build(deps): bump the uv group across 4 directories with 10 updates by dependabot[bot] · Pull Request #6027 · aws/deep-learning-containers

dependabot · 2026-05-01T18:16:08Z

Bumps the uv group with 1 update in the /docker/pytorch/cpu directory: pip.
Bumps the uv group with 2 updates in the /docker/pytorch/cuda directory: requests and pip.
Bumps the uv group with 9 updates in the /docker/xgboost directory:

Package	From	To
requests	`2.32.3`	`2.33.0`
certifi	`2023.7.22`	`2024.7.4`
cryptography	`45.0.5`	`46.0.7`
flask	`1.1.1`	`3.1.3`
jinja2	`2.11.3`	`3.1.6`
pillow	`9.1.1`	`12.2.0`
urllib3	`1.26.5`	`2.6.3`
werkzeug	`0.15.6`	`3.1.6`
wheel	`0.45.1`	`0.46.2`

Bumps the uv group with 1 update in the /scripts/ray directory: pip.

Updates pip from 26.0.1 to 26.1

Changelog

Sourced from pip's changelog.

26.1 (2026-04-26)

Deprecations and Removals

Drop support for Python 3.9. ([#13795](https://github.com/pypa/pip/issues/13795) <https://github.com/pypa/pip/issues/13795>_)

Features

Add experimental support to read requirements from standardized pylock.toml files (-r pylock.toml). ([#13876](https://github.com/pypa/pip/issues/13876) <https://github.com/pypa/pip/issues/13876>_)

Allow --uploaded-prior-to to accept a duration in days (e.g., P3D for 3 days ago). ([#13674](https://github.com/pypa/pip/issues/13674) <https://github.com/pypa/pip/issues/13674>_)

Enhancements

Speed up dependency resolution when there are complex conflicts. ([#13859](https://github.com/pypa/pip/issues/13859) <https://github.com/pypa/pip/issues/13859>_)

Reduce memory usage when resolving large dependency trees. ([#13843](https://github.com/pypa/pip/issues/13843) <https://github.com/pypa/pip/issues/13843>_)

Emit a deprecation warning when pip imports an unexpected module after installation of a distribution has started. ([#13912](https://github.com/pypa/pip/issues/13912) <https://github.com/pypa/pip/issues/13912>_)

Allow URL constraints to apply to requirements with extras. ([#12018](https://github.com/pypa/pip/issues/12018) <https://github.com/pypa/pip/issues/12018>_)

Allow unpinned requirements to use hashes from constraints. Constraints like {name}=={version} --hash=... feeds into hash verification for a corresponding requirement. ([#9243](https://github.com/pypa/pip/issues/9243) <https://github.com/pypa/pip/issues/9243>_)

Improve conflict reports that involve direct URLs. ([#13932](https://github.com/pypa/pip/issues/13932) <https://github.com/pypa/pip/issues/13932>_)

Show all errors instead of first error for faulty dependency_groups definitions. ([#13917](https://github.com/pypa/pip/issues/13917) <https://github.com/pypa/pip/issues/13917>_)

Bug Fixes

Fix recovery hint for missing RECORD file to use --ignore-installed instead of --force-reinstall. ([#12645](https://github.com/pypa/pip/issues/12645) <https://github.com/pypa/pip/issues/12645>_)

Fix misleading error message when a constraint file cannot be opened. ([#13226](https://github.com/pypa/pip/issues/13226) <https://github.com/pypa/pip/issues/13226>_)

Show the filename rather than the full URL when downloading files from non-PyPI indexes in non-verbose mode. ([#13494](https://github.com/pypa/pip/issues/13494) <https://github.com/pypa/pip/issues/13494>_)

Remove the adjacent __pycache__ directory when a .py file is removed. ([#13725](https://github.com/pypa/pip/issues/13725) <https://github.com/pypa/pip/issues/13725>_)

Force UTF-8 encoding for :pep:723 metadata. ([#13861](https://github.com/pypa/pip/issues/13861) <https://github.com/pypa/pip/issues/13861>_)

Minor performance improvement when filtering candidates during resolution. ([#13916](https://github.com/pypa/pip/issues/13916) <https://github.com/pypa/pip/issues/13916>_)

Fix a hang on Windows when stdout is closed during verbose output. ([#13927](https://github.com/pypa/pip/issues/13927) <https://github.com/pypa/pip/issues/13927>_)

Common path prefixes are determined by path segment, not character by character. ([#13847](https://github.com/pypa/pip/issues/13847) <https://github.com/pypa/pip/issues/13847>_)

Fix installing .tar.gz source distributions that look like a zip file. ([#13867](https://github.com/pypa/pip/issues/13867) <https://github.com/pypa/pip/issues/13867>_)

Vendored Libraries

Upgrade certifi to 2026.2.25

Upgrade packaging to 26.2

Upgrade requests to 2.33.1

Upgrade tomli to 2.3.1

Upgrade urllib3 to 2.6.3

... (truncated)

Commits

90b2b3e Bump for release
193f289 Update AUTHORS.txt
63c3709 Merge pull request #13876 from sbidoul/install-from-pylock-reqs-sbi
e5fe702 Merge pull request #13949 from pypa/revert-13888-resolver-editable-links
122a14a Revert "Allow editable installs to satisfy direct-URL dependencies (#13888)"
c335252 -r pylock.toml: add pip-wheel -r pylock.toml test
ba2fc12 -r pylock.toml: proper error with remote pylock.toml containing directory ent...
747c4ae Merge pull request #13948 from ichard26/reword-news
3517841 -r pylock: refine filename pylock-ness test
2f7ad8c -r pylock.toml: fix crash with pip wheel and pip lock
Additional commits viewable in compare view

Updates pip from 26.0.1 to 26.1

Changelog

Sourced from pip's changelog.

26.1 (2026-04-26)

Deprecations and Removals

Drop support for Python 3.9. ([#13795](https://github.com/pypa/pip/issues/13795) <https://github.com/pypa/pip/issues/13795>_)

Features

Add experimental support to read requirements from standardized pylock.toml files (-r pylock.toml). ([#13876](https://github.com/pypa/pip/issues/13876) <https://github.com/pypa/pip/issues/13876>_)

Allow --uploaded-prior-to to accept a duration in days (e.g., P3D for 3 days ago). ([#13674](https://github.com/pypa/pip/issues/13674) <https://github.com/pypa/pip/issues/13674>_)

Enhancements

Speed up dependency resolution when there are complex conflicts. ([#13859](https://github.com/pypa/pip/issues/13859) <https://github.com/pypa/pip/issues/13859>_)

Reduce memory usage when resolving large dependency trees. ([#13843](https://github.com/pypa/pip/issues/13843) <https://github.com/pypa/pip/issues/13843>_)

Emit a deprecation warning when pip imports an unexpected module after installation of a distribution has started. ([#13912](https://github.com/pypa/pip/issues/13912) <https://github.com/pypa/pip/issues/13912>_)

Allow URL constraints to apply to requirements with extras. ([#12018](https://github.com/pypa/pip/issues/12018) <https://github.com/pypa/pip/issues/12018>_)

Allow unpinned requirements to use hashes from constraints. Constraints like {name}=={version} --hash=... feeds into hash verification for a corresponding requirement. ([#9243](https://github.com/pypa/pip/issues/9243) <https://github.com/pypa/pip/issues/9243>_)

Improve conflict reports that involve direct URLs. ([#13932](https://github.com/pypa/pip/issues/13932) <https://github.com/pypa/pip/issues/13932>_)

Show all errors instead of first error for faulty dependency_groups definitions. ([#13917](https://github.com/pypa/pip/issues/13917) <https://github.com/pypa/pip/issues/13917>_)

Bug Fixes

Fix recovery hint for missing RECORD file to use --ignore-installed instead of --force-reinstall. ([#12645](https://github.com/pypa/pip/issues/12645) <https://github.com/pypa/pip/issues/12645>_)

Fix misleading error message when a constraint file cannot be opened. ([#13226](https://github.com/pypa/pip/issues/13226) <https://github.com/pypa/pip/issues/13226>_)

Show the filename rather than the full URL when downloading files from non-PyPI indexes in non-verbose mode. ([#13494](https://github.com/pypa/pip/issues/13494) <https://github.com/pypa/pip/issues/13494>_)

Remove the adjacent __pycache__ directory when a .py file is removed. ([#13725](https://github.com/pypa/pip/issues/13725) <https://github.com/pypa/pip/issues/13725>_)

Force UTF-8 encoding for :pep:723 metadata. ([#13861](https://github.com/pypa/pip/issues/13861) <https://github.com/pypa/pip/issues/13861>_)

Minor performance improvement when filtering candidates during resolution. ([#13916](https://github.com/pypa/pip/issues/13916) <https://github.com/pypa/pip/issues/13916>_)

Fix a hang on Windows when stdout is closed during verbose output. ([#13927](https://github.com/pypa/pip/issues/13927) <https://github.com/pypa/pip/issues/13927>_)

Common path prefixes are determined by path segment, not character by character. ([#13847](https://github.com/pypa/pip/issues/13847) <https://github.com/pypa/pip/issues/13847>_)

Fix installing .tar.gz source distributions that look like a zip file. ([#13867](https://github.com/pypa/pip/issues/13867) <https://github.com/pypa/pip/issues/13867>_)

Vendored Libraries

Upgrade certifi to 2026.2.25

Upgrade packaging to 26.2

Upgrade requests to 2.33.1

Upgrade tomli to 2.3.1

Upgrade urllib3 to 2.6.3

... (truncated)

Commits

90b2b3e Bump for release
193f289 Update AUTHORS.txt
63c3709 Merge pull request #13876 from sbidoul/install-from-pylock-reqs-sbi
e5fe702 Merge pull request #13949 from pypa/revert-13888-resolver-editable-links
122a14a Revert "Allow editable installs to satisfy direct-URL dependencies (#13888)"
c335252 -r pylock.toml: add pip-wheel -r pylock.toml test
ba2fc12 -r pylock.toml: proper error with remote pylock.toml containing directory ent...
747c4ae Merge pull request #13948 from ichard26/reword-news
3517841 -r pylock: refine filename pylock-ness test
2f7ad8c -r pylock.toml: fix crash with pip wheel and pip lock
Additional commits viewable in compare view

Updates pip from 26.0.1 to 26.1

Changelog

Sourced from pip's changelog.

26.1 (2026-04-26)

Deprecations and Removals

Drop support for Python 3.9. ([#13795](https://github.com/pypa/pip/issues/13795) <https://github.com/pypa/pip/issues/13795>_)

Features

Add experimental support to read requirements from standardized pylock.toml files (-r pylock.toml). ([#13876](https://github.com/pypa/pip/issues/13876) <https://github.com/pypa/pip/issues/13876>_)

Allow --uploaded-prior-to to accept a duration in days (e.g., P3D for 3 days ago). ([#13674](https://github.com/pypa/pip/issues/13674) <https://github.com/pypa/pip/issues/13674>_)

Enhancements

Speed up dependency resolution when there are complex conflicts. ([#13859](https://github.com/pypa/pip/issues/13859) <https://github.com/pypa/pip/issues/13859>_)

Reduce memory usage when resolving large dependency trees. ([#13843](https://github.com/pypa/pip/issues/13843) <https://github.com/pypa/pip/issues/13843>_)

Emit a deprecation warning when pip imports an unexpected module after installation of a distribution has started. ([#13912](https://github.com/pypa/pip/issues/13912) <https://github.com/pypa/pip/issues/13912>_)

Allow URL constraints to apply to requirements with extras. ([#12018](https://github.com/pypa/pip/issues/12018) <https://github.com/pypa/pip/issues/12018>_)

Allow unpinned requirements to use hashes from constraints. Constraints like {name}=={version} --hash=... feeds into hash verification for a corresponding requirement. ([#9243](https://github.com/pypa/pip/issues/9243) <https://github.com/pypa/pip/issues/9243>_)

Improve conflict reports that involve direct URLs. ([#13932](https://github.com/pypa/pip/issues/13932) <https://github.com/pypa/pip/issues/13932>_)

Show all errors instead of first error for faulty dependency_groups definitions. ([#13917](https://github.com/pypa/pip/issues/13917) <https://github.com/pypa/pip/issues/13917>_)

Bug Fixes

Fix recovery hint for missing RECORD file to use --ignore-installed instead of --force-reinstall. ([#12645](https://github.com/pypa/pip/issues/12645) <https://github.com/pypa/pip/issues/12645>_)

Fix misleading error message when a constraint file cannot be opened. ([#13226](https://github.com/pypa/pip/issues/13226) <https://github.com/pypa/pip/issues/13226>_)

Show the filename rather than the full URL when downloading files from non-PyPI indexes in non-verbose mode. ([#13494](https://github.com/pypa/pip/issues/13494) <https://github.com/pypa/pip/issues/13494>_)

Remove the adjacent __pycache__ directory when a .py file is removed. ([#13725](https://github.com/pypa/pip/issues/13725) <https://github.com/pypa/pip/issues/13725>_)

Force UTF-8 encoding for :pep:723 metadata. ([#13861](https://github.com/pypa/pip/issues/13861) <https://github.com/pypa/pip/issues/13861>_)

Minor performance improvement when filtering candidates during resolution. ([#13916](https://github.com/pypa/pip/issues/13916) <https://github.com/pypa/pip/issues/13916>_)

Fix a hang on Windows when stdout is closed during verbose output. ([#13927](https://github.com/pypa/pip/issues/13927) <https://github.com/pypa/pip/issues/13927>_)

Common path prefixes are determined by path segment, not character by character. ([#13847](https://github.com/pypa/pip/issues/13847) <https://github.com/pypa/pip/issues/13847>_)

Fix installing .tar.gz source distributions that look like a zip file. ([#13867](https://github.com/pypa/pip/issues/13867) <https://github.com/pypa/pip/issues/13867>_)

Vendored Libraries

Upgrade certifi to 2026.2.25

Upgrade packaging to 26.2

Upgrade requests to 2.33.1

Upgrade tomli to 2.3.1

Upgrade urllib3 to 2.6.3

... (truncated)

Commits

90b2b3e Bump for release
193f289 Update AUTHORS.txt
63c3709 Merge pull request #13876 from sbidoul/install-from-pylock-reqs-sbi
e5fe702 Merge pull request #13949 from pypa/revert-13888-resolver-editable-links
122a14a Revert "Allow editable installs to satisfy direct-URL dependencies (#13888)"
c335252 -r pylock.toml: add pip-wheel -r pylock.toml test
ba2fc12 -r pylock.toml: proper error with remote pylock.toml containing directory ent...
747c4ae Merge pull request #13948 from ichard26/reword-news
3517841 -r pylock: refine filename pylock-ness test
2f7ad8c -r pylock.toml: fix crash with pip wheel and pip lock
Additional commits viewable in compare view

Updates requests from 2.32.5 to 2.33.0

Release notes

Sourced from requests's releases.

v2.33.0

2.33.0 (2026-03-25)

Announcements

📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

Various typo fixes and doc improvements.

New Contributors

@M0d3v1 made their first contribution in psf/requests#6865

@aminvakil made their first contribution in psf/requests#7220

@E8Price made their first contribution in psf/requests#6960

@mitre88 made their first contribution in psf/requests#7244

@magsen made their first contribution in psf/requests#6553

@Rohan5commit made their first contribution in psf/requests#7227

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25

Changelog

Sourced from requests's changelog.

2.33.0 (2026-03-25)

Announcements

📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

Various typo fixes and doc improvements.

Commits

bc04dfd v2.33.0
66d21cb Merge commit from fork
8b9bc8f Move badges to top of README (#7293)
e331a28 Remove unused extraction call (#7292)
753fd08 docs: fix FAQ grammar in httplib2 example
774a0b8 docs(socks): same block as other sections
9c72a41 Bump github/codeql-action from 4.33.0 to 4.34.1
ebf7190 Bump github/codeql-action from 4.32.0 to 4.33.0
0e4ae38 docs: exclude Response.is_permanent_redirect from API docs (#7244)
d568f47 docs: clarify Quickstart POST example (#6960)
Additional commits viewable in compare view

Updates pip from 26.0.1 to 26.1

Changelog

Sourced from pip's changelog.

26.1 (2026-04-26)

Deprecations and Removals

Drop support for Python 3.9. ([#13795](https://github.com/pypa/pip/issues/13795) <https://github.com/pypa/pip/issues/13795>_)

Features

Add experimental support to read requirements from standardized pylock.toml files (-r pylock.toml). ([#13876](https://github.com/pypa/pip/issues/13876) <https://github.com/pypa/pip/issues/13876>_)

Allow --uploaded-prior-to to accept a duration in days (e.g., P3D for 3 days ago). ([#13674](https://github.com/pypa/pip/issues/13674) <https://github.com/pypa/pip/issues/13674>_)

Enhancements

Speed up dependency resolution when there are complex conflicts. ([#13859](https://github.com/pypa/pip/issues/13859) <https://github.com/pypa/pip/issues/13859>_)

Reduce memory usage when resolving large dependency trees. ([#13843](https://github.com/pypa/pip/issues/13843) <https://github.com/pypa/pip/issues/13843>_)

Emit a deprecation warning when pip imports an unexpected module after installation of a distribution has started. ([#13912](https://github.com/pypa/pip/issues/13912) <https://github.com/pypa/pip/issues/13912>_)

Allow URL constraints to apply to requirements with extras. ([#12018](https://github.com/pypa/pip/issues/12018) <https://github.com/pypa/pip/issues/12018>_)

