• c48217e Release 7.3.0
• f9e0f33 Merge pull request #1986 from PyCQA/document-f542
• 6bcdb62 document F542
• 70a15b8 Merge pull request #1985 from PyCQA/upgrade-deps
• 4941a3e upgrade pyflakes / pycodestyle
• 23e4005 Merge pull request #1983 from PyCQA/py314
• 019424b add support for t-strings
• 6b6f3d5 Merge pull request #1980 from PyCQA/asottile-patch-1
• 8dfa669 add rtd sphinx config
• ce34111 Merge pull request #1976 from PyCQA/document-f824
• Additional commits viewable in compare view

Sourced from pycodestyle's changelog.

2.14.0 (2025-06-20)

Changes:

• Add support for python 3.14. PR #1283.
• Fix false positive for TypeVar defaults with more than one argument. PR #1286.

• 814a0d1 Release 2.14.0
• 8621e31 fix false positive with TypeVar defaults with more than one argument
• 292cdd0 Merge pull request #1285 from PyCQA/sphinx-config
• 46bc333 add sphinx configuration for rtfd
• a986384 [pre-commit.ci] pre-commit autoupdate
• c85e740 Merge pull request #1283 from PyCQA/py314
• ae41b34 updates for python 3.14
• 34fc7f0 Merge pull request #1280 from PyCQA/pre-commit-ci-update-config
• 7182ac8 [pre-commit.ci] auto fixes from pre-commit.com hooks
• 1845a92 [pre-commit.ci] pre-commit autoupdate
• See full diff in compare view

Sourced from pyflakes's changelog.

3.4.0 (2025-06-20)

• Add support for python 3.14
• Add "t-string is missing placeholders" error
• Fix annotation erroneously causing a name to be defined with from __future__ import annotations
• Add support for always-deferred annotations (PEP 749)

• 59ec459 Release 3.4.0
• e5d4ba1 updates for python 3.14 (#842)
• See full diff in compare view

Sourced from pygments's releases.

2.19.2

• Lua: Fix regression introduced in 2.19.0 (#2882, #2839)

Sourced from pygments's changelog.

Version 2.19.2

(released June 21st, 2025)

• Lua: Fix regression introduced in 2.19.0 (#2882, #2839)

• cfca62e Prepare v2.19.2 release.
• 6688300 Disable pyodide (currently broken.)
• 66997c3 Update ruff version.
• 94dda77 Update CHANGES.
• 26634c8 Merge pull request #2882 from thavelick/fix_lua_runaway_regex
• b6a51ec fix lua regex causing runaway backtracking.
• edef94d Investigation for #2839.
• fb6a00e Merge pull request #2837 from dlazin/sql-cleanup
• bf7aa23 Clean up sql.py
• See full diff in compare view

Sourced from urllib3's releases.

2.5.0

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Security issues

urllib3 2.5.0 fixes two moderate security issues:

• Pool managers now properly control redirects when retries is passed — CVE-2025-50181 reported by @​sandumjacob (5.3 Medium, GHSA-pq67-6m6q-mj2v)
• Redirects are now controlled by urllib3 in the Node.js runtime — CVE-2025-50182 (5.3 Medium, GHSA-48p4-8xcf-vxj5)

Features

• Added support for the compression.zstd module that is new in Python 3.14. See PEP 784 for more information. (#3610)
• Added support for version 0.5 of hatch-vcs (#3612)

Bugfixes

• Raised exception for HTTPResponse.shutdown on a connection already released to the pool. (#3581)
• Fixed incorrect CONNECT statement when using an IPv6 proxy with connection_from_host. Previously would not be wrapped in []. (#3615)

Sourced from urllib3's changelog.

2.5.0 (2025-06-18)

Features

• Added support for the compression.zstd module that is new in Python 3.14. See PEP 784 <https://peps.python.org/pep-0784/>_ for more information. ([#3610](https://github.com/urllib3/urllib3/issues/3610) <https://github.com/urllib3/urllib3/issues/3610>__)
• Added support for version 0.5 of hatch-vcs ([#3612](https://github.com/urllib3/urllib3/issues/3612) <https://github.com/urllib3/urllib3/issues/3612>__)

Bugfixes

• Fixed a security issue where restricting the maximum number of followed redirects at the urllib3.PoolManager level via the retries parameter did not work.
• Made the Node.js runtime respect redirect parameters such as retries and redirects.
• Raised exception for HTTPResponse.shutdown on a connection already released to the pool. ([#3581](https://github.com/urllib3/urllib3/issues/3581) <https://github.com/urllib3/urllib3/issues/3581>__)
• Fixed incorrect CONNECT statement when using an IPv6 proxy with connection_from_host. Previously would not be wrapped in []. ([#3615](https://github.com/urllib3/urllib3/issues/3615) <https://github.com/urllib3/urllib3/issues/3615>__)

• aaab4ec Release 2.5.0
• 7eb4a2a Merge commit from fork
• f05b132 Merge commit from fork
• d03fe32 Fix HTTP tunneling with IPv6 in older Python versions
• 11661e9 Bump github/codeql-action from 3.28.0 to 3.29.0 (#3624)
• 6a0ecc6 Update v2 migration guide to 2.4.0 (#3621)
• 8e32e60 Raise exception for shutdown on a connection already released to the pool (#3...
• 9996e0f Fix emscripten CI for Chrome 137+ (#3599)
• 4fd1a99 Bump RECENT_DATE (#3617)
• c4b5917 Add support for the new compression.zstd module in Python 3.14 (#3611)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions