/code\u003e was too verbose, listing each file\nconsidered. Now it shows a single line with the counts of files combined,\nfiles skipped, and files with errors. The \u003ccode\u003e-q\u003c/code\u003e flag suppresses this line.\nThe old detailed lines are available with the new \u003ccode\u003e--debug=combine\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: running a Python file through a symlink now sets the sys.path correctly,\nmatching regular Python behavior. Fixes \u003ccode\u003eissue 2157\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: \u003ccode\u003eCollector.flush_data\u003c/code\u003e could fail with \u0026quot;RuntimeError: Set changed\nsize during iteration\u0026quot; when a tracer in another thread added a line to the\nper-file set that \u003ccode\u003eadd_lines\u003c/code\u003e (or \u003ccode\u003eadd_arcs\u003c/code\u003e) was iterating. The values\npassed to \u003ccode\u003eCoverageData\u003c/code\u003e are now snapshotted via \u003ccode\u003edict.copy()\u003c/code\u003e and\n\u003ccode\u003eset.copy()\u003c/code\u003e, which are atomic under the GIL. Thanks, \u003ccode\u003eAlex Vandiver \u0026lt;pull 2165_\u0026gt;\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the soft keyword \u003ccode\u003elazy\u003c/code\u003e is now bolded in HTML reports.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWe are no longer testing eventlet support. Eventlet started issuing stern\ndeprecation warnings that break our tests. Our support code is still there.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _issue 1781: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/1781\"\u003ecoveragepy/coveragepy#1781\u003c/a\u003e\n.. _issue 2157: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2157\"\u003ecoveragepy/coveragepy#2157\u003c/a\u003e\n.. _pull 2162: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/pull/2162\"\u003ecoveragepy/coveragepy#2162\u003c/a\u003e\n.. _pull 2165: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/pull/2165\"\u003ecoveragepy/coveragepy#2165\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e.. _changes_7-13-5:\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/646351b60429f1b5760af6c1b97b28483244a955\"\u003e\u003ccode\u003e646351b\u003c/code\u003e\u003c/a\u003e docs: sample HTML for 7.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/39cd015505c8b04369c5b06e34fc22449a697370\"\u003e\u003ccode\u003e39cd015\u003c/code\u003e\u003c/a\u003e docs: prep for 7.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/649e8aa34af7d80c386ae82e8a3a6c9a3acb0dab\"\u003e\u003ccode\u003e649e8aa\u003c/code\u003e\u003c/a\u003e docs: thanks Alex Vandiver for \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2165\"\u003e#2165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/8cd392e3b5c4bc15d534aaec0c21714f9f518469\"\u003e\u003ccode\u003e8cd392e\u003c/code\u003e\u003c/a\u003e fix: snapshot data in Collector.flush_data to avoid threading race (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2165\"\u003e#2165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/c48e0edc2ebe44621b0053176e90f77b0c79bec1\"\u003e\u003ccode\u003ec48e0ed\u003c/code\u003e\u003c/a\u003e fix: less output for combining\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/c2a3a284078556c911e0d9b6c6af1b7082a363ea\"\u003e\u003ccode\u003ec2a3a28\u003c/code\u003e\u003c/a\u003e docs: explain the change from \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2162\"\u003e#2162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/1cd47aa6ac1da4e150da44055295d4e4f3a014e8\"\u003e\u003ccode\u003e1cd47aa\u003c/code\u003e\u003c/a\u003e fix: implicit combine-during-report now removes the combined data files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/2d99fd7696e0bccec8037479a4e45c1ecccb8058\"\u003e\u003ccode\u003e2d99fd7\u003c/code\u003e\u003c/a\u003e feat: automatically combine coverage in report, thanks Tim Hatch (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2162\"\u003e#2162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/9fbdcdfee1c122fac43f1bf9a5e2d1f4d835f21c\"\u003e\u003ccode\u003e9fbdcdf\u003c/code\u003e\u003c/a\u003e fix: lazy soft keywords are bolded\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/5de7d0267b9466d59995aaae1a7e707c8c6f66e7\"\u003e\u003ccode\u003e5de7d02\u003c/code\u003e\u003c/a\u003e build: oops, misplaced quote\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/coveragepy/coveragepy/compare/7.13.5...7.14.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `zensical` from 0.0.39 to 0.0.42\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zensical/zensical/releases\"\u003ezensical's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.42\u003c/h2\u003e\n\u003ch2\u003eSummary\u003c/h2\u003e\n\u003cp\u003eThis version includes a number of bug fixes and refactorings to improve the stability and accuracy of link validation, and fixes a reload loop when the \u003ccode\u003ecustom_dir\u003c/code\u003e, which is auto-watched, is explicitly added to \u003ccode\u003ewatch\u003c/code\u003e. Moreover, GLightbox is now only downloaded when needed, which fixes an issue when using Zensical in air-gapped environments.\u003c/p\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e6b54e14 \u003cstrong\u003eui\u003c/strong\u003e – update ui to v0.0.18\u003c/li\u003e\n\u003cli\u003ecdee1e8 \u003cstrong\u003ezensical\u003c/strong\u003e – disabling link validation doesn't disable link and reference collection (\u003ca href=\"https://redirect.github.com/zensical/zensical/issues/659\"\u003e#659\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e4355dad \u003cstrong\u003ecompat\u003c/strong\u003e – harden link validation for files with CRLF line endings\u003c/li\u003e\n\u003cli\u003ea418c6b \u003cstrong\u003ecompat\u003c/strong\u003e – link validation doesn't ignore fenced code blocks when \u003ccode\u003e\\r\u003c/code\u003e is present\u003c/li\u003e\n\u003cli\u003eb31dd14 \u003cstrong\u003ecompat\u003c/strong\u003e – \u003ccode\u003e$\u003c/code\u003e at end of line breaks link validation (\u003ca href=\"https://redirect.github.com/zensical/zensical/issues/659\"\u003e#659\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e17c67a2 \u003cstrong\u003ecompat\u003c/strong\u003e – remove abbreviations from table of contents (\u003ca href=\"https://redirect.github.com/zensical/zensical/issues/669\"\u003e#669\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e6eb2f4d \u003cstrong\u003ecompat\u003c/strong\u003e – reserve theme name \u003ccode\u003ezensical\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ea5a8641 \u003cstrong\u003ezensical\u003c/strong\u003e – only wait for config update after a first successful build (\u003ca href=\"https://redirect.github.com/zensical/zensical/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e8207554 \u003cstrong\u003ecompat\u003c/strong\u003e – don't consider \u003ccode\u003e[]\u003c/code\u003e and \u003ccode\u003e[][]\u003c/code\u003e link references (\u003ca href=\"https://redirect.github.com/zensical/zensical/issues/663\"\u003e#663\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ec338b27 \u003cstrong\u003ecompat\u003c/strong\u003e – two backticks with no closing run trip up link parser  (\u003ca href=\"https://redirect.github.com/zensical/zensical/issues/663\"\u003e#663\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/zensical/zensical/issues/665\"\u003e#665\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ed707aa9 \u003cstrong\u003ecompat\u003c/strong\u003e – prevent reload loop by de-duplicating watched theme files (\u003ca href=\"https://redirect.github.com/zensical/zensical/issues/655\"\u003e#655\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRefactorings\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e53f593f \u003cstrong\u003ecompat\u003c/strong\u003e – avoid mutating configurations list\u003c/li\u003e\n\u003cli\u003ea77087a \u003cstrong\u003ecompat\u003c/strong\u003e – reorganize config module\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.41\u003c/h2\u003e\n\u003ch2\u003eSummary\u003c/h2\u003e\n\u003cp\u003eThis version adds support for \u003ca href=\"https://zensical.org/docs/setup/extensions/macros/#reading-tabular-data\"\u003eintegrating tabular data\u003c/a\u003e as Markdown tables, covering the functionality of the \u003ca href=\"https://pypi.org/project/mkdocs-table-reader-plugin/\"\u003emkdocs-table-reader-plugin\u003c/a\u003e, as well as the \u003ca href=\"https://zensical.org/docs/setup/basics/#watch\"\u003e\u003ccode\u003ewatch\u003c/code\u003e\u003c/a\u003e option to automatically rebuild on changes in unmonitored files. Table reading is implemented as part of \u003ca href=\"https://zensical.org/docs/setup/extensions/macros/\"\u003emacros\u003c/a\u003e, which we shipped in \u003ca href=\"https://github.com/zensical/zensical/releases/tag/v0.0.40\"\u003e0.0.40\u003c/a\u003e. You can now embed CSV and other file formats with:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e{{ read_csv(\u0026quot;data/team.csv\u0026quot;) }}\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eAdditionally, the stability of link \u003ca href=\"https://zensical.org/docs/setup/validation/\"\u003evalidation\u003c/a\u003e has been drastically improved, reducing the rate of false positives. We're working on support for validating links using \u003ca href=\"https://mkdocstrings.github.io/autorefs/\"\u003eautorefs\u003c/a\u003e, which we'll provide in one of the next versions.\u003c/p\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ed24ea24 \u003cstrong\u003ecompat\u003c/strong\u003e – support table reader functionality\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zensical/zensical/commit/7a141c5678ebcedb05e8b4be8f8d6f8bce990943\"\u003e\u003ccode\u003e7a141c5\u003c/code\u003e\u003c/a\u003e chore: release v0.0.42\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zensical/zensical/commit/6b54e140c8a40fc6328a8dd4bbf87629fa1a8c87\"\u003e\u003ccode\u003e6b54e14\u003c/code\u003e\u003c/a\u003e fix: update ui to v0.0.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zensical/zensical/commit/cdee1e8bc77e83ebbb089cab0b5a0984cc6305cc\"\u003e\u003ccode\u003ecdee1e8\u003c/code\u003e\u003c/a\u003e fix: disabling link validation doesn't disable link and reference collection ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zensical/zensical/commit/7a5d97abe0bc15b10e4656767de658daab59c759\"\u003e\u003ccode\u003e7a5d97a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/zensical/zensical/issues/680\"\u003e#680\u003c/a\u003e from zensical/fix/validation-edge-cases\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zensical/zensical/commit/4355dad3ce47a0e647e2187a770a2b9b0b2d502e\"\u003e\u003ccode\u003e4355dad\u003c/code\u003e\u003c/a\u003e fix: harden link validation for files with CRLF line endings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zensical/zensical/commit/a418c6bd3c62673e91df01690fd9eccafe262041\"\u003e\u003ccode\u003ea418c6b\u003c/code\u003e\u003c/a\u003e fix: link validation doesn't ignore fenced code blocks when \u003ccode\u003e\\r\u003c/code\u003e is present\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zensical/zensical/commit/b31dd1472c091891ee6a87cb46e8313cf3dde9be\"\u003e\u003ccode\u003eb31dd14\u003c/code\u003e\u003c/a\u003e fix: \u003ccode\u003e$\u003c/code\u003e at end of line breaks link validation (\u003ca href=\"https://redirect.github.com/zensical/zensical/issues/659\"\u003e#659\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zensical/zensical/commit/17c67a2f62181c85220275e8f87c5985135bd62f\"\u003e\u003ccode\u003e17c67a2\u003c/code\u003e\u003c/a\u003e fix: remove abbreviations from table of contents (\u003ca href=\"https://redirect.github.com/zensical/zensical/issues/669\"\u003e#669\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zensical/zensical/commit/6eb2f4d942e79e6f48f772fa16dcddc6e6dbb4eb\"\u003e\u003ccode\u003e6eb2f4d\u003c/code\u003e\u003c/a\u003e fix: reserve theme name \u003ccode\u003ezensical\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zensical/zensical/commit/a5a864178ccd0616e5aea56b66f8ce6b031ce50b\"\u003e\u003ccode\u003ea5a8641\u003c/code\u003e\u003c/a\u003e fix: only wait for config update after a first successful build (\u003ca href=\"https://redirect.github.com/zensical/zensical/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/zensical/zensical/compare/v0.0.39...v0.0.42\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/callowayproject/foreman/pull/24","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/callowayproject%2Fforeman/issues/24","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/24/packages"}},{"old_version":"6.0.12.20260408","new_version":"6.0.12.20260510","update_type":null,"path":null,"pr_created_at":"2026-05-15T03:38:47.000Z","version_change":"6.0.12.20260408 → 6.0.12.20260510","issue":{"uuid":"4451031951","node_id":"PR_kwDOSEb-G87bxRkZ","number":27,"state":"closed","title":"Bump the dev group across 1 directory with 43 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-22T03:26:47.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-15T03:38:47.000Z","updated_at":"2026-05-22T03:26:49.000Z","time_to_close":604080,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"dev","update_count":43,"packages":[{"name":"coverage","old_version":"7.13.5","new_version":"7.14.0","repository_url":"https://github.com/coveragepy/coveragepy"},{"name":"faker","old_version":"40.13.0","new_version":"40.18.0","repository_url":"https://github.com/joke2k/faker"},{"name":"basedpyright","old_version":"1.39.0","new_version":"1.39.4","repository_url":"https://github.com/detachhead/basedpyright"},{"name":"ruff","old_version":"0.15.10","new_version":"0.15.13","repository_url":"https://github.com/astral-sh/ruff"},{"name":"types-aiofiles","old_version":"25.1.0.20260409","new_version":"25.1.0.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-cachetools","old_version":"6.2.0.20260408","new_version":"7.0.0.20260503","repository_url":"https://github.com/python/typeshed"},{"name":"types-colorama","old_version":"0.4.15.20260408","new_version":"0.4.15.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-defusedxml","old_version":"0.7.0.20260408","new_version":"0.7.0.20260504","repository_url":"https://github.com/python/typeshed"},{"name":"types-deprecated","old_version":"1.3.1.20260408","new_version":"1.3.1.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-docutils","old_version":"0.22.3.20260408","new_version":"0.22.3.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-flask-cors","old_version":"6.0.0.20260408","new_version":"6.0.0.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-flask-migrate","old_version":"4.1.0.20260408","new_version":"4.1.0.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-gevent","old_version":"26.4.0.20260409","new_version":"26.4.0.20260512","repository_url":"https://github.com/python/typeshed"},{"name":"types-greenlet","old_version":"3.4.0.20260409","new_version":"3.5.0.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-html5lib","old_version":"1.1.11.20260408","new_version":"1.1.11.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-markdown","old_version":"3.10.2.20260408","new_version":"3.10.2.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-oauthlib","old_version":"3.3.0.20260408","new_version":"3.3.0.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-objgraph","old_version":"3.6.0.20260408","new_version":"3.6.0.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-olefile","old_version":"0.47.0.20260408","new_version":"0.47.0.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-openpyxl","old_version":"3.1.5.20260408","new_version":"3.1.5.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-pexpect","old_version":"4.9.0.20260408","new_version":"4.9.0.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-protobuf","old_version":"7.34.1.20260408","new_version":"7.34.1.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-psutil","old_version":"7.2.2.20260408","new_version":"7.2.2.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-psycopg2","old_version":"2.9.21.20260408","new_version":"2.9.21.20260509","repository_url":"https://github.com/python/typeshed"},{"name":"types-pygments","old_version":"2.20.0.20260408","new_version":"2.20.0.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-pymysql","old_version":"1.1.0.20260408","new_version":"1.1.0.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-python-dateutil","old_version":"2.9.0.20260408","new_version":"2.9.0.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-pywin32","old_version":"311.0.0.20260408","new_version":"311.0.0.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-pyyaml","old_version":"6.0.12.20260408","new_version":"6.0.12.20260510","repository_url":"https://github.com/python/typeshed"},{"name":"types-regex","old_version":"2026.4.4.20260408","new_version":"2026.5.9.20260510","repository_url":"https://github.com/python/typeshed"},{"name":"types-shapely","old_version":"2.1.0.20260408","new_version":"2.1.0.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-simplejson","old_version":"3.20.0.20260408","new_version":"3.20.0.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-tensorflow","old_version":"2.18.0.20260408","new_version":"2.18.0.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-tqdm","old_version":"4.67.3.20260408","new_version":"4.67.3.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"boto3-stubs","old_version":"1.42.88","new_version":"1.43.8","repository_url":"https://github.com/youtype/mypy_boto3_builder"},{"name":"types-jmespath","old_version":"1.1.0.20260408","new_version":"1.1.0.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"hypothesis","old_version":"6.151.12","new_version":"6.152.7","repository_url":"https://github.com/HypothesisWorks/hypothesis"},{"name":"types-cffi","old_version":"2.0.0.20260408","new_version":"2.0.0.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"types-setuptools","old_version":"82.0.0.20260408","new_version":"82.0.0.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"scipy-stubs","old_version":"1.17.1.3","new_version":"1.17.1.4","repository_url":"https://github.com/scipy/scipy-stubs"},{"name":"celery-types","old_version":"0.23.0","new_version":"0.26.0","repository_url":"https://github.com/sbdchd/celery-types"},{"name":"mypy","old_version":"1.20.1","new_version":"2.1.0","repository_url":"https://github.com/python/mypy"},{"name":"pyrefly","old_version":"0.60.0","new_version":"1.0.0","repository_url":"https://github.com/facebook/pyrefly"}],"path":null,"ecosystem":"pip"},"body":"Bumps the dev group with 43 updates in the /api directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [coverage](https://github.com/coveragepy/coveragepy) | `7.13.5` | `7.14.0` |\n| [faker](https://github.com/joke2k/faker) | `40.13.0` | `40.18.0` |\n| [basedpyright](https://github.com/detachhead/basedpyright) | `1.39.0` | `1.39.4` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.15.10` | `0.15.13` |\n| [types-aiofiles](https://github.com/python/typeshed) | `25.1.0.20260409` | `25.1.0.20260508` |\n| [types-cachetools](https://github.com/python/typeshed) | `6.2.0.20260408` | `7.0.0.20260503` |\n| [types-colorama](https://github.com/python/typeshed) | `0.4.15.20260408` | `0.4.15.20260508` |\n| [types-defusedxml](https://github.com/python/typeshed) | `0.7.0.20260408` | `0.7.0.20260504` |\n| [types-deprecated](https://github.com/python/typeshed) | `1.3.1.20260408` | `1.3.1.20260508` |\n| [types-docutils](https://github.com/python/typeshed) | `0.22.3.20260408` | `0.22.3.20260508` |\n| [types-flask-cors](https://github.com/python/typeshed) | `6.0.0.20260408` | `6.0.0.20260508` |\n| [types-flask-migrate](https://github.com/python/typeshed) | `4.1.0.20260408` | `4.1.0.20260508` |\n| [types-gevent](https://github.com/python/typeshed) | `26.4.0.20260409` | `26.4.0.20260512` |\n| [types-greenlet](https://github.com/python/typeshed) | `3.4.0.20260409` | `3.5.0.20260508` |\n| [types-html5lib](https://github.com/python/typeshed) | `1.1.11.20260408` | `1.1.11.20260508` |\n| [types-markdown](https://github.com/python/typeshed) | `3.10.2.20260408` | `3.10.2.20260508` |\n| [types-oauthlib](https://github.com/python/typeshed) | `3.3.0.20260408` | `3.3.0.20260508` |\n| [types-objgraph](https://github.com/python/typeshed) | `3.6.0.20260408` | `3.6.0.20260508` |\n| [types-olefile](https://github.com/python/typeshed) | `0.47.0.20260408` | `0.47.0.20260508` |\n| [types-openpyxl](https://github.com/python/typeshed) | `3.1.5.20260408` | `3.1.5.20260508` |\n| [types-pexpect](https://github.com/python/typeshed) | `4.9.0.20260408` | `4.9.0.20260508` |\n| [types-protobuf](https://github.com/python/typeshed) | `7.34.1.20260408` | `7.34.1.20260508` |\n| [types-psutil](https://github.com/python/typeshed) | `7.2.2.20260408` | `7.2.2.20260508` |\n| [types-psycopg2](https://github.com/python/typeshed) | `2.9.21.20260408` | `2.9.21.20260509` |\n| [types-pygments](https://github.com/python/typeshed) | `2.20.0.20260408` | `2.20.0.20260508` |\n| [types-pymysql](https://github.com/python/typeshed) | `1.1.0.20260408` | `1.1.0.20260508` |\n| [types-python-dateutil](https://github.com/python/typeshed) | `2.9.0.20260408` | `2.9.0.20260508` |\n| [types-pywin32](https://github.com/python/typeshed) | `311.0.0.20260408` | `311.0.0.20260508` |\n| [types-pyyaml](https://github.com/python/typeshed) | `6.0.12.20260408` | `6.0.12.20260510` |\n| [types-regex](https://github.com/python/typeshed) | `2026.4.4.20260408` | `2026.5.9.20260510` |\n| [types-shapely](https://github.com/python/typeshed) | `2.1.0.20260408` | `2.1.0.20260508` |\n| [types-simplejson](https://github.com/python/typeshed) | `3.20.0.20260408` | `3.20.0.20260508` |\n| [types-tensorflow](https://github.com/python/typeshed) | `2.18.0.20260408` | `2.18.0.20260508` |\n| [types-tqdm](https://github.com/python/typeshed) | `4.67.3.20260408` | `4.67.3.20260508` |\n| [boto3-stubs](https://github.com/youtype/mypy_boto3_builder) | `1.42.88` | `1.43.8` |\n| [types-jmespath](https://github.com/python/typeshed) | `1.1.0.20260408` | `1.1.0.20260508` |\n| [hypothesis](https://github.com/HypothesisWorks/hypothesis) | `6.151.12` | `6.152.7` |\n| [types-cffi](https://github.com/python/typeshed) | `2.0.0.20260408` | `2.0.0.20260508` |\n| [types-setuptools](https://github.com/python/typeshed) | `82.0.0.20260408` | `82.0.0.20260508` |\n| [scipy-stubs](https://github.com/scipy/scipy-stubs) | `1.17.1.3` | `1.17.1.4` |\n| [celery-types](https://github.com/sbdchd/celery-types) | `0.23.0` | `0.26.0` |\n| [mypy](https://github.com/python/mypy) | `1.20.1` | `2.1.0` |\n| [pyrefly](https://github.com/facebook/pyrefly) | `0.60.0` | `1.0.0` |\n\n\nUpdates `coverage` from 7.13.5 to 7.14.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst\"\u003ecoverage's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 7.14.0 — 2026-05-10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeature: now when running one of the reporting commands, if there are\nparallel data files that need combining, they will be implicitly combined\nbefore creating the report. There is no option to avoid the combination; let\nus know if you have a use case that requires it.  Thanks, \u003ccode\u003eTim Hatch \u0026lt;pull 2162_\u0026gt;\u003c/code\u003e\u003cem\u003e. Closes \u003ccode\u003eissue 1781\u003c/code\u003e\u003c/em\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the output from \u003ccode\u003ecombine\u003c/code\u003e was too verbose, listing each file\nconsidered. Now it shows a single line with the counts of files combined,\nfiles skipped, and files with errors. The \u003ccode\u003e-q\u003c/code\u003e flag suppresses this line.\nThe old detailed lines are available with the new \u003ccode\u003e--debug=combine\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: running a Python file through a symlink now sets the sys.path correctly,\nmatching regular Python behavior. Fixes \u003ccode\u003eissue 2157\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: \u003ccode\u003eCollector.flush_data\u003c/code\u003e could fail with \u0026quot;RuntimeError: Set changed\nsize during iteration\u0026quot; when a tracer in another thread added a line to the\nper-file set that \u003ccode\u003eadd_lines\u003c/code\u003e (or \u003ccode\u003eadd_arcs\u003c/code\u003e) was iterating. The values\npassed to \u003ccode\u003eCoverageData\u003c/code\u003e are now snapshotted via \u003ccode\u003edict.copy()\u003c/code\u003e and\n\u003ccode\u003eset.copy()\u003c/code\u003e, which are atomic under the GIL. Thanks, \u003ccode\u003eAlex Vandiver \u0026lt;pull 2165_\u0026gt;\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the soft keyword \u003ccode\u003elazy\u003c/code\u003e is now bolded in HTML reports.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWe are no longer testing eventlet support. Eventlet started issuing stern\ndeprecation warnings that break our tests. Our support code is still there.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _issue 1781: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/1781\"\u003ecoveragepy/coveragepy#1781\u003c/a\u003e\n.. _issue 2157: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2157\"\u003ecoveragepy/coveragepy#2157\u003c/a\u003e\n.. _pull 2162: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/pull/2162\"\u003ecoveragepy/coveragepy#2162\u003c/a\u003e\n.. _pull 2165: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/pull/2165\"\u003ecoveragepy/coveragepy#2165\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e.. _changes_7-13-5:\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/646351b60429f1b5760af6c1b97b28483244a955\"\u003e\u003ccode\u003e646351b\u003c/code\u003e\u003c/a\u003e docs: sample HTML for 7.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/39cd015505c8b04369c5b06e34fc22449a697370\"\u003e\u003ccode\u003e39cd015\u003c/code\u003e\u003c/a\u003e docs: prep for 7.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/649e8aa34af7d80c386ae82e8a3a6c9a3acb0dab\"\u003e\u003ccode\u003e649e8aa\u003c/code\u003e\u003c/a\u003e docs: thanks Alex Vandiver for \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2165\"\u003e#2165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/8cd392e3b5c4bc15d534aaec0c21714f9f518469\"\u003e\u003ccode\u003e8cd392e\u003c/code\u003e\u003c/a\u003e fix: snapshot data in Collector.flush_data to avoid threading race (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2165\"\u003e#2165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/c48e0edc2ebe44621b0053176e90f77b0c79bec1\"\u003e\u003ccode\u003ec48e0ed\u003c/code\u003e\u003c/a\u003e fix: less output for combining\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/c2a3a284078556c911e0d9b6c6af1b7082a363ea\"\u003e\u003ccode\u003ec2a3a28\u003c/code\u003e\u003c/a\u003e docs: explain the change from \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2162\"\u003e#2162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/1cd47aa6ac1da4e150da44055295d4e4f3a014e8\"\u003e\u003ccode\u003e1cd47aa\u003c/code\u003e\u003c/a\u003e fix: implicit combine-during-report now removes the combined data files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/2d99fd7696e0bccec8037479a4e45c1ecccb8058\"\u003e\u003ccode\u003e2d99fd7\u003c/code\u003e\u003c/a\u003e feat: automatically combine coverage in report, thanks Tim Hatch (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2162\"\u003e#2162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/9fbdcdfee1c122fac43f1bf9a5e2d1f4d835f21c\"\u003e\u003ccode\u003e9fbdcdf\u003c/code\u003e\u003c/a\u003e fix: lazy soft keywords are bolded\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/5de7d0267b9466d59995aaae1a7e707c8c6f66e7\"\u003e\u003ccode\u003e5de7d02\u003c/code\u003e\u003c/a\u003e build: oops, misplaced quote\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/coveragepy/coveragepy/compare/7.13.5...7.14.