⬆️(dependencies) update python dependencies#2149
Open
renovate[bot] wants to merge 1 commit intomainfrom
Open
Conversation
renovate
bot
added
automated
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
==2.12.0→==2.12.1==1.42.59→==1.42.73==0.0.24→==0.0.25==3.16.1→==3.17.0==2026.1.26→==2026.3.4==9.10.0→==9.11.0==2.24.0→==2.29.0==0.12.47→==0.12.50==6.1.3→==6.1.6==7.0.0→==7.1.0==0.15.4→==0.15.7==2.53.0→==2.55.0==0.41.0→==0.42.0Release Notes
jpadilla/pyjwt (PyJWT)
v2.12.1Compare Source
Changed
Remove algorithm requirement from JWT API, instead relying on JWS API for enforcement, by @luhn in
#​975 <https://github.com/jpadilla/pyjwt/pull/975>__Use
Sequencefor parameter types rather thanListwhere applicable by @imnotjames in#​970 <https://github.com/jpadilla/pyjwt/pull/970>__Add JWK support to JWT encode by @luhn in
#​979 <https://github.com/jpadilla/pyjwt/pull/979>__Encoding and decoding payloads using the
nonealgorithm by @jpadilla in#c2629f6 <https://github.com/jpadilla/pyjwt/commit/c2629f66c593459e02616048443231ccbe18be16>__Before:
.. code-block:: pycon
After:
.. code-block:: pycon
Added validation for 'sub' (subject) and 'jti' (JWT ID) claims in tokens by @Divan009 in
#​1005 <https://github.com/jpadilla/pyjwt/pull/1005>__Refactor project configuration files from
setup.cfgtopyproject.tomlby @cleder in#​995 <https://github.com/jpadilla/pyjwt/pull/995>__Ruff linter and formatter changes by @gagandeepp in
#​1001 <https://github.com/jpadilla/pyjwt/pull/1001>__Drop support for Python 3.8 (EOL) by @kkirsche in
#​1007 <https://github.com/jpadilla/pyjwt/pull/1007>__Fixed
#​972 <https://github.com/jpadilla/pyjwt/pull/972>__#​973 <https://github.com/jpadilla/pyjwt/pull/973>__#​992 <https://github.com/jpadilla/pyjwt/pull/992>__#​980 <https://github.com/jpadilla/pyjwt/pull/980>__#​993 <https://github.com/jpadilla/pyjwt/pull/993>__pyproject.tomlinpre-commitby @cleder in#​1002 <https://github.com/jpadilla/pyjwt/pull/1002>__#​1003 <https://github.com/jpadilla/pyjwt/pull/1003>__boto/boto3 (boto3)
v1.42.73Compare Source
=======
backup: [botocore] Fix Typo for S3Backup Options ( S3BackupACLs to BackupACLs)dynamodb: [botocore] Adding ReplicaArn to ReplicaDescription of a global table replicaendpoint-rules: [botocore] Update endpoint-rules client to latest versionopensearch: [botocore] Added support for Amazon Managed Service for Prometheus (AMP) as a connected data source in OpenSearch UI. Now users can analyze Prometheus metrics in OpenSearch UI without data copy.verifiedpermissions: [botocore] Adds support for Policy Store Aliases, Policy Names, and Policy Template Names. These are customizable identifiers that can be used in place of Policy Store ids, Policy ids, and Policy Template ids respectively in Amazon Verified Permissions APIs.botocore] Fix aws-chunked requests with non-seekable streams sending bothContent-LengthandTransfer-Encoding: chunked, which violated HTTP/1.1 (RFC 7230) and causedSignatureDoesNotMatcherrors.v1.42.72Compare Source
=======
batch: [botocore] AWS Batch now supports quota management, enabling administrators to allocate shared compute resources across teams and projects through quota shares with capacity limits, resource-sharing strategies, and priority-based preemption - currently available for SageMaker Training job queues.bedrock-agentcore: [botocore] This release includes SDK support for the following new features on AgentCore Built In Tools. 1. Enterprise Policies for AgentCore Browser Tool. 2. Root CA Configuration Support for AgentCore Browser Tool and Code Interpreter. 3. API changes to AgentCore Browser Profile APIsbedrock-agentcore-control: [botocore] Adds support for the following new features. 1. Enterprise Policies support for AgentCore Browser Tool. 2. Root CA Configuration support for AgentCore Browser Tool and Code Interpreter.ec2: [botocore] Amazon EC2 Fleet instant mode now supports launching instances into Interruptible Capacity Reservations, enabling customers to use spare capacity shared by Capacity Reservation owners within their AWS Organization.observabilityadmin: [botocore] Adding a new field in the CreateCentralizationRuleForOrganization, UpdateCentralizationRuleForOrganization API and updating the GetCentralizationRuleForOrganization API response to include the new fieldpolly: [botocore] Added bi-directional streaming functionality through a new API, StartSpeechSynthesisStream. This API allows streaming input text through inbound events and receiving audio as part of an output stream simultaneously.v1.42.71Compare Source