Allow unpinned requirements to use hashes from constraints. Constraints like {name}=={version} --hash=... feeds into hash verification for a corresponding requirement. ([#9243](https://github.com/pypa/pip/issues/9243) <https://github.com/pypa/pip/issues/9243>_)

Improve conflict reports that involve direct URLs. ([#13932](https://github.com/pypa/pip/issues/13932) <https://github.com/pypa/pip/issues/13932>_)

Show all errors instead of first error for faulty dependency_groups definitions. ([#13917](https://github.com/pypa/pip/issues/13917) <https://github.com/pypa/pip/issues/13917>_)

Bug Fixes

Fix recovery hint for missing RECORD file to use --ignore-installed instead of --force-reinstall. ([#12645](https://github.com/pypa/pip/issues/12645) <https://github.com/pypa/pip/issues/12645>_)

Fix misleading error message when a constraint file cannot be opened. ([#13226](https://github.com/pypa/pip/issues/13226) <https://github.com/pypa/pip/issues/13226>_)

Show the filename rather than the full URL when downloading files from non-PyPI indexes in non-verbose mode. ([#13494](https://github.com/pypa/pip/issues/13494) <https://github.com/pypa/pip/issues/13494>_)

Remove the adjacent __pycache__ directory when a .py file is removed. ([#13725](https://github.com/pypa/pip/issues/13725) <https://github.com/pypa/pip/issues/13725>_)

Force UTF-8 encoding for :pep:723 metadata. ([#13861](https://github.com/pypa/pip/issues/13861) <https://github.com/pypa/pip/issues/13861>_)

Minor performance improvement when filtering candidates during resolution. ([#13916](https://github.com/pypa/pip/issues/13916) <https://github.com/pypa/pip/issues/13916>_)

Fix a hang on Windows when stdout is closed during verbose output. ([#13927](https://github.com/pypa/pip/issues/13927) <https://github.com/pypa/pip/issues/13927>_)

Common path prefixes are determined by path segment, not character by character. ([#13847](https://github.com/pypa/pip/issues/13847) <https://github.com/pypa/pip/issues/13847>_)

Fix installing .tar.gz source distributions that look like a zip file. ([#13867](https://github.com/pypa/pip/issues/13867) <https://github.com/pypa/pip/issues/13867>_)

Vendored Libraries

Upgrade certifi to 2026.2.25

Upgrade packaging to 26.2

Upgrade requests to 2.33.1

Upgrade tomli to 2.3.1

Upgrade urllib3 to 2.6.3

... (truncated)

Commits

90b2b3e Bump for release
193f289 Update AUTHORS.txt
63c3709 Merge pull request #13876 from sbidoul/install-from-pylock-reqs-sbi
e5fe702 Merge pull request #13949 from pypa/revert-13888-resolver-editable-links
122a14a Revert "Allow editable installs to satisfy direct-URL dependencies (#13888)"
c335252 -r pylock.toml: add pip-wheel -r pylock.toml test
ba2fc12 -r pylock.toml: proper error with remote pylock.toml containing directory ent...
747c4ae Merge pull request #13948 from ichard26/reword-news
3517841 -r pylock: refine filename pylock-ness test
2f7ad8c -r pylock.toml: fix crash with pip wheel and pip lock
Additional commits viewable in compare view

Updates requests from 2.32.5 to 2.33.0

Release notes

Sourced from requests's releases.

v2.33.0

2.33.0 (2026-03-25)

Announcements

📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

Various typo fixes and doc improvements.

New Contributors

@M0d3v1 made their first contribution in psf/requests#6865

@aminvakil made their first contribution in psf/requests#7220

@E8Price made their first contribution in psf/requests#6960

@mitre88 made their first contribution in psf/requests#7244

@magsen made their first contribution in psf/requests#6553

@Rohan5commit made their first contribution in psf/requests#7227

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25

Changelog

Sourced from requests's changelog.

2.33.0 (2026-03-25)

Announcements

📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

Various typo fixes and doc improvements.

Commits

bc04dfd v2.33.0
66d21cb Merge commit from fork
8b9bc8f Move badges to top of README (#7293)
e331a28 Remove unused extraction call (#7292)
753fd08 docs: fix FAQ grammar in httplib2 example
774a0b8 docs(socks): same block as other sections
9c72a41 Bump github/codeql-action from 4.33.0 to 4.34.1
ebf7190 Bump github/codeql-action from 4.32.0 to 4.33.0
0e4ae38 docs: exclude Response.is_permanent_redirect from API docs (#7244)
d568f47 docs: clarify Quickstart POST example (#6960)
Additional commits viewable in compare view

Updates pip from 26.0.1 to 26.1

Changelog

Sourced from pip's changelog.

26.1 (2026-04-26)

Deprecations and Removals

Drop support for Python 3.9. ([#13795](https://github.com/pypa/pip/issues/13795) <https://github.com/pypa/pip/issues/13795>_)

Features

Add experimental support to read requirements from standardized pylock.toml files (-r pylock.toml). ([#13876](https://github.com/pypa/pip/issues/13876) <https://github.com/pypa/pip/issues/13876>_)

Allow --uploaded-prior-to to accept a duration in days (e.g., P3D for 3 days ago). ([#13674](https://github.com/pypa/pip/issues/13674) <https://github.com/pypa/pip/issues/13674>_)

Enhancements

Speed up dependency resolution when there are complex conflicts. ([#13859](https://github.com/pypa/pip/issues/13859) <https://github.com/pypa/pip/issues/13859>_)

Reduce memory usage when resolving large dependency trees. ([#13843](https://github.com/pypa/pip/issues/13843) <https://github.com/pypa/pip/issues/13843>_)

Emit a deprecation warning when pip imports an unexpected module after installation of a distribution has started. ([#13912](https://github.com/pypa/pip/issues/13912) <https://github.com/pypa/pip/issues/13912>_)

Allow URL constraints to apply to requirements with extras. ([#12018](https://github.com/pypa/pip/issues/12018) <https://github.com/pypa/pip/issues/12018>_)