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `faker` from 40.13.0 to 40.18.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/joke2k/faker/releases\"\u003efaker's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease v40.18.0\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/joke2k/faker/blob/refs/tags/v40.18.0/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eRelease v40.17.0\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/joke2k/faker/blob/refs/tags/v40.17.0/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eRelease v40.16.0\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/joke2k/faker/blob/refs/tags/v40.16.0/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eRelease v40.15.0\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/joke2k/faker/blob/refs/tags/v40.15.0/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eRelease v40.14.1\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/joke2k/faker/blob/refs/tags/v40.14.1/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eRelease v40.14.0\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/joke2k/faker/blob/refs/tags/v40.14.0/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/joke2k/faker/blob/v40.18.0/CHANGELOG.md\"\u003efaker's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/joke2k/faker/compare/v40.17.0...v40.18.0\"\u003ev40.18.0 - 2026-05-14\u003c/a\u003e\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd automotive providers for \u003ccode\u003ear_DZ\u003c/code\u003e and \u003ccode\u003efr_DZ\u003c/code\u003e locales. Thanks \u003ca href=\"https://github.com/othmane099\"\u003e\u003ccode\u003e@​othmane099\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003ephone_number\u003c/code\u003e provider for \u003ccode\u003ear_DZ\u003c/code\u003e and \u003ccode\u003efr_DZ\u003c/code\u003e locales. Thanks \u003ca href=\"https://github.com/othmane099\"\u003e\u003ccode\u003e@​othmane099\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/joke2k/faker/compare/v40.16.0...v40.17.0\"\u003ev40.17.0 - 2026-05-14\u003c/a\u003e\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eam_ET\u003c/code\u003e \u003ccode\u003ephone_number\u003c/code\u003e provider for Ethiopia. Thanks \u003ca href=\"https://github.com/jasur-py\"\u003e\u003ccode\u003e@​jasur-py\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/joke2k/faker/compare/v40.15.0...v40.16.0\"\u003ev40.16.0 - 2026-05-14\u003c/a\u003e\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix duplicate phone number prefix \u003ccode\u003e145\u003c/code\u003e in \u003ccode\u003ezh_CN\u003c/code\u003e locale. Thanks \u003ca href=\"https://github.com/r266-tec\"\u003e\u003ccode\u003e@​r266-tec\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/joke2k/faker/compare/v40.14.1...v40.15.0\"\u003ev40.15.0 - 2026-04-17\u003c/a\u003e\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd job providers for \u003ccode\u003ear_DZ\u003c/code\u003e and \u003ccode\u003efr_DZ\u003c/code\u003e locales (\u003ca href=\"https://redirect.github.com/joke2k/faker/issues/2352\"\u003e#2352\u003c/a\u003e). Thanks \u003ca href=\"https://github.com/othmane099\"\u003e\u003ccode\u003e@​othmane099\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd company providers for \u003ccode\u003ear_DZ\u003c/code\u003e and \u003ccode\u003efr_DZ\u003c/code\u003e locales (\u003ca href=\"https://redirect.github.com/joke2k/faker/issues/2351\"\u003e#2351\u003c/a\u003e). Thanks \u003ca href=\"https://github.com/othmane099\"\u003e\u003ccode\u003e@​othmane099\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd geo providers for \u003ccode\u003ear_DZ\u003c/code\u003e and \u003ccode\u003efr_DZ\u003c/code\u003e locales (\u003ca href=\"https://redirect.github.com/joke2k/faker/issues/2350\"\u003e#2350\u003c/a\u003e). Thanks \u003ca href=\"https://github.com/othmane099\"\u003e\u003ccode\u003e@​othmane099\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd currency providers for \u003ccode\u003ear_DZ\u003c/code\u003e and \u003ccode\u003efr_DZ\u003c/code\u003e locales (\u003ca href=\"https://redirect.github.com/joke2k/faker/issues/2349\"\u003e#2349\u003c/a\u003e). Thanks \u003ca href=\"https://github.com/othmane099\"\u003e\u003ccode\u003e@​othmane099\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003edate_time\u003c/code\u003e provider for \u003ccode\u003ear_DZ\u003c/code\u003e locale (\u003ca href=\"https://redirect.github.com/joke2k/faker/issues/2348\"\u003e#2348\u003c/a\u003e). Thanks \u003ca href=\"https://github.com/othmane099\"\u003e\u003ccode\u003e@​othmane099\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd ssn providers for \u003ccode\u003ear_DZ\u003c/code\u003e and \u003ccode\u003efr_DZ\u003c/code\u003e locales (\u003ca href=\"https://redirect.github.com/joke2k/faker/issues/2347\"\u003e#2347\u003c/a\u003e). Thanks \u003ca href=\"https://github.com/othmane099\"\u003e\u003ccode\u003e@​othmane099\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/joke2k/faker/compare/v40.14.0...v40.14.1\"\u003ev40.14.1 - 2026-04-17\u003c/a\u003e\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eUnicodeEncodeError\u003c/code\u003e in CLI docs on non-UTF consoles (\u003ca href=\"https://redirect.github.com/joke2k/faker/issues/2362\"\u003e#2362\u003c/a\u003e). Thanks \u003ca href=\"https://github.com/RedZapdos123\"\u003e\u003ccode\u003e@​RedZapdos123\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/joke2k/faker/compare/v40.13.0...v40.14.0\"\u003ev40.14.0 - 2026-04-17\u003c/a\u003e\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix: update placekitten URL to placekittens (\u003ca href=\"https://redirect.github.com/joke2k/faker/issues/2364\"\u003e#2364\u003c/a\u003e). Thanks \u003ca href=\"https://github.com/reory\"\u003e\u003ccode\u003e@​reory\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/joke2k/faker/commit/7a79d1b815c72cdd570e47002a1d6d90b8282bef\"\u003e\u003ccode\u003e7a79d1b\u003c/code\u003e\u003c/a\u003e Bump version: 40.17.0 → 40.18.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/joke2k/faker/commit/22334a6867869f87f174a168e0c1783241b23bb4\"\u003e\u003ccode\u003e22334a6\u003c/code\u003e\u003c/a\u003e :pencil: Update CHANGELOG.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/joke2k/faker/commit/8a7fa46a337e01eba9ec1c1af51e740d60940f1d\"\u003e\u003ccode\u003e8a7fa46\u003c/code\u003e\u003c/a\u003e :lipstick: Lint code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/joke2k/faker/commit/a70229ebf3abb0e2e44529e884bbe3d5aec9be8a\"\u003e\u003ccode\u003ea70229e\u003c/code\u003e\u003c/a\u003e Add automotive providers for \u003ccode\u003ear_DZ\u003c/code\u003e and \u003ccode\u003efr_DZ\u003c/code\u003e locales (\u003ca href=\"https://redirect.github.com/joke2k/faker/issues/2346\"\u003e#2346\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/joke2k/faker/commit/9dc592c21400f42a488e87850e30856a14ab4bd2\"\u003e\u003ccode\u003e9dc592c\u003c/code\u003e\u003c/a\u003e add \u003ccode\u003ephone_number\u003c/code\u003e provider for \u003ccode\u003ear_DZ\u003c/code\u003e and \u003ccode\u003efr_DZ\u003c/code\u003e locales (\u003ca href=\"https://redirect.github.com/joke2k/faker/issues/2338\"\u003e#2338\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/joke2k/faker/commit/7e8ec9c8c60679e404b5ca647a207168832c8ba4\"\u003e\u003ccode\u003e7e8ec9c\u003c/code\u003e\u003c/a\u003e Bump version: 40.16.0 → 40.17.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/joke2k/faker/commit/48fbd622669263bcbd2b822568a830512948d365\"\u003e\u003ccode\u003e48fbd62\u003c/code\u003e\u003c/a\u003e :pencil: Update CHANGELOG.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/joke2k/faker/commit/696ebf93a8310d621d6dd90426844de023d9ef50\"\u003e\u003ccode\u003e696ebf9\u003c/code\u003e\u003c/a\u003e :lipstick: Format code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/joke2k/faker/commit/0c339633949b44f5ab3c34d1b2046acddfae7e39\"\u003e\u003ccode\u003e0c33963\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003eam_ET\u003c/code\u003e \u003ccode\u003ephone_number\u003c/code\u003e provider for Ethiopia (\u003ca href=\"https://redirect.github.com/joke2k/faker/issues/2353\"\u003e#2353\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/joke2k/faker/commit/bec4ec21e9a75056e1fcf250d5aebcf22a415ca1\"\u003e\u003ccode\u003ebec4ec2\u003c/code\u003e\u003c/a\u003e :pencil: fix changelog\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/joke2k/faker/compare/v40.13.0...v40.18.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `basedpyright` from 1.39.0 to 1.39.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/b058a6450c9f2a720257f56a1f7ed8a4cdf33a15\"\u003e\u003ccode\u003eb058a64\u003c/code\u003e\u003c/a\u003e 1.39.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/5e1f1fb60ff9f646a0d039e3070a0abb75e9db6a\"\u003e\u003ccode\u003e5e1f1fb\u003c/code\u003e\u003c/a\u003e Fix: treat  \u003ccode\u003emap\u003c/code\u003e \u0026amp; \u003ccode\u003efilter\u003c/code\u003e as not subscriptable at runtime and don't show g...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/f9730a824e91dd75c3871bc894ee0d73bec682a9\"\u003e\u003ccode\u003ef9730a8\u003c/code\u003e\u003c/a\u003e bump python dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/a465682f20214a43fff4f3e82d02b74d322e6e3e\"\u003e\u003ccode\u003ea465682\u003c/code\u003e\u003c/a\u003e Update installation docs for PyCharm (\u003ca href=\"https://redirect.github.com/detachhead/basedpyright/issues/1643\"\u003e#1643\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/5f6672701c5b6a739563894256418845239be2a2\"\u003e\u003ccode\u003e5f66727\u003c/code\u003e\u003c/a\u003e 1.39.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/d8741dfc88be16e11c66cceff78e6e2634ddf49b\"\u003e\u003ccode\u003ed8741df\u003c/code\u003e\u003c/a\u003e hopefully fix docs deployment job\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/ceb200c192bb53629b4c62fdc082ec27b108f316\"\u003e\u003ccode\u003eceb200c\u003c/code\u003e\u003c/a\u003e 1.39.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/eb7a92cacd2697acb4e36e2f3147333588c88fa7\"\u003e\u003ccode\u003eeb7a92c\u003c/code\u003e\u003c/a\u003e try to fix browser-basedpyright being published with nothing in it\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/dec5306e9aabbce3f9b1b9ec283981d92dd43d80\"\u003e\u003ccode\u003edec5306\u003c/code\u003e\u003c/a\u003e update package-lock.json\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/6db43de5dda601e3cd83998c669c4ecbbfde26f6\"\u003e\u003ccode\u003e6db43de\u003c/code\u003e\u003c/a\u003e 1.39.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/detachhead/basedpyright/compare/v1.39.0...v1.39.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ruff` from 0.15.10 to 0.15.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/releases\"\u003eruff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.13\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-14.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a rule to flag lazy imports that are eagerly evaluated (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25016\"\u003e#25016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Standardize diagnostic message (\u003ccode\u003ePLR0914\u003c/code\u003e, \u003ccode\u003ePLR0917\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24996\"\u003e#24996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eF811\u003c/code\u003e false positive for class methods (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24933\"\u003e#24933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix setting selection for multi-folder workspace (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24819\"\u003e#24819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eeradicate\u003c/code\u003e] Fix false positive for lines with leading whitespace (\u003ccode\u003eERA001\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25122\"\u003e#25122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-pyi\u003c/code\u003e] Fix false positive for f-string debug specifier (\u003ccode\u003ePYI016\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24098\"\u003e#24098\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways include panic payload in panic diagnostic message (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24873\"\u003e#24873\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRestrict \u003ccode\u003ePYI034\u003c/code\u003e for in-place operations to enclosing class (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24511\"\u003e#24511\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove error message for parameters that are declared \u003ccode\u003eglobal\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24902\"\u003e#24902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate known stdlib (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25103\"\u003e#25103\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eisort\u003c/code\u003e] Avoid constructing \u003ccode\u003eglob::Pattern\u003c/code\u003es for literal known modules (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25123\"\u003e#25123\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCLI\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd TOML examples to \u003ccode\u003e--config\u003c/code\u003e help text (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25013\"\u003e#25013\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eColorize ruff check 'All checks passed' (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25085\"\u003e#25085\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIncrease max allowed value of \u003ccode\u003eline-length\u003c/code\u003e setting (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24962\"\u003e#24962\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eD203\u003c/code\u003e to rules that conflict with the formatter (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25044\"\u003e#25044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClarify \u003ccode\u003eCOM819\u003c/code\u003e and formatter interaction (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25045\"\u003e#25045\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClarify that \u003ccode\u003eNotImplemented\u003c/code\u003e is a value, not an exception (\u003ccode\u003eF901\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25054\"\u003e#25054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate number of lint rules supported (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24942\"\u003e#24942\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSimplify the playground's markdown template (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24924\"\u003e#24924\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md\"\u003eruff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.13\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-14.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a rule to flag lazy imports that are eagerly evaluated (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25016\"\u003e#25016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Standardize diagnostic message (\u003ccode\u003ePLR0914\u003c/code\u003e, \u003ccode\u003ePLR0917\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24996\"\u003e#24996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eF811\u003c/code\u003e false positive for class methods (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24933\"\u003e#24933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix setting selection for multi-folder workspace (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24819\"\u003e#24819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eeradicate\u003c/code\u003e] Fix false positive for lines with leading whitespace (\u003ccode\u003eERA001\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25122\"\u003e#25122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-pyi\u003c/code\u003e] Fix false positive for f-string debug specifier (\u003ccode\u003ePYI016\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24098\"\u003e#24098\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways include panic payload in panic diagnostic message (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24873\"\u003e#24873\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRestrict \u003ccode\u003ePYI034\u003c/code\u003e for in-place operations to enclosing class (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24511\"\u003e#24511\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove error message for parameters that are declared \u003ccode\u003eglobal\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24902\"\u003e#24902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate known stdlib (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25103\"\u003e#25103\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eisort\u003c/code\u003e] Avoid constructing \u003ccode\u003eglob::Pattern\u003c/code\u003es for literal known modules (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25123\"\u003e#25123\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCLI\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd TOML examples to \u003ccode\u003e--config\u003c/code\u003e help text (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25013\"\u003e#25013\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eColorize ruff check 'All checks passed' (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25085\"\u003e#25085\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIncrease max allowed value of \u003ccode\u003eline-length\u003c/code\u003e setting (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24962\"\u003e#24962\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eD203\u003c/code\u003e to rules that conflict with the formatter (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25044\"\u003e#25044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClarify \u003ccode\u003eCOM819\u003c/code\u003e and formatter interaction (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25045\"\u003e#25045\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClarify that \u003ccode\u003eNotImplemented\u003c/code\u003e is a value, not an exception (\u003ccode\u003eF901\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25054\"\u003e#25054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate number of lint rules supported (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24942\"\u003e#24942\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSimplify the playground's markdown template (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24924\"\u003e#24924\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MichaReiser\"\u003e\u003ccode\u003e@​MichaReiser\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/2afb467ce397e4a89c13a0a814c62cfecb0e9e49\"\u003e\u003ccode\u003e2afb467\u003c/code\u003e\u003c/a\u003e Bump 0.15.13 (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25157\"\u003e#25157\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/300879600fa3af7cde1e675c63de6ad9d0797d1b\"\u003e\u003ccode\u003e3008796\u003c/code\u003e\u003c/a\u003e [ty] classify TypeVar semantic tokens as type parameters (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24891\"\u003e#24891\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/79470e31877acb6074f3bbff2a49e508822ae4e8\"\u003e\u003ccode\u003e79470e3\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003eisort\u003c/code\u003e] Avoid constructing \u003ccode\u003eglob::Pattern\u003c/code\u003es for literal known modules (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25123\"\u003e#25123\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/2522549901d50f18775999f0fb802b19229417f0\"\u003e\u003ccode\u003e2522549\u003c/code\u003e\u003c/a\u003e Remove shellcheck from prek (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25154\"\u003e#25154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/7db7170020f539d6d2bc01dbd0b0c09fab91dc06\"\u003e\u003ccode\u003e7db7170\u003c/code\u003e\u003c/a\u003e [ty] Support TypedDict key completions in incomplete, anonymous contexts (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25\"\u003e#25\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/bb3dd535f1c5a83e2e56ac93a771fadbeeceebd0\"\u003e\u003ccode\u003ebb3dd53\u003c/code\u003e\u003c/a\u003e [ty] Run full iteration analysis on narrowed typevars (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25143\"\u003e#25143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/828cdb7732efcb16a53f4ee5f011cf653b834d1a\"\u003e\u003ccode\u003e828cdb7\u003c/code\u003e\u003c/a\u003e [ty] Isolate file-watching test environment (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25151\"\u003e#25151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/89e1d8670ea4d3af60c8143ee552dc750200718d\"\u003e\u003ccode\u003e89e1d86\u003c/code\u003e\u003c/a\u003e [ty] Preserve TypedDict keys through dict unpacking (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24523\"\u003e#24523\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/86f3064d6fffa5697d174f26b840bd6857b381da\"\u003e\u003ccode\u003e86f3064\u003c/code\u003e\u003c/a\u003e [ty] Avoid accessing \u003ccode\u003eargs[0]\u003c/code\u003e for \u003ccode\u003estatic_assert\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25149\"\u003e#25149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/ed819f947dc27e36eac8bb3134153c4668d76a3a\"\u003e\u003ccode\u003eed819f9\u003c/code\u003e\u003c/a\u003e [ty] Treat custom enum \u003ccode\u003e__new__\u003c/code\u003e values as dynamic (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25136\"\u003e#25136\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/astral-sh/ruff/compare/0.15.10...0.15.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-aiofiles` from 25.1.0.20260409 to 25.1.0.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-cachetools` from 6.2.0.20260408 to 7.0.0.20260503\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-colorama` from 0.4.15.20260408 to 0.4.15.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-defusedxml` from 0.7.0.20260408 to 0.7.0.20260504\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-deprecated` from 1.3.1.20260408 to 1.3.1.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-docutils` from 0.22.3.20260408 to 0.22.3.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-flask-cors` from 6.0.0.20260408 to 6.0.0.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-flask-migrate` from 4.1.0.20260408 to 4.1.0.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-gevent` from 26.4.0.20260409 to 26.4.0.20260512\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-greenlet` from 3.4.0.20260409 to 3.5.0.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-html5lib` from 1.1.11.20260408 to 1.1.11.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-markdown` from 3.10.2.20260408 to 3.10.2.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-oauthlib` from 3.3.0.20260408 to 3.3.0.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-objgraph` from 3.6.0.20260408 to 3.6.0.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-olefile` from 0.47.0.20260408 to 0.47.0.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-openpyxl` from 3.1.5.20260408 to 3.1.5.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-pexpect` from 4.9.0.20260408 to 4.9.0.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-protobuf` from 7.34.1.20260408 to 7.34.1.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-psutil` from 7.2.2.20260408 to 7.2.2.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-psycopg2` from 2.9.21.20260408 to 2.9.21.20260509\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-pygments` from 2.20.0.20260408 to 2.20.0.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-pymysql` from 1.1.0.20260408 to 1.1.0.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-python-dateutil` from 2.9.0.20260408 to 2.9.0.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-pywin32` from 311.0.0.20260408 to 311.0.0.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-pyyaml` from 6.0.12.20260408 to 6.0.12.20260510\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-regex` from 2026.4.4.20260408 to 2026.5.9.20260510\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-shapely` from 2.1.0.20260408 to 2.1.0.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-simplejson` from 3.20.0.20260408 to 3.20.0.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-tensorflow` from 2.18.0.20260408 to 2.18.0.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-tqdm` from 4.67.3.20260408 to 4.67.3.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `boto3-stubs` from 1.42.88 to 1.43.8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/youtype/mypy_boto3_builder/releases\"\u003eboto3-stubs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.8.0 - Python 3.8 runtime is back\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[services]\u003c/code\u003e \u003ccode\u003einstall_requires\u003c/code\u003e section is calculated based on dependencies in use, so \u003ccode\u003etyping-extensions\u003c/code\u003e version is set properly\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[all]\u003c/code\u003e Replaced \u003ccode\u003etyping\u003c/code\u003e imports with \u003ccode\u003ecollections.abc\u003c/code\u003e with a fallback to \u003ccode\u003etyping\u003c/code\u003e for Python \u0026lt;3.9\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[all]\u003c/code\u003e Added aliases for \u003ccode\u003ebuiltins.list\u003c/code\u003e, \u003ccode\u003ebuiltins.set\u003c/code\u003e, \u003ccode\u003ebuiltins.dict\u003c/code\u003e, and \u003ccode\u003ebuiltins.type\u003c/code\u003e, so Python 3.8 runtime should work as expected again (reported by \u003ca href=\"https://github.com/YHallouard\"\u003e\u003ccode\u003e@​YHallouard\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/youtype/mypy_boto3_builder/issues/340\"\u003e#340\u003c/a\u003e and \u003ca href=\"https://github.com/Omri-Ben-Yair\"\u003e\u003ccode\u003e@​Omri-Ben-Yair\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/youtype/mypy_boto3_builder/issues/336\"\u003e#336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[all]\u003c/code\u003e Unions use the same type annotations as the rest of the structures due to proper fallbacks\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[services]\u003c/code\u003e Universal input/output shapes were not replaced properly in service subresources\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[docs]\u003c/code\u003e Simplified doc links rendering for services\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[services]\u003c/code\u003e Cleaned up unnecessary imports in \u003ccode\u003eclient.pyi\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[builder]\u003c/code\u003e Import records with fallback are always rendered\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/youtype/mypy_boto3_builder/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-jmespath` from 1.1.0.20260408 to 1.1.0.