=======
ec2: [botocore] The DescribeInstanceTypes API now returns default connection tracking timeout values for TCP, UDP, and UDP stream via the new connectionTrackingConfiguration field on NetworkInfo.mediaconvert: [botocore] This update adds additional bitrate options for Dolby AC-4 audio outputs.v1.42.70Compare Source
=======
bedrock-agentcore-control: [botocore] Deprecating namespaces field and adding namespaceTemplates.emr: [botocore] Add S3LoggingConfiguration to Control LogUploadsglue: [botocore] Provide approval to overwrite existing Lake Formation permissions on all child resources with the default permissions specified in 'CreateTableDefaultPermissions' and 'CreateDatabaseDefaultPermissions' when updating catalog. Allowed values are ["Accept","Deny"] .v1.42.69Compare Source
=======
bedrock: [botocore] You can now generate policy scenarios on demand using the new GENERATE POLICY SCENARIOS build workflow type. Scenarios will no longer be automatically generated during INGEST CONTENT, REFINE POLICY, and IMPORT POLICY workflows, resulting in faster completion times for these operations.bedrock-agentcore: [botocore] Provide support to perform deterministic operations on agent runtime through shell command executions via the new InvokeAgentRuntimeCommand APIbedrock-agentcore-control: [botocore] Supporting hosting of public ECR Container Images in AgentCore Runtimeecs: [botocore] Amazon ECS now supports configuring whether tags are propagated to the EC2 Instance Metadata Service (IMDS) for instances launched by the Managed Instances capacity provider. This gives customers control over tag visibility in IMDS when using ECS Managed Instances.v1.42.68Compare Source
=======
apigateway: [botocore] API Gateway now supports an additional security policy "SecurityPolicy-TLS13-1-2-FIPS-PFS-PQ-2025-09" for REST APIs and custom domain names. The new policy is compliant with TLS 1.3, Federal Information Processing Standards (FIPS), Perfect Forward Secrecy (PFS), and post-quantum (PQ) cryptographyconfig: [botocore] Fix pagination support for DescribeConformancePackCompliance, and update OrganizationConfigRule InputParameters max length to match ConfigRule.connect: [botocore] Deprecating PredefinedNotificationID fieldgameliftstreams: [botocore] Feature launch that enables customers to connect streaming sessions to their own VPCs running in AWS.glue: [botocore] Add QuerySessionContext to BatchGetPartitionRequestivs-realtime: [botocore] Updates maximum reconnect window seconds from 60 to 300 for participant replicationmediaconvert: [botocore] This update adds support for Dolby AC-4 audio output, frame rate conversion between non-Dolby Vision inputs to Dolby Vision outputs, and clear lead CMAF HLS output.medialive: [botocore] Documents the VideoDescription.ScalingBehavior.SMART(underscore)CROP enum value.mgn: [botocore] Network Migration APIs are now publicly available for direct programmatic access. Customers can now call Network Migration APIs directly without going through AWS Transform (ATX), enabling automation, integration with existing tools, and self-service migration workflows.quicksight: [botocore] The change adds a new capability named ManageSharedFolders in Custom Permissionsv1.42.67Compare Source
=======
datasync: [botocore] DataSync's 3 location types, Hadoop Distributed File System (HDFS), FSx for Windows File Server (FSx Windows), and FSx for NetApp ONTAP (FSx ONTAP) now have credentials managed via Secrets Manager, which may be encrypted with service keys or be configured to use customer-managed keys or secret.ecr: [botocore] Add Chainguard to PTC upstreamRegistry enums3: [botocore] Adds support for account regional namespaces for general purpose buckets. The account regional namespace is a reserved subdivision of the global bucket namespace where only your account can create general purpose buckets.sso-oidc: [botocore] Fixed missing error messages in SSO OIDC error responses by mapping OAuth2 error_description field to the standard Message field. Issue was raised in#​2216 <https://github.com/boto/botocore/issues/2216>__.v1.42.66Compare Source
=======