Allow unpinned requirements to use hashes from constraints. Constraints like {name}=={version} --hash=... feeds into hash verification for a corresponding requirement. ([#9243](https://github.com/pypa/pip/issues/9243) <https://github.com/pypa/pip/issues/9243>_)

Improve conflict reports that involve direct URLs. ([#13932](https://github.com/pypa/pip/issues/13932) <https://github.com/pypa/pip/issues/13932>_)

Show all errors instead of first error for faulty dependency_groups definitions. ([#13917](https://github.com/pypa/pip/issues/13917) <https://github.com/pypa/pip/issues/13917>_)

Bug Fixes

Fix recovery hint for missing RECORD file to use --ignore-installed instead of --force-reinstall. ([#12645](https://github.com/pypa/pip/issues/12645) <https://github.com/pypa/pip/issues/12645>_)

Fix misleading error message when a constraint file cannot be opened. ([#13226](https://github.com/pypa/pip/issues/13226) <https://github.com/pypa/pip/issues/13226>_)

Show the filename rather than the full URL when downloading files from non-PyPI indexes in non-verbose mode. ([#13494](https://github.com/pypa/pip/issues/13494) <https://github.com/pypa/pip/issues/13494>_)

Remove the adjacent __pycache__ directory when a .py file is removed. ([#13725](https://github.com/pypa/pip/issues/13725) <https://github.com/pypa/pip/issues/13725>_)

Force UTF-8 encoding for :pep:723 metadata. ([#13861](https://github.com/pypa/pip/issues/13861) <https://github.com/pypa/pip/issues/13861>_)

Minor performance improvement when filtering candidates during resolution. ([#13916](https://github.com/pypa/pip/issues/13916) <https://github.com/pypa/pip/issues/13916>_)

Fix a hang on Windows when stdout is closed during verbose output. ([#13927](https://github.com/pypa/pip/issues/13927) <https://github.com/pypa/pip/issues/13927>_)

Common path prefixes are determined by path segment, not character by character. ([#13847](https://github.com/pypa/pip/issues/13847) <https://github.com/pypa/pip/issues/13847>_)

Fix installing .tar.gz source distributions that look like a zip file. ([#13867](https://github.com/pypa/pip/issues/13867) <https://github.com/pypa/pip/issues/13867>_)

Vendored Libraries

Upgrade certifi to 2026.2.25

Upgrade packaging to 26.2

Upgrade requests to 2.33.1

Upgrade tomli to 2.3.1

Upgrade urllib3 to 2.6.3

... (truncated)

Commits

90b2b3e Bump for release
193f289 Update AUTHORS.txt
63c3709 Merge pull request #13876 from sbidoul/install-from-pylock-reqs-sbi
e5fe702 Merge pull request #13949 from pypa/revert-13888-resolver-editable-links
122a14a Revert "Allow editable installs to satisfy direct-URL dependencies (#13888)"
c335252 -r pylock.toml: add pip-wheel -r pylock.toml test
ba2fc12 -r pylock.toml: proper error with remote pylock.toml containing directory ent...
747c4ae Merge pull request #13948 from ichard26/reword-news
3517841 -r pylock: refine filename pylock-ness test
2f7ad8c -r pylock.toml: fix crash with pip wheel and pip lock
Additional commits viewable in compare view

Updates requests from 2.32.5 to 2.33.0

Release notes

Sourced from requests's releases.

v2.33.0

2.33.0 (2026-03-25)

Announcements

📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

Various typo fixes and doc improvements.

New Contributors

@M0d3v1 made their first contribution in psf/requests#6865

@aminvakil made their first contribution in psf/requests#7220

@E8Price made their first contribution in psf/requests#6960

@mitre88 made their first contribution in psf/requests#7244

@magsen made their first contribution in psf/requests#6553

@Rohan5commit made their first contribution in psf/requests#7227

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25

Changelog

Sourced from requests's changelog.

2.33.0 (2026-03-25)

Announcements

📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

Various typo fixes and doc improvements.

Commits

bc04dfd v2.33.0
66d21cb Merge commit from fork
8b9bc8f Move badges to top of README (#7293)
e331a28 Remove unused extraction call (#7292)
753fd08 docs: fix FAQ grammar in httplib2 example
774a0b8 docs(socks): same block as other sections
9c72a41 Bump github/codeql-action from 4.33.0 to 4.34.1
ebf7190 Bump github/codeql-action from 4.32.0 to 4.33.0
0e4ae38 docs: exclude Response.is_permanent_redirect from API docs (#7244)
d568f47 docs: clarify Quickstart POST example (#6960)
Additional commits viewable in compare view

Updates pip from 26.0.1 to 26.1

Changelog

Sourced from pip's changelog.

26.1 (2026-04-26)

Deprecations and Removals

Drop support for Python 3.9. ([#13795](https://github.com/pypa/pip/issues/13795) <https://github.com/pypa/pip/issues/13795>_)

Features

Add experimental support to read requirements from standardized pylock.toml files (-r pylock.toml). ([#13876](https://github.com/pypa/pip/issues/13876) <https://github.com/pypa/pip/issues/13876>_)

Allow --uploaded-prior-to to accept a duration in days (e.g., P3D for 3 days ago). ([#13674](https://github.com/pypa/pip/issues/13674) <https://github.com/pypa/pip/issues/13674>_)

Enhancements

Speed up dependency resolution when there are complex conflicts. ([#13859](https://github.com/pypa/pip/issues/13859) <https://github.com/pypa/pip/issues/13859>_)

Reduce memory usage when resolving large dependency trees. ([#13843](https://github.com/pypa/pip/issues/13843) <https://github.com/pypa/pip/issues/13843>_)

Emit a deprecation warning when pip imports an unexpected module after installation of a distribution has started. ([#13912](https://github.com/pypa/pip/issues/13912) <https://github.com/pypa/pip/issues/13912>_)

Allow URL constraints to apply to requirements with extras. ([#12018](https://github.com/pypa/pip/issues/12018) <https://github.com/pypa/pip/issues/12018>_)