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `hypothesis` from 6.151.12 to 6.152.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/HypothesisWorks/hypothesis/releases\"\u003ehypothesis's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eHypothesis for Python - version 6.152.7\u003c/h2\u003e\n\u003cp\u003eThis patch improves our type hints for \u0026quot;.filter()\u0026quot; to work with\n\u0026quot;typing.TypeGuard\u0026quot;. For example:\u003c/p\u003e\n\u003cp\u003efrom typing import TypeGuard\u003c/p\u003e\n\u003cp\u003efrom hypothesis import strategies as st\u003c/p\u003e\n\u003cp\u003edef is_str(x: object) -\u0026gt; TypeGuard[str]:\nreturn isinstance(x, str)\u003c/p\u003e\n\u003cp\u003es = st.from_type(object).filter(is_str)\u003c/p\u003e\n\u003ch1\u003epreviously: SearchStrategy[object]\u003c/h1\u003e\n\u003ch1\u003enow: SearchStrategy[str]\u003c/h1\u003e\n\u003cp\u003ereveal_type(s)\u003c/p\u003e\n\u003cp\u003e\u003cem\u003e\u003ca href=\"https://hypothesis.readthedocs.io/en/latest/changelog.html#v6-152-7\"\u003eThe canonical version of these notes (with links) is on readthedocs.\u003c/a\u003e\u003c/em\u003e\u003c/p\u003e\n\u003ch2\u003eHypothesis for Python - version 6.152.6\u003c/h2\u003e\n\u003cp\u003eThis patch adds a shrinking pass that tries natural text\ntransformations - unicode decomposition (NFD/NFKD) and case mapping -\non individual characters in string choices.  Failures involving e.g.\n\u0026quot;\u0026quot;À\u0026quot; != \u0026quot;À\u0026quot;.lower()\u0026quot; will now reliably shrink to \u0026quot;\u0026quot;A\u0026quot;\u0026quot; rather than\nsometimes getting stuck on the high-codepoint accented form (issue\n\u003ca href=\"https://redirect.github.com/HypothesisWorks/hypothesis/issues/4725\"\u003e#4725\u003c/a\u003e).\u003c/p\u003e\n\u003cp\u003e\u003cem\u003e\u003ca href=\"https://hypothesis.readthedocs.io/en/latest/changelog.html#v6-152-6\"\u003eThe canonical version of these notes (with links) is on readthedocs.\u003c/a\u003e\u003c/em\u003e\u003c/p\u003e\n\u003ch2\u003eHypothesis for Python - version 6.152.5\u003c/h2\u003e\n\u003cp\u003eThis patch improves the \u0026quot;Phase.explain\u0026quot; phase so that simple cases\nlike \u0026quot;assert n1 == n2\u0026quot; no longer get a misleading \u0026quot;# or any other\ngenerated value\u0026quot; comment (issue \u003ca href=\"https://redirect.github.com/HypothesisWorks/hypothesis/issues/4715\"\u003e#4715\u003c/a\u003e). Before falling back to random\nsampling, we now also try borrowing values from each other arg slice\nwith matching shape.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003e\u003ca href=\"https://hypothesis.readthedocs.io/en/latest/changelog.html#v6-152-5\"\u003eThe canonical version of these notes (with links) is on readthedocs.\u003c/a\u003e\u003c/em\u003e\u003c/p\u003e\n\u003ch2\u003eHypothesis for Python - version 6.152.4\u003c/h2\u003e\n\u003cp\u003eThis patch fixes a rare internal error during \u0026quot;Phase.explain\u0026quot;\nintroduced in version 6.149.0 for certain strategies (issue \u003ca href=\"https://redirect.github.com/HypothesisWorks/hypothesis/issues/4708\"\u003e#4708\u003c/a\u003e).\u003c/p\u003e\n\u003cp\u003e\u003cem\u003e\u003ca href=\"https://hypothesis.readthedocs.io/en/latest/changelog.html#v6-152-4\"\u003eThe canonical version of these notes (with links) is on readthedocs.\u003c/a\u003e\u003c/em\u003e\u003c/p\u003e\n\u003ch2\u003eHypothesis for Python - version 6.152.3\u003c/h2\u003e\n\u003cp\u003eThe \u0026quot;hypothesis-urandom\u0026quot; backend now reads from \u0026quot;/dev/urandom\u0026quot; with\nbuffering disabled, which improves the control of those hooking\n\u0026quot;/dev/urandom\u0026quot; to change or read Hypothesis's random decisions.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003e\u003ca href=\"https://hypothesis.readthedocs.io/en/latest/changelog.html#v6-152-3\"\u003eThe canonical version of these notes (with links) is on readthedocs.\u003c/a\u003e\u003c/em\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/adc8d2d4d3dbdbc640d00e216782ef5dd3611640\"\u003e\u003ccode\u003eadc8d2d\u003c/code\u003e\u003c/a\u003e Bump hypothesis-python version to 6.152.7 and update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/d66ce67fed6cf77dd8bc14fb88f2d97d027458c4\"\u003e\u003ccode\u003ed66ce67\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/HypothesisWorks/hypothesis/issues/4672\"\u003e#4672\u003c/a\u003e from CharString/annotate-filter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/df889578276ee8624e95692ba8f0a57b0a04c487\"\u003e\u003ccode\u003edf88957\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/HypothesisWorks/hypothesis/issues/4727\"\u003e#4727\u003c/a\u003e from hettlage/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/415443cd82dcd389d398a7f36ebf41ea6162a7d6\"\u003e\u003ccode\u003e415443c\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/bfd0ebfe74bcfc0447498259ec008c0fa13ee976\"\u003e\u003ccode\u003ebfd0ebf\u003c/code\u003e\u003c/a\u003e Revert RELEASE.rst to original version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/492f8185f80935a6cfc26e0c54bc9f5aed882c80\"\u003e\u003ccode\u003e492f818\u003c/code\u003e\u003c/a\u003e attempt to de-flake test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/55ab356dc1b96b59821db851ebce3bdf483c2eb6\"\u003e\u003ccode\u003e55ab356\u003c/code\u003e\u003c/a\u003e fix release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/7fd8e506efc43ce9b0d19993fc2cf8eb759d273f\"\u003e\u003ccode\u003e7fd8e50\u003c/code\u003e\u003c/a\u003e simplify type hints\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/c8b952ed27af8aa7f5fcc90c136f4dfff649adc7\"\u003e\u003ccode\u003ec8b952e\u003c/code\u003e\u003c/a\u003e Merge remote-tracking branch 'upstream/master' into annotate-filter-4672\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/b2e8d8968eb3fd85391febfe96ea24703faf23a9\"\u003e\u003ccode\u003eb2e8d89\u003c/code\u003e\u003c/a\u003e add tests and release notes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/HypothesisWorks/hypothesis/compare/hypothesis-python-6.151.12...hypothesis-python-6.152.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-cffi` from 2.0.0.20260408 to 2.0.0.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-setuptools` from 82.0.0.20260408 to 82.0.0.20260508\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `scipy-stubs` from 1.17.1.3 to 1.17.1.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/scipy/scipy-stubs/releases\"\u003escipy-stubs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.17.1.4\u003c/h2\u003e\n\u003cp\u003eThis release targets \u003ca href=\"https://github.com/scipy/scipy/releases/tag/v1.17.1\"\u003eSciPy 1.17.1\u003c/a\u003e and supports Python 3.11-3.14, \u003ca href=\"https://github.com/numpy/numpy\"\u003eNumPy\u003c/a\u003e 1.26-2.4, and \u003ca href=\"https://github.com/jorenham/optype\"\u003eoptype\u003c/a\u003e 0.14-0.18.\u003c/p\u003e\n\u003ch1\u003e:trophy: Release Highlights\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 Fix \u003ccode\u003eapprox_fprime\u003c/code\u003e and \u003ccode\u003enewton\u003c/code\u003e to accept functions returning n-D arrays in \u003ccode\u003escipy.optimize\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e✨ Improved shape-typing support for statistical testing functions in \u003ccode\u003escipy.stats\u003c/code\u003e and FFT shifting functions in \u003ccode\u003escipy.fft\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🔒️ Enforce \u003ca href=\"https://github.com/zizmorcore/zizmor\"\u003ezizmor\u003c/a\u003e to improve security in GitHub Actions and dependabot (guard against supply-chain attacks, cache poisoning, etc.).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003e✨ Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esignal\u003c/code\u003e: stub the private \u003ccode\u003e_signal_api\u003c/code\u003e module by \u003ca href=\"https://github.com/jorenham\"\u003e\u003ccode\u003e@​jorenham\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scipy/scipy-stubs/pull/1492\"\u003escipy/scipy-stubs#1492\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003esignal\u003c/code\u003e: stub the private \u003ccode\u003e_delegators\u003c/code\u003e module by \u003ca href=\"https://github.com/jorenham\"\u003e\u003ccode\u003e@​jorenham\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scipy/scipy-stubs/pull/1493\"\u003escipy/scipy-stubs#1493\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003estats\u003c/code\u003e: improved \u003ccode\u003eks_2samp\u003c/code\u003e shape-typing by \u003ca href=\"https://github.com/jorenham\"\u003e\u003ccode\u003e@​jorenham\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scipy/scipy-stubs/pull/1494\"\u003escipy/scipy-stubs#1494\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003estats\u003c/code\u003e: improved \u003ccode\u003ebrunnermunzel\u003c/code\u003e shape-typing by \u003ca href=\"https://github.com/jorenham\"\u003e\u003ccode\u003e@​jorenham\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scipy/scipy-stubs/pull/1497\"\u003escipy/scipy-stubs#1497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003estats\u003c/code\u003e: improved \u003ccode\u003ef_oneway\u003c/code\u003e shape-typing by \u003ca href=\"https://github.com/jorenham\"\u003e\u003ccode\u003e@​jorenham\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scipy/scipy-stubs/pull/1499\"\u003escipy/scipy-stubs#1499\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003estats\u003c/code\u003e: improved \u003ccode\u003ekruskal\u003c/code\u003e shape-typing by \u003ca href=\"https://github.com/jorenham\"\u003e\u003ccode\u003e@​jorenham\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scipy/scipy-stubs/pull/1500\"\u003escipy/scipy-stubs#1500\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003estats\u003c/code\u003e: improved \u003ccode\u003esigmaclip\u003c/code\u003e dtypes by \u003ca href=\"https://github.com/jorenham\"\u003e\u003ccode\u003e@​jorenham\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scipy/scipy-stubs/pull/1501\"\u003escipy/scipy-stubs#1501\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003efftpack\u003c/code\u003e: improve return dtypes for real transforms by \u003ca href=\"https://github.com/Deshan-5\"\u003e\u003ccode\u003e@​Deshan-5\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scipy/scipy-stubs/pull/1509\"\u003escipy/scipy-stubs#1509\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003esignal\u003c/code\u003e: improve \u003ccode\u003elp2{lp,hp,bp,bs}[_zpk]\u003c/code\u003e and \u003ccode\u003ebilinear_zpk\u003c/code\u003e by \u003ca href=\"https://github.com/Aniketsy\"\u003e\u003ccode\u003e@​Aniketsy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scipy/scipy-stubs/pull/1523\"\u003escipy/scipy-stubs#1523\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003estats.dunnett\u003c/code\u003e: support for \u003ccode\u003elongdouble\u003c/code\u003e dtypes by \u003ca href=\"https://github.com/Aniketsy\"\u003e\u003ccode\u003e@​Aniketsy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scipy/scipy-stubs/pull/1528\"\u003escipy/scipy-stubs#1528\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003efft\u003c/code\u003e: \u003ccode\u003efftshift\u003c/code\u003e and \u003ccode\u003eifftshift\u003c/code\u003e shape-typing support by \u003ca href=\"https://github.com/Aniketsy\"\u003e\u003ccode\u003e@​Aniketsy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scipy/scipy-stubs/pull/1532\"\u003escipy/scipy-stubs#1532\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🐛 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e_lib._uarray._backend\u003c/code\u003e: fix \u003ccode\u003ewrap_single_convertor[_instance]\u003c/code\u003e overloads by \u003ca href=\"https://github.com/jorenham\"\u003e\u003ccode\u003e@​jorenham\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scipy/scipy-stubs/pull/1481\"\u003escipy/scipy-stubs#1481\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eoptimize\u003c/code\u003e: add vector-valued \u003ccode\u003eapprox_fprime\u003c/code\u003e overload by \u003ca href=\"https://github.com/fbourgey\"\u003e\u003ccode\u003e@​fbourgey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scipy/scipy-stubs/pull/1530\"\u003escipy/scipy-stubs#1530\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003efft\u003c/code\u003e: \u003ccode\u003e[i]fftshift\u003c/code\u003e dtype preservation for int and bool inputs by \u003ca href=\"https://github.com/Aniketsy\"\u003e\u003ccode\u003e@​Aniketsy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scipy/scipy-stubs/pull/1533\"\u003escipy/scipy-stubs#1533\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eoptimize\u003c/code\u003e: generalize \u003ccode\u003enewton\u003c/code\u003e overloads to ND arrays by \u003ca href=\"https://github.com/fbourgey\"\u003e\u003ccode\u003e@​fbourgey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scipy/scipy-stubs/pull/1534\"\u003escipy/scipy-stubs#1534\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e↪️ Workarounds\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esparse\u003c/code\u003e: improve CSC and CSR array/matrix constructor compatibility with mypy by \u003ca href=\"https://github.com/jorenham\"\u003e\u003ccode\u003e@​jorenham\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scipy/scipy-stubs/pull/1485\"\u003escipy/scipy-stubs#1485\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e📝 Documentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd Monad to the list of downstream projects by \u003ca href=\"https://github.com/jorenham\"\u003e\u003ccode\u003e@​jorenham\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scipy/scipy-stubs/pull/1498\"\u003escipy/scipy-stubs#1498\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🧹 Maintenance\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e🔖 prepare for further development by \u003ca href=\"https://github.com/jorenham\"\u003e\u003ccode\u003e@​jorenham\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scipy/scipy-stubs/pull/1480\"\u003escipy/scipy-stubs#1480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e⬆️ Update uv-build requirement from \u0026lt;0.11,\u0026gt;=0.10.9 to \u0026gt;=0.10.9,\u0026lt;0.12 in the actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/scipy/scipy-stubs/pull/1482\"\u003escipy/scipy-stubs#1482\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e⬆️ ty 0.0.25 by \u003ca href=\"https://github.com/jorenham\"\u003e\u003ccode\u003e@​jorenham\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scipy/scipy-stubs/pull/1483\"\u003escipy/scipy-stubs#1483\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scipy/scipy-stubs/commit/ff66e8a4a3b9fec77d32193965e4ad3d9acfea84\"\u003e\u003ccode\u003eff66e8a\u003c/code\u003e\u003c/a\u003e 🔖 scipy-stubs 1.17.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scipy/scipy-stubs/commit/1ba8ccfa1942dff275792fc486656e3fe12f4ee6\"\u003e\u003ccode\u003e1ba8ccf\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/scipy/scipy-stubs/issues/1546\"\u003e#1546\u003c/a\u003e from scipy/fix-mypy_primer-comment-workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scipy/scipy-stubs/commit/b4beb7de3cc744f24a0f017b81b9a58202e8e9aa\"\u003e\u003ccode\u003eb4beb7d\u003c/code\u003e\u003c/a\u003e 💚 fix mypy_primer comment workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scipy/scipy-stubs/commit/74945653316a671d475f06f86520f378f3c420b9\"\u003e\u003ccode\u003e7494565\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/scipy/scipy-stubs/issues/1545\"\u003e#1545\u003c/a\u003e from scipy/bump-mypy-pyrefly\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scipy/scipy-stubs/commit/12f0735b88e3fe47860b2e4f9a5074a277e0cf50\"\u003e\u003ccode\u003e12f0735\u003c/code\u003e\u003c/a\u003e ⬆️ mypy 1.20.1 and pyrefly 0.60.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scipy/scipy-stubs/commit/b9efc6fb754a4be43ffd7443713f744e419951bf\"\u003e\u003ccode\u003eb9efc6f\u003c/code\u003e\u003c/a\u003e ✨ \u003ccode\u003efft\u003c/code\u003e: \u003ccode\u003efftshift\u003c/code\u003e and \u003ccode\u003eifftshift\u003c/code\u003e shape-typing support (\u003ca href=\"https://redirect.github.com/scipy/scipy-stubs/issues/1532\"\u003e#1532\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scipy/scipy-stubs/commit/009d10ed67d5e8d3657750bb455d7b7a2cdd8496\"\u003e\u003ccode\u003e009d10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/scipy/scipy-stubs/issues/1544\"\u003e#1544\u003c/a\u003e from scipy/zizmor/update_dprint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scipy/scipy-stubs/commit/cac2b4a50fcc32a7dbd68742d20fc85b05570cca\"\u003e\u003ccode\u003ecac2b4a\u003c/code\u003e\u003c/a\u003e 🔒️ fix zizmor \u003ccode\u003e--pedantic\u003c/code\u003e audits in \u003ccode\u003eupdate_dprint.yml\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scipy/scipy-stubs/commit/cab3222674d15ce35370a8852d541439131e6035\"\u003e\u003ccode\u003ecab3222\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/scipy/scipy-stubs/issues/1543\"\u003e#1543\u003c/a\u003e from scipy/zizmor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scipy/scipy-stubs/commit/483a2d3d7b95b5cda285ac4788ec66008e06852b\"\u003e\u003ccode\u003e483a2d3\u003c/code\u003e\u003c/a\u003e 💡 ignore zizmor error\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/scipy/scipy-stubs/compare/v1.17.1.3...v1.17.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `celery-types` from 0.23.0 to 0.26.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sbdchd/celery-types/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mypy` from 1.20.1 to 2.1.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python/mypy/blob/master/CHANGELOG.md\"\u003emypy's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eMypy Release Notes\u003c/h1\u003e\n\u003ch2\u003eNext Release\u003c/h2\u003e\n\u003ch2\u003eMypy 2.1\u003c/h2\u003e\n\u003cp\u003eWe’ve just uploaded mypy 2.1.0 to the Python Package Index (\u003ca href=\"https://pypi.org/project/mypy/\"\u003ePyPI\u003c/a\u003e).\nMypy is a static type checker for Python. This release includes new features, performance\nimprovements and bug fixes. You can install it as follows:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epython3 -m pip install -U mypy\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eYou can read the full documentation for this release on \u003ca href=\"http://mypy.readthedocs.io\"\u003eRead the Docs\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003elibrt.vecs: Fast Growable Array Type for Mypyc\u003c/h3\u003e\n\u003cp\u003eThe new \u003ccode\u003elibrt.vecs\u003c/code\u003e module provides an efficient growable array type \u003ccode\u003evec\u003c/code\u003e that is\noptimized for mypyc use. It provides fast, packed arrays with integer and floating point\nvalue types, which can be \u003cstrong\u003eseveral times faster\u003c/strong\u003e than \u003ccode\u003elist\u003c/code\u003e, and tens of times faster\nthan \u003ccode\u003earray.array\u003c/code\u003e in code compiled using mypyc. It also supports nested \u003ccode\u003evec\u003c/code\u003e objects and\nnon-value-type items, such as \u003ccode\u003evec[vec[str]]\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eRefer to the \u003ca href=\"https://mypyc.readthedocs.io/en/latest/librt_vecs.html\"\u003edocumentation\u003c/a\u003e for\nthe details.\u003c/p\u003e\n\u003cp\u003eContributed by Jukka Lehtosalo.\u003c/p\u003e\n\u003ch3\u003elibrt.random: Fast Pseudo-Random Number Generation\u003c/h3\u003e\n\u003cp\u003eThe new \u003ccode\u003elibrt.random\u003c/code\u003e module provides fast pseudo-random number generation that is\noptimized for code compiled using mypyc. It can be 3x to 10x faster than the stdlib\n\u003ccode\u003erandom\u003c/code\u003e module in compiled code.\u003c/p\u003e\n\u003cp\u003eRefer to the \u003ca href=\"https://mypyc.readthedocs.io/en/latest/librt_random.html\"\u003edocumentation\u003c/a\u003e for\nthe details.\u003c/p\u003e\n\u003cp\u003eContributed by Jukka Lehtosalo (PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21433\"\u003e21433\u003c/a\u003e).\u003c/p\u003e\n\u003ch3\u003eMypyc Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMake compilation order with multiple files consistent (Piotr Sawicki, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21419\"\u003e21419\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash on accessing \u003ccode\u003eStopAsyncIteration\u003c/code\u003e (Piotr Sawicki, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21406\"\u003e21406\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix incremental compilation with \u003ccode\u003eseparate\u003c/code\u003e flag (Vaggelis Danias, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21299\"\u003e21299\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes to Crashes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix crash on partial type with \u003ccode\u003e--allow-redefinition\u003c/code\u003e and \u003ccode\u003eglobal\u003c/code\u003e declaration (Jukka Lehtosalo, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21428\"\u003e21428\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix broken awaitable generator patching (Ivan Levkivskyi, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21435\"\u003e21435\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges to Messages\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/c1c336d7e34eb313080c79b156518c58d27c7234\"\u003e\u003ccode\u003ec1c336d\u003c/code\u003e\u003c/a\u003e Remove +dev from version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/74df14b7cbf08140236aa45bbb7f42219b0b1df7\"\u003e\u003ccode\u003e74df14b\u003c/code\u003e\u003c/a\u003e Add changelog for mypy 2.1 (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21464\"\u003e#21464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/022d9bc96f86c40f338a5cf150f1806cc8f300ff\"\u003e\u003ccode\u003e022d9bc\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;TypeForm: Enable by default (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21262\"\u003e#21262\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/8826288214f1cb31496e610667481221e025359c\"\u003e\u003ccode\u003e8826288\u003c/code\u003e\u003c/a\u003e [mypyc] Document librt.random (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21463\"\u003e#21463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/3f4067b699dbe52d08e42ef3b3ebfdebdc06bd96\"\u003e\u003ccode\u003e3f4067b\u003c/code\u003e\u003c/a\u003e Bump librt version to 0.11.0 (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21458\"\u003e#21458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/2b1eb58a250c5f1eb4ef5fb1f312ff528c5a1d4e\"\u003e\u003ccode\u003e2b1eb58\u003c/code\u003e\u003c/a\u003e [mypyc] Enable incremental self-compilation (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21369\"\u003e#21369\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/8152f4af3f6c03beaf2660026240f0fdce7feecc\"\u003e\u003ccode\u003e8152f4a\u003c/code\u003e\u003c/a\u003e Respect file config comments for stale modules (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21444\"\u003e#21444\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/116d60bdd3fdfe8d97c6afe99370910db56f1b92\"\u003e\u003ccode\u003e116d60b\u003c/code\u003e\u003c/a\u003e Fix nondeterminism from nonassociativity of overload joins (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21455\"\u003e#21455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/6c4af8e42110cea3f84bc02add2ca7b89c268210\"\u003e\u003ccode\u003e6c4af8e\u003c/code\u003e\u003c/a\u003e Fix function call message change for small number of args (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21432\"\u003e#21432\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/4b8fdcaf24032592510e8f15421fb32d82a71800\"\u003e\u003ccode\u003e4b8fdca\u003c/code\u003e\u003c/a\u003e [mypyc] Add librt.random module (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21433\"\u003e#21433\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python/mypy/compare/v1.20.1...v2.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyrefly` from 0.60.0 to 1.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/facebook/pyrefly/releases\"\u003epyrefly's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ePyrefly v1.0.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eStatus: STABLE\u003c/strong\u003e\n\u003cem\u003eRelease date: 12 May 2026\u003c/em\u003e\u003c/p\u003e\n\u003ch2\u003ePyrefly v1.0.0 is here!\u003c/h2\u003e\n\u003cp\u003eWe're thrilled to announce that Pyrefly has reached its stable 1.0.0 release! Since our \u003ca href=\"https://github.com/facebook/pyrefly/releases/tag/0.42.0\"\u003ebeta release\u003c/a\u003e in November 2025, we've fixed hundreds of bugs, improved performance, and added lots of new functionality. Pyrefly is already the default type checker for Instagram at Meta and has been adopted by other large production codebases like PyTorch and JAX. Today, we're making it official: Pyrefly is production ready.\u003c/p\u003e\n\u003cp\u003eThis would not have been possible without our amazing open-source community. To everyone who filed GitHub issues, submitted pull requests, gave us feedback at conferences, or joined us on Discord: thank you. Your contributions shaped this release.\u003c/p\u003e\n\u003cp\u003eThese release notes cover the major highlights since our beta release. For the full history, see our \u003ca href=\"https://github.com/facebook/pyrefly/releases\"\u003epast weekly release notes\u003c/a\u003e.\u003c/p\u003e\n\u003chr /\u003e\n\u003ch2\u003ePerformance Improvements\u003c/h2\u003e\n\u003cp\u003eWe've continued to push Pyrefly's performance since the \u003ca href=\"https://pyrefly.org/blog/2026/02/06/performance-improvements/\"\u003espeed improvements we shared in February\u003c/a\u003e. Since beta:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e2–125x faster updated diagnostics\u003c/strong\u003e after saving a file (no, that’s not a typo!). Thanks to fine-grained dependency tracking and streaming diagnostics, updates now consistently arrive in milliseconds\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e20–36% faster full type checking\u003c/strong\u003e on large projects like PyTorch and Pandas\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e2–3x faster initial indexing\u003c/strong\u003e when Pyrefly first scans your project\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e40–60% less memory usage\u003c/strong\u003e during both indexing and incremental type checking\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e(Tested on an M4 Macbook Pro using open-source benchmarks from \u003ca href=\"https://github.com/lolpack/type_coverage_py\"\u003etype_coverage_py\u003c/a\u003e and \u003ca href=\"https://github.com/astral-sh/ruff/tree/e990dfd069fceef96f797b46161ef78862608449/scripts/ty_benchmark\"\u003ety_benchmark\u003c/a\u003e.)\u003c/p\u003e\n\u003cp\u003eCompare the performance of Pyrefly and other Python type checkers on our regularly updated \u003ca href=\"https://python-type-checking.com/typecheck_benchmark/\"\u003ebenchmarking suite\u003c/a\u003e, which runs against 53 popular Python packages.