fix(deps): vuln minor upgrades — 15 packages (minor: 4 · patch: 11) [datadog_checks_dev]

[gh-worker-campaigns-3e9aa4]

Summary: Security update — 15 packages upgraded (MINOR changes included)

Manifests changed:

• datadog_checks_dev (pep621)

---

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.

---

Updates

Package	From	To	Type	Dep Type	Vulnerabilities Fixed
pydantic	2.0.2	2.0.3	patch	Direct	2 MODERATE
beautifulsoup4	4.12.3	4.14.3	minor	Direct	-
hatch	1.5.0	1.16.5	minor	Direct	-
in-toto	2.0.0	2.3.0	minor	Direct	-
tox	3.12.1	3.28.0	minor	Direct	-
click	8.1.6	8.1.8	patch	Direct	-
coverage	5.0.3	5.0.4	patch	Direct	-
datamodel-code-generator	0.25.6	0.25.9	patch	Direct	-
flaky	3.8.0	3.8.1	patch	Direct	-
hatchling	0.11.2	0.11.3	patch	Direct	-
pathspec	0.10.0	0.10.3	patch	Direct	-
platformdirs	2.0.0a3	2.0.2	patch	Direct	-
requests	2.33.0	2.33.1	patch	Direct	-
tabulate	0.8.9	0.8.10	patch	Direct	-
toml	0.9.4	0.9.6	patch	Direct	-

Packages marked with "-" are updated due to dependency constraints.

---

Security Details

ℹ️ Other Vulnerabilities (2)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
pydantic	GHSA-mr82-8j83-vxmv	MODERATE	Pydantic regular expression denial of service	2.0.2	2.4.0
pydantic	CVE-2024-3772	MODERATE	-	2.0.2	-

⚠️ Dependencies that have Reached EOL (7)

Dependency	Unsafe Version	EOL Date	New Version	Path
click	8.1.6	-	8.1.8	datadog_checks_dev/pyproject.toml
coverage	5.0.3	-	5.0.4	datadog_checks_dev/pyproject.toml
pathspec	0.10.0	-	0.10.3	datadog_checks_dev/pyproject.toml
requests	2.33.0	-	2.33.1	datadog_checks_dev/pyproject.toml
tabulate	0.8.9	Feb 22, 2026	0.8.10	datadog_checks_dev/pyproject.toml
toml	0.9.4	-	0.9.6	datadog_checks_dev/pyproject.toml
tox	3.12.1	-	3.28.0	datadog_checks_dev/pyproject.toml

📅 Dependencies Nearing EOL (1)

Dependency	Unsafe Version	EOL Date	New Version	Path
platformdirs	2.0.0a3	May 14, 2026	2.0.2	datadog_checks_dev/pyproject.toml

---

Review Checklist

Standard review:

• Review changes for compatibility with your code
• Check for breaking changes in release notes
• Run tests locally or wait for CI
• Approve and merge this PR

---

Update Mode: Vulnerability Remediation

🤖 Generated by DataDog Automated Dependency Management System

[campaigner-prod]