Allow unpinned requirements to use hashes from constraints. Constraints like {name}=={version} --hash=... feeds into hash verification for a corresponding requirement. ([#9243](https://github.com/pypa/pip/issues/9243) <https://github.com/pypa/pip/issues/9243>_)

Improve conflict reports that involve direct URLs. ([#13932](https://github.com/pypa/pip/issues/13932) <https://github.com/pypa/pip/issues/13932>_)

Show all errors instead of first error for faulty dependency_groups definitions. ([#13917](https://github.com/pypa/pip/issues/13917) <https://github.com/pypa/pip/issues/13917>_)

Bug Fixes

Fix recovery hint for missing RECORD file to use --ignore-installed instead of --force-reinstall. ([#12645](https://github.com/pypa/pip/issues/12645) <https://github.com/pypa/pip/issues/12645>_)

Fix misleading error message when a constraint file cannot be opened. ([#13226](https://github.com/pypa/pip/issues/13226) <https://github.com/pypa/pip/issues/13226>_)

Show the filename rather than the full URL when downloading files from non-PyPI indexes in non-verbose mode. ([#13494](https://github.com/pypa/pip/issues/13494) <https://github.com/pypa/pip/issues/13494>_)

Remove the adjacent __pycache__ directory when a .py file is removed. ([#13725](https://github.com/pypa/pip/issues/13725) <https://github.com/pypa/pip/issues/13725>_)

Force UTF-8 encoding for :pep:723 metadata. ([#13861](https://github.com/pypa/pip/issues/13861) <https://github.com/pypa/pip/issues/13861>_)

Minor performance improvement when filtering candidates during resolution. ([#13916](https://github.com/pypa/pip/issues/13916) <https://github.com/pypa/pip/issues/13916>_)

Fix a hang on Windows when stdout is closed during verbose output. ([#13927](https://github.com/pypa/pip/issues/13927) <https://github.com/pypa/pip/issues/13927>_)

Common path prefixes are determined by path segment, not character by character. ([#13847](https://github.com/pypa/pip/issues/13847) <https://github.com/pypa/pip/issues/13847>_)

Fix installing .tar.gz source distributions that look like a zip file. ([#13867](https://github.com/pypa/pip/issues/13867) <https://github.com/pypa/pip/issues/13867>_)

Vendored Libraries

Upgrade certifi to 2026.2.25

Upgrade packaging to 26.2

Upgrade requests to 2.33.1

Upgrade tomli to 2.3.1

Upgrade urllib3 to 2.6.3

... (truncated)

Commits

90b2b3e Bump for release
193f289 Update AUTHORS.txt
63c3709 Merge pull request #13876 from sbidoul/install-from-pylock-reqs-sbi
e5fe702 Merge pull request #13949 from pypa/revert-13888-resolver-editable-links
122a14a Revert "Allow editable installs to satisfy direct-URL dependencies (#13888)"
c335252 -r pylock.toml: add pip-wheel -r pylock.toml test
ba2fc12 -r pylock.toml: proper error with remote pylock.toml containing directory ent...
747c4ae Merge pull request #13948 from ichard26/reword-news
3517841 -r pylock: refine filename pylock-ness test
2f7ad8c -r pylock.toml: fix crash with pip wheel and pip lock
Additional commits viewable in compare view

Updates requests from 2.32.5 to 2.33.0

Release notes

Sourced from requests's releases.

v2.33.0

2.33.0 (2026-03-25)

Announcements

📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

Various typo fixes and doc improvements.

New Contributors

@M0d3v1 made their first contribution in psf/requests#6865

@aminvakil made their first contribution in psf/requests#7220

@E8Price made their first contribution in psf/requests#6960

@mitre88 made their first contribution in psf/requests#7244

@magsen made their first contribution in psf/requests#6553

@Rohan5commit made their first contribution in psf/requests#7227

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25

Changelog

Sourced from requests's changelog.

2.33.0 (2026-03-25)

Announcements

📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take...
Description has been truncated