\u003c/p\u003e\n\u003chr /\u003e\n\u003ch2\u003eConfiguration Presets\u003c/h2\u003e\n\u003cp\u003eA new \u003ccode\u003epreset\u003c/code\u003e configuration option provides named bundles of error severities and behavior settings.\u003c/p\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth align=\"left\"\u003ePreset\u003c/th\u003e\n\u003cth align=\"left\"\u003eDescription\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd align=\"left\"\u003e\u003ccode\u003eoff\u003c/code\u003e\u003c/td\u003e\n\u003ctd align=\"left\"\u003eSilences all diagnostics. Useful for IDE-only users or if you want total control of which errors are enabled.\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd align=\"left\"\u003e\u003ccode\u003ebasic\u003c/code\u003e\u003c/td\u003e\n\u003ctd align=\"left\"\u003eLow-noise, high-confidence diagnostics only (syntax errors, missing imports, unknown names, etc.). Ideal for unconfigured projects or IDE-first users.\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd align=\"left\"\u003e\u003ccode\u003elegacy\u003c/code\u003e\u003c/td\u003e\n\u003ctd align=\"left\"\u003eFor codebases migrating from mypy. Disables checks mypy doesn't have. \u003ccode\u003epyrefly init\u003c/code\u003e now emits this preset automatically when migrating from a mypy config.\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd align=\"left\"\u003e\u003ccode\u003edefault\u003c/code\u003e\u003c/td\u003e\n\u003ctd align=\"left\"\u003eThe standard Pyrefly experience. Equivalent to having no preset.\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd align=\"left\"\u003e\u003ccode\u003estrict\u003c/code\u003e\u003c/td\u003e\n\u003ctd align=\"left\"\u003eEnables additional strict checks on top of the \u003ccode\u003edefault\u003c/code\u003e preset. For users who want to avoid \u003ccode\u003eAny\u003c/code\u003e types in their codebase.\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003cp\u003eSee the \u003ca href=\"https://pyrefly.org/en/docs/configuration/#preset\"\u003econfiguration docs\u003c/a\u003e for details.\u003c/p\u003e\n\u003chr /\u003e\n\u003ch2\u003eOnboarding Experience\u003c/h2\u003e\n\u003cp\u003eWe’ve made improvements to the out-of-the-box experience for projects without a \u003ccode\u003epyrefly.toml\u003c/code\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eAutomatic config synthesis\u003c/strong\u003e — if you have a mypy or pyright config, Pyrefly automatically migrates your settings and synthesizes an appropriate in-memory Pyrefly config. (This is the same migration that \u003ccode\u003epyrefly init\u003c/code\u003e would commit to disk.)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facebook/pyrefly/commit/2362c071caa576f9112781b5571f9e283cd52920\"\u003e\u003ccode\u003e2362c07\u003c/code\u003e\u003c/a\u003e Bump to version 1.0.0 with release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facebook/pyrefly/commit/471bb8316cf40e9d29cbc79d5c701a7dec3ab6b5\"\u003e\u003ccode\u003e471bb83\u003c/code\u003e\u003c/a\u003e Prep README.md and pyproject.toml for V1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facebook/pyrefly/commit/f2c6df4c66c726af4c7603272da47b65d91d4d4c\"\u003e\u003ccode\u003ef2c6df4\u003c/code\u003e\u003c/a\u003e Use vanity URLs for unconfigured-config upsell\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facebook/pyrefly/commit/d5bf386fd24f8969506f2edd0e06c3896962dbce\"\u003e\u003ccode\u003ed5bf386\u003c/code\u003e\u003c/a\u003e Fix TSP extra IPC connection shutdown hang (\u003ca href=\"https://redirect.github.com/facebook/pyrefly/issues/3287\"\u003e#3287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facebook/pyrefly/commit/e0a91be41640e70e0cd45a57eae98eecf86459a4\"\u003e\u003ccode\u003ee0a91be\u003c/code\u003e\u003c/a\u003e do not send snapshotchanged to extra connections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facebook/pyrefly/commit/3df562c8165ea2ac69b389eb1552f9dbf5c18573\"\u003e\u003ccode\u003e3df562c\u003c/code\u003e\u003c/a\u003e extract TypeErrorDisplayStatus into its own module\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facebook/pyrefly/commit/71ff2a5cbc7ce9a82e758174fe25274256728c28\"\u003e\u003ccode\u003e71ff2a5\u003c/code\u003e\u003c/a\u003e upgrade\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facebook/pyrefly/commit/b3d41027a20764fd076c7af89d9dbb45e64dd458\"\u003e\u003ccode\u003eb3d4102\u003c/code\u003e\u003c/a\u003e Strip debuginfo from release binaries to reduce binary size\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facebook/pyrefly/commit/ccb904d47281c22195839bcc714eb1c38256e690\"\u003e\u003ccode\u003eccb904d\u003c/code\u003e\u003c/a\u003e Fix Pyrefly regression with imported TypeVars via attribute access (\u003ca href=\"https://redirect.github.com/facebook/pyrefly/issues/3333\"\u003e#3333\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facebook/pyrefly/commit/fb2ef608a2bb9b896a0232be0783338eea3b028a\"\u003e\u003ccode\u003efb2ef60\u003c/code\u003e\u003c/a\u003e support vscode-python-environments extension (\u003ca href=\"https://redirect.github.com/facebook/pyrefly/issues/3327\"\u003e#3327\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/facebook/pyrefly/compare/0.60.0...1.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/NH3CH2COOH/dify-for-adaption/pull/27","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/NH3CH2COOH%2Fdify-for-adaption/issues/27","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/27/packages"}},{"old_version":"6.0.12.20260408","new_version":"6.0.12.20260510","update_type":null,"path":null,"pr_created_at":"2026-05-14T23:56:49.000Z","version_change":"6.0.12.20260408 → 6.0.12.20260510","issue":{"uuid":"4450182039","node_id":"PR_kwDOSQXwv87bumta","number":67,"state":"open","title":"chore(deps): bump the uv-dependencies group across 1 directory with 33 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-14T23:56:49.000Z","updated_at":"2026-05-14T23:58:14.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv-dependencies","update_count":33,"packages":[{"name":"apprise","old_version":"1.9.9","new_version":"1.10.0","repository_url":"https://github.com/caronc/apprise"},{"name":"cryptography","old_version":"46.0.7","new_version":"48.0.0","repository_url":"https://github.com/pyca/cryptography"},{"name":"pytz","old_version":"2026.1.post1","new_version":"2026.2","repository_url":"https://github.com/stub42/pytz"},{"name":"cyclopts","old_version":"4.10.2","new_version":"4.12.0","repository_url":"https://github.com/BrianPugh/cyclopts"},{"name":"cachetools","old_version":"7.0.6","new_version":"7.1.1","repository_url":"https://github.com/tkem/cachetools"},{"name":"coolname","old_version":"4.2.0","new_version":"5.0.0","repository_url":"https://github.com/alexanderlukanin13/coolname"},{"name":"fastapi","old_version":"0.136.0","new_version":"0.136.1","repository_url":"https://github.com/fastapi/fastapi"},{"name":"fsspec","old_version":"2026.3.0","new_version":"2026.4.0","repository_url":"https://github.com/fsspec/filesystem_spec"},{"name":"opentelemetry-api","old_version":"1.39.1","new_version":"1.41.1","repository_url":"https://github.com/open-telemetry/opentelemetry-python"},{"name":"orjson","old_version":"3.11.8","new_version":"3.11.9","repository_url":"https://github.com/ijl/orjson"},{"name":"packaging","old_version":"26.1","new_version":"26.2","repository_url":"https://github.com/pypa/packaging"},{"name":"pydantic","old_version":"2.13.3","new_version":"2.13.4","repository_url":"https://github.com/pydantic/pydantic"},{"name":"pydantic-settings","old_version":"2.14.0","new_version":"2.14.1","repository_url":"https://github.com/pydantic/pydantic-settings"},{"name":"uvicorn","old_version":"0.45.0","new_version":"0.47.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"pydocket","old_version":"0.19.2","new_version":"0.20.2","repository_url":"https://github.com/chrisguidry/docket"},{"name":"uv","old_version":"0.11.7","new_version":"0.11.14","repository_url":"https://github.com/astral-sh/uv"},{"name":"prefect-dbt","old_version":"0.7.23","new_version":"0.7.24","repository_url":"https://github.com/PrefectHQ/prefect"},{"name":"prefect-redis","old_version":"0.2.10","new_version":"0.2.11","repository_url":"https://github.com/PrefectHQ/prefect"},{"name":"moto","old_version":"5.1.22","new_version":"5.2.1","repository_url":"https://github.com/getmoto/moto"},{"name":"pyright","old_version":"1.1.408","new_version":"1.1.409","repository_url":"https://github.com/RobertCraigie/pyright-python"},{"name":"virtualenv","old_version":"21.2.4","new_version":"21.3.3","repository_url":"https://github.com/pypa/virtualenv"},{"name":"ruff","old_version":"0.15.11","new_version":"0.15.13","repository_url":"https://github.com/astral-sh/ruff"},{"name":"types-cachetools","old_version":"6.2.0.20260408","new_version":"7.0.0.20260503","repository_url":"https://github.com/python/typeshed"},{"name":"types-pyyaml","old_version":"6.0.12.20260408","new_version":"6.0.12.20260510","repository_url":"https://github.com/python/typeshed"},{"name":"types-dateparser","old_version":"1.4.0.20260408","new_version":"1.4.0.20260508","repository_url":"https://github.com/python/typeshed"},{"name":"pytest-codspeed","old_version":"4.4.0","new_version":"5.0.2","repository_url":"https://github.com/CodSpeedHQ/pytest-codspeed"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv-dependencies group with 26 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [apprise](https://github.com/caronc/apprise) | `1.9.9` | `1.10.0` |\n| [cryptography](https://github.com/pyca/cryptography) | `46.0.7` | `48.0.0` |\n| [pytz](https://github.com/stub42/pytz) | `2026.1.post1` | `2026.2` |\n| [cyclopts](https://github.com/BrianPugh/cyclopts) | `4.10.2` | `4.12.0` |\n| [cachetools](https://github.com/tkem/cachetools) | `7.0.6` | `7.1.1` |\n| [coolname](https://github.com/alexanderlukanin13/coolname) | `4.2.0` | `5.0.0` |\n| [fastapi](https://github.com/fastapi/fastapi) | `0.136.0` | `0.136.1` |\n| [fsspec](https://github.com/fsspec/filesystem_spec) | `2026.3.0` | `2026.4.0` |\n| [opentelemetry-api](https://github.com/open-telemetry/opentelemetry-python) | `1.39.1` | `1.41.1` |\n| [orjson](https://github.com/ijl/orjson) | `3.11.8` | `3.11.9` |\n| [packaging](https://github.com/pypa/packaging) | `26.1` | `26.2` |\n| [pydantic](https://github.com/pydantic/pydantic) | `2.13.3` | `2.13.4` |\n| [pydantic-settings](https://github.com/pydantic/pydantic-settings) | `2.14.0` | `2.14.1` |\n| [uvicorn](https://github.com/Kludex/uvicorn) | `0.45.0` | `0.47.0` |\n| [pydocket](https://github.com/chrisguidry/docket) | `0.19.2` | `0.20.2` |\n| [uv](https://github.com/astral-sh/uv) | `0.11.7` | `0.11.14` |\n| [prefect-dbt](https://github.com/PrefectHQ/prefect) | `0.7.23` | `0.7.24` |\n| [prefect-redis](https://github.com/PrefectHQ/prefect) | `0.2.10` | `0.2.11` |\n| [moto](https://github.com/getmoto/moto) | `5.1.22` | `5.2.1` |\n| [pyright](https://github.com/RobertCraigie/pyright-python) | `1.1.408` | `1.1.409` |\n| [virtualenv](https://github.com/pypa/virtualenv) | `21.2.4` | `21.3.3` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.15.11` | `0.15.13` |\n| [types-cachetools](https://github.com/python/typeshed) | `6.2.0.20260408` | `7.0.0.20260503` |\n| [types-pyyaml](https://github.com/python/typeshed) | `6.0.12.20260408` | `6.0.12.20260510` |\n| [types-dateparser](https://github.com/python/typeshed) | `1.4.0.20260408` | `1.4.0.20260508` |\n| [pytest-codspeed](https://github.com/CodSpeedHQ/pytest-codspeed) | `4.4.0` | `5.0.2` |\n\n\nUpdates `apprise` from 1.9.9 to 1.10.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/caronc/apprise/releases\"\u003eapprise's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.10.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eThe big wow factor of this release would be the huge effort put into Matrix E2EE built into Apprise without adding overhead to the plugin itself. Huge props to those that helped out.  Other than that, a few more services have been added (137 supported now :rocket: ).\u003c/p\u003e\n\u003cp\u003eThe official documentation website (\u003ca href=\"https://appriseit.com\"\u003ehttps://appriseit.com\u003c/a\u003e) got a nice cleanup; the Service listings are now searchable; some nice tweaks to the URL Builder as well.\u003c/p\u003e\n\u003ch3\u003e:mega: New Notification Services:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOpsgenie functionality ported to jira:// in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1273\"\u003ecaronc/apprise#1273\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEvolution API (WhatsApp) notification plugin by \u003ca href=\"https://github.com/opastorello\"\u003e\u003ccode\u003e@​opastorello\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1579\"\u003ecaronc/apprise#1579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded blink(1) support in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1578\"\u003ecaronc/apprise#1578\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExotel Support in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/782\"\u003ecaronc/apprise#782\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded Octopush Support in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/622\"\u003ecaronc/apprise#622\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded Postmark support in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1590\"\u003ecaronc/apprise#1590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:lady_beetle:  Bugfixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003entfy:// tags= changed to xtags= in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1555\"\u003ecaronc/apprise#1555\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003ethis allows tags to work again correctly for those dependant on it; previously \u003ccode\u003etags=\u003c/code\u003e conflicted with \u003ccode\u003etags=\u003c/code\u003e in Apprise)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eXMPP server hostname can differentiate to what is found in JID in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1560\"\u003ecaronc/apprise#1560\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efixed issue with mailto:// when using yahoo.com in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1561\"\u003ecaronc/apprise#1561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFluxer time dependant unittest assertion optimized for slower systems in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1566\"\u003ecaronc/apprise#1566\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efixed templating references impacting url generation (on \u003ca href=\"https://appriseit.com\"\u003ehttps://appriseit.com\u003c/a\u003e) in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1582\"\u003ecaronc/apprise#1582\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efixed KeyError Exception thrown when certain emoji's specified in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1592\"\u003ecaronc/apprise#1592\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:bulb: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the Dot. (Quote/0) plugin from API v1 to API v2 by \u003ca href=\"https://github.com/HerbertGao\"\u003e\u003ccode\u003e@​HerbertGao\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1512\"\u003ecaronc/apprise#1512\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated Dot. plugin to better align with Apprise in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1588\"\u003ecaronc/apprise#1588\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eURLs that can not be loaded are more verbose for the reasoning in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1568\"\u003ecaronc/apprise#1568\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWebex wxteams:// Bot API Support in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1567\"\u003ecaronc/apprise#1567\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efixes parse_url() -\u0026gt; url() -\u0026gt; parse_url() inconsistency in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1572\"\u003ecaronc/apprise#1572\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePushover Delivery Group Support in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1563\"\u003ecaronc/apprise#1563\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMatrix token template cleanup in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1573\"\u003ecaronc/apprise#1573\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efcm:// add apns-push-type header for reliable iOS delivery by \u003ca href=\"https://github.com/AlbertoLanaro\"\u003e\u003ccode\u003e@​AlbertoLanaro\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1577\"\u003ecaronc/apprise#1577\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHome Assistant \u0026quot;Service' Notification Support Added (extension to what was already there) in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1294\"\u003ecaronc/apprise#1294\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded attachment support to Mattermost in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1583\"\u003ecaronc/apprise#1583\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e:fire: Matrix E2EE Support in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1574\"\u003ecaronc/apprise#1574\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMatrix Hookshot support added in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1586\"\u003ecaronc/apprise#1586\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMastodon supports hashtag/user references in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1587\"\u003ecaronc/apprise#1587\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePushPlus refactored to support more options in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1589\"\u003ecaronc/apprise#1589\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInproved azure:// error handling and message responses in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1499\"\u003ecaronc/apprise#1499\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:heart: Life-Cycle Support\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate LoC badge by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1554\"\u003ecaronc/apprise#1554\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMemory-Optimized Plugin Management in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1557\"\u003ecaronc/apprise#1557\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRuff linter configuration updated and applied to entire codebase in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1562\"\u003ecaronc/apprise#1562\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ei18n(pt_BR): add Brazilian Portuguese translation by \u003ca href=\"https://github.com/opastorello\"\u003e\u003ccode\u003e@​opastorello\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1580\"\u003ecaronc/apprise#1580\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ei18n(es): add Spanish translation by \u003ca href=\"https://github.com/opastorello\"\u003e\u003ccode\u003e@​opastorello\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/caronc/apprise/pull/1581\"\u003ecaronc/apprise#1581\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eInstallation\u003c/h2\u003e\n\u003cp\u003eApprise is available \u003ca href=\"https://pypi.org/project/apprise/\"\u003eon PyPI\u003c/a\u003e through \u003cem\u003epip\u003c/em\u003e:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/caronc/apprise/commit/343c960969477b60df580f70294ce966bb4b0ce2\"\u003e\u003ccode\u003e343c960\u003c/code\u003e\u003c/a\u003e bummped version to v1.10.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/caronc/apprise/commit/67b523077173bcf8c717b0e567b7d2e7251d21e1\"\u003e\u003ccode\u003e67b5230\u003c/code\u003e\u003c/a\u003e Inproved azure:// error handling and message responses (\u003ca href=\"https://redirect.github.com/caronc/apprise/issues/1499\"\u003e#1499\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/caronc/apprise/commit/755f17479ff20fd9473e1aa15ab1b190920041c3\"\u003e\u003ccode\u003e755f174\u003c/code\u003e\u003c/a\u003e bugfix: KeyError Exception thrown when certain emoji's specified (\u003ca href=\"https://redirect.github.com/caronc/apprise/issues/1592\"\u003e#1592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/caronc/apprise/commit/a7bc56dd81ea60b1c9f59775d1e005e560a716b9\"\u003e\u003ccode\u003ea7bc56d\u003c/code\u003e\u003c/a\u003e PushPlus refactored to support more options (\u003ca href=\"https://redirect.github.com/caronc/apprise/issues/1589\"\u003e#1589\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/caronc/apprise/commit/9d0056b9cd4771bc752d4ff2936a1e4977e3fa81\"\u003e\u003ccode\u003e9d0056b\u003c/code\u003e\u003c/a\u003e Added Postmark support (\u003ca href=\"https://redirect.github.com/caronc/apprise/issues/1590\"\u003e#1590\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/caronc/apprise/commit/0617ef7ac63cc6f1e850913c055e280043360358\"\u003e\u003ccode\u003e0617ef7\u003c/code\u003e\u003c/a\u003e Updated Dot. plugin to better align with Apprise standards (\u003ca href=\"https://redirect.github.com/caronc/apprise/issues/1588\"\u003e#1588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/caronc/apprise/commit/0fbe0946869fab49c330d6fd5fb89ea58cb9b6db\"\u003e\u003ccode\u003e0fbe094\u003c/code\u003e\u003c/a\u003e Added Octopush Support (\u003ca href=\"https://redirect.github.com/caronc/apprise/issues/622\"\u003e#622\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/caronc/apprise/commit/58d0f1e00a5e4daac928372d1b49a2886e7589f2\"\u003e\u003ccode\u003e58d0f1e\u003c/code\u003e\u003c/a\u003e Exotel Support (\u003ca href=\"https://redirect.github.com/caronc/apprise/issues/782\"\u003e#782\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/caronc/apprise/commit/2a8d62fad5dc1930d8f14e0775341692ff0c5aa5\"\u003e\u003ccode\u003e2a8d62f\u003c/code\u003e\u003c/a\u003e Mastodon supports hashtag/user references (\u003ca href=\"https://redirect.github.com/caronc/apprise/issues/1587\"\u003e#1587\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/caronc/apprise/commit/1382633788004b515240c0f17c5b0cfe0f111554\"\u003e\u003ccode\u003e1382633\u003c/code\u003e\u003c/a\u003e Matrix Hookshot support added (\u003ca href=\"https://redirect.github.com/caronc/apprise/issues/1586\"\u003e#1586\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/caronc/apprise/compare/v1.9.9...v1.10.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 46.0.7 to 48.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e48.0.0 - 2026-05-04\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **BACKWARDS INCOMPATIBLE:** Support for Python 3.8 has been removed.\n  ``cryptography`` now requires Python 3.9 or later.\n* **BACKWARDS INCOMPATIBLE:** Loading an X.509 CRL whose inner\n  ``TBSCertList.signature`` algorithm does not match the outer\n  ``signatureAlgorithm`` now raises ``ValueError``. Previously, such CRLs\n  were parsed successfully and only rejected during signature validation.\n* Added support for :doc:`/hazmat/primitives/asymmetric/mlkem` and\n  :doc:`/hazmat/primitives/asymmetric/mldsa` when using OpenSSL 3.5.0 or\n  later, in addition to the existing AWS-LC and BoringSSL support. This means\n  post-quantum algorithms are now available to users of our wheels.\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Going forward, we do not guarantee that all functionality\u003cbr /\u003e\nin \u003ccode\u003ecryptography\u003c/code\u003e will be available when building against\u003cbr /\u003e\nOpenSSL. See :doc:\u003ccode\u003e/statements/state-of-openssl\u003c/code\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v47-0-0:\u003c/p\u003e\n\u003cp\u003e47.0.0 - 2026-04-24\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.8 is deprecated and will be removed in the next\n\u003ccode\u003ecryptography\u003c/code\u003e release.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Support for binary elliptic curves\n(\u003ccode\u003eSECT*\u003c/code\u003e classes) has been removed. These curves are rarely used and\nhave additional security considerations that make them undesirable.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Support for OpenSSL 1.1.x has been removed.\nOpenSSL 3.0.0 or later is now required. LibreSSL, BoringSSL, and AWS-LC\ncontinue to be supported.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Dropped support for LibreSSL \u0026lt; 4.1.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Loading keys with unsupported algorithms or\nkeys with unsupported explicit curve encodings now raises\n:class:\u003ccode\u003e~cryptography.exceptions.UnsupportedAlgorithm\u003c/code\u003e instead of\n\u003ccode\u003eValueError\u003c/code\u003e. This change affects\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_pem_private_key\u003c/code\u003e,\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_der_private_key\u003c/code\u003e,\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_pem_public_key\u003c/code\u003e,\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_der_public_key\u003c/code\u003e,\nand :meth:\u003ccode\u003e~cryptography.x509.Certificate.public_key\u003c/code\u003e when called on\ncertificates with unsupported public key algorithms.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e When parsing elliptic curve private keys, we now\nreject keys that incorrectly encode a private key of the wrong length because\nsuch keys are impossible to process in a constant-time manner. We do not\nbelieve keys with this problem are in wide use, however we may revert this\nchange based on the feedback we receive.\u003c/li\u003e\n\u003cli\u003eDeprecated passing 64-bit (8-byte) and 128-bit (16-byte) keys to\n:class:\u003ccode\u003e~cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES\u003c/code\u003e. In a\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/8e03e30e3aae01632a697e903e3593c924f0139d\"\u003e\u003ccode\u003e8e03e30\u003c/code\u003e\u003c/a\u003e bump for 48.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14796\"\u003e#14796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/295e0d254ef31ab864730aa41312ec355416ee71\"\u003e\u003ccode\u003e295e0d2\u003c/code\u003e\u003c/a\u003e Add AGENTS.md with CLAUDE.md symlink (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14794\"\u003e#14794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/104a2de19e268a433e6da92be9cb872dcf0003c8\"\u003e\u003ccode\u003e104a2de\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14793\"\u003e#14793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/67ec1e51988195e17993d2edef5258b27509b926\"\u003e\u003ccode\u003e67ec1e5\u003c/code\u003e\u003c/a\u003e call check_length early on AesSiv::encrypt (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14792\"\u003e#14792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/b2da57a0d9e4bfd2b95364299091a18f74127b26\"\u003e\u003ccode\u003eb2da57a\u003c/code\u003e\u003c/a\u003e changelog for mldsa/mlkem for openssl (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14791\"\u003e#14791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/3cf44adee25c368d4a136e072fa9f80465d91eb0\"\u003e\u003ccode\u003e3cf44ad\u003c/code\u003e\u003c/a\u003e ML-KEM OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14781\"\u003e#14781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e31639666766f846fbab2c605879db0fa64fe83\"\u003e\u003ccode\u003e2e31639\u003c/code\u003e\u003c/a\u003e ML-DSA OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14773\"\u003e#14773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/5affe5a286a986fdf512c4a5cb280d28a96c10e3\"\u003e\u003ccode\u003e5affe5a\u003c/code\u003e\u003c/a\u003e fix rust nightly clippy (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14790\"\u003e#14790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e73ca448eaf64b6f0d4ffbb794cf96170cef5ec\"\u003e\u003ccode\u003e2e73ca4\u003c/code\u003e\u003c/a\u003e bump rust-openssl dep and update EcPoint::mul_generator to mul_generator2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/82ebd3b9f49d49ad5fd8b4b1f1dd02487b6e1466\"\u003e\u003ccode\u003e82ebd3b\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14785\"\u003e#14785\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.7...48.