customer-profiles: [botocore] Today, Amazon Connect is announcing the ability to filter (include or exclude) recommendations based on properties of items and interactions.eks: [botocore] Adds support for a new tier in controlPlaneScalingConfig on EKS Clusters.endpoint-rules: [botocore] Update endpoint-rules client to latest versionpolly: [botocore] Added support for the new voices - Ambre (fr-FR), Beatrice (it-IT), Florian (fr-FR), Lennart (de-DE), Lorenzo (it-IT) and Tiffany (en-US). They are available as a Generative voices only.sagemaker: [botocore] SageMaker training plans allow you to extend your existing training plans to avoid workload interruptions without workload reconfiguration. When a training plan is approaching expiration, you can extend it directly through the SageMaker AI console or programmatically using the API or AWS CLI.simpledbv2: [botocore] Introduced Amazon SimpleDB export functionality enabling domain data export to S3 in JSON format. Added three new APIs StartDomainExport, GetExport, and ListExports via SimpleDBv2 service. Supports cross-region exports and KMS encryption.workspaces: [botocore] Added WINDOWS SERVER 2025 OperatingSystemName.v1.42.65Compare Source
=======
bedrock-agentcore-control: [botocore] Adding first class support for AG-UI protocol in AgentCore Runtime.connectcases: [botocore] Added functionality for the Required and Hidden case rule types to be conditionally evaluated on up to 5 conditions.dms: [botocore] Not need to include to any release notes. The only change is to correct LoadTimeout unit from milliseconds to seconds in RedshiftSettingsendpoint-rules: [botocore] Update endpoint-rules client to latest versionkafka: [botocore] Add dual stack endpoint to SDKlexv2-models: [botocore] This release introduces a new generative AI feature called Lex Bot Analyzer. This feature leverage AI to analyze the bot configuration against AWS Lex best practices to identify configuration issues and provides recommendations.v1.42.64Compare Source
=======
iam: [botocore] Added support for CloudWatch Logs long-term API keys, currently available in Previewmgn: [botocore] Adds support for new storeSnapshotOnLocalZone field in ReplicationConfiguration and updateReplicationConfigurationopensearch: [botocore] This change enables cross-account and cross-region access for DataSources. Customers can now define access policies on their datasources to allow other AWS accounts to access and query their data.route53globalresolver: [botocore] Adds support for dual stack Global Resolvers and Dictionary-based Domain Generation Firewall Advanced Protection.v1.42.63Compare Source
=======
appintegrations: [botocore] This release adds support for webhooks, allowing customers to create an Event Integration with a webhook source.bcm-data-exports: [botocore] Fixed wrong endpoint resolutions in few regions. Added AWS CFN resource schema for BCM Data Exports. Added max value validation for pagination parameter. Fixed ARN format validation for BCM Data Exports resources. Updated size constraints for table properties. Added AccessDeniedException error.bedrock: [botocore] Amazon Bedrock Guardrails account-level enforcement APIs now support lists for model inclusion and exclusion from guardrail enforcement.bedrock-agentcore-control: [botocore] Adds support for streaming memory records in AgentCore Memoryconnect: [botocore] Amazon Connect now supports the ability to programmatically configure and run automated tests for contact center experiences for Chat. Integrate testing into CICD pipelines, run multiple tests at scale, and retrieve results via API to automate validation of chat interactions and workflows.deadline: [botocore] AWS Deadline Cloud now supports cost scale factors for farms, enabling studios to adjust reported costs to reflect their actual rendering economics. Adjusted costs are reflected in Deadline Cloud's Usage Explorer and Budgets.endpoint-rules: [botocore] Update endpoint-rules client to latest versiongameliftstreams: [botocore] Added new Gen6 stream classes based on the EC2 G6f instance family. These stream classes provide cost-optimized options for streaming well-optimized or lower-fidelity games on Windows environments.sesv2: [botocore] Adds support for longer email message header values, increasing the maximum length from 870 to 995 characters for RFC 5322 compliance.v1.42.62Compare Source
=======