Bumps the uv group with 1 update in the /docker/pytorch/cpu directory: [pip](https://github.com/pypa/pip). Bumps the uv group with 2 updates in the /docker/pytorch/cuda directory: [requests](https://github.com/psf/requests) and [pip](https://github.com/pypa/pip). Bumps the uv group with 9 updates in the /docker/xgboost directory: | Package | From | To | | --- | --- | --- | | [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` | | [certifi](https://github.com/certifi/python-certifi) | `2023.7.22` | `2024.7.4` | | [cryptography](https://github.com/pyca/cryptography) | `45.0.5` | `46.0.7` | | [flask](https://github.com/pallets/flask) | `1.1.1` | `3.1.3` | | [jinja2](https://github.com/pallets/jinja) | `2.11.3` | `3.1.6` | | [pillow](https://github.com/python-pillow/Pillow) | `9.1.1` | `12.2.0` | | [urllib3](https://github.com/urllib3/urllib3) | `1.26.5` | `2.6.3` | | [werkzeug](https://github.com/pallets/werkzeug) | `0.15.6` | `3.1.6` | | [wheel](https://github.com/pypa/wheel) | `0.45.1` | `0.46.2` | Bumps the uv group with 1 update in the /scripts/ray directory: [pip](https://github.com/pypa/pip). Updates `pip` from 26.0.1 to 26.1 - [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst) - [Commits](pypa/pip@26.0.1...26.1) Updates `pip` from 26.0.1 to 26.1 - [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst) - [Commits](pypa/pip@26.0.1...26.1) Updates `pip` from 26.0.1 to 26.1 - [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst) - [Commits](pypa/pip@26.0.1...26.1) Updates `requests` from 2.32.5 to 2.33.0 - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v2.32.5...v2.33.0) Updates `pip` from 26.0.1 to 26.1 - [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst) - [Commits](pypa/pip@26.0.1...26.1) Updates `requests` from 2.32.5 to 2.33.0 - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v2.32.5...v2.33.0) Updates `pip` from 26.0.1 to 26.1 - [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst) - [Commits](pypa/pip@26.0.1...26.1) Updates `requests` from 2.32.5 to 2.33.0 - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v2.32.5...v2.33.0) Updates `pip` from 26.0.1 to 26.1 - [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst) - [Commits](pypa/pip@26.0.1...26.1) Updates `requests` from 2.32.5 to 2.33.0 - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v2.32.5...v2.33.0) Updates `requests` from 2.32.3 to 2.33.0 - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v2.32.5...v2.33.0) Updates `certifi` from 2023.7.22 to 2024.7.4 - [Commits](certifi/python-certifi@2023.07.22...2024.07.04) Updates `cryptography` from 45.0.5 to 46.0.7 - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@45.0.5...46.0.7) Updates `flask` from 1.1.1 to 3.1.3 - [Release notes](https://github.com/pallets/flask/releases) - [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst) - [Commits](pallets/flask@1.1.1...3.1.3) Updates `jinja2` from 2.11.3 to 3.1.6 - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](pallets/jinja@2.11.3...3.1.6) Updates `pillow` from 9.1.1 to 12.2.0 - [Release notes](https://github.com/python-pillow/Pillow/releases) - [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst) - [Commits](python-pillow/Pillow@9.1.1...12.2.0) Updates `urllib3` from 1.26.5 to 2.6.3 - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](urllib3/urllib3@1.26.5...2.6.3) Updates `werkzeug` from 0.15.6 to 3.1.6 - [Release notes](https://github.com/pallets/werkzeug/releases) - [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst) - [Commits](pallets/werkzeug@0.15.6...3.1.6) Updates `requests` from 2.32.3 to 2.33.0 - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v2.32.5...v2.33.0) Updates `certifi` from 2023.7.22 to 2024.7.4 - [Commits](certifi/python-certifi@2023.07.22...2024.07.04) Updates `cryptography` from 45.0.5 to 46.0.7 - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@45.0.5...46.0.7) Updates `flask` from 1.1.1 to 3.1.3 - [Release notes](https://github.com/pallets/flask/releases) - [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst) - [Commits](pallets/flask@1.1.1...3.1.3) Updates `jinja2` from 2.11.3 to 3.1.6 - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](pallets/jinja@2.11.3...3.1.6) Updates `pillow` from 9.1.1 to 12.2.0 - [Release notes](https://github.com/python-pillow/Pillow/releases) - [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst) - [Commits](python-pillow/Pillow@9.1.1...12.2.0) Updates `urllib3` from 1.26.5 to 2.6.3 - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](urllib3/urllib3@1.26.5...2.6.3) Updates `werkzeug` from 0.15.6 to 3.1.6 - [Release notes](https://github.com/pallets/werkzeug/releases) - [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst) - [Commits](pallets/werkzeug@0.15.6...3.1.6) Updates `certifi` from 2023.7.22 to 2024.7.4 - [Commits](certifi/python-certifi@2023.07.22...2024.07.04) Updates `cryptography` from 45.0.5 to 46.0.7 - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@45.0.5...46.0.7) Updates `flask` from 1.1.1 to 3.1.3 - [Release notes](https://github.com/pallets/flask/releases) - [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst) - [Commits](pallets/flask@1.1.1...3.1.3) Updates `jinja2` from 2.11.3 to 3.1.6 - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](pallets/jinja@2.11.3...3.1.6) Updates `pillow` from 9.1.1 to 12.2.0 - [Release notes](https://github.com/python-pillow/Pillow/releases) - [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst) - [Commits](python-pillow/Pillow@9.1.1...12.2.0) Updates `requests` from 2.32.3 to 2.33.0 - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v2.32.5...v2.33.0) Updates `urllib3` from 1.26.5 to 2.6.3 - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](urllib3/urllib3@1.26.5...2.6.3) Updates `werkzeug` from 0.15.6 to 3.1.6 - [Release notes](https://github.com/pallets/werkzeug/releases) - [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst) - [Commits](pallets/werkzeug@0.15.6...3.1.6) Updates `wheel` from 0.45.1 to 0.46.2 - [Release notes](https://github.com/pypa/wheel/releases) - [Changelog](https://github.com/pypa/wheel/blob/main/docs/news.rst) - [Commits](pypa/wheel@0.45.1...0.46.2) Updates `pillow` from 9.1.1 to 12.2.0 - [Release notes](https://github.com/python-pillow/Pillow/releases) - [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst) - [Commits](python-pillow/Pillow@9.1.1...12.2.0) Updates `certifi` from 2023.7.22 to 2024.7.4 - [Commits](certifi/python-certifi@2023.07.22...2024.07.04) Updates `cryptography` from 45.0.5 to 46.0.7 - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@45.0.5...46.0.7) Updates `jinja2` from 2.11.3 to 3.1.6 - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](pallets/jinja@2.11.3...3.1.6) Updates `requests` from 2.32.3 to 2.33.0 - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v2.32.5...v2.33.0) Updates `urllib3` from 1.26.5 to 2.6.3 - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](urllib3/urllib3@1.26.5...2.6.3) Updates `pip` from 26.0.1 to 26.1 - [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst) - [Commits](pypa/pip@26.0.1...26.1) Updates `pip` from 26.0.1 to 26.1 - [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst) - [Commits](pypa/pip@26.0.1...26.1) Updates `pip` from 26.0.1 to 26.1 - [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst) - [Commits](pypa/pip@26.0.1...26.1) --- updated-dependencies: - dependency-name: pip dependency-version: '26.1' dependency-type: indirect dependency-group: uv - dependency-name: pip dependency-version: '26.1' dependency-type: indirect dependency-group: uv - dependency-name: pip dependency-version: '26.1' dependency-type: indirect dependency-group: uv - dependency-name: requests dependency-version: 2.33.0 dependency-type: direct:production dependency-group: uv - dependency-name: pip dependency-version: '26.1' dependency-type: indirect dependency-group: uv - dependency-name: requests dependency-version: 2.33.0 dependency-type: direct:production dependency-group: uv - dependency-name: pip dependency-version: '26.1' dependency-type: indirect dependency-group: uv - dependency-name: requests dependency-version: 2.33.0 dependency-type: direct:production dependency-group: uv - dependency-name: pip dependency-version: '26.1' dependency-type: indirect dependency-group: uv - dependency-name: requests dependency-version: 2.33.0 dependency-type: direct:production dependency-group: uv - dependency-name: requests dependency-version: 2.33.0 dependency-type: direct:production dependency-group: uv - dependency-name: certifi dependency-version: 2024.7.4 dependency-type: direct:production dependency-group: uv - dependency-name: cryptography dependency-version: 46.0.7 dependency-type: direct:production dependency-group: uv - dependency-name: flask dependency-version: 3.1.3 dependency-type: direct:production dependency-group: uv - dependency-name: jinja2 dependency-version: 3.1.6 dependency-type: direct:production dependency-group: uv - dependency-name: pillow dependency-version: 12.2.0 dependency-type: direct:production dependency-group: uv - dependency-name: urllib3 dependency-version: 2.6.3 dependency-type: direct:production dependency-group: uv - dependency-name: werkzeug dependency-version: 3.1.6 dependency-type: direct:production dependency-group: uv - dependency-name: requests dependency-version: 2.33.0 dependency-type: direct:production dependency-group: uv - dependency-name: certifi dependency-version: 2024.7.4 dependency-type: direct:production dependency-group: uv - dependency-name: cryptography dependency-version: 46.0.7 dependency-type: direct:production dependency-group: uv - dependency-name: flask dependency-version: 3.1.3 dependency-type: direct:production dependency-group: uv - dependency-name: jinja2 dependency-version: 3.1.6 dependency-type: direct:production dependency-group: uv - dependency-name: pillow dependency-version: 12.2.0 dependency-type: direct:production dependency-group: uv - dependency-name: urllib3 dependency-version: 2.6.3 dependency-type: direct:production dependency-group: uv - dependency-name: werkzeug dependency-version: 3.1.6 dependency-type: direct:production dependency-group: uv - dependency-name: certifi dependency-version: 2024.7.4 dependency-type: direct:production dependency-group: uv - dependency-name: cryptography dependency-version: 46.0.7 dependency-type: direct:production dependency-group: uv - dependency-name: flask dependency-version: 3.1.3 dependency-type: direct:production dependency-group: uv - dependency-name: jinja2 dependency-version: 3.1.6 dependency-type: direct:production dependency-group: uv - dependency-name: pillow dependency-version: 12.2.0 dependency-type: direct:production dependency-group: uv - dependency-name: requests dependency-version: 2.33.0 dependency-type: direct:production dependency-group: uv - dependency-name: urllib3 dependency-version: 2.6.3 dependency-type: direct:production dependency-group: uv - dependency-name: werkzeug dependency-version: 3.1.6 dependency-type: direct:production dependency-group: uv - dependency-name: wheel dependency-version: 0.46.2 dependency-type: direct:production dependency-group: uv - dependency-name: pillow dependency-version: 12.2.0 dependency-type: direct:production dependency-group: uv - dependency-name: certifi dependency-version: 2024.7.4 dependency-type: direct:production dependency-group: uv - dependency-name: cryptography dependency-version: 46.0.7 dependency-type: direct:production dependency-group: uv - dependency-name: jinja2 dependency-version: 3.1.6 dependency-type: direct:production dependency-group: uv - dependency-name: requests dependency-version: 2.33.0 dependency-type: direct:production dependency-group: uv - dependency-name: urllib3 dependency-version: 2.6.3 dependency-type: direct:production dependency-group: uv - dependency-name: pip dependency-version: '26.1' dependency-type: direct:production dependency-group: uv - dependency-name: pip dependency-version: '26.1' dependency-type: direct:production dependency-group: uv - dependency-name: pip dependency-version: '26.1' dependency-type: direct:production dependency-group: uv ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-05-05T21:05:56Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels May 1, 2026