Release Notes

pydantic (2.0.2 → 2.0.3) — GitHub Release

What's Changed

• Mention PyObject (v1) moving to ImportString (v2) in migration doc by @slafs in Mention PyObject (v1) moving to ImportString (v2) in migration doc pydantic/pydantic#6456
• Fix release-tweet CI by @Kludex in Fix release-tweet CI pydantic/pydantic#6461
• Revise the section on required / optional / nullable fields. by @ybressler in Revise the section on required / optional / nullable fields. pydantic/pydantic#6468
• Warn if a type hint is not in fact a type by @adriangb in Warn if a type hint is not in fact a type pydantic/pydantic#6479
• Replace TransformSchema with GetPydanticSchema by @dmontagu in Replace TransformSchema with GetPydanticSchema pydantic/pydantic#6484
• Fix the un-hashability of various annotation types, for use in caching generic containers by @dmontagu in Fix the un-hashability of various annotation types, for use in caching generic containers pydantic/pydantic#6480
• PYD-164: Rework custom types docs by @adriangb in PYD-164: Rework custom types docs pydantic/pydantic#6490
• Fix ci by @adriangb in Fix ci pydantic/pydantic#6507
• Fix forward ref in generic by @adriangb in Fix forward ref in generic pydantic/pydantic#6511
• Fix generation of serialization JSON schemas for core_schema.ChainSchema by @dmontagu in Fix generation of serialization JSON schemas for core_schema.ChainSchema pydantic/pydantic#6515
• Document the change in Field.alias behavior in Pydantic V2 by @hramezani in Document the change in Field.alias behavior in Pydantic V2 pydantic/pydantic#6508
• Give better error message attempting to compute the json schema of a model with undefined fields by @dmontagu in Give better error message attempting to compute the json schema of a model with undefined fields pydantic/pydantic#6519
• Document alias_priority by @tpdorsey in Document alias_priority pydantic/pydantic#6520
• Add redirect for types documentation by @tpdorsey in Add redirect for types documentation pydantic/pydantic#6513
• Allow updating docs without release by @samuelcolvin in Allow updating docs without release pydantic/pydantic#6551
• Ensure docs tests always run in the right folder by @dmontagu in Ensure docs tests always run in the right folder pydantic/pydantic#6487
• Defer evaluation of return type hints for serializer functions by @dmontagu in Defer evaluation of return type hints for serializer functions pydantic/pydantic#6516
• Disable E501 from Ruff and rely on just Black by @adriangb in Disable E501 from Ruff and rely on just Black pydantic/pydantic#6552
• Update JSON Schema documentation for V2 by @tpdorsey in Update JSON Schema documentation for V2 pydantic/pydantic#6492
• Add documentation of cyclic reference handling by @dmontagu in Add documentation of cyclic reference handling pydantic/pydantic#6493
• Remove the need for change files by @samuelcolvin in Remove the need for change files pydantic/pydantic#6556
• add "north star" benchmark by @davidhewitt in add "north star" benchmark pydantic/pydantic#6547
• Update Dataclasses docs by @tpdorsey in Update Dataclasses docs pydantic/pydantic#6470
• ♻️ Use different error message on v1 redirects by @Kludex in ♻️ Use different error message on v1 redirects pydantic/pydantic#6595
• ⬆ Upgrade pydantic-core to v2.2.0 by @lig in ⬆ Upgrade pydantic-core to v2.2.0 pydantic/pydantic#6589
• Fix serialization for IPvAny by @dmontagu in Fix serialization for IPvAny pydantic/pydantic#6572
• Improve CI by using PDM instead of pip to install typing-extensions by @adriangb in Improve CI by using PDM instead of pip to install typing-extensions pydantic/pydantic#6602
• Add enum error type docs by @lig in Add enum error type docs  pydantic/pydantic#6603
• 🐛 Fix max_length for unicode strings by @lig in 🐛 Fix max_length for unicode strings pydantic/pydantic#6559
• Add documentation for accessing features via pydantic.v1 by @tpdorsey in Add documentation for accessing features via pydantic.v1 pydantic/pydantic#6604
• Include extra when iterating over a model by @adriangb in Include extra when iterating over a model pydantic/pydantic#6562
• Fix typing of model_validator by @adriangb in Fix typing of model_validator pydantic/pydantic#6514
• Touch up Decimal validator by @adriangb in Touch up Decimal validator pydantic/pydantic#6327
• Fix various docstrings using fixed pytest-examples by @dmontagu in Fix various docstrings using fixed pytest-examples pydantic/pydantic#6607
• Handle function validators in a discriminated union by @dmontagu in Handle function validators in a discriminated union pydantic/pydantic#6570
• Review json_schema.md by @tpdorsey in Review json_schema.md pydantic/pydantic#6608

(truncated — see source for full notes)

in-toto (2.0.0 → 2.3.0) — GitHub Release

v2.3.0

See CHANGELOG.md for details.

v2.2.0

See CHANGELOG.md for details.

v2.1.1

Changed

• Default type for CLI arg --run-timeout to avoid type mismatch (Fix type for --run-timeout in-toto/in-toto#626)
• Dependency update (build(deps): bump securesystemslib[crypto,pynacl] from 0.28.0 to 0.29.0 in-toto/in-toto#627)

v2.1.0

Added

• CLI argument to control command execution timeout (Create CLI arg for assigning timeout value in-toto/in-toto#605)
• ITE-4 resolver for directories ("dirHash", Add dirHash resolver in-toto/in-toto#590)

