chore(deps): bump the python group with 4 updates by dependabot[bot] · Pull Request #15004 · trailofbits/algo

dependabot · 2026-05-20T13:43:23Z

Bumps the python group with 4 updates: boto3, google-auth, requests and hcloud.

Updates boto3 from 1.43.4 to 1.43.6

Commits

f2ccf9f Merge branch 'release-1.43.6'
ffb5712 Bumping version to 1.43.6
cc7756a Add changelog entries from botocore
500f6a7 Merge branch 'release-1.43.5'
05f5628 Merge branch 'release-1.43.5' into develop
65d9798 Bumping version to 1.43.5
357614a Add changelog entries from botocore
5128f23 Bump https://github.com/astral-sh/ruff-pre-commit (#4785)
91de1d8 Merge branch 'release-1.43.4' into develop
See full diff in compare view

Updates google-auth from 2.50.0 to 2.52.0

Commits

See full diff in compare view

Updates requests from 2.33.1 to 2.34.0

Release notes

Sourced from requests's releases.

v2.34.0

2.34.0 (2026-05-11)

Announcements

Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue.

Special thanks to @bastimeyer, @cthoyt, @edgarrmondragon, and @srittau for helping review and test the types ahead of the release. (#7272)

Improvements

Digest Auth hashing algorithms have added usedforsecurity=False to clarify security considerations. (#7310)

Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. (#7422)

Requests added support for Python 3.14t. (#7419)

Bugfixes

Response.history no longer contains a reference to itself, preventing accidental looping when traversing the history list. (#7328)

Requests no longer performs greedy matching on no_proxy domains. The proxy_bypass implementation has been updated with CPython's fix from bpo-39057. (#7427)

Requests no longer incorrectly strips duplicate leading slashes in URI paths. This should address user issues with specific presigned URLs. Note the full fix requires urllib3 2.7.0+. (#7315)

New Contributors

@cjriches made their first contribution in psf/requests#7365

@dsanader made their first contribution in psf/requests#7376

@DimitriPapadopoulos made their first contribution in psf/requests#7393

@joshua-51 made their first contribution in psf/requests#7416

@eggsort made their first contribution in psf/requests#7421

@typhon8 made their first contribution in psf/requests#7315

@bastimeyer made their first contribution in psf/requests#7425

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2340-2026-05-11

Changelog

Sourced from requests's changelog.

2.34.0 (2026-05-11)

Announcements

Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue.

Special thanks to @bastimeyer, @cthoyt, @edgarrmondragon, and @srittau for helping review and test the types ahead of the release. (#7272)

Improvements

Digest Auth hashing algorithms have added usedforsecurity=False to clarify security considerations. (#7310)

Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. (#7422)

Requests added support for Python 3.14t. (#7419)

Bugfixes

Response.history no longer contains a reference to itself, preventing accidental looping when traversing the history list. (#7328)

Requests no longer performs greedy matching on no_proxy domains. The proxy_bypass implementation has been updated with CPython's fix from bpo-39057. (#7427)

Requests no longer incorrectly strips duplicate leading slashes in URI paths. This should address user issues with specific presigned URLs. Note the full fix requires urllib3 2.7.0+. (#7315)

Commits

0b401c7 v2.34.0
86b378d Align Session.get parameters with requests.get (#7429)
a4f9a59 Port bpo-39057 to Requests (#7427)
3816cfa Parameterize SupportsItems to handle Mapping key invariance (#7426)
b684dcb sessions: fix hooks type (#7425)
dc9dbdf Formalize 3.15 support (#7422)
25340eb Clear proxy env vars before every test run (#7423)
fd62809 Preserve leading slashes in request path_url (#7315)
e8d2c01 docs: Fix missing hook output in docs example (#7421)
eb173bc Add 3.14t support to CI (#7419)
Additional commits viewable in compare view

Updates hcloud from 2.19.0 to 2.20.0

Release notes

Sourced from hcloud's releases.

v2.20.0

Load Balancer HTTP Services now support timeout_idle

HTTP Services now support the field timeout_idle, which controls the time a HTTP connection is allowed to idle before it is being dropped.

See the changelog for more information.

Features

load-balancer: support timeout_idle http service field (#649)

Changelog

Sourced from hcloud's changelog.

v2.20.0

Load Balancer HTTP Services now support timeout_idle

HTTP Services now support the field timeout_idle, which controls the time a HTTP connection is allowed to idle before it is being dropped.

See the changelog for more information.

Features

load-balancer: support timeout_idle http service field (#649)

Commits

0bbc9dd chore(main): release v2.20.0 (#651)
1669de2 feat(load-balancer): support timeout_idle http service field (#649)
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the python group with 4 updates: [boto3](https://github.com/boto/boto3), [google-auth](https://github.com/googleapis/google-auth-library-python), [requests](https://github.com/psf/requests) and [hcloud](https://github.com/hetznercloud/hcloud-python). Updates `boto3` from 1.43.4 to 1.43.6 - [Release notes](https://github.com/boto/boto3/releases) - [Commits](boto/boto3@1.43.4...1.43.6) Updates `google-auth` from 2.50.0 to 2.52.0 - [Release notes](https://github.com/googleapis/google-auth-library-python/releases) - [Changelog](https://github.com/googleapis/google-auth-library-python/blob/main/CHANGELOG.md) - [Commits](https://github.com/googleapis/google-auth-library-python/commits) Updates `requests` from 2.33.1 to 2.34.0 - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v2.33.1...v2.34.0) Updates `hcloud` from 2.19.0 to 2.20.0 - [Release notes](https://github.com/hetznercloud/hcloud-python/releases) - [Changelog](https://github.com/hetznercloud/hcloud-python/blob/main/CHANGELOG.md) - [Commits](hetznercloud/hcloud-python@v2.19.0...v2.20.0) --- updated-dependencies: - dependency-name: boto3 dependency-version: 1.43.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: python - dependency-name: google-auth dependency-version: 2.52.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python - dependency-name: requests dependency-version: 2.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python - dependency-name: hcloud dependency-version: 2.20.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added the dependencies Pull requests that update a dependency file label May 20, 2026

dependabot Bot requested a review from jackivanov as a code owner May 20, 2026 13:43

dependabot Bot added python:uv Pull requests that update python:uv code dependencies Pull requests that update a dependency file labels May 20, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): bump the python group with 4 updates#15004

chore(deps): bump the python group with 4 updates#15004
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/python-2f2345d068

dependabot Bot commented on behalf of github May 20, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

dependabot Bot commented on behalf of github May 20, 2026

v2.34.0

2.34.0 (2026-05-11)

New Contributors

2.34.0 (2026-05-11)

v2.20.0

Load Balancer HTTP Services now support timeout_idle

Features

v2.20.0

Load Balancer HTTP Services now support timeout_idle

Features

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Load Balancer HTTP Services now support `timeout_idle`

Load Balancer HTTP Services now support `timeout_idle`