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytz` from 2026.1.post1 to 2026.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stub42/pytz/commit/45957c55be9dbf013b636aeb7d22dc7bec81a9f4\"\u003e\u003ccode\u003e45957c5\u003c/code\u003e\u003c/a\u003e Bump github actions/checkout to \u003ca href=\"https://github.com/v6\"\u003e\u003ccode\u003e@​v6\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stub42/pytz/commit/8e927c67c98ccde3624642f2f32cd6c5208a5161\"\u003e\u003ccode\u003e8e927c6\u003c/code\u003e\u003c/a\u003e Bump version numbers to 2026.2 (IANA 2026b)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stub42/pytz/commit/6f08adec7bcb382e78afedb660f94f38a093fddf\"\u003e\u003ccode\u003e6f08ade\u003c/code\u003e\u003c/a\u003e IANA 2026b\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stub42/pytz/commit/edbfbdf8f708657ce5b9fee32e2f8eaa8647359a\"\u003e\u003ccode\u003eedbfbdf\u003c/code\u003e\u003c/a\u003e Squashed 'tz/' changes from dd6be6d155..8be0d5483d\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stub42/pytz/commit/a148b0390a42ea9a95ef7f6d8c346307405708d5\"\u003e\u003ccode\u003ea148b03\u003c/code\u003e\u003c/a\u003e Fix typo in README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stub42/pytz/commit/b841195f5df79455ee3aa9ec3d8749af835dab48\"\u003e\u003ccode\u003eb841195\u003c/code\u003e\u003c/a\u003e fix typo\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/stub42/pytz/compare/release_2026.1.post1...release_2026.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cyclopts` from 4.10.2 to 4.12.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/BrianPugh/cyclopts/releases\"\u003ecyclopts's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.12.0\u003c/h2\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAllow for validators to be string(s) (class method forward reference) by \u003ca href=\"https://github.com/BrianPugh\"\u003e\u003ccode\u003e@​BrianPugh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BrianPugh/cyclopts/pull/803\"\u003eBrianPugh/cyclopts#803\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/BrianPugh/cyclopts/compare/v4.11.2...v4.12.0\"\u003ehttps://github.com/BrianPugh/cyclopts/compare/v4.11.2...v4.12.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.11.2\u003c/h2\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003e_should_attempt_json_list\u003c/code\u003e for detecting \u003ccode\u003elist[str] | None\u003c/code\u003e and Annotated annotations by \u003ca href=\"https://github.com/BrianPugh\"\u003e\u003ccode\u003e@​BrianPugh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BrianPugh/cyclopts/pull/800\"\u003eBrianPugh/cyclopts#800\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/BrianPugh/cyclopts/compare/v4.11.1...v4.11.2\"\u003ehttps://github.com/BrianPugh/cyclopts/compare/v4.11.1...v4.11.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.11.1\u003c/h2\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eInclude meta-apps when assembling usage string by \u003ca href=\"https://github.com/BrianPugh\"\u003e\u003ccode\u003e@​BrianPugh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BrianPugh/cyclopts/pull/793\"\u003eBrianPugh/cyclopts#793\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd missing python3.14 classifier by \u003ca href=\"https://github.com/BrianPugh\"\u003e\u003ccode\u003e@​BrianPugh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BrianPugh/cyclopts/pull/796\"\u003eBrianPugh/cyclopts#796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003cstrong\u003euntyped\u003c/strong\u003e boolean negative name derivation by \u003ca href=\"https://github.com/BrianPugh\"\u003e\u003ccode\u003e@​BrianPugh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BrianPugh/cyclopts/pull/798\"\u003eBrianPugh/cyclopts#798\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eVarious completion fixes by \u003ca href=\"https://github.com/BrianPugh\"\u003e\u003ccode\u003e@​BrianPugh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BrianPugh/cyclopts/pull/794\"\u003eBrianPugh/cyclopts#794\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/BrianPugh/cyclopts/compare/v4.11.0...v4.11.1\"\u003ehttps://github.com/BrianPugh/cyclopts/compare/v4.11.0...v4.11.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.11.0\u003c/h2\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003eusage_name\u003c/code\u003e override for configuring docs creation by \u003ca href=\"https://github.com/BrianPugh\"\u003e\u003ccode\u003e@​BrianPugh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BrianPugh/cyclopts/pull/791\"\u003eBrianPugh/cyclopts#791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded granular help for \u003ccode\u003edict[str, dataclass-like]\u003c/code\u003e params by \u003ca href=\"https://github.com/wrongbad\"\u003e\u003ccode\u003e@​wrongbad\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BrianPugh/cyclopts/pull/787\"\u003eBrianPugh/cyclopts#787\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved type hints/completion for attrs converter functions. by \u003ca href=\"https://github.com/BrianPugh\"\u003e\u003ccode\u003e@​BrianPugh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BrianPugh/cyclopts/pull/784\"\u003eBrianPugh/cyclopts#784\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix token_count for discriminated unions by \u003ca href=\"https://github.com/BrianPugh\"\u003e\u003ccode\u003e@​BrianPugh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BrianPugh/cyclopts/pull/789\"\u003eBrianPugh/cyclopts#789\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eMisc Internal\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eprefer using consistent \u003ccode\u003eis_annotated\u003c/code\u003e over get_origin by \u003ca href=\"https://github.com/BrianPugh\"\u003e\u003ccode\u003e@​BrianPugh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BrianPugh/cyclopts/pull/792\"\u003eBrianPugh/cyclopts#792\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/wrongbad\"\u003e\u003ccode\u003e@​wrongbad\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/BrianPugh/cyclopts/pull/787\"\u003eBrianPugh/cyclopts#787\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/BrianPugh/cyclopts/compare/v4.10.2...v4.11.0\"\u003ehttps://github.com/BrianPugh/cyclopts/compare/v4.10.2...v4.11.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BrianPugh/cyclopts/commit/b0c66c452139de521f0bab4260eeda2af5ca15e9\"\u003e\u003ccode\u003eb0c66c4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/BrianPugh/cyclopts/issues/803\"\u003e#803\u003c/a\u003e from BrianPugh/str-reference-validator\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BrianPugh/cyclopts/commit/bad4370647e1daabbad0edabdbc2606e68574a8f\"\u003e\u003ccode\u003ebad4370\u003c/code\u003e\u003c/a\u003e Missing test coverage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BrianPugh/cyclopts/commit/efe193001cce30a0e9f0f8cf854bf47171d7942d\"\u003e\u003ccode\u003eefe1930\u003c/code\u003e\u003c/a\u003e resolve string forward-referenced validators\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BrianPugh/cyclopts/commit/921b1fa36afa2faca35f5e54d366f27816bed407\"\u003e\u003ccode\u003e921b1fa\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/BrianPugh/cyclopts/issues/800\"\u003e#800\u003c/a\u003e from BrianPugh/json-list-detection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BrianPugh/cyclopts/commit/f37a3fa84d70a2df6481296199777bd048cdd8b0\"\u003e\u003ccode\u003ef37a3fa\u003c/code\u003e\u003c/a\u003e use self.hint instead of self.field_info.annotation in _should_attempt_json_list\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BrianPugh/cyclopts/commit/f54568a310a0f8fb69bf570cfc82f65320f0f005\"\u003e\u003ccode\u003ef54568a\u003c/code\u003e\u003c/a\u003e replicate bug described by \u003ca href=\"https://redirect.github.com/BrianPugh/cyclopts/issues/799\"\u003e#799\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BrianPugh/cyclopts/commit/9e0806f2c1cf4a8ba1f78f4a5c6c3cee54d81d41\"\u003e\u003ccode\u003e9e0806f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/BrianPugh/cyclopts/issues/794\"\u003e#794\u003c/a\u003e from BrianPugh/better-completion-harness\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BrianPugh/cyclopts/commit/ad4f7e2e1b50403069f6e5136bce6ead4a285565\"\u003e\u003ccode\u003ead4f7e2\u003c/code\u003e\u003c/a\u003e more tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BrianPugh/cyclopts/commit/5d5259f0c275456c313f8266d9ea85545d4f7573\"\u003e\u003ccode\u003e5d5259f\u003c/code\u003e\u003c/a\u003e fix: don't escape option/command names in single-quoted bash arrays\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/BrianPugh/cyclopts/commit/b0dc417b95629d52321ce32aa7b2aee6377135f0\"\u003e\u003ccode\u003eb0dc417\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/BrianPugh/cyclopts/issues/798\"\u003e#798\u003c/a\u003e from BrianPugh/untyped-boolean-negative\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/BrianPugh/cyclopts/compare/v4.10.2...v4.12.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cachetools` from 7.0.6 to 7.1.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tkem/cachetools/blob/master/CHANGELOG.rst\"\u003ecachetools's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ev7.1.1 (2026-05-03)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eVarious type stub improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev7.1.0 (2026-05-01)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAdd type stubs based on the work of the good people at \u003ccode\u003etypeshed \u0026lt;https://github.com/python/typeshed/tree/main/stubs/cachetools/\u0026gt;\u003c/code\u003e__.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate unit tests.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/2e6a2d21c44e83b56c06cc9dd738e5b7a097ce6a\"\u003e\u003ccode\u003e2e6a2d2\u003c/code\u003e\u003c/a\u003e Release v7.1.1.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/cc065582849e3658d2c92aac0f5c2b6271ed077f\"\u003e\u003ccode\u003ecc06558\u003c/code\u003e\u003c/a\u003e Minor typing improvements.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/193dd62d9be4e1099039e8fba59a1fe50e8f4d08\"\u003e\u003ccode\u003e193dd62\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/tkem/cachetools/issues/393\"\u003e#393\u003c/a\u003e: Improve ambiguous overloads for decorators.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/1ea3422e058ef8b6b7dc15beb9d44d8f7c195a62\"\u003e\u003ccode\u003e1ea3422\u003c/code\u003e\u003c/a\u003e Bump release date.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/d9874465a6ab6f9d1d56cef91370f9c237a7eca6\"\u003e\u003ccode\u003ed987446\u003c/code\u003e\u003c/a\u003e Release v7.1.0.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/3d79e80a4a54892d1552cd17da8e27920c1918d8\"\u003e\u003ccode\u003e3d79e80\u003c/code\u003e\u003c/a\u003e Update Copilot Instructions.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/83fe6bc78d0155a0036dda8a8eb1a2ddb8f26c60\"\u003e\u003ccode\u003e83fe6bc\u003c/code\u003e\u003c/a\u003e Add tox pyright check.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/bd3fbc49212eb948e08e9c478e5901f1293fd1f4\"\u003e\u003ccode\u003ebd3fbc4\u003c/code\u003e\u003c/a\u003e Improve typing support.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/09dd6fec4b1b2339451ab26d1ca3c7a049b8c38c\"\u003e\u003ccode\u003e09dd6fe\u003c/code\u003e\u003c/a\u003e Improve original type stubs from typeshed.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/873c7013ea92b16f2f24a6001e625fabfdf951a5\"\u003e\u003ccode\u003e873c701\u003c/code\u003e\u003c/a\u003e Add typeshed typings.\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/tkem/cachetools/compare/v7.0.6...v7.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `coolname` from 4.2.0 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/alexanderlukanin13/coolname/blob/master/HISTORY.rst\"\u003ecoolname's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.0.0 (2026-04-22)\u003c/h2\u003e\n\u003cp\u003eThis major release has new features and significant internal changes, but it is compatible with 4.x in any normal usage\nas described in documentation, and you can upgrade from 4.x with minimal unit test coverage.\u003c/p\u003e\n\u003cp\u003eThere are implementation changes that \u003cem\u003etheoretically\u003c/em\u003e can break user code in undocumented scenarios.\nEven if it breaks, most likely, it will take a minute to fix.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eWhat's new in the default generator:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eComplete typing support, tested with mypy \u003ccode\u003estrict = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded a few more words, and fixed one spelling mistake.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. collapse:: Boring technical details\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e* :py:class:`RandomGenerator` and global methods like :py:func:`generate_slug` now live in the top-level\n  ``coolname`` namespace.\n  It won't affect your code if you've been importing directly from ``coolname`` as per documentation.\n\u003cp\u003eBasically, instead of this:\u003c/p\u003e\n\u003cp\u003e.. code-block:: python\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\u0026amp;gt;\u0026amp;gt;\u0026amp;gt; from coolname import generate_slug, RandomGenerator\n\u0026amp;gt;\u0026amp;gt;\u0026amp;gt; generate_slug\n\u0026amp;lt;bound method RandomGenerator.generate_slug of \u0026amp;lt;coolname.impl.RandomGenerator object at 0x7a7cb248d6a0\u0026amp;gt;\u0026amp;gt;\n\u0026amp;gt;\u0026amp;gt;\u0026amp;gt; RandomGenerator\n\u0026amp;lt;class 'coolname.impl.RandomGenerator'\u0026amp;gt;\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eYou will see this (notice no \u003ccode\u003eimpl\u003c/code\u003e):\u003c/p\u003e\n\u003cp\u003e.. code-block:: python\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\u0026amp;gt;\u0026amp;gt;\u0026amp;gt; generate_slug\n\u0026amp;lt;bound method RandomGenerator.generate_slug of \u0026amp;lt;coolname.RandomGenerator object at 0x75038bacde80\u0026amp;gt;\u0026amp;gt;\n\u0026amp;gt;\u0026amp;gt;\u0026amp;gt; RandomGenerator\n\u0026amp;lt;class 'coolname.RandomGenerator'\u0026amp;gt;\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eIn custom generators:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDefault parameter value changed: \u003ccode\u003eensure_unique=True\u003c/code\u003e. Custom generators can forget about it\nand still generate sequences without repeating words.\nConsider also using \u003ccode\u003eensure_unique_prefix\u003c/code\u003e (disabled by default).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e:doc:\u003ccode\u003eNew parameters \u0026lt;parameters-table\u0026gt;\u003c/code\u003e for advanced words/phrases lists:\n\u003ccode\u003estrip_whitespace\u003c/code\u003e, \u003ccode\u003eallow_whitespace\u003c/code\u003e, \u003ccode\u003eseparator\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWhat is considered a valid word? It's now controlled by \u003ccode\u003eword_regex\u003c/code\u003e parameter, \u003ccode\u003e\\w+\u003c/code\u003e by default.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alexanderlukanin13/coolname/commit/7d450781390fc2193b676a339e34adb697f1febb\"\u003e\u003ccode\u003e7d45078\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dev\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alexanderlukanin13/coolname/commit/13541d9e8e768751898732e51188defb5524917d\"\u003e\u003ccode\u003e13541d9\u003c/code\u003e\u003c/a\u003e docs: autodoc fix - build package first\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alexanderlukanin13/coolname/commit/8015c5efc0f209a685be2ff6b5bc5f82c5594996\"\u003e\u003ccode\u003e8015c5e\u003c/code\u003e\u003c/a\u003e Merge branch 'dev'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alexanderlukanin13/coolname/commit/659fad71955a169543a76acb5188af68ea1a8b95\"\u003e\u003ccode\u003e659fad7\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dev\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alexanderlukanin13/coolname/commit/3a1d21b788f9276b2ff8421b1a7f20e90df25fa8\"\u003e\u003ccode\u003e3a1d21b\u003c/code\u003e\u003c/a\u003e docs: HISTORY\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alexanderlukanin13/coolname/commit/a351596508e19f178ce5513f9029f2cd662d8338\"\u003e\u003ccode\u003ea351596\u003c/code\u003e\u003c/a\u003e feat: number\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alexanderlukanin13/coolname/commit/9e04baba3f69c1465ad8e85c384f58af5904b309\"\u003e\u003ccode\u003e9e04bab\u003c/code\u003e\u003c/a\u003e work in progress\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alexanderlukanin13/coolname/commit/4f0b8f98a5cc5937f27eefcde8b8e6acc3f988c2\"\u003e\u003ccode\u003e4f0b8f9\u003c/code\u003e\u003c/a\u003e improved: PhraseSplitter clearer error messages + tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alexanderlukanin13/coolname/commit/e9cceba9fc104145588447f0e9a07d5b223914ab\"\u003e\u003ccode\u003ee9cceba\u003c/code\u003e\u003c/a\u003e refactor: use pathlib.Path in coolname.loader; updated tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alexanderlukanin13/coolname/commit/e6484ed0c9d1c6cd1258f05218f2a1dae0cbabf6\"\u003e\u003ccode\u003ee6484ed\u003c/code\u003e\u003c/a\u003e Bump pytest from 7.4.4 to 9.0.3 in /requirements\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/alexanderlukanin13/coolname/compare/4.2.0...5.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fastapi` from 0.136.0 to 0.136.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/fastapi/releases\"\u003efastapi's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.136.1\u003c/h2\u003e\n\u003ch3\u003eUpgrades\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆️ Update Pydantic v2 code to address deprecations. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15101\"\u003e#15101\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🔨 Tweak translation script. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15174\"\u003e#15174\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump mkdocs-material from 9.7.1 to 9.7.6. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15408\"\u003e#15408\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump inline-snapshot from 0.31.1 to 0.32.6. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15409\"\u003e#15409\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pytest-codspeed from 4.3.0 to 4.4.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15407\"\u003e#15407\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pytest-cov from 7.0.0 to 7.1.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15406\"\u003e#15406\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump cloudflare/wrangler-action from 3.14.1 to 3.15.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15405\"\u003e#15405\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump mypy from 1.19.1 to 1.20.1. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15410\"\u003e#15410\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump python-dotenv from 1.2.1 to 1.2.2. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15400\"\u003e#15400\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump starlette from 0.52.1 to 1.0.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15397\"\u003e#15397\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pygithub from 2.8.1 to 2.9.1. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15396\"\u003e#15396\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pyjwt from 2.12.0 to 2.12.1. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15393\"\u003e#15393\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump zizmor from 1.23.1 to 1.24.1. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15394\"\u003e#15394\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump strawberry-graphql from 0.312.3 to 0.314.3. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15395\"\u003e#15395\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump python-multipart from 0.0.22 to 0.0.26. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15360\"\u003e#15360\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump authlib from 1.6.9 to 1.6.11. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15373\"\u003e#15373\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump aiohttp from 3.13.3 to 3.13.4. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15282\"\u003e#15282\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pygments from 2.19.2 to 2.20.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15263\"\u003e#15263\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pymdown-extensions from 10.20.1 to 10.21.2. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15391\"\u003e#15391\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pillow from 12.1.1 to 12.2.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15333\"\u003e#15333\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pytest from 9.0.2 to 9.0.3. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15334\"\u003e#15334\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump actions/upload-artifact from 7.0.0 to 7.0.1. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15374\"\u003e#15374\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump actions/cache from 5.0.4 to 5.0.5. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15385\"\u003e#15385\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔧 Update sponsors: remove Zuplo. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15369\"\u003e#15369\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔧 Update sponsors: remove Speakeasy. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15368\"\u003e#15368\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔒️ Add zizmor and fix audit findings. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15316\"\u003e#15316\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/e54e5a8980ffa6d7ff68ee7b25a1c46036375521\"\u003e\u003ccode\u003ee54e5a8\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.136.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/9a8a5fd99902c3b80d4cc94b85e120e2b808825f\"\u003e\u003ccode\u003e9a8a5fd\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/7815a32f2ed177b8b786a48b3e0712c05b5c644f\"\u003e\u003ccode\u003e7815a32\u003c/code\u003e\u003c/a\u003e ⬆️ Update Pydantic v2 code to address deprecations (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15101\"\u003e#15101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/ef1c927b0558d414e199a666833942a6fabb3a51\"\u003e\u003ccode\u003eef1c927\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/38039e12a86e67f2001b9b7d96c219691d6cb4af\"\u003e\u003ccode\u003e38039e1\u003c/code\u003e\u003c/a\u003e 🔨 Tweak translation script (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15174\"\u003e#15174\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/4fa826ce0a3b16884a04f51e5aac95d01790b599\"\u003e\u003ccode\u003e4fa826c\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/c39415673e621665fdb7bbdde69beba7eb1dfd12\"\u003e\u003ccode\u003ec394156\u003c/code\u003e\u003c/a\u003e ⬆ Bump mkdocs-material from 9.7.1 to 9.7.6 (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15408\"\u003e#15408\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/ae230ad2f9d90a4e3f6222ff1a5d6e8da41ec0ad\"\u003e\u003ccode\u003eae230ad\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/d9eb39d1a1bf2f6e6e5d3a55088f61c712cb864e\"\u003e\u003ccode\u003ed9eb39d\u003c/code\u003e\u003c/a\u003e ⬆ Bump inline-snapshot from 0.31.1 to 0.32.6 (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15409\"\u003e#15409\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/4f8b5d14d324ae8e15cfae8d85adb4186d4c2175\"\u003e\u003ccode\u003e4f8b5d1\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastapi/fastapi/compare/0.136.0...0.136.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fsspec` from 2026.3.0 to 2026.4.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/8fdedd1fd17be354f75f0cec1f973d93416c704b\"\u003e\u003ccode\u003e8fdedd1\u003c/code\u003e\u003c/a\u003e Merge branch 'master' of \u003ca href=\"https://github.com/fsspec/filesystem_spec\"\u003ehttps://github.com/fsspec/filesystem_spec\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/8205d0d1afecb64f34565ebeb073b7f1959a869d\"\u003e\u003ccode\u003e8205d0d\u003c/code\u003e\u003c/a\u003e Release (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2027\"\u003e#2027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/50bfba22200077fa602038857e19d58cc2541db5\"\u003e\u003ccode\u003e50bfba2\u003c/code\u003e\u003c/a\u003e Merge branch 'master' of \u003ca href=\"https://github.com/fsspec/filesystem_spec\"\u003ehttps://github.com/fsspec/filesystem_spec\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/f58bc851213ab3a87b2d26c01c9d26b291b0e1d3\"\u003e\u003ccode\u003ef58bc85\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;DEP: de-duplicate and sort optional dependencies (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2021\"\u003e#2021\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2026\"\u003e#2026\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/c6c7b40b7794c6e554d9dcae7bf4930bba67e403\"\u003e\u003ccode\u003ec6c7b40\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;DEP: de-duplicate and sort optional dependencies (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2021\"\u003e#2021\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/3bc67f85c3b67c5adef11af35761fd839de306fb\"\u003e\u003ccode\u003e3bc67f8\u003c/code\u003e\u003c/a\u003e DEP: de-duplicate and sort optional dependencies (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2021\"\u003e#2021\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/0b290bf1336bb15d4327afcdf743d9a17b5ea762\"\u003e\u003ccode\u003e0b290bf\u003c/code\u003e\u003c/a\u003e docs: add URL handling note to HTTPFileSystem class docstring (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2024\"\u003e#2024\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/b33a2d6c3b6912c645d9a315791f41e74bff4c66\"\u003e\u003ccode\u003eb33a2d6\u003c/code\u003e\u003c/a\u003e ci: install downstream systems like gcsfs before testing so the \u003ccode\u003e_version.py\u003c/code\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/e9e7a5b5eab42b6c6d0790aa0aa510f66fc44630\"\u003e\u003ccode\u003ee9e7a5b\u003c/code\u003e\u003c/a\u003e Delegate DirFileSystem delete and write_text (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2022\"\u003e#2022\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/105d614a443e3f46236deb87442cc5491741687c\"\u003e\u003ccode\u003e105d614\u003c/code\u003e\u003c/a\u003e fix: use encode_url() in _pipe_file for consistency (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2023\"\u003e#2023\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fsspec/filesystem_spec/compare/2026.3.0...2026.