Bump the all-dependencies group across 1 directory with 10 updates

[dependabot]

Bumps the all-dependencies group with 10 updates in the / directory:

Package	From	To
pytelegrambotapi	4.29.1	4.32.0
beautifulsoup4	4.14.0	4.14.3
redis	6.4.0	7.4.0
apscheduler	3.11.0	3.11.2
pymongo	4.15.1	4.16.0
tornado	6.5.2	6.5.5
fakeredis	2.31.3	2.34.1
tqdm	4.67.1	4.67.3
pillow	12.1.1	12.2.0
pytz	2025.2	2026.1.post1

Updates pytelegrambotapi from 4.29.1 to 4.32.0

Commits

• 23aee2b Merge pull request #2571 from Badiboy/master
• 4729652 Bump version
• 4db74cc Merge pull request #2570 from Badiboy/master
• 0685718 Fix
• 37eb381 Fix
• 30a4125 Fix
• 5f23d6f Update formatting for new message entity date_time. Also optimize html code t...
• 80553b8 Merge pull request #2566 from KimmyXYC/master
• 9435ddd Merge pull request #2564 from Badiboy/master
• f83c3de Fix argument passing for set_chat_member_tag in synchronous and asynchronous ...
• Additional commits viewable in compare view

Updates beautifulsoup4 from 4.14.0 to 4.14.3

Updates redis from 6.4.0 to 7.4.0

Release notes

Sourced from redis's releases.

7.4.0

Changes

🐛 Bug Fixes

• Fix AttributeError in cluster metrics recording when connection is None or ClusterNode object instance is used to extract the connection info (#3999)
• Fixing security concern in repr methods for ConnectionPools - passwords might leak in plain text logs (#3998)
• Refactored connection count and SCH metric collection (#4001)

🧪 Experimental Features

-Refactored health check logic for MultiDBClient (#3994)

🧰 Maintenance

• Expose basic Otel classes and functions to be importable through redis.observability to match the examples in the readthedocs (#3996)

We'd like to thank all the contributors who worked on this release! @​vladvildanov @​petyaslavova

7.3.0

Changes

OpenTelemetry Native Metrics Support for asynchronous clients Added comprehensive OpenTelemetry metrics support for asynchronous clients following the OpenTelemetry Database Client Semantic Conventions. Metric groups include:

• Command metrics: Operation duration with retry tracking
• Connection basic: Connection count and creation time
• Resiliency: Errors, handoffs, timeout relaxation
• Connection advanced: Wait time and use time
• Pubsub metrics: Published and received messages
• Stream metrics: Processing duration and maintenance notifications

🚀 New Features

• Added OTel instrumentation and metrics export for async client (#3977)

🐛 Bug Fixes

• [async] Adding access to cluster client's nodes_manager and set_response_callback in ClusterPipeline objects (#3989)
• fix(connection): Ensure we have an initialized protocol in connection (#3981)

🧰 Maintenance

• fix: use KeysT for blpop and brpop keys parameter type annotation (#3987 #3990)
• Bump actions/upload-artifact from 6 to 7 (#3985)
• fix: replace 3 bare except clauses with except Exception (#3980)

We'd like to thank all the contributors who worked on this release! @​mitre88 @​turanalmammadov @​haosenwang1018 @​Medno @​vladvildanov @​petyaslavova

7.2.1

Changes

... (truncated)

Commits

• b72f24a Updating lib version to 7.4.0
• 0a4e0af Refactored health check logic for MultiDBClient (#3994)
• 15492c9 Refactored connection count and SCH metric collection (#4001)
• cd964ac Expose basic Otel classes and funtions to be importable through redis.observa...
• 46ab74d Fixing security concern in repr methods for ConnectionPools - passwords m...
• 26482db Fix AttributeError in cluster metrics recording when connection is None or Cl...
• 8ecbc7a Updating lib version to 7.3.0
• 11043df typing: accept single-key input for blpop and brpop (#3990)
• d958125 fix: use KeysT for blpop and brpop keys parameter type annotation (#3987)
• 75bf91b [async] Adding access to cluster client's nodes_manager and set_response_call...
• Additional commits viewable in compare view

Updates apscheduler from 3.11.0 to 3.11.2

Release notes

Sourced from apscheduler's releases.