connecthealth: [botocore] Connect-Health SDK is AWS's unified SDK for the Amazon Connect Health offering. It allows healthcare developers to integrate purpose-built agents - such as patient insights, ambient documentation, and medical coding - into their existing applications, including EHRs, telehealth, and revenue cycle.ec2: [botocore] Added metadata field to CapacityAllocation.endpoint-rules: [botocore] Update endpoint-rules client to latest versionguardduty: [botocore] Added MALICIOUS FILE to IndicatorType enum in MDC Sequencempa: [botocore] Updates to multi-party approval (MPA) service to add support for approval team baseline operations.sagemaker: [botocore] Adds support for S3 Bucket Ownership validation for SageMaker Managed MLflow.savingsplans: [botocore] Added support for OpenSearch and Neptune Analytics to Database Savings Plans.botocore] Validate new region name when redirecting.v1.42.61Compare Source
=======
connect: [botocore] Added support for configuring additional email addresses on queues in Amazon Connect. Agents can now select an outbound email address and associate additional email addresses for replying to or initiating emails.elasticbeanstalk: [botocore] As part of this release, Beanstalk introduce a new info type - analyze for request environment info and retrieve environment info operations. When customers request an Al analysis, Elastic Beanstalk runs a script on an instance in their environment and returns an analysis of events, health and logs.es: [botocore] Adds support for DeploymentStrategyOptions.gamelift: [botocore] Amazon GameLift Servers now offers DDoS protection for Linux-based EC2 and Container Fleets on SDKv5. The player gateway proxy relay network provides traffic validation, per-player rate limiting, and game server IP address obfuscation all with negligible added latency and no additional cost.opensearch: [botocore] Adding support for DeploymentStrategyOptionsquicksight: [botocore] Added several new values for Capabilities, increased visual limit per sheet from previous limit to 75, renamed Quick Suite to Quick in several places.botocore] Exclude additional hop-by-hop headers from SigV4 signing to prevent signature mismatches when intermediaries mutate transport headers (connection, keep-alive, proxy-authenticate, proxy-authorization, TE, trailer, upgrade).v1.42.60Compare Source
=======
bedrock-agentcore-control: [botocore] Support for AgentCore Policy GAdatazone: [botocore] Adding QueryGraph operation to DataZone SDKlogs: [botocore] CloudWatch Logs updates- Added support for the PutBearerTokenAuthentication API to enable or disable bearer token authentication on a log group. For more information, see CloudWatch Logs API documentation.partnercentral-channel: [botocore] Adds the Resold Unified Operations support plan and removes the Resold Business support plan in the CreateRelationship and UpdateRelationship APIssagemaker: [botocore] This release adds b300 and g7e instance types for SageMaker inference endpoints.suitenumerique/django-lasuite (django-lasuite)
v0.0.25Compare Source
Added
encode/django-rest-framework (djangorestframework)
v3.17.0Compare Source
What's Changed
Breaking changes
Features
DurationFieldby @sevdog in #8532@versioning_class(),@content_negotiation_class(),@metadata_class()for function-based views by @qqii in #9719violation_error_codeandviolation_error_messagefromUniqueConstraintinUniqueTogetherValidatorby @s-aleshin in #9766ipaddressobjects inJSONEncoderby @corenting in #9087BigIntegerto string by @HoodyH in #9775Bug fixes
Tokenoverwrite by @mahdirahimi1999 in #9754UniqueTogetherValidatorvalidation when condition references a read-only field by @ticosax in #9764default=Noneby @Genarito in #9790__init__.pyby @TheFunctionalGuy in #9799HTMLFormRendererto ensure a validdatetime-localformat by @mgaligniana in #9365MultipleChoiceFieldby @fbozhang in #9735Translations
Packaging
pyproject.tomlby @deronnax in #9056MANIFEST.intopyproject.tomlby @p-r-a-v-i-n in #9825Other changes
secretsmodule by @mahdirahimi1999 in #9760@api_viewby @kernelshard in #9821New Contributors
Full Changelog: encode/django-rest-framework@3.16.1...3.17.0
mozilla-services/python-dockerflow (dockerflow)
v2026.3.4Compare Source
ipython/ipython (ipython)
v9.11.0Compare Source
v9.10.1Compare Source
openai/openai-python (openai)
v2.29.0Compare Source
Full Changelog: v2.28.0...v2.29.0
Features
Bug Fixes
by_aliasunless set (8ebe8fb)Chores
v2.28.0Compare Source
Full Changelog: v2.27.0...v2.28.0
Features
v2.27.0Compare Source
Full Changelog: v2.27.0...v2.28.0
Features
v2.26.0Compare Source
Full Changelog: v2.25.0...v2.26.0
Features
v2.25.0Compare Source
Full Changelog: v2.25.0...v2.26.0
Features
y-crdt/pycrdt (pycrdt)
v0.12.50Compare Source
v0.12.49Compare Source
v0.12.48Compare Source
pytest-dev/pyfakefs (pyfakefs)
v6.1.6Compare Source
Follow-up bugfix release for 6.1.5.