aws-deep-learning-containers-ci Bot added the authorized label May 1, 2026

dependabot Bot closed this May 5, 2026

dependabot Bot deleted the dependabot/uv/docker/pytorch/cpu/uv-9e624bc8a6 branch May 5, 2026 21:06

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump the uv group across 4 directories with 10 updates#6027

build(deps): bump the uv group across 4 directories with 10 updates#6027
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/docker/pytorch/cpu/uv-9e624bc8a6

dependabot Bot commented on behalf of github May 1, 2026 •

edited

Loading

Uh oh!

dependabot Bot commented on behalf of github May 5, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 1, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

26.1 (2026-04-26)

Deprecations and Removals

Features

Enhancements

Bug Fixes

Vendored Libraries

26.1 (2026-04-26)

Deprecations and Removals

Features

Enhancements

Bug Fixes

Vendored Libraries

26.1 (2026-04-26)

Deprecations and Removals

Features

Enhancements

Bug Fixes

Vendored Libraries

v2.33.0

2.33.0 (2026-03-25)

New Contributors

2.33.0 (2026-03-25)

26.1 (2026-04-26)

Deprecations and Removals

Features

Enhancements

Bug Fixes

Vendored Libraries

v2.33.0

2.33.0 (2026-03-25)

New Contributors

2.33.0 (2026-03-25)

26.1 (2026-04-26)

Deprecations and Removals

Features

Enhancements

Bug Fixes

Vendored Libraries

v2.33.0

2.33.0 (2026-03-25)

New Contributors

2.33.0 (2026-03-25)

26.1 (2026-04-26)

Deprecations and Removals

Features

Enhancements

Bug Fixes

Vendored Libraries

v2.33.0

2.33.0 (2026-03-25)

New Contributors

2.33.0 (2026-03-25)

Uh oh!

dependabot Bot commented on behalf of github May 5, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot Bot commented on behalf of github May 1, 2026 •

edited

Loading