Changed

• Lint configuration (Reconfigure pylint and fix or exempt new warnings in-toto/in-toto#602)
• Output stream cleanup to address flaky tests on Windows (runlib: retry file removal to workaround #547 in-toto/in-toto#597)
• Layout expiry condition (Update layout expiry behavior in-toto/in-toto#616)
• Dependency updates (build(deps): bump actions/setup-python from 4.6.0 to 4.6.1 in-toto/in-toto#604, build(deps): bump cryptography from 40.0.2 to 41.0.1 in-toto/in-toto#607, build(deps): bump iso8601 from 1.1.0 to 2.0.0 in-toto/in-toto#608, build(deps): bump actions/checkout from 3.5.2 to 3.5.3 in-toto/in-toto#609, build(deps): bump cryptography from 41.0.1 to 41.0.2 in-toto/in-toto#617, build(deps): bump actions/setup-python from 4.6.1 to 4.7.0 in-toto/in-toto#618, build(deps): bump pathspec from 0.11.1 to 0.11.2 in-toto/in-toto#619, build(deps): bump cryptography from 41.0.2 to 41.0.3 in-toto/in-toto#620, build(deps): bump actions/checkout from 3.5.3 to 3.6.0 in-toto/in-toto#622,
  build(deps): bump actions/checkout from 3.6.0 to 4.0.0 in-toto/in-toto#623)

Removed

• AppVeyor test configuration (ci: remove Appveyor config and docs in-toto/in-toto#598)

tox (3.12.1 → 3.28.0) — Commit comparison

• 1343f3d expand section names (expand section names tox-dev/tox#1545)
• c102714 README.md: fix typo (README.md: fix typo tox-dev/tox#1552)
• f55da43 Update azure-pipelines.yml
• 352d0cd Fix changelog for 3.14.6 (Fix changelog for 3.14.6 tox-dev/tox#1543)
• f6042b3 Fix exeception when command is empty (Fix exeception when command is empty tox-dev/tox#1544)
• f0e66bf Fixed irrelevant Error message for invalid argument when runnin… (Fixed irrelevant Error message for invalid argument when running outside a directory with tox support files #1546 tox-dev/tox#1547)
• 3f7eb98 Fix parsing of architecture in python interpreter name (Fix parsing of architecture in python interpreter name tox-dev/tox#1542)
• 1ea7602 Merge pull request release 3.14.6 tox-dev/tox#1541 from tox-dev/release-3.14.6
• 803b226 release 3.14.6
• 549f7ee Fix ValueError: max() arg is an empty sequence on (Fix ValueError: max() arg is an empty sequence on tox-dev/tox#1529)
• 9d02cd4 Exclude virtualenvs vers w/ regressions 20.0.[0-7] (Exclude virtualenvs vers w/ regressions 20.0.[0-7] tox-dev/tox#1537)
• 537f26c Fix tox --help and tox --help-ini shows an error when run o… (Fix tox --help and tox --help-ini shows an error when run outside a directory with tox support files #1509 #1540 tox-dev/tox#1539)
• 330599f Updated String Formatting (Updated String Formatting tox-dev/tox#1528)
• 01e1e02 Merge pull request release 3.14.5 tox-dev/tox#1527 from tox-dev/release-3.14.5
• 5feb33a release 3.14.5

... and 85 more commits

click (8.1.6 → 8.1.8) — GitHub Release

8.1.8

This is the Click 8.1.8 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/click/8.1.8/
Changes: https://click.palletsprojects.com/en/stable/changes/#version-8-1-8
Milestone https://github.com/pallets/click/milestones/23?closed=1

• Fix an issue with type hints for click.open_file(). The type hint for the filename parameter to open_file is incomplete pallets/click#2717
• Fix issue where error message for invalid click.Path displays on
  multiple lines. Broken message about invalid argument value for template "File ... is a directory" pallets/click#2697
• Fixed issue that prevented a default value of "" from being displayed in
  the help for an option. Empty string default values are not displayed pallets/click#2500
• The test runner handles stripping color consistently on Windows. Setting color=True in runner.invoke on windows strips ansi codes pallets/click#2705
• Show correct value for flag default when using default_map. Flag option with secondary opts: show_default=True does not show value from default_map in "help" output pallets/click#2632
• Fix click.echo(color=...) passing color to coloroma so it can be
  forced on Windows. click.echo does not force colors on Windows with color=True pallets/click#2606.
• More robust bash version check, fixing problem on Windows with git-bash. Shell completion bash version check fail in git-bash on windows pallets/click#2638
• Cache the help option generated by the help_option_names setting to
  respect its eagerness. Fix eagerness of help option generated by help_option_names pallets/click#2811
• Replace uses of os.system with subprocess.Popen. Use subprocess instead of os.system pallets/click#1476
• Exceptions generated during a command will use the context's color
  setting when being displayed. ctx.color is ignored in ClickException.show() pallets/click#2193
• Error message when defining option with invalid name is more descriptive. Error message "Could not determine name for option" is not descriptive pallets/click#2452
• Refactor code generating default --help option to deduplicate code. Deduplicate --help option definition pallets/click#2563
• Test CLIRunner resets patched _compat.should_strip_ansi. Missing reset on should_strip_ansi causing cascading issues during other tests pallets/click#2732

8.1.7

This is a fix release for the 8.1.x feature branch.