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `opentelemetry-api` from 1.39.1 to 1.41.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/blob/v1.41.1/CHANGELOG.md\"\u003eopentelemetry-api's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.41.1/0.62b1 (2026-04-24)\u003c/h2\u003e\n\u003ch2\u003eVersion 1.41.0/0.62b0 (2026-04-09)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-sdk\u003c/code\u003e: Add \u003ccode\u003ehost\u003c/code\u003e resource detector support to declarative file configuration via \u003ccode\u003edetection_development.detectors[].host\u003c/code\u003e\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/5002\"\u003e#5002\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-sdk\u003c/code\u003e: Add \u003ccode\u003econtainer\u003c/code\u003e resource detector support to declarative file configuration via \u003ccode\u003edetection_development.detectors[].container\u003c/code\u003e, using entry point loading of the \u003ccode\u003eopentelemetry-resource-detector-containerid\u003c/code\u003e contrib package\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/5004\"\u003e#5004\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-sdk\u003c/code\u003e: Add \u003ccode\u003ecreate_tracer_provider\u003c/code\u003e/\u003ccode\u003econfigure_tracer_provider\u003c/code\u003e to declarative file configuration, enabling TracerProvider instantiation from config files without reading env vars\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/4985\"\u003e#4985\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eEnabled the flake8-tidy-import plugins rules for the ruff linter. These rules throw warnings for relative imports in the modules.\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/5019\"\u003e#5019\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-sdk\u003c/code\u003e: Fix \u003ccode\u003eAttributeError\u003c/code\u003e in \u003ccode\u003eExplicitBucketHistogramAggregation\u003c/code\u003e when applied to non-Histogram instruments without explicit boundaries\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/5034\"\u003e#5034\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eBatchLogRecordProcessor\u003c/code\u003e default \u003ccode\u003eschedule_delay_millis\u003c/code\u003e from 5000ms to 1000ms to comply with the OTel specification. Note: logs may be exported 5x more frequently by default (e.g. for users who don't explicitly set the \u003ccode\u003eOTEL_BLRP_SCHEDULE_DELAY\u003c/code\u003e env var).\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/4998\"\u003e#4998\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-sdk\u003c/code\u003e: Add \u003ccode\u003eprocess\u003c/code\u003e resource detector support to declarative file configuration via \u003ccode\u003edetection_development.detectors[].process\u003c/code\u003e\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/5001\"\u003e#5001\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-sdk\u003c/code\u003e: Add shared \u003ccode\u003e_parse_headers\u003c/code\u003e helper for declarative config OTLP exporters\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/5021\"\u003e#5021\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-api\u003c/code\u003e: Replace a broad exception in attribute cleaning tests to satisfy pylint in the \u003ccode\u003elint-opentelemetry-api\u003c/code\u003e CI job\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-sdk\u003c/code\u003e: Add \u003ccode\u003ecreate_meter_provider\u003c/code\u003e/\u003ccode\u003econfigure_meter_provider\u003c/code\u003e to declarative file configuration, enabling MeterProvider instantiation from config files without reading env vars\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/4987\"\u003e#4987\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-sdk\u003c/code\u003e: Add \u003ccode\u003ecreate_resource\u003c/code\u003e and \u003ccode\u003ecreate_propagator\u003c/code\u003e/\u003ccode\u003econfigure_propagator\u003c/code\u003e to declarative file configuration, enabling Resource and propagator instantiation from config files without reading env vars\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-sdk\u003c/code\u003e: Map Python \u003ccode\u003eCRITICAL\u003c/code\u003e log level to OTel \u003ccode\u003eFATAL\u003c/code\u003e severity text per the specification\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-sdk\u003c/code\u003e: Add file configuration support with YAML/JSON loading, environment variable substitution, and schema validation against the vendored OTel config JSON schema\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/4898\"\u003e#4898\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix intermittent CI failures in \u003ccode\u003egetting-started\u003c/code\u003e and \u003ccode\u003etracecontext\u003c/code\u003e jobs caused by GitHub git CDN SHA propagation lag by installing contrib packages from the already-checked-out local copy instead of a second git clone\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/4958\"\u003e#4958\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-sdk\u003c/code\u003e: fix type annotations on \u003ccode\u003eMetricReader\u003c/code\u003e and related types\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/4938/\"\u003e#4938\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-sdk\u003c/code\u003e: implement log creation metric\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/4935\"\u003e#4935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-sdk\u003c/code\u003e: implement metric reader metrics\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-sdk\u003c/code\u003e: implement processor metrics\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/5012\"\u003e#5012\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-sdk\u003c/code\u003e: upgrade vendored OTel configuration schema from v1.0.0-rc.3 to v1.0.0\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/4965\"\u003e#4965\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eimprove check-links ci job\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eResolve some Pyright type errors in Span/ReadableSpan and utility stubs\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-exporter-prometheus\u003c/code\u003e: Fix metric name prefix\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/4895\"\u003e#4895\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-api\u003c/code\u003e, \u003ccode\u003eopentelemetry-sdk\u003c/code\u003e: Add deepcopy support for \u003ccode\u003eBoundedAttributes\u003c/code\u003e and \u003ccode\u003eBoundedList\u003c/code\u003e\n(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/pull/4934\"\u003e#4934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eopentelemetry-proto-json\u003c/code\u003e, \u003ccode\u003eopentelemetry-codegen-json\u003c/code\u003e: Implement custom protoc plugin to generate OTLP JSON class definitions\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/760e0248edbd01ae817941c1dfa61c07241b0727\"\u003e\u003ccode\u003e760e024\u003c/code\u003e\u003c/a\u003e Prepare release 1.41.1/0.62b1 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/issues/5138\"\u003e#5138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/90e06bcd8c024a38ecf388c19c5a15fc094ea0ed\"\u003e\u003ccode\u003e90e06bc\u003c/code\u003e\u003c/a\u003e Unreleased changelog for 1.41.1 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/issues/5137\"\u003e#5137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/1a178fcc5c689516849ced80fb2533fe7db7a80f\"\u003e\u003ccode\u003e1a178fc\u003c/code\u003e\u003c/a\u003e [release/v1.41.x-0.62bx] Prepare release 1.41.0/0.62b0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/issues/5064\"\u003e#5064\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/37dea4bbdb1a3c83b96fc22c2f68a848b4989fb5\"\u003e\u003ccode\u003e37dea4b\u003c/code\u003e\u003c/a\u003e feat: add experimental logger configurator (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/issues/4980\"\u003e#4980\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/7c860ca40eb87c15fb608ce3598cfec4a5da2d1c\"\u003e\u003ccode\u003e7c860ca\u003c/code\u003e\u003c/a\u003e misc: update version for codegen-json and proto-json packages (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/issues/5061\"\u003e#5061\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/b3d98b392fd1fa1a501e11ce8e126f2003edb895\"\u003e\u003ccode\u003eb3d98b3\u003c/code\u003e\u003c/a\u003e [chore]: update readme (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/issues/5060\"\u003e#5060\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/dbbd1bca26f12d0cefff721a857d08a82476f434\"\u003e\u003ccode\u003edbbd1bc\u003c/code\u003e\u003c/a\u003e feat(config): Add MeterProvider support for declarative config (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/issues/4987\"\u003e#4987\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/6faa58c58782313283a87a7c61fbbdd9cd2054d6\"\u003e\u003ccode\u003e6faa58c\u003c/code\u003e\u003c/a\u003e feat(config): add host resource detector support for declarative config (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/issues/5002\"\u003e#5002\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/c0cbfbd62fa59e2c41cd2c88371dc6478fa95716\"\u003e\u003ccode\u003ec0cbfbd\u003c/code\u003e\u003c/a\u003e feat(config): wire container resource detector via entry point loading (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/issues/5004\"\u003e#5004\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/commit/f764e45f52952f5a0287e5a6c094cbfd56accd2b\"\u003e\u003ccode\u003ef764e45\u003c/code\u003e\u003c/a\u003e feat(config): Add TracerProvider support for declarative config (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-python/issues/4985\"\u003e#4985\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-python/compare/v1.39.1...v1.41.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `orjson` from 3.11.8 to 3.11.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ijl/orjson/releases\"\u003eorjson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.11.9\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBuild now depends on Rust 1.95 or later instead of 1.89.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix building on Rust 1.95.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ijl/orjson/blob/master/CHANGELOG.md\"\u003eorjson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.11.9 - 2026-05-06\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBuild now depends on Rust 1.95 or later instead of 1.89.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix building on Rust 1.95.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/705515d77b28429d0b7c30c3d781abe52e8a1e5a\"\u003e\u003ccode\u003e705515d\u003c/code\u003e\u003c/a\u003e 3.11.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/d19055d5bab432f98d53b71606a9c6c23fb21bf6\"\u003e\u003ccode\u003ed19055d\u003c/code\u003e\u003c/a\u003e build update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/77e2d96c3febe099cde2447856fe2523d68c71b0\"\u003e\u003ccode\u003e77e2d96\u003c/code\u003e\u003c/a\u003e MSRV 1.95, remove compiler feature detection\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ijl/orjson/compare/3.11.8...3.11.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `packaging` from 26.1 to 26.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/packaging/releases\"\u003epackaging's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eFixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect sysconfig var name for pyemscripten by \u003ca href=\"https://github.com/ryanking13\"\u003e\u003ccode\u003e@​ryanking13\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1160\"\u003epypa/packaging#1160\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003eVersion\u003c/code\u003e, \u003ccode\u003eSpecifier\u003c/code\u003e, \u003ccode\u003eSpecifierSet\u003c/code\u003e, \u003ccode\u003eTag\u003c/code\u003e, \u003ccode\u003eMarker\u003c/code\u003e, and \u003ccode\u003eRequirement\u003c/code\u003e pickle-safe\nand backward-compatible with pickles created in 25.0-26.1 (including references to the removed\n\u003ccode\u003epackaging._structures\u003c/code\u003e module) by \u003ca href=\"https://github.com/eachimei\"\u003e\u003ccode\u003e@​eachimei\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/henryiii\"\u003e\u003ccode\u003e@​henryiii\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1163\"\u003epypa/packaging#1163\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1168\"\u003epypa/packaging#1168\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1170\"\u003epypa/packaging#1170\u003c/a\u003e, and \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1171\"\u003epypa/packaging#1171\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: re-export ExceptionGroup for now by \u003ca href=\"https://github.com/henryiii\"\u003e\u003ccode\u003e@​henryiii\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1164\"\u003epypa/packaging#1164\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDocumentation:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003edocs: add errors section and fix missing details by \u003ca href=\"https://github.com/henryiii\"\u003e\u003ccode\u003e@​henryiii\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1159\"\u003epypa/packaging#1159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs(dev): document property-based test suite by \u003ca href=\"https://github.com/r266-tech\"\u003e\u003ccode\u003e@​r266-tech\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1167\"\u003epypa/packaging#1167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in DirectUrl documentation by \u003ca href=\"https://github.com/sbidoul\"\u003e\u003ccode\u003e@​sbidoul\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1169\"\u003epypa/packaging#1169\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs(specifiers): add is_unsatisfiable() usage example by \u003ca href=\"https://github.com/r266-tech\"\u003e\u003ccode\u003e@​r266-tech\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1166\"\u003epypa/packaging#1166\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eInternal:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEnable the auditor persona on zizmor by \u003ca href=\"https://github.com/henryiii\"\u003e\u003ccode\u003e@​henryiii\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1158\"\u003epypa/packaging#1158\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTest new pickle guarantees by \u003ca href=\"https://github.com/henryiii\"\u003e\u003ccode\u003e@​henryiii\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1174\"\u003epypa/packaging#1174\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse native uv integration in rtd by \u003ca href=\"https://github.com/henryiii\"\u003e\u003ccode\u003e@​henryiii\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1175\"\u003epypa/packaging#1175\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ryanking13\"\u003e\u003ccode\u003e@​ryanking13\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1160\"\u003epypa/packaging#1160\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eachimei\"\u003e\u003ccode\u003e@​eachimei\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1163\"\u003epypa/packaging#1163\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pypa/packaging/compare/26.1...26.2\"\u003ehttps://github.com/pypa/packaging/compare/26.1...26.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/packaging/blob/main/CHANGELOG.rst\"\u003epackaging's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e26.2 - 2026-04-24\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\nFixes:\n\u003cul\u003e\n\u003cli\u003eFix incorrect sysconfig var name for pyemscripten in (:pull:\u003ccode\u003e1160\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003eVersion\u003c/code\u003e, \u003ccode\u003eSpecifier\u003c/code\u003e, \u003ccode\u003eSpecifierSet\u003c/code\u003e, \u003ccode\u003eTag\u003c/code\u003e, \u003ccode\u003eMarker\u003c/code\u003e, and \u003ccode\u003eRequirement\u003c/code\u003e pickle-safe\u003cbr /\u003e\nand backward-compatible with pickles created in 25.0-26.1 (including references to the removed\u003cbr /\u003e\n\u003ccode\u003epackaging._structures\u003c/code\u003e module) (:pull:\u003ccode\u003e1163\u003c/code\u003e, :pull:\u003ccode\u003e1168\u003c/code\u003e, :pull:\u003ccode\u003e1170\u003c/code\u003e, :pull:\u003ccode\u003e1171\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eRe-export \u003ccode\u003eExceptionGroup\u003c/code\u003e in metadata for now in (:pull:\u003ccode\u003e1164\u003c/code\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDocumentation:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd errors section and fix missing details in (:pull:\u003ccode\u003e1159\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eDocument our property-based test suite in (:pull:\u003ccode\u003e1167\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eFix a \u003ccode\u003eDirectUrl\u003c/code\u003e typo in (:pull:\u003ccode\u003e1169\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eAdd example of \u003ccode\u003eis_unsatisfiable\u003c/code\u003e in (:pull:\u003ccode\u003e1166\u003c/code\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eInternal:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEnable the auditor persona on zizmor in (:pull:\u003ccode\u003e1158\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eTest new pickle guarantees in (:pull:\u003ccode\u003e1174\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eUse new native ReadTheDocs uv integration in (:pull:\u003ccode\u003e1175\u003c/code\u003e)\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/packaging/commit/84a87ee42483d7352f9502d78a9553da8859aa7a\"\u003e\u003ccode\u003e84a87ee\u003c/code\u003e\u003c/a\u003e Bump for release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/packaging/commit/4a616b65bed23c8c6d58e6b0fc1a4434d4ff1f14\"\u003e\u003ccode\u003e4a616b6\u003c/code\u003e\u003c/a\u003e docs: a few more updates to prepare for 26.2 (\u003ca href=\"https://redirect.github.com/pypa/packaging/issues/1176\"\u003e#1176\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/packaging/commit/9de6f44f1e82d4595edf3aad1c4f6f98c85935a0\"\u003e\u003ccode\u003e9de6f44\u003c/code\u003e\u003c/a\u003e ci: use native uv integration in rtd (\u003ca href=\"https://redirect.github.com/pypa/packaging/issues/1175\"\u003e#1175\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/packaging/commit/bc76e14debd1a2799d1ca8f9d9c9823f35bfa466\"\u003e\u003ccode\u003ebc76e14\u003c/code\u003e\u003c/a\u003e chore: update changelog for 26.2 (\u003ca href=\"https://redirect.github.com/pypa/packaging/issues/1161\"\u003e#1161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/packaging/commit/3f00091c08f0aa830e33ed7db00f16f11c8ac97f\"\u003e\u003ccode\u003e3f00091\u003c/code\u003e\u003c/a\u003e tests: add a pickle check (\u003ca href=\"https://redirect.github.com/pypa/packaging/issues/1174\"\u003e#1174\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/packaging/commit/48a8a069805291186522de3eff73ea80a8ca96ad\"\u003e\u003ccode\u003e48a8a06\u003c/code\u003e\u003c/a\u003e fix: make Requirements/Markers pickle-safe (\u003ca href=\"https://redirect.github.com/pypa/packaging/issues/1171\"\u003e#1171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/packaging/commit/823b44ed1f904084a77ae3adf0ef130af6365f84\"\u003e\u003ccode\u003e823b44e\u003c/code\u003e\u003c/a\u003e fix: make Tags pickle-safe (\u003ca href=\"https://redirect.github.com/pypa/packaging/issues/1170\"\u003e#1170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/packaging/commit/4bed32d920ca7211dd65fdf0a1ee06376e9c4733\"\u003e\u003ccode\u003e4bed32d\u003c/code\u003e\u003c/a\u003e fix: make Specifier / SpecifierSet pickle-safe (\u003ca href=\"https://redirect.github.com/pypa/packaging/issues/1168\"\u003e#1168\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/packaging/commit/963118e37caae97bc8b72f72956c7fb4ca9857ec\"\u003e\u003ccode\u003e963118e\u003c/code\u003e\u003c/a\u003e fix: re-export ExceptionGroup for now (\u003ca href=\"https://redirect.github.com/pypa/packaging/issues/1164\"\u003e#1164\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/packaging/commit/66e34a80256c96dea11da143682950c84b8133bb\"\u003e\u003ccode\u003e66e34a8\u003c/code\u003e\u003c/a\u003e docs(specifiers): add is_unsatisfiable() usage example (\u003ca href=\"https://redirect.github.com/pypa/packaging/issues/1166\"\u003e#1166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pypa/packaging/compare/26.1...26.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pydantic` from 2.13.3 to 2.13.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic/releases\"\u003epydantic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.13.4 2026-05-06\u003c/h2\u003e\n\u003ch2\u003ev2.13.4 (2026-05-06)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003ePackaging\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBump libc from 0.2.155 to 0.2.185 by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13109\"\u003e#13109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS by \u003ca href=\"https://github.com/washingtoneg\"\u003e\u003ccode\u003e@​washingtoneg\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13147\"\u003e#13147\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13129\"\u003e#13129\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic/blob/v2.13.4/HISTORY.md\"\u003epydantic's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.13.4 (2026-05-06)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.4\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003ePackaging\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBump libc from 0.2.155 to 0.2.185 by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13109\"\u003e#13109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS by \u003ca href=\"https://github.com/washingtoneg\"\u003e\u003ccode\u003e@​washingtoneg\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13147\"\u003e#13147\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13129\"\u003e#13129\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/cf67d4b3193c3fe43ede18612ed62785eee11382\"\u003e\u003ccode\u003ecf67d4b\u003c/code\u003e\u003c/a\u003e Fix linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/f0d8a214a5803036db46a56b1f62f1e56b81d662\"\u003e\u003ccode\u003ef0d8a21\u003c/code\u003e\u003c/a\u003e Prepare release v2.13.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/5e3fe1d41a00f441204241c66078003ae0391f9a\"\u003e\u003ccode\u003e5e3fe1d\u003c/code\u003e\u003c/a\u003e Check for pydantic tag pattern in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/7f9edcc2a191d2eaa9751220eb910914e716a686\"\u003e\u003ccode\u003e7f9edcc\u003c/code\u003e\u003c/a\u003e Document tagging conventions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/b46a0c9b8a4dd967fda8ec1a92f6437076bf262c\"\u003e\u003ccode\u003eb46a0c9\u003c/code\u003e\u003c/a\u003e Adapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/50629c851e61d887d5420452c311ec6203f1f400\"\u003e\u003ccode\u003e50629c8\u003c/code\u003e\u003c/a\u003e Update to PyPy 7.3.22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/8522ebb71e5e9a6f7188af5f009f01785b8cf725\"\u003e\u003ccode\u003e8522ebb\u003c/code\u003e\u003c/a\u003e Preserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/a37f3aff090ca342dc5f48304889963530b993f8\"\u003e\u003ccode\u003ea37f3af\u003c/code\u003e\u003c/a\u003e Adapt \u003ccode\u003eMISSING\u003c/code\u003e sentinel test to work with unreleased \u003ccode\u003etyping_extensions\u003c/code\u003e ver...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/909259a9df660518033aa686b689f045a6eaf9d2\"\u003e\u003ccode\u003e909259a\u003c/code\u003e\u003c/a\u003e Remove Logfire example in documentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/2c4174c366606fc2dc46cb806833a080aefa77df\"\u003e\u003ccode\u003e2c4174c\u003c/code\u003e\u003c/a\u003e Bump libc from 0.2.155 to 0.2.185\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pydantic-core` from 2.46.3 to 2.46.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/cf67d4b3193c3fe43ede18612ed62785eee11382\"\u003e\u003ccode\u003ecf67d4b\u003c/code\u003e\u003c/a\u003e Fix linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py...\n\n_Description has been truncated_","html_url":"https://github.com/sxarsky/eval-prefect/pull/67","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/sxarsky%2Feval-prefect/issues/67","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/67/packages"}},{"old_version":"6.0.12.20260408","new_version":"6.0.12.20260510","update_type":null,"path":null,"pr_created_at":"2026-05-14T23:22:54.000Z","version_change":"6.0.12.20260408 → 6.0.12.20260510","issue":{"uuid":"4450048862","node_id":"PR_kwDOQqG8is7buLPq","number":399,"state":"open","title":"chore(deps): bump the python-dependencies group with 13 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-14T23:22:54.000Z","updated_at":"2026-05-22T01:01:23.722Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"python-dependencies","update_count":13,"packages":[{"name":"pandas","old_version":"3.0.2","new_version":"3.0.3","repository_url":"https://github.com/pandas-dev/pandas"},{"name":"astropy-iers-data","old_version":"0.2026.5.4.1.4.54","new_version":"0.2026.5.11.1.8.52","repository_url":"https://github.com/astropy/astropy-iers-data"},{"name":"coverage","old_version":"7.13.5","new_version":"7.14.0","repository_url":"https://github.com/coveragepy/coveragepy"},{"name":"fonttools","old_version":"4.62.1","new_version":"4.63.0","repository_url":"https://github.com/fonttools/fonttools"},{"name":"idna","old_version":"3.13","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"librt","old_version":"0.10.0","new_version":"0.11.0","repository_url":"https://github.com/mypyc/librt"},{"name":"matplotlib-inline","old_version":"0.2.1","new_version":"0.2.2","repository_url":"https://github.com/ipython/matplotlib-inline"},{"name":"mypy","old_version":"2.0.0","new_version":"2.1.0","repository_url":"https://github.com/python/mypy"},{"name":"regex","old_version":"2026.4.4","new_version":"2026.5.9","repository_url":"https://github.com/mrabarnett/mrab-regex"},{"name":"requests","old_version":"2.33.1","new_version":"2.34.2","repository_url":"https://github.com/psf/requests"},{"name":"ruff","old_version":"0.15.12","new_version":"0.15.13","repository_url":"https://github.com/astral-sh/ruff"},{"name":"types-pyyaml","old_version":"6.0.12.20260408","new_version":"6.0.12.20260510","repository_url":"https://github.com/python/typeshed"},{"name":"types-requests","old_version":"2.33.0.20260503","new_version":"2.33.0.20260513","repository_url":"https://github.com/python/typeshed"}],"path":null,"ecosystem":"pip"},"body":"Bumps the python-dependencies group with 13 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [pandas](https://github.com/pandas-dev/pandas) | `3.0.2` | `3.0.3` |\n| [astropy-iers-data](https://github.com/astropy/astropy-iers-data) | `0.2026.5.4.1.4.54` | `0.2026.5.11.1.8.52` |\n| [coverage](https://github.com/coveragepy/coveragepy) | `7.13.5` | `7.14.0` |\n| [fonttools](https://github.com/fonttools/fonttools) | `4.62.1` | `4.63.0` |\n| [idna](https://github.com/kjd/idna) | `3.13` | `3.15` |\n| [librt](https://github.com/mypyc/librt) | `0.10.0` | `0.11.0` |\n| [matplotlib-inline](https://github.com/ipython/matplotlib-inline) | `0.2.1` | `0.2.2` |\n| [mypy](https://github.com/python/mypy) | `2.0.0` | `2.1.0` |\n| [regex](https://github.com/mrabarnett/mrab-regex) | `2026.4.4` | `2026.5.9` |\n| [requests](https://github.com/psf/requests) | `2.33.1` | `2.34.2` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.15.12` | `0.15.13` |\n| [types-pyyaml](https://github.com/python/typeshed) | `6.0.12.20260408` | `6.0.12.20260510` |\n| [types-requests](https://github.com/python/typeshed) | `2.33.0.20260503` | `2.33.0.20260513` |\n\nUpdates `pandas` from 3.0.2 to 3.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pandas-dev/pandas/releases\"\u003epandas's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003epandas 3.0.3\u003c/h2\u003e\n\u003cp\u003eWe are pleased to announce the release of pandas 3.0.3.\nThis is a patch release in the 3.0.x series and includes some regression fixes and bug fixes. We recommend that all users of the 3.0.x series upgrade to this version.\u003c/p\u003e\n\u003cp\u003eSee the \u003ca href=\"https://pandas.pydata.org/docs/whatsnew/v3.0.3.html\"\u003efull whatsnew\u003c/a\u003e for a list of all the changes.\u003c/p\u003e\n\u003cp\u003ePandas 3.0 supports Python 3.11 and higher.\nThe release can be installed from PyPI:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epython -m pip install --upgrade pandas==3.0.*\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eOr from conda-forge\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge pandas=3.0\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003ePlease report any issues with the release on the \u003ca href=\"https://github.com/pandas-dev/pandas/issues\"\u003epandas issue tracker\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThanks to all the contributors who made this release possible.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/72f2fea91530b5abb3cf2100cb22d84e504695c0\"\u003e\u003ccode\u003e72f2fea\u003c/code\u003e\u003c/a\u003e RLS: 3.0.3 (\u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/65590\"\u003e#65590\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/2897590094c2b6e3962d01a82665936f30be563d\"\u003e\u003ccode\u003e2897590\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/65436\"\u003e#65436\u003c/a\u003e on branch 3.0.x (Account for privatization of matplotlib `...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/49894b5b6037c50f6444504070d9b1e8e514001a\"\u003e\u003ccode\u003e49894b5\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/65499\"\u003e#65499\u003c/a\u003e on branch 3.0.x (BUG: fix check if pyarrow is installed in...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/1c6d1e30cc4b80bedb769a8b3731b0788f69c9dc\"\u003e\u003ccode\u003e1c6d1e3\u003c/code\u003e\u003c/a\u003e [backport 3.0.x] PERF: remove special casing for zoneinfo in tz_localize_to_u...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/2a547116afc46d88d4e6584670fd793949222a1e\"\u003e\u003ccode\u003e2a54711\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/64379\"\u003e#64379\u003c/a\u003e on branch 3.0.x (PERF: improve performance with ZoneInfo t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/036bb7c0e7160b9d5a7f6bd26a9fc00921fa6977\"\u003e\u003ccode\u003e036bb7c\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/65482\"\u003e#65482\u003c/a\u003e on branch 3.0.x (PERF: don't call unique on dtypes for che...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/bf4c182b09251f5b469e8e246ae3ea3e1ae07164\"\u003e\u003ccode\u003ebf4c182\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/65410\"\u003e#65410\u003c/a\u003e on branch 3.0.x (TST: also convert str index to object in ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/dd02d75ce219135f9f3f65c13644d4be35585d42\"\u003e\u003ccode\u003edd02d75\u003c/code\u003e\u003c/a\u003e [backport 3.0.x] BUG: keep fsspec OpenFile alive for chained URL reads (\u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/6547\"\u003e#6547\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/aef3d0f6698667262c6d6ffc69180b280b0fa86a\"\u003e\u003ccode\u003eaef3d0f\u003c/code\u003e\u003c/a\u003e [backport 3.0.x] CI: lowercase types-pymysql/types-pyyaml to fix mamba 2.6.0 ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/bb8e24876273a14322047f4b89e648f6a4abebae\"\u003e\u003ccode\u003ebb8e248\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/65399\"\u003e#65399\u003c/a\u003e on branch 3.0.x (DOC: fix source link for classes in the r...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pandas-dev/pandas/compare/v3.0.2...v3.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `astropy-iers-data` from 0.2026.5.4.1.4.54 to 0.2026.5.11.1.8.52\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astropy/astropy-iers-data/releases\"\u003eastropy-iers-data's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.2026.5.11.1.8.52\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/astropy/astropy-iers-data/compare/v0.2026.5.4.1.4.54...v0.2026.5.11.1.8.52\"\u003ehttps://github.com/astropy/astropy-iers-data/compare/v0.2026.5.4.1.4.54...v0.2026.5.11.1.8.52\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astropy/astropy-iers-data/commit/f21a227f08b656a5dd03d7244f14c1c57a0737c1\"\u003e\u003ccode\u003ef21a227\u003c/code\u003e\u003c/a\u003e Update IERS Earth rotation and leap second tables\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/astropy/astropy-iers-data/compare/v0.2026.5.4.1.4.54...v0.2026.5.11.1.8.52\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `coverage` from 7.13.5 to 7.14.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst\"\u003ecoverage's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 7.14.0 — 2026-05-10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeature: now when running one of the reporting commands, if there are\nparallel data files that need combining, they will be implicitly combined\nbefore creating the report. There is no option to avoid the combination; let\nus know if you have a use case that requires it.  Thanks, \u003ccode\u003eTim Hatch \u0026lt;pull 2162_\u0026gt;\u003c/code\u003e\u003cem\u003e. Closes \u003ccode\u003eissue 1781\u003c/code\u003e\u003c/em\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the output from \u003ccode\u003ecombine\u003c/code\u003e was too verbose, listing each file\nconsidered. Now it shows a single line with the counts of files combined,\nfiles skipped, and files with errors. The \u003ccode\u003e-q\u003c/code\u003e flag suppresses this line.\nThe old detailed lines are available with the new \u003ccode\u003e--debug=combine\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: running a Python file through a symlink now sets the sys.path correctly,\nmatching regular Python behavior. Fixes \u003ccode\u003eissue 2157\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: \u003ccode\u003eCollector.flush_data\u003c/code\u003e could fail with \u0026quot;RuntimeError: Set changed\nsize during iteration\u0026quot; when a tracer in another thread added a line to the\nper-file set that \u003ccode\u003eadd_lines\u003c/code\u003e (or \u003ccode\u003eadd_arcs\u003c/code\u003e) was iterating. The values\npassed to \u003ccode\u003eCoverageData\u003c/code\u003e are now snapshotted via \u003ccode\u003edict.copy()\u003c/code\u003e and\n\u003ccode\u003eset.copy()\u003c/code\u003e, which are atomic under the GIL. Thanks, \u003ccode\u003eAlex Vandiver \u0026lt;pull 2165_\u0026gt;\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the soft keyword \u003ccode\u003elazy\u003c/code\u003e is now bolded in HTML reports.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWe are no longer testing eventlet support. Eventlet started issuing stern\ndeprecation warnings that break our tests. Our support code is still there.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _issue 1781: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/1781\"\u003ecoveragepy/coveragepy#1781\u003c/a\u003e\n.. _issue 2157: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2157\"\u003ecoveragepy/coveragepy#2157\u003c/a\u003e\n.. _pull 2162: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/pull/2162\"\u003ecoveragepy/coveragepy#2162\u003c/a\u003e\n.. _pull 2165: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/pull/2165\"\u003ecoveragepy/coveragepy#2165\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e.. _changes_7-13-5:\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/646351b60429f1b5760af6c1b97b28483244a955\"\u003e\u003ccode\u003e646351b\u003c/code\u003e\u003c/a\u003e docs: sample HTML for 7.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/39cd015505c8b04369c5b06e34fc22449a697370\"\u003e\u003ccode\u003e39cd015\u003c/code\u003e\u003c/a\u003e docs: prep for 7.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/649e8aa34af7d80c386ae82e8a3a6c9a3acb0dab\"\u003e\u003ccode\u003e649e8aa\u003c/code\u003e\u003c/a\u003e docs: thanks Alex Vandiver for \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2165\"\u003e#2165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/8cd392e3b5c4bc15d534aaec0c21714f9f518469\"\u003e\u003ccode\u003e8cd392e\u003c/code\u003e\u003c/a\u003e fix: snapshot data in Collector.flush_data to avoid threading race (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2165\"\u003e#2165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/c48e0edc2ebe44621b0053176e90f77b0c79bec1\"\u003e\u003ccode\u003ec48e0ed\u003c/code\u003e\u003c/a\u003e fix: less output for combining\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/c2a3a284078556c911e0d9b6c6af1b7082a363ea\"\u003e\u003ccode\u003ec2a3a28\u003c/code\u003e\u003c/a\u003e docs: explain the change from \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2162\"\u003e#2162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/1cd47aa6ac1da4e150da44055295d4e4f3a014e8\"\u003e\u003ccode\u003e1cd47aa\u003c/code\u003e\u003c/a\u003e fix: implicit combine-during-report now removes the combined data files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/2d99fd7696e0bccec8037479a4e45c1ecccb8058\"\u003e\u003ccode\u003e2d99fd7\u003c/code\u003e\u003c/a\u003e feat: automatically combine coverage in report, thanks Tim Hatch (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2162\"\u003e#2162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/9fbdcdfee1c122fac43f1bf9a5e2d1f4d835f21c\"\u003e\u003ccode\u003e9fbdcdf\u003c/code\u003e\u003c/a\u003e fix: lazy soft keywords are bolded\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/5de7d0267b9466d59995aaae1a7e707c8c6f66e7\"\u003e\u003ccode\u003e5de7d02\u003c/code\u003e\u003c/a\u003e build: oops, misplaced quote\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/coveragepy/coveragepy/compare/7.13.5...7.14.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fonttools` from 4.62.1 to 4.63.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fonttools/fonttools/releases\"\u003efonttools's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.63.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[ttLib] Add support for Apple Color Emoji \u003ccode\u003ebgcl\u003c/code\u003e table (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4065\"\u003e#4065\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[ttLib] Add support for \u003ccode\u003eIFT\u003c/code\u003e and \u003ccode\u003eIFTX\u003c/code\u003e tables (Incremental Font Transfer, PatchMapFormat2) (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4070\"\u003e#4070\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4072\"\u003e#4072\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[otData] Introduce \u003ccode\u003eFieldSpec\u003c/code\u003e dataclass for OpenType table schema definitions, replacing raw tuples in \u003ccode\u003eotData.py\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4076\"\u003e#4076\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[Feat] Show \u003ccode\u003ename\u003c/code\u003e table strings as comments next to label IDs in TTX output, matching the convention used by \u003ccode\u003efvar\u003c/code\u003e, \u003ccode\u003eSTAT\u003c/code\u003e, \u003ccode\u003etrak\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4089\"\u003e#4089\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cu2qu] Fix Cython complex-division rounding difference in \u003ccode\u003esplit_cubic_into_three\u003c/code\u003e that could cause ±1 off-curve coordinate shifts (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/3928\"\u003e#3928\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4083\"\u003e#4083\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[designspaceLib] Fix \u003ccode\u003emap_backward\u003c/code\u003e\u003ccode\u003egooglefonts/ufo2ft#978\u003c/code\u003e\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4085\"\u003e#4085\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[OS/2] Fix \u003ccode\u003esetUnicodeRanges\u003c/code\u003e to accept reserved bits 123-127, restoring round-trip with \u003ccode\u003egetUnicodeRanges\u003c/code\u003e and fixing \u003ccode\u003erecalcUnicodeRanges\u003c/code\u003e crash in the subsetter (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4087\"\u003e#4087\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4088\"\u003e#4088\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cython] Declare Cython extensions as free-threading compatible on Python 3.13+, so that importing them on free-threaded Python no longer re-enables the GIL (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4073\"\u003e#4073\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4090\"\u003e#4090\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fonttools/fonttools/blob/main/NEWS.rst\"\u003efonttools's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.63.0 (released 2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[ttLib] Add support for Apple Color Emoji \u003ccode\u003ebgcl\u003c/code\u003e table (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4065\"\u003e#4065\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[ttLib] Add support for \u003ccode\u003eIFT\u003c/code\u003e and \u003ccode\u003eIFTX\u003c/code\u003e tables (Incremental Font Transfer,\nPatchMapFormat2) (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4070\"\u003e#4070\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4072\"\u003e#4072\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[otData] Introduce \u003ccode\u003eFieldSpec\u003c/code\u003e dataclass for OpenType table schema definitions,\nreplacing raw tuples in \u003ccode\u003eotData.py\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4076\"\u003e#4076\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[Feat] Show \u003ccode\u003ename\u003c/code\u003e table strings as comments next to label IDs in TTX output,\nmatching the convention used by \u003ccode\u003efvar\u003c/code\u003e, \u003ccode\u003eSTAT\u003c/code\u003e, \u003ccode\u003etrak\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4089\"\u003e#4089\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cu2qu] Fix Cython complex-division rounding difference in\n\u003ccode\u003esplit_cubic_into_three\u003c/code\u003e that could cause ±1 off-curve coordinate shifts\n(\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/3928\"\u003e#3928\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4083\"\u003e#4083\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[designspaceLib] Fix \u003ccode\u003emap_backward\u003c/code\u003e for many-to-one (flat-segment) axis maps\nthat silently dropped entries via dict comprehension\n\u003ccode\u003egooglefonts/ufo2ft#978\u003c/code\u003e\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4085\"\u003e#4085\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[OS/2] Fix \u003ccode\u003esetUnicodeRanges\u003c/code\u003e to accept reserved bits 123-127, restoring\nround-trip with \u003ccode\u003egetUnicodeRanges\u003c/code\u003e and fixing \u003ccode\u003erecalcUnicodeRanges\u003c/code\u003e crash\nin the subsetter (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4087\"\u003e#4087\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4088\"\u003e#4088\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cython] Declare Cython extensions as free-threading compatible on Python 3.13+,\nso that importing them on free-threaded Python no longer re-enables the GIL\n(\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4073\"\u003e#4073\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4090\"\u003e#4090\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/978d9edccb60ea0e5fbad7015cb11817c3532328\"\u003e\u003ccode\u003e978d9ed\u003c/code\u003e\u003c/a\u003e Release 4.63.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/6b40ecb6f13e076916044ecd8f0fc13ab5f957f6\"\u003e\u003ccode\u003e6b40ecb\u003c/code\u003e\u003c/a\u003e Add changelog entries for 4.63.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/382a35fb5e96c6ff38a1e7775a24e20bf122a66d\"\u003e\u003ccode\u003e382a35f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4090\"\u003e#4090\u003c/a\u003e from fonttools/fix-freethreading-compat\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/0e999b55f05ad0dd8423f389673a32de9c5199bb\"\u003e\u003ccode\u003e0e999b5\u003c/code\u003e\u003c/a\u003e Declare Cython extensions as free-threading compatible\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/9e55ea54c184b0d4c0830525f72e69c6c1a32691\"\u003e\u003ccode\u003e9e55ea5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4089\"\u003e#4089\u003c/a\u003e from fonttools/graphite-feat-labels\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/e84db3ab426a251256ebec7904c03dc73e25932b\"\u003e\u003ccode\u003ee84db3a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4088\"\u003e#4088\u003c/a\u003e from fonttools/fix-setUnicodeRanges-bits-123-127\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/d6eabd1edf7bfa950b6b85c393e4c185dee36d7f\"\u003e\u003ccode\u003ed6eabd1\u003c/code\u003e\u003c/a\u003e Feat: show name table strings as comments next to label IDs in ttx\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/7d0902b2e27ec1433b015b3b8a79391d7c8604cb\"\u003e\u003ccode\u003e7d0902b\u003c/code\u003e\u003c/a\u003e OS/2: fix setUnicodeRanges round-trip for reserved bits 123-127\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/06e266ce70ec578d549c2df0e180a84d9323baf2\"\u003e\u003ccode\u003e06e266c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4085\"\u003e#4085\u003c/a\u003e from fonttools/fix-map-backward-non-injective\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/6d64598a63f83bcd59d29cf3f22dd25343bd9688\"\u003e\u003ccode\u003e6d64598\u003c/code\u003e\u003c/a\u003e Add more tests for map_backward with many-to-one axis maps\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fonttools/fonttools/compare/4.62.1...4.63.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.13 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.13...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `librt` from 0.10.0 to 0.11.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mypyc/librt/commit/862679a0492f4433a286b2d53965ec2603623be1\"\u003e\u003ccode\u003e862679a\u003c/code\u003e\u003c/a\u003e Sync mypy and bump version to 0.11.0 (\u003ca href=\"https://redirect.github.com/mypyc/librt/issues/40\"\u003e#40\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/mypyc/librt/compare/v0.10.0...v0.11.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `matplotlib-inline` from 0.2.1 to 0.2.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/e6e197523ecfabfff1d976e5b6958c3ede948ccb\"\u003e\u003ccode\u003ee6e1975\u003c/code\u003e\u003c/a\u003e release 0.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/0aac2e223483ffbfb5a6076d8c2ca83545cca440\"\u003e\u003ccode\u003e0aac2e2\u003c/code\u003e\u003c/a\u003e Bump the actions group across 1 directory with 2 updates (\u003ca href=\"https://redirect.github.com/ipython/matplotlib-inline/issues/65\"\u003e#65\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/6eb2bd89dc8d4d6678478c6b2ec15be7b20d3374\"\u003e\u003ccode\u003e6eb2bd8\u003c/code\u003e\u003c/a\u003e Bump the actions group across 1 directory with 2 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/631d7dd26be1287f64c5bd4bbb84888903e419b0\"\u003e\u003ccode\u003e631d7dd\u003c/code\u003e\u003c/a\u003e Zizmor hardening (\u003ca href=\"https://redirect.github.com/ipython/matplotlib-inline/issues/66\"\u003e#66\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/8d45c8fc427d39750751bdaa0ffe5abc8e30cd50\"\u003e\u003ccode\u003e8d45c8f\u003c/code\u003e\u003c/a\u003e Zizmor hardening\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/f830b37c728146dca4f947de6cbdb420ee9c69fb\"\u003e\u003ccode\u003ef830b37\u003c/code\u003e\u003c/a\u003e Specify BSD license and add license files (\u003ca href=\"https://redirect.github.com/ipython/matplotlib-inline/issues/62\"\u003e#62\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/e3b8bb10d275d5caa97d8d1b584d48797e494de4\"\u003e\u003ccode\u003ee3b8bb1\u003c/code\u003e\u003c/a\u003e Deprecate Python 3.9 in CI pipeline\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/c783ae72ed581f24fa136f34e6df4f6e99c3f785\"\u003e\u003ccode\u003ec783ae7\u003c/code\u003e\u003c/a\u003e Deprecate Python 3.9 in CI pipeline\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/8ac056c5730a6adbc9dd5e049b85163ba6a09a28\"\u003e\u003ccode\u003e8ac056c\u003c/code\u003e\u003c/a\u003e Update workflow to include matplotlib for tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/0cc8a2e91306c94e36f0a9cd8e31a38299b1c126\"\u003e\u003ccode\u003e0cc8a2e\u003c/code\u003e\u003c/a\u003e Use valid SPDX ID\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ipython/matplotlib-inline/compare/0.2.1...0.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mypy` from 2.0.0 to 2.1.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python/mypy/blob/master/CHANGELOG.md\"\u003emypy's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eMypy Release Notes\u003c/h1\u003e\n\u003ch2\u003eNext Release\u003c/h2\u003e\n\u003ch2\u003eMypy 2.1\u003c/h2\u003e\n\u003cp\u003eWe’ve just uploaded mypy 2.1.0 to the Python Package Index (\u003ca href=\"https://pypi.org/project/mypy/\"\u003ePyPI\u003c/a\u003e).\nMypy is a static type checker for Python. This release includes new features, performance\nimprovements and bug fixes. You can install it as follows:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epython3 -m pip install -U mypy\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eYou can read the full documentation for this release on \u003ca href=\"http://mypy.readthedocs.io\"\u003eRead the Docs\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003elibrt.vecs: Fast Growable Array Type for Mypyc\u003c/h3\u003e\n\u003cp\u003eThe new \u003ccode\u003elibrt.vecs\u003c/code\u003e module provides an efficient growable array type \u003ccode\u003evec\u003c/code\u003e that is\noptimized for mypyc use. It provides fast, packed arrays with integer and floating point\nvalue types, which can be \u003cstrong\u003eseveral times faster\u003c/strong\u003e than \u003ccode\u003elist\u003c/code\u003e, and tens of times faster\nthan \u003ccode\u003earray.array\u003c/code\u003e in code compiled using mypyc. It also supports nested \u003ccode\u003evec\u003c/code\u003e objects and\nnon-value-type items, such as \u003ccode\u003evec[vec[str]]\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eRefer to the \u003ca href=\"https://mypyc.readthedocs.io/en/latest/librt_vecs.html\"\u003edocumentation\u003c/a\u003e for\nthe details.\u003c/p\u003e\n\u003cp\u003eContributed by Jukka Lehtosalo.\u003c/p\u003e\n\u003ch3\u003elibrt.random: Fast Pseudo-Random Number Generation\u003c/h3\u003e\n\u003cp\u003eThe new \u003ccode\u003elibrt.random\u003c/code\u003e module provides fast pseudo-random number generation that is\noptimized for code compiled using mypyc. It can be 3x to 10x faster than the stdlib\n\u003ccode\u003erandom\u003c/code\u003e module in compiled code.\u003c/p\u003e\n\u003cp\u003eRefer to the \u003ca href=\"https://mypyc.readthedocs.io/en/latest/librt_random.html\"\u003edocumentation\u003c/a\u003e for\nthe details.\u003c/p\u003e\n\u003cp\u003eContributed by Jukka Lehtosalo (PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21433\"\u003e21433\u003c/a\u003e).\u003c/p\u003e\n\u003ch3\u003eMypyc Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMake compilation order with multiple files consistent (Piotr Sawicki, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21419\"\u003e21419\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash on accessing \u003ccode\u003eStopAsyncIteration\u003c/code\u003e (Piotr Sawicki, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21406\"\u003e21406\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix incremental compilation with \u003ccode\u003eseparate\u003c/code\u003e flag (Vaggelis Danias, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21299\"\u003e21299\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes to Crashes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix crash on partial type with \u003ccode\u003e--allow-redefinition\u003c/code\u003e and \u003ccode\u003eglobal\u003c/code\u003e declaration (Jukka Lehtosalo, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21428\"\u003e21428\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix broken awaitable generator patching (Ivan Levkivskyi, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21435\"\u003e21435\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges to Messages\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/c1c336d7e34eb313080c79b156518c58d27c7234\"\u003e\u003ccode\u003ec1c336d\u003c/code\u003e\u003c/a\u003e Remove +dev from version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/74df14b7cbf08140236aa45bbb7f42219b0b1df7\"\u003e\u003ccode\u003e74df14b\u003c/code\u003e\u003c/a\u003e Add changelog for mypy 2.1 (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21464\"\u003e#21464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/022d9bc96f86c40f338a5cf150f1806cc8f300ff\"\u003e\u003ccode\u003e022d9bc\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;TypeForm: Enable by default (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21262\"\u003e#21262\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/8826288214f1cb31496e610667481221e025359c\"\u003e\u003ccode\u003e8826288\u003c/code\u003e\u003c/a\u003e [mypyc] Document librt.random (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21463\"\u003e#21463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/3f4067b699dbe52d08e42ef3b3ebfdebdc06bd96\"\u003e\u003ccode\u003e3f4067b\u003c/code\u003e\u003c/a\u003e Bump librt version to 0.11.0 (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21458\"\u003e#21458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/2b1eb58a250c5f1eb4ef5fb1f312ff528c5a1d4e\"\u003e\u003ccode\u003e2b1eb58\u003c/code\u003e\u003c/a\u003e [mypyc] Enable incremental self-compilation (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21369\"\u003e#21369\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/8152f4af3f6c03beaf2660026240f0fdce7feecc\"\u003e\u003ccode\u003e8152f4a\u003c/code\u003e\u003c/a\u003e Respect file config comments for stale modules (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21444\"\u003e#21444\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/116d60bdd3fdfe8d97c6afe99370910db56f1b92\"\u003e\u003ccode\u003e116d60b\u003c/code\u003e\u003c/a\u003e Fix nondeterminism from nonassociativity of overload joins (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21455\"\u003e#21455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/6c4af8e42110cea3f84bc02add2ca7b89c268210\"\u003e\u003ccode\u003e6c4af8e\u003c/code\u003e\u003c/a\u003e Fix function call message change for small number of args (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21432\"\u003e#21432\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/4b8fdcaf24032592510e8f15421fb32d82a71800\"\u003e\u003ccode\u003e4b8fdca\u003c/code\u003e\u003c/a\u003e [mypyc] Add librt.random module (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21433\"\u003e#21433\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python/mypy/compare/v2.0.0...v2.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `regex` from 2026.4.4 to 2026.5.9\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mrabarnett/mrab-regex/blob/hg/changelog.txt\"\u003eregex's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eVersion: 2026.5.9\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eReverse matching with full unicode casefolding could lead to out-of-range string indexes.\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eVersion: 2026.4.4\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eA fix for older Python versions before free-threading was  supported.\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eVersion: 2026.4.3\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eMore fixes for free-threading.\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eVersion: 2026.3.32\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eFixed segfault.\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eVersion: 2026.3.31\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eFixed bug again.\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eVersion: 2026.3.30\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eFixed bug.\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eVersion: 2026.3.28\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eFixed version.\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eVersion: 2026.3.27\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eVarious fixes, including ones to improve free-threading support.\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eVersion: 2026.2.28\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eReplaced atomic operations with mutex on pattern object for free-threaded Python.\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eVersion: 2026.2.26\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003ePR [#598](https://github.com/mrabarnett/mrab-regex/issues/598): Fix race condition in storage caching with atomic operations.\n\u003cp\u003eReplaced use of PyUnicode_GET_LENGTH with PyUnicode_GetLength.\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eVersion: 2026.2.19\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eAdded \\z as alias of \\Z, like in re module.\n\u003cp\u003eAdded prefixmatch as alias of match, like in re module.\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eVersion: 2026.1.15\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mrabarnett/mrab-regex/commit/e57d185bb711729091907b23edac5dcba0426243\"\u003e\u003ccode\u003ee57d185\u003c/code\u003e\u003c/a\u003e Reverse matching with full unicode casefolding lead to out-of-range string in...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/mrabarnett/mrab-regex/compare/2026.4.4...2026.5.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.33.1 to 2.34.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.34.2\u003c/h2\u003e\n\u003ch2\u003e2.34.2 (2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMoved \u003ccode\u003eheaders\u003c/code\u003e input type back to \u003ccode\u003eMapping\u003c/code\u003e to avoid invariance issues with \u003ccode\u003eMutableMapping\u003c/code\u003e and inferred dict types. Users calling \u003ccode\u003eRequest.headers.update()\u003c/code\u003e may need to narrow typing in their code. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.34.1\u003c/h2\u003e\n\u003ch2\u003e2.34.1 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWidened \u003ccode\u003ejson\u003c/code\u003e input type from \u003ccode\u003edict\u003c/code\u003e and \u003ccode\u003elist\u003c/code\u003e to \u003ccode\u003eMapping\u003c/code\u003e\nand \u003ccode\u003eSequence\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanged \u003ccode\u003eheaders\u003c/code\u003e input type to MutableMapping and removed \u003ccode\u003eNone\u003c/code\u003e from\n\u003ccode\u003eRequest.headers\u003c/code\u003e typing to improve handling for users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.reason\u003c/code\u003e moved from \u003ccode\u003estr | None\u003c/code\u003e to \u003ccode\u003estr\u003c/code\u003e to improve handling\nfor users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where some bodies with custom \u003ccode\u003e__getattr__\u003c/code\u003e implementations\nweren't being properly detected as Iterables. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7433\"\u003e#7433\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/k223kim\"\u003e\u003ccode\u003e@​k223kim\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7433\"\u003epsf/requests#7433\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.34.0\u003c/h2\u003e\n\u003ch2\u003e2.34.0 (2026-05-11)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRequests 2.34.0 introduces inline types, replacing those provided by\ntypeshed. Public API types should be fully compatible with mypy, pyright,\nand ty. \u003cstrong\u003eWe believe types are comprehensive but if you find issues, please\nreport them to the \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003epinned tracking issue\u003c/a\u003e.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eSpecial thanks to \u003ca href=\"https://github.com/bastimeyer\"\u003e\u003ccode\u003e@​bastimeyer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/cthoyt\"\u003e\u003ccode\u003e@​cthoyt\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/edgarrmondragon\"\u003e\u003ccode\u003e@​edgarrmondragon\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/srittau\"\u003e\u003ccode\u003e@​srittau\u003c/code\u003e\u003c/a\u003e for\nhelping review and test the types ahead of the release. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7272\"\u003e#7272\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDigest Auth hashing algorithms have added \u003ccode\u003eusedforsecurity=False\u003c/code\u003e to clarify\nsecurity considerations. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7310\"\u003e#7310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.15 based on beta1. Downstream projects\nshould be able to start testing prior to its release in October. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7422\"\u003e#7422\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.14t. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7419\"\u003e#7419\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eResponse.history\u003c/code\u003e no longer contains a reference to itself, preventing\naccidental looping when traversing the history list. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7328\"\u003e#7328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests no longer performs greedy matching on no_proxy domains. The\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.34.2 (2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMoved \u003ccode\u003eheaders\u003c/code\u003e input type back to \u003ccode\u003eMapping\u003c/code\u003e to avoid invariance issues\nwith \u003ccode\u003eMutableMapping\u003c/code\u003e and inferred dict types. Users calling\n\u003ccode\u003eRequest.headers.update()\u003c/code\u003e may need to narrow typing in their code. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.34.1 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWidened \u003ccode\u003ejson\u003c/code\u003e input type from \u003ccode\u003edict\u003c/code\u003e and \u003ccode\u003elist\u003c/code\u003e to \u003ccode\u003eMapping\u003c/code\u003e\nand \u003ccode\u003eSequence\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanged \u003ccode\u003eheaders\u003c/code\u003e input type to MutableMapping and removed \u003ccode\u003eNone\u003c/code\u003e from\n\u003ccode\u003eRequest.headers\u003c/code\u003e typing to improve handling for users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.reason\u003c/code\u003e moved from \u003ccode\u003estr | None\u003c/code\u003e to \u003ccode\u003estr\u003c/code\u003e to improve handling\nfor users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where some bodies with custom \u003ccode\u003e__getattr__\u003c/code\u003e implementations\nweren't being properly detected as Iterables. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7433\"\u003e#7433\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.34.0 (2026-05-11)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRequests 2.34.0 introduces inline types, replacing those provided by\ntypeshed. Public API types should be fully compatible with mypy, pyright,\nand ty. We believe types are comprehensive but if you find issues, please\nreport them to the pinned tracking issue.\u003c/p\u003e\n\u003cp\u003eSpecial thanks to \u003ca href=\"https://github.com/bastimeyer\"\u003e\u003ccode\u003e@​bastimeyer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/cthoyt\"\u003e\u003ccode\u003e@​cthoyt\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/edgarrmondragon\"\u003e\u003ccode\u003e@​edgarrmondragon\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/srittau\"\u003e\u003ccode\u003e@​srittau\u003c/code\u003e\u003c/a\u003e for\nhelping review and test the types ahead of the release. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7272\"\u003e#7272\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDigest Auth hashing algorithms have added \u003ccode\u003eusedforsecurity=False\u003c/code\u003e to clarify\nsecurity considerations. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7310\"\u003e#7310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.15 based on beta1. Downstream projects\nshould be able to start testing prior to its release in October. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7422\"\u003e#7422\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.14t. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7419\"\u003e#7419\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eResponse.history\u003c/code\u003e no longer contains a reference to itself, preventing\naccidental looping when traversing the history list. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7328\"\u003e#7328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests no longer performs greedy matching on no_proxy domains. The\nproxy_bypass implementation has been updated with CPython's fix from\nbpo-39057. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7427\"\u003e#7427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests no longer incorrectly strips duplicate leading slashes in\nURI paths. This should address user issues with specific presigned\nURLs. Note the full fix requires urllib3 2.7.0+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7315\"\u003e#7315\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/6e83187b8feb273ed4c6cdab5efd8d54901dfab3\"\u003e\u003ccode\u003e6e83187\u003c/code\u003e\u003c/a\u003e v2.34.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/84d10f0be83e8f6aeca8a05230c52216431c4d0b\"\u003e\u003ccode\u003e84d10f0\u003c/code\u003e\u003c/a\u003e Move Request.headers back to Mapping (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/b7b549b54571d03950b16afd2d01bc6ff0348224\"\u003e\u003ccode\u003eb7b549b\u003c/code\u003e\u003c/a\u003e v2.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e511bc72777a94c45d004e010c597925092e1efe\"\u003e\u003ccode\u003ee511bc7\u003c/code\u003e\u003c/a\u003e Fix mutability issues with headers input types (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/5691f596134c2feb121e595c77a0178921fcce61\"\u003e\u003ccode\u003e5691f59\u003c/code\u003e\u003c/a\u003e Update JsonType containers to read-based collections (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/2144213c307691710c9d665700860fc4993c3035\"\u003e\u003ccode\u003e2144213\u003c/code\u003e\u003c/a\u003e Constrain Response.reason to str (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/6404f345e562d962abe6700a1c357ec1e7e18232\"\u003e\u003ccode\u003e6404f34\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eprepare_body\u003c/code\u003e stream detection for \u003ccode\u003e__getattr__\u003c/code\u003e-based file wrappers (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7\"\u003e#7\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0b401c76b6e80a4eecf3c690085b2553f6e261ca\"\u003e\u003ccode\u003e0b401c7\u003c/code\u003e\u003c/a\u003e v2.34.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/86b378d3f60f828daa13ca50aa82e287ff7b66b4\"\u003e\u003ccode\u003e86b378d\u003c/code\u003e\u003c/a\u003e Align Session.get parameters with requests.get (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7429\"\u003e#7429\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/a4f9a5999bdb9bf2d6e7c8aa973b28cacb17134f\"\u003e\u003ccode\u003ea4f9a59\u003c/code\u003e\u003c/a\u003e Port bpo-39057 to Requests (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7427\"\u003e#7427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.33.1...v2.34.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ruff` from 0.15.12 to 0.15.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/releases\"\u003eruff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.13\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-14.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a rule to flag lazy imports that are eagerly evaluated (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25016\"\u003e#25016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Standardize diagnostic message (\u003ccode\u003ePLR0914\u003c/code\u003e, \u003ccode\u003ePLR0917\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24996\"\u003e#24996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eF811\u003c/code\u003e false positive for class methods (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24933\"\u003e#24933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix setting selection for multi-folder workspace (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24819\"\u003e#24819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eeradicate\u003c/code\u003e] Fix false positive for lines with leading whitespace (\u003ccode\u003eERA001\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25122\"\u003e#25122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-pyi\u003c/code\u003e] Fix false positive for f-string debug specifier (\u003ccode\u003ePYI016\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24098\"\u003e#24098\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways include panic payload in panic diagnostic message (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24873\"\u003e#24873\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRestrict \u003ccode\u003ePYI034\u003c/code\u003e for in-place operations to enclosing class (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24511\"\u003e#24511\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove error message for parameters that are declared \u003ccode\u003eglobal\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24902\"\u003e#24902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate known stdlib (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25103\"\u003e#25103\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eisort\u003c/code\u003e] Avoid constructing \u003ccode\u003eglob::Pattern\u003c/code\u003es for literal known modules (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25123\"\u003e#25123\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCLI\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd TOML examples to \u003ccode\u003e--config\u003c/code\u003e help text (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25013\"\u003e#25013\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eColorize ruff check 'All checks passed' (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25085\"\u003e#25085\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIncrease max allowed value of \u003ccode\u003eline-length\u003c/code\u003e setting (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24962\"\u003e#24962\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eD203\u003c/code\u003e to rules that conflict with the formatter (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25044\"\u003e#25044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClarify \u003ccode\u003eCOM819\u003c/code\u003e and formatter interaction (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25045\"\u003e#25045\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClarify that \u003ccode\u003eNotImplemented\u003c/code\u003e is a value, not an exception (\u003ccode\u003eF901\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25054\"\u003e#25054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate number of lint rules supported (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24942\"\u003e#24942\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSimplify the playground's markdown template (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24924\"\u003e#24924\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md\"\u003eruff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.13\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-14.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a rule to flag lazy imports that are eagerly evaluated (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25016\"\u003e#25016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Standardize diagnostic message (\u003ccode\u003ePLR0914\u003c/code\u003e, \u003ccode\u003ePLR0917\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24996\"\u003e#24996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eF811\u003c/code\u003e false positive for class methods (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24933\"\u003e#24933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix setting selection for multi-folder workspace (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24819\"\u003e#24819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eeradicate\u003c/code\u003e] Fix false positive for lines with leading whitespace (\u003ccode\u003eERA001\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25122\"\u003e#25122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-pyi\u003c/code\u003e] Fix false positive for f-string debug specifier (\u003ccode\u003ePYI016\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24098\"\u003e#24098\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways include panic payload in panic diagnostic message (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24873\"\u003e#24873\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRestrict \u003ccode\u003ePYI034\u003c/code\u003e for in-place operations to enclosing class (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24511\"\u003e#24511\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove error message for parameters that are declared \u003ccode\u003eglobal\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24902\"\u003e#24902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate known stdlib (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25103\"\u003e#25103\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eisort\u003c/code\u003e] Avoid constructing \u003ccode\u003eglob::Pattern\u003c/code\u003es for literal known modules (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25123\"\u003e#25123\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCLI\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd TOML examples to \u003ccode\u003e--config\u003c/code\u003e help text (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25013\"\u003e#25013\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eColorize ruff check 'All checks passed' (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25085\"\u003e#25085\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIncrease max allowed value of \u003ccode\u003eline-length\u003c/code\u003e setting (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24962\"\u003e#24962\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eD203\u003c/code\u003e to rules that conflict with the formatter (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25044\"\u003e#25044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClarify \u003ccode\u003eCOM819\u003c/code\u003e and formatter interaction (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25045\"\u003e#25045\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClarify that \u003ccode\u003eNotImplemented\u003c/code\u003e is a value, not an exception (\u003ccode\u003eF901\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25054\"\u003e#25054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate number of lint rules supported (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24942\"\u003e#24942\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSimplify the playground's markdown template (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24924\"\u003e#24924\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MichaReiser\"\u003e\u003ccode\u003e@​MichaReiser\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/2afb467ce397e4a89c13a0a814c62cfecb0e9e49\"\u003e\u003ccode\u003e2afb467\u003c/code\u003e\u003c/a\u003e Bump 0.15.13 (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25157\"\u003e#25157\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/300879600fa3af7cde1e675c63de6ad9d0797d1b\"\u003e\u003ccode\u003e3008796\u003c/code\u003e\u003c/a\u003e [ty] classify TypeVar semantic tokens as type parameters (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24891\"\u003e#24891\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/79470e31877acb6074f3bbff2a49e508822ae4e8\"\u003e\u003ccode\u003e79470e3\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003eisort\u003c/code\u003e] Avoid constructing \u003ccode\u003eglob::Pattern\u003c/code\u003es for literal known modules (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25123\"\u003e#25123\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/2522549901d50f18775999f0fb802b19229417f0\"\u003e\u003ccode\u003e2522549\u003c/code\u003e\u003c/a\u003e Remove shellcheck from prek (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25154\"\u003e#25154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/7db7170020f539d6d2bc01dbd0b0c09fab91dc06\"\u003e\u003ccode\u003e7db7170\u003c/code\u003e\u003c/a\u003e [ty] Support TypedDict key completions in incomplete, anonymous contexts (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25\"\u003e#25\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/bb3dd535f1c5a83e2e56ac93a771fadbeeceebd0\"\u003e\u003ccode\u003ebb3dd53\u003c/code\u003e\u003c/a\u003e [ty] Run full iteration analysis on narrowed typevars (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25143\"\u003e#25143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/828cdb7732efcb16a53f4ee5f011cf653b834d1a\"\u003e\u003ccode\u003e828cdb7\u003c/code\u003e\u003c/a\u003e [ty] Isolate file-watching test environment (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25151\"\u003e#25151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/89e1d8670ea4d3af60c8143ee552dc750200718d\"\u003e\u003ccode\u003e89e1d86\u003c/code\u003e\u003c/a\u003e [ty] Preserve TypedDict keys through dict unpacking (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24523\"\u003e#24523\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/86f3064d6fffa5697d174f26b840bd6857b381da\"\u003e\u003ccode\u003e86f3064\u003c/code\u003e\u003c/a\u003e [ty] Avoid accessing \u003ccode\u003eargs[0]\u003c/code\u003e for \u003ccode\u003estatic_assert\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25149\"\u003e#25149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/ed819f947dc27e36eac8bb3134153c4668d76a3a\"\u003e\u003ccode\u003eed819f9\u003c/code\u003e\u003c/a\u003e [ty] Treat custom enum \u003ccode\u003e__new__\u003c/code\u003e values as dynamic (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25136\"\u003e#25136\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/astral-sh/ruff/compare/0.15.12...0.15.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-pyyaml` from 6.0.12.20260408 to 6.0.12.20260510\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-requests` from 2.33.0.20260503 to 2.33.0.20260513\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/tatsuki-washimi/gwexpy/pull/399","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/tatsuki-washimi%2Fgwexpy/issues/399","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/399/packages"}},{"old_version":"6.0.12.20250915","new_version":"6.0.12.20260510","update_type":null,"path":null,"pr_created_at":"2026-05-11T22:32:31.000Z","version_change":"6.0.12.20250915 → 6.0.12.20260510","issue":{"uuid":"4424760159","node_id":"PR_kwDORnryns7acuzP","number":80,"state":"closed","title":"chore(deps-dev): Bump types-pyyaml from 6.0.12.20250915 to 6.0.12.20260510","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-19T00:22:47.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-11T22:32:31.000Z","updated_at":"2026-05-19T00:22:48.000Z","time_to_close":611416,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps-dev): Bump","packages":[{"name":"types-pyyaml","old_version":"6.0.12.20250915","new_version":"6.0.12.20260510","repository_url":"https://github.com/python/typeshed"}],"path":null,"ecosystem":"pip"},"body":"Bumps [types-pyyaml](https://github.com/python/typeshed) from 6.0.12.20250915 to 6.0.12.20260510.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=types-pyyaml\u0026package-manager=pip\u0026previous-version=6.0.12.20250915\u0026new-version=6.0.12.20260510)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/Lenivvenil/digest/pull/80","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Lenivvenil%2Fdigest/issues/80","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/80/packages"}}]}