3.11.2

• Fixed an issue where a job using a CronTrigger scheduled in a repeated time interval during DST transitions could cause the scheduler to get stuck in an infinite loop (#1021; PR by @​soulofakuma)

3.11.1

• Fixed scheduler.shutdown() not raising SchedulerNotRunning (or raising the wrong exception) for asynchronous schedulers when the scheduler is in fact not running
• Fixed CronTrigger sticking on a folded datetime during the fall-back DST transition (#1021 <agronholm/apscheduler#1021>_; PR by @​berianjames)`

Commits

• 0f70950 Added the release version
• bc404e6 Updated publish actions
• c3aa155 Updated pre-commit modules
• ad6b2dc Added fix for get_next_fire_time not advancing through fold with unfolded pre...
• f4df139 Added the release version
• 25be7b7 Fixed CronTrigger getting stuck on fallback DST transition (#1079)
• 1261386 Updated etcd image repository name
• b1f5636 Fixed shutdown() not raising the correct exception for some schedulers
• See full diff in compare view

Updates pymongo from 4.15.1 to 4.16.0

Release notes

Sourced from pymongo's releases.

PyMongo 4.16.0

Community notes:

PyMongo 4.15.5

Community notes: https://www.mongodb.com/community/forums/t/pymongo-4-15-5-released/332185

PyMongo 4.15.4

Community notes: https://www.mongodb.com/community/forums/t/pymongo-4-15-4-released/331292

PyMongo 4.15.3

Community notes: https://www.mongodb.com/community/forums/t/pymongo-4-15-3-released/329778

PyMongo 4.15.2

Community notes: https://www.mongodb.com/community/forums/t/pymongo-4-15-2-released/329543

Changelog

Sourced from pymongo's changelog.

Changes in Version 4.16.0 (2026/01/07)

PyMongo 4.16 brings a number of changes including:

• Removed invalid documents from :class:bson.errors.InvalidDocument error messages as doing so may leak sensitive user data. Instead, invalid documents are stored in :attr:bson.errors.InvalidDocument.document.
• PyMongo now requires dnspython>=2.6.1, since dnspython 1.0 is no longer maintained. The minimum version is 2.6.1 to account for CVE-2023-29483 <https://www.cve.org/CVERecord?id=CVE-2023-29483>_.
• Removed support for Eventlet. Eventlet is actively being sunset by its maintainers and has compatibility issues with PyMongo's dnspython dependency.
• Use Zstandard support from the standard library for Python 3.14+, and use backports.zstd for older versions.
• Fixed return type annotation for find_one_and_* methods on :class:~pymongo.asynchronous.collection.AsyncCollection and :class:~pymongo.synchronous.collection.Collection to include None.
• Added support for NumPy 1D-arrays in :class:bson.binary.BinaryVector.
• Prevented :class:~pymongo.encryption.ClientEncryption from loading the crypt shared library to fix "MongoCryptError: An existing crypt_shared library is loaded by the application" unless the linked library search path is set.

Changes in Version 4.15.5 (2025/12/02)

Version 4.15.5 is a bug fix release.

• Fixed a bug that could cause AutoReconnect("connection pool paused") errors when cursors fetched more documents from the database after SDAM heartbeat failures.

Changes in Version 4.15.4 (2025/10/21)

Version 4.15.4 is a bug fix release.

• Relaxed the callback type of :meth:~pymongo.asynchronous.client_session.AsyncClientSession.with_transaction to allow the broader Awaitable type rather than only Coroutine objects.
• Added the missing Python 3.14 trove classifier to the package metadata.

Issues Resolved ...............

See the PyMongo 4.15.4 release notes in JIRA_ for the list of resolved issues in this release.

.. _PyMongo 4.15.4 release notes in JIRA: https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004&version=47237

Changes in Version 4.15.3 (2025/10/07)

Version 4.15.3 is a bug fix release.

• Fixed a memory leak when raising :class:bson.errors.InvalidDocument with C extensions.
• Fixed the return type of the :meth:~pymongo.asynchronous.collection.AsyncCollection.distinct,

... (truncated)

Commits

• 3290101 Prepare 4.16.0 release (#2672)
• 1be94d2 PYTHON-5685 Fix unified spec sync metadata for csot and sessions tests (#2669)
• 6585d9c PYTHON-2442: Refactor: use _asdict() in _options_dict() (#2670)
• fdb1f7e PYTHON-5677 Prevent ClientEncryption from loading crypt shared library (#2659)
• 0cd9763 Bump zizmorcore/zizmor-action from cb3d8e846e148d1111d90b03375b9c03deceda37 t...
• 2f263d4 PYTHON-5680 Fix handling of expectedDocuments in Unified Test Runner (#2665)
• e9658b2 Add 4.15.5 release date to changelog (#2666)
• 10dd204 Update coverage[toml] requirement from <=7.10.6,>=5 to >=5,<=7.10.7 (#2662)
• 1300677 [Spec Resync] 12-22-2025 (#2663)
• 18c1f14 PYTHON-5529 Introduce optin setting to await for MinPoolSize population (#2664)
• Additional commits viewable in compare view

Updates tornado from 6.5.2 to 6.5.5

Changelog

Sourced from tornado's changelog.