• Changes: https://click.palletsprojects.com/en/8.1.x/changes/#version-8-1-7
• Milestone: https://github.com/pallets/click/milestone/22?closed=1

datamodel-code-generator (0.25.6 → 0.25.9) — GitHub Release

0.25.9

What's Changed

• Fix merging config and args by @mahdilamb in Fix merging config and args koxudaxi/datamodel-code-generator#2015
• Fix missing imports for collapsed models by @kmichel-aiven in Fix missing imports for collapsed models koxudaxi/datamodel-code-generator#2043
• Don't generate files without model by @kmichel-aiven in Don't generate files without model koxudaxi/datamodel-code-generator#2044
• Escaping apostophes in mark-down by @ben05allen in Escaping apostophes in mark-down koxudaxi/datamodel-code-generator#2047
• Typo: Fix missing whitespace in CLI help by @meliache in Typo: Fix missing whitespace in CLI help koxudaxi/datamodel-code-generator#2053

New Contributors

• @mahdilamb made their first contribution in Fix merging config and args koxudaxi/datamodel-code-generator#2015
• @ben05allen made their first contribution in Escaping apostophes in mark-down koxudaxi/datamodel-code-generator#2047
• @meliache made their first contribution in Typo: Fix missing whitespace in CLI help koxudaxi/datamodel-code-generator#2053

Full Changelog: koxudaxi/datamodel-code-generator@0.25.8...0.25.9

0.25.8

What's Changed

• feat: new cli option --use-exact-imports by @alpoi-x in feat: new cli option --use-exact-imports koxudaxi/datamodel-code-generator#1983
• patch pydantic v1.10.9 conflict with py3.12 by @luca-knaack-webcom in patch pydantic v1.10.9 conflict with py3.12 koxudaxi/datamodel-code-generator#2014
• feature: dots in paths by @luca-knaack-webcom in feature: dots in paths koxudaxi/datamodel-code-generator#2008
• docs: Update airbyte use case + fix broken link by @natikgadzhi in docs: Update airbyte use case + fix broken link koxudaxi/datamodel-code-generator#2021
• Fix Missing Imports by @luca-knaack-webcom in Fix Missing Imports koxudaxi/datamodel-code-generator#2009
• 🚑 fixes graphql parser --use-standard-collections --use-union-operator --use-annotated by @bpsoos in 🚑 fixes graphql parser --use-standard-collections --use-union-operator --use-annotated koxudaxi/datamodel-code-generator#2016

New Contributors

• @alpoi-x made their first contribution in feat: new cli option --use-exact-imports koxudaxi/datamodel-code-generator#1983
• @natikgadzhi made their first contribution in docs: Update airbyte use case + fix broken link koxudaxi/datamodel-code-generator#2021
• @bpsoos made their first contribution in 🚑 fixes graphql parser --use-standard-collections --use-union-operator --use-annotated koxudaxi/datamodel-code-generator#2016

Full Changelog: koxudaxi/datamodel-code-generator@0.25.7...0.25.8

0.25.7

What's Changed

• Add from_attributes to ConfigDict by @michael2to3 in Add from_attributes to ConfigDict koxudaxi/datamodel-code-generator#1946
• Fix msgspec template to add field by @ianbuss in Fix msgspec template to add field koxudaxi/datamodel-code-generator#1942
• Add regex_engine="python-re" if regex uses lookaround by @camillol in Add regex_engine="python-re" if regex uses lookaround koxudaxi/datamodel-code-generator#1945
• Fix broken unittest by @koxudaxi in Fix broken unittest koxudaxi/datamodel-code-generator#1987
• fix: Fix subschema array items with oneOf showing up as Any type by @jdweav in fix: Fix subschema array items with oneOf showing up as Any type koxudaxi/datamodel-code-generator#1962
• Fix reuse_models not using the custom_template_dir by @atti92 in Fix reuse_models not using the custom_template_dir koxudaxi/datamodel-code-generator#1954
• Fix alias for superclass with identical name by @kmichel-aiven in Fix alias for superclass with identical name koxudaxi/datamodel-code-generator#1981
• feat: support for external referenced discriminators by @luca-knaack-webcom in feat: support for external referenced discriminators koxudaxi/datamodel-code-generator#1991
• fix: external references to parent folder by @luca-knaack-webcom in fix: external references to parent folder koxudaxi/datamodel-code-generator#1999

New Contributors

• @michael2to3 made their first contribution in Add from_attributes to ConfigDict koxudaxi/datamodel-code-generator#1946
• @ianbuss made their first contribution in Fix msgspec template to add field koxudaxi/datamodel-code-generator#1942
• @camillol made their first contribution in Add regex_engine="python-re" if regex uses lookaround koxudaxi/datamodel-code-generator#1945

(truncated — see source for full notes)

flaky (3.8.0 → 3.8.1) — Commit comparison

• fe6233f New release (New release box/flaky#204)

pathspec (0.10.0 → 0.10.3) — GitHub Release

v0.10.3

Release v0.10.3. See CHANGES.rst.

v0.10.2

Release v0.10.2. See CHANGES.rst.

v0.10.1

Release v0.10.1. See CHANGES.rst.

platformdirs (2.0.0a3 → 2.0.2) — Commit comparison

• 6f3befe 2.0.2
• 9c4dfe0 Merge pull request Document the reasoning behind the fork. tox-dev/platformdirs#10 from platformdirs/ytf
• 5dda0b0 Merge pull request Add missing entries to the changelog tox-dev/platformdirs#12 from jack1142/patch-1
• 329cf76 Correct a changelog entry for supported Python versions
• 9963692 Move the changelog entry for *_config_dir change to correct version
• 070bf0f Document the reasoning behind the fork.
• 472880b Add BREAKING prefix
• ae1a250 Change the changelog now that 2.0.0 is released.
• ade93ba Release first non alpha version (Release first non alpha version tox-dev/platformdirs#7)

requests (2.33.0 → 2.33.1) — GitHub Release

2.33.1 (2026-03-30)

Bugfixes

• Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary
  files in the tmp directory. (Cleanup extracted file after extract_zipped_path test psf/requests#7305)
• Fixed Content-Type header parsing for malformed values. (Fix malformed value parsing for Content-Type psf/requests#7309)
• Improved error consistency for malformed header values. (Fix cosmetic header validity parsing regex psf/requests#7308)

New Contributors

• @ferdnyc made their first contribution in Packaging: DRY out extras definition psf/requests#7277

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2331-2026-03-30

tabulate (0.8.9 → 0.8.10) — Changelog

https://github.com/astanin/python-tabulate/blob/master/CHANGELOG

toml (0.9.4 → 0.9.6) — Commit comparison

• d31df32 Release 0.9.6
• 1be97de Fix the broken release
• fdf0c98 0.9.5 - Bugfix release for 0.9.X
• 4d4150d Remove pseudonym and update copyright
• 280fffd Fix IndexError (related to Bug: Comma in string in list raises IndexError: list index out of range  uiri/toml#170 )
• c5a4ac1 Fix Fails to parse quoted table keys that contain brackets uiri/toml#158: Parse quoted key table with brackets
• 8f16cc6 Fix toml.loads seems to parse complex keys incorrectly uiri/toml#145: Adjust split on = for quoted keys
• 7180713 Fix Infinite loop in parsing simple string uiri/toml#161: Raise error instead of looping forever
• 4283802 Allow only scalar Unicode values per TOML spec
• f87b7c1 Fix microsecond and timezone decoding bugs
• 9c62b53 Add trove classifiers for additional Python support
• 6c716ec Add trove classifier for license
• 133747e Fix messed up revert
• f3d8346 Revert "Skip tox for Python 3.3"
• 98ba524 Correct capitalization of PyPI (not PyPi)

... and 24 more commits

---

Generated by ADMS Sources: 6 GitHub Releases, 1 Changelog, 4 Commit comparisons, 4 not available.

[seberm-6]

Hey, sorry for the noise. This was caused by a bug in our automated dependency update system that incorrectly included upstream changelog content in PR comments, triggering notifications to external contributors. The feature flag has been turned off and we're working on a fix. Sorry about that again.