Fixes
os.path.realpathdid not correctly handle some absolute paths under Windows(previous fix was incomplete, see #1296)
v6.1.5Compare Source
Minor bugfix release.
Fixes
os.path.realpathdid not resolve symlinks under Windows(see #1296)
v6.1.4Compare Source
Fixes incompatibility with VCCode unittest runner.
Fixes
expandusernow correctly handles paths besides home and different separators(see #1289)
(see #1285)
pytest-dev/pytest-cov (pytest-cov)
v7.1.0Compare Source
Fixed total coverage computation to always be consistent, regardless of reporting settings.
Previously some reports could produce different total counts, and consequently can make --cov-fail-under behave different depending on
reporting options.
See
#​641 <https://github.com/pytest-dev/pytest-cov/issues/641>_.Improve handling of ResourceWarning from sqlite3.
The plugin adds warning filter for sqlite3
ResourceWarningunclosed database (since 6.2.0).It checks if there is already existing plugin for this message by comparing filter regular expression.
When filter is specified on command line the message is escaped and does not match an expected message.
A check for an escaped regular expression is added to handle this case.
With this fix one can suppress
ResourceWarningfrom sqlite3 from command line::pytest -W "ignore:unclosed database in <sqlite3.Connection object at:ResourceWarning" ...
Various improvements to documentation.
Contributed by Art Pelling in
#​718 <https://github.com/pytest-dev/pytest-cov/pull/718>_ and"vivodi" in
#​738 <https://github.com/pytest-dev/pytest-cov/pull/738>.Also closed
#​736 <https://github.com/pytest-dev/pytest-cov/issues/736>.Fixed some assertions in tests.
Contributed by in Markéta Machová in
#​722 <https://github.com/pytest-dev/pytest-cov/pull/722>_.Removed unnecessary coverage configuration copying (meant as a backup because reporting commands had configuration side-effects before coverage 5.0).
astral-sh/ruff (ruff)
v0.15.7Compare Source
Released on 2026-03-19.
Preview features
noqahover for non-Python documents (#24040)Rule changes
pycodestyle] Recognizepyrefly:as a pragma comment (E501) (#24019)Server
Documentation
pylint] Improve phrasing (PLC0208) (#24033)Other changes
Contributors
v0.15.6Compare Source
Released on 2026-03-12.
Preview features
lazyimport parsing (#23755)airflow] FlagVariable.get()calls outside of task execution context (AIR003) (#23584)airflow] Flag runtime-varying values in DAG/task constructor arguments (AIR304) (#23631)flake8-bugbear] Implementdelattr-with-constant(B043) (#23737)flake8-tidy-imports] AddTID254to enforce lazy imports (#23777)flake8-tidy-imports] Allow users to ban lazy imports withTID254(#23847)isort] Retainlazykeyword when sorting imports (#23762)pyupgrade] Addfrom __future__ import annotationsautomatically (UP006) (#23260)refurb] Supportnewlineparameter inFURB101for Python 3.13+ (#23754)ruff] Addos-path-commonprefix(RUF071) (#23814)ruff] Add unsafe fix for os-path-commonprefix (RUF071) (#23852)ruff] LimitRUF036to typing contexts; make it unsafe for non-typing-only (#23765)ruff] Use starred unpacking forRUF017in Python 3.15+ (#23789)Bug fixes
--add-noqacreatingConfiguration
📅 Schedule: Branch creation - "before 7am on monday" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.