Release notes

.. toctree:: :maxdepth: 2

releases/v6.5.5 releases/v6.5.4 releases/v6.5.3 releases/v6.5.2 releases/v6.5.1 releases/v6.5.0 releases/v6.4.2 releases/v6.4.1 releases/v6.4.0 releases/v6.3.3 releases/v6.3.2 releases/v6.3.1 releases/v6.3.0 releases/v6.2.0 releases/v6.1.0 releases/v6.0.4 releases/v6.0.3 releases/v6.0.2 releases/v6.0.1 releases/v6.0.0 releases/v5.1.1 releases/v5.1.0 releases/v5.0.2 releases/v5.0.1 releases/v5.0.0 releases/v4.5.3 releases/v4.5.2 releases/v4.5.1 releases/v4.5.0 releases/v4.4.3 releases/v4.4.2 releases/v4.4.1 releases/v4.4.0 releases/v4.3.0 releases/v4.2.1 releases/v4.2.0 releases/v4.1.0 releases/v4.0.2 releases/v4.0.1 releases/v4.0.0 releases/v3.2.2 releases/v3.2.1 releases/v3.2.0 releases/v3.1.1

... (truncated)

Commits

• 7d64650 Merge pull request #3586 from bdarnell/update-cibw
• d05d59b build: Bump cibuildwheel to 3.4.0
• c2f4673 Merge pull request #3585 from bdarnell/release-655
• e5f1aa4 Release notes and version bump for v6.5.5
• 78a046f httputil: Add CRLF to _FORBIDDEN_HEADER_CHARS_RE
• 24a2d96 web: Validate characters in all cookie attributes.
• 119a195 httputil: Add limits on multipart form data parsing
• 63d4df4 Merge pull request #3564 from bdarnell/release-654
• eadbf9a Release notes and version bump for 6.5.4
• bbc2b14 Make sure that the in-operator on HTTPHeaders is case insensitive
• Additional commits viewable in compare view

Updates fakeredis from 2.31.3 to 2.34.1

Release notes

Sourced from fakeredis's releases.

v2.34.1

What's Changed

🐛 Bug Fixes

• Fix handling of deprecated arguments in FakeRedis to support redis-py 7.2.0 #457
• Blocking XREAD with block=0 works as expected #453

Full Changelog: cunla/fakeredis-py@v2.34.0...v2.34.1

v2.33.0🌈

🚀 Features

• Implement MSETEX (From Redis 8.4)

🐛 Bug Fixes

• fix[FakeAsyncRedis]: FakeAsyncRedis supports protocol=3 #442
• fix[TcpFakeServer]: TcpFakeServer supports pub/sub #431
• fix[TcpFakeServer]: preserve whitespace in bulk strings @​oliverhaas #435

🧰 Maintenance

• Update tests to support redis-py 7.1.0 and Redis 8.4
• Async tests run on resp3 and resp2

New Contributors

• @​oliverhaas made their first contribution in cunla/fakeredis-py#433

Full Changelog: cunla/fakeredis-py@v2.32.1...v2.33.0

v2.32.1 🌈

v2.32.1 -

🐛 Bug Fixes

• fix:support for py3.7 #423
• fix:xpending_range to return all 4 required fields per Redis spec @​zzstoatzz #427
• fix[TcpFakeServer]: add exception prefix #432

🧰 Maintenance

• Update tests to support redis-py 7.0.1
• Update tests to support valkey 9.0.0

Full Changelog: cunla/fakeredis-py@v2.32.0...v2.32.1

v2.32.0 🌈

... (truncated)

Commits

• de4e724 Updated documentation
• 29f63b1 Updated documentation
• f85cccb fix:blocking xread #453 (#455)
• 203ab04 doc:update
• 7c5bd12 fix:deprecation warning for redis-py:7.2
• dbcea6f refactor:convert_args_kwargs
• 20aec5d chore:update dependencies
• fe88ad0 chore:update dependencies
• 2582dc6 chore:update dependencies
• 7016c62 chore:update dependencies
• Additional commits viewable in compare view

Updates tqdm from 4.67.1 to 4.67.3

Release notes

Sourced from tqdm's releases.

tqdm v4.67.3 stable

• fix py3.7 dependencies (#1706 <- #1705)

tqdm v4.67.2 stable

• support pandas>=3 (#1703 <- #1701, #1650, #1700)
• fix format_interval for negative numbers (#1703)
• misc linting
• framework updates (#1704)
  • bump CI workflow & pre-commit dependencies
  • add pyupgrade
  • add py3.13 support
  • fix py3.7 tests
  • update setuptools-scm usage
  • support auto-dedented docstrings when building docs in py3.13
• tests: relax flaky benchmarks

Commits

• 75bdb6c fix py3.7 compat
• 09a863b bump version, merge pull request #1704 from tqdm/devel
• 33d24cd update pyproject syntax
• 70b9124 add py3.13 support
• a74d8f8 drop _dist_ver
• 14d72e2 Merge pull request #1703 from wingding12/fix-pandas-3.0-and-negative-interval
• a69dac8 fix dedented docstrings
• a986d22 tests: fix pandas deprecation warnings
• bb7aa4d tests: fix pandas deprecated applymap
• 0647db1 misc tidy
• Additional commits viewable in compare view

Updates pillow from 12.1.1 to 12.2.0

Release notes

Sourced from pillow's releases.

12.2.0

https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html

Documentation

• Update 12.2.0 release notes #9522 [@​hugovk]
• Add loader plugins: AMOS abk, Atari Degas, 40+ more obscure formats via Netpbm #9482 [@​bitplane]
• Update Python versions #9515 [@​radarhere]
• Jeffrey A. Clark -> Jeffrey 'Alex' Clark #9513 [@​aclark4life]
• Add release notes for #9394, #9419 and #9456 #9467 [@​radarhere]
• Add Amiga Workbench .info loader to 3rd party plugins list #9459 [@​bitplane]
• Merge PFM documentation into PPM #9434 [@​radarhere]
• Update macOS tested Pillow versions #9431 [@​radarhere]
• Fix CVE number #9430 [@​hugovk]

Dependencies

• Update xz to 5.8.3 #9523 [@​radarhere]
• Update libjpeg-turbo to 3.1.4.1 #9507 [@​radarhere]
• Update libpng to 1.6.56 #9499 [@​radarhere]
• Update freetype to 2.14.3 #9485 [@​radarhere]
• Updated libavif to 1.4.1 #9479 [@​radarhere]
• Updated harfbuzz to 13.2.1 #9461 [@​radarhere]
• Update Ghostscript to 10.7.0 #9469 [@​radarhere]
• Update harfbuzz to 13.0.1 #9453 [@​radarhere]
• Update libavif to 1.4.0 #9460 [@​radarhere]
• Update freetype to 2.14.2 #9449 [@​radarhere]
• Update actions/download-artifact action to v8 #9451 [@renovate[bot]]
• Updated libpng to 1.6.55 #9425 [@​radarhere]

Testing

• Cleanup .spider extension in the same test where it is added #9517 [@​radarhere]
• Run tests in parallel via tox for 3.5x speedup #9516 [@​hugovk]
• Enable colour in CI logs #9486 [@​hugovk]
• Update Ghostscript to 10.7.0 #9469 [@​radarhere]
• Simplify TGA test code #9477 [@​radarhere]
• Update tests to check for ValueError when encoding an empty image #9464 [@​radarhere]
• Upgrade CI from macos-15-intel to macos-26-intel #9454 [@​hugovk]
• Add check-case-conflict hook #9446 [@​radarhere]
• Specify platform when pulling docker image #9440 [@​radarhere]
• GHA: Cache libavif and webp builds for Ubuntu #9437 [@​hugovk]
• Update macOS tested Pillow versions #9431 [@​radarhere]

Other changes

• Check calloc return value #9527 [@​radarhere]
• Check all allocs in the Arrow tree #9488 [@​wiredfool]
• Reject non-numeric elements inside list coords #9526 [@​hugovk]
• Move variable declaration inside define #9525 [@​radarhere]

... (truncated)

Commits

• 3c41c09 12.2.0 version bump
• cdaa29e Check calloc return value (#9527)
• 585b2f5 Check calloc return value
• ecf011e Check all allocs in the Arrow tree (#9488)
• cf6de8c Reject non-numeric elements inside list coords (#9526)
• ffdcede Update 12.2.0 release notes (#9522)
• 7929d77 Added security release notes (#149)
• c4f7aa5 Added security release notes
• 22cdb5f Move variable declaration inside define (#9525)
• fc15b3b Resize tall images vertically first (#9524)
• Additional commits viewable in compare view

Updates pytz from 2025.2 to 2026.1.post1

Commits

• 02509d0 Update test runners for new Pythons and github actions
• 43c1cb2 Bump version number to 2026.1.post1
• 6ee7e56 Try to access resource using importlib.resources
• 95fe75d Bump version number to 2026.1 (2026a)
• 7034275 Updates for upstream directory layout changes
• 4dd79d3 IANA 2026a
• 08d7e76 Squashed 'tz/' changes from 7e1145bfdb..e23c045f8f
• b07d947 try to access resource using importlib.resources
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions