github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-05-07 03:18:23 -05:00
Code Issues 1.3k Packages Projects Releases 126 Wiki Activity

[PR #23914] [CLOSED] Bump the uv group across 2 directories with 20 updates #50485

New Issue
Closed
opened 2026-04-30 03:12:27 -05:00 by GiteaMirror · 0 comments
GiteaMirror commented 2026-04-30 03:12:27 -05:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/open-webui/open-webui/pull/23914
Author: @dependabot[bot]
Created: 4/21/2026
Status: Closed

Base: mainHead: dependabot/uv/uv-5d7ccbab34

📝 Commits (1)

  • 9f7ed71 Bump the uv group across 2 directories with 20 updates

📊 Changes

4 files changed (+1781 additions, -1307 deletions)

View changed files

📝 backend/requirements-min.txt (+3 -3)
📝 backend/requirements.txt (+10 -10)
📝 pyproject.toml (+10 -10)
📝 uv.lock (+1758 -1284)

📄 Description

Bumps the uv group with 16 updates in the / directory:

Package From To
python-multipart 0.0.22 0.0.26
cryptography 46.0.5 46.0.7
authlib 1.6.10 1.6.11
anthropic 0.86.0 0.87.0
langchain-text-splitters 1.1.1 1.1.2
pypdf 6.7.5 6.10.2
nltk 3.9.3 3.9.4
pillow 12.1.1 12.2.0
pytest 8.3.4 9.0.3
ecdsa 0.19.0 0.19.2
filelock 3.16.1 3.20.3
flask 3.1.0 3.1.3
langsmith 0.4.5 0.7.31
marshmallow 3.25.1 3.26.2
ujson 5.10.0 5.12.0
werkzeug 3.1.3 3.1.6

Bumps the uv group with 8 updates in the /backend directory:

Package From To
python-multipart 0.0.22 0.0.26
cryptography 46.0.5 46.0.7
authlib 1.6.10 1.6.11
anthropic 0.86.0 0.87.0
langchain-text-splitters 1.1.1 1.1.2
pypdf 6.7.5 6.10.2
nltk 3.9.3 3.9.4
pillow 12.1.1 12.2.0

Updates python-multipart from 0.0.22 to 0.0.26

Release notes

Sourced from python-multipart's releases.

Version 0.0.26

What's Changed

Full Changelog: https://github.com/Kludex/python-multipart/compare/0.0.25...0.0.26

Version 0.0.25

What's Changed

Full Changelog: https://github.com/Kludex/python-multipart/compare/0.0.24...0.0.25

Version 0.0.24

What's Changed

Full Changelog: https://github.com/Kludex/python-multipart/compare/0.0.23...0.0.24

Version 0.0.23

What's Changed

New Contributors

Full Changelog: https://github.com/Kludex/python-multipart/compare/0.0.22...0.0.23

Changelog

Sourced from python-multipart's changelog.

0.0.26 (2026-04-10)

  • Skip preamble before the first multipart boundary more efficiently #262.
  • Silently discard epilogue data after the closing multipart boundary #259.

0.0.25 (2026-04-10)

  • Add MIME content type info to File #143.
  • Handle CTE values case-insensitively #258.
  • Remove custom FormParser classes #257.
  • Add UPLOAD_DELETE_TMP to FormParser config #254.
  • Emit field_end for trailing bare field names on finalize #230.
  • Handle multipart headers case-insensitively #252.
  • Apply Apache-2.0 properly #247.

0.0.24 (2026-04-05)

  • Validate chunk_size in parse_form() #244.

0.0.23 (2026-04-05)

  • Remove unused trust_x_headers parameter and X-File-Name fallback #196.
  • Return processed length from QuerystringParser._internal_write #229.
  • Cleanup metadata dunders from __init__.py #227.
Commits

Updates cryptography from 46.0.5 to 46.0.7

Changelog

Sourced from cryptography's changelog.

46.0.7 - 2026-04-07


* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be
  passed to APIs that accept Python buffers, which could lead to buffer
  overflow. **CVE-2026-39892**
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.

.. _v46-0-6:


46.0.6 - 2026-03-25

  • SECURITY ISSUE: Fixed a bug where name constraints were not applied to peer names during verification when the leaf certificate contains a wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug, including those used by the Web PKI. Credit to Oleh Konko (1seal) for reporting the issue. CVE-2026-34073

.. _v46-0-5:

Commits

Updates authlib from 1.6.10 to 1.6.11

Release notes

Sourced from authlib's releases.

v1.6.11

Full Changelog: https://github.com/authlib/authlib/compare/v1.6.10...v1.6.11

  • Fix CSRF issue with starlette client
Changelog

Sourced from authlib's changelog.

Version 1.6.11

Released on Apr 16, 2026

  • Fix CSRF vulnerability in the Starlette OAuth client when a cache is configured.
Commits

Updates anthropic from 0.86.0 to 0.87.0

Release notes

Sourced from anthropic's releases.

v0.87.0

0.87.0 (2026-03-31)

Full Changelog: v0.86.0...v0.87.0

Features

  • client: add error type field to APIStatusError (#1587) (dd563c0)
  • internal: implement indices array format for query and form serialization (11a6244)

Bug Fixes

  • honor api_exclude in async transform path (#1612) (8172232), closes #1610
  • memory: return resolved path from async _validate_path (7b0add3)
  • memory: use restrictive file mode for memory files (47ba5b8)
  • sanitize endpoint path params (98f60e4)
  • transform schema: support enums (#1275) (5c088ab)

Chores

  • ci: run builds on CI even if only spec metadata changed (194c050)
  • ci: skip lint on metadata-only changes (03e2ab9)
  • internal: update gitignore (94ede14)
  • tests: bump steady to v0.19.4 (2d6d58f)
  • tests: bump steady to v0.19.5 (8fb439a)
  • tests: bump steady to v0.19.6 (76da5fd)
  • tests: bump steady to v0.19.7 (bfa40e5)
  • tests: bump steady to v0.20.1 (4fd9446)
Changelog

Sourced from anthropic's changelog.

0.87.0 (2026-03-31)

Full Changelog: v0.86.0...v0.87.0

Features

  • client: add error type field to APIStatusError (#1587) (dd563c0)
  • internal: implement indices array format for query and form serialization (11a6244)

Bug Fixes

  • honor api_exclude in async transform path (#1612) (8172232), closes #1610
  • memory: return resolved path from async _validate_path (7b0add3)
  • memory: use restrictive file mode for memory files (47ba5b8)
  • sanitize endpoint path params (98f60e4)
  • transform schema: support enums (#1275) (5c088ab)

Chores

  • ci: run builds on CI even if only spec metadata changed (194c050)
  • ci: skip lint on metadata-only changes (03e2ab9)
  • internal: update gitignore (94ede14)
  • tests: bump steady to v0.19.4 (2d6d58f)
  • tests: bump steady to v0.19.5 (8fb439a)
  • tests: bump steady to v0.19.6 (76da5fd)
  • tests: bump steady to v0.19.7 (bfa40e5)
  • tests: bump steady to v0.20.1 (4fd9446)
Commits
  • ab0c446 release: 0.87.0
  • 6599043 fix(memory): return resolved path from async _validate_path
  • 715030c fix(memory): use restrictive file mode for memory files
  • 6cdbc5f chore(tests): bump steady to v0.20.1
  • 4beda3c Add output-300k-2026-03-24 beta header
  • 3b77b82 chore(ci): run builds on CI even if only spec metadata changed
  • 764ddba feat(internal): implement indices array format for query and form serialization
  • 8a06a90 codegen metadata
  • 7f8cf3c chore(tests): bump steady to v0.19.7
  • 0eba0dd chore(ci): skip lint on metadata-only changes
  • Additional commits viewable in compare view

Updates langchain-text-splitters from 1.1.1 to 1.1.2

Release notes

Sourced from langchain-text-splitters's releases.

langchain-text-splitters==1.1.2

Changes since langchain-text-splitters==1.1.1

release(text-splitters): 1.1.2 (#36822) fix(text-splitters): deprecate and use SSRF-safe transport in split_text_from_url (#36821) chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/text-splitters (#36797) chore(deps): bump pytest to 9.0.3 (#36801) chore: bump pytest from 9.0.2 to 9.0.3 in /libs/text-splitters (#36714) chore: add comment explaining pygments>=2.20.0 (#36570) release(core): 1.2.26 (#36511) chore: pygments>=2.20.0 across all packages (CVE-2026-4539) (#36385) fix(text-splitters): prevent silent data loss for empty dict values in RecursiveJsonSplitter (#35079) feat(text-splitters): support spacy tests with Python 3.14 (#36198) fix(infra): correct lint_diff relative paths in package makefiles (#36333) chore: bump requests from 2.32.5 to 2.33.0 in /libs/text-splitters (#36238) chore: bump nltk from 3.9.3 to 3.9.4 in /libs/text-splitters (#36237) chore(partners): bump langchain-core min to 1.2.21 (#36183) chore(text-splitters): bump nltk in lock file (#36112) ci: suppress pytest streaming output in CI (#36092) chore(text-splitters): speed up ci (#36050) ci: avoid unnecessary dep installs in lint targets (#36046) chore: bump orjson from 3.11.5 to 3.11.6 in /libs/text-splitters (#35856) chore: bump locks, lint (#35985) perf(.github): set a timeout on get min versions HTTP calls (#35851) chore: bump tornado from 6.5.2 to 6.5.5 in /libs/text-splitters (#35774) chore: bump the minor-and-patch group across 3 directories with 3 updates (#35589) chore: bump the other-deps group across 3 directories with 2 updates (#35512) chore: bump nltk from 3.9.2 to 3.9.3 in /libs/text-splitters (#35449) chore: bump the other-deps group across 3 directories with 2 updates (#35407)

Commits
  • 58c4e5b release(text-splitters): 1.1.2 (#36822)
  • c289bf1 fix(text-splitters): deprecate and use SSRF-safe transport in split_text_from...
  • b7447c6 fix(infra): skip serdes tests in min-version release step (#36818)
  • 41c0cc5 release(openai): 1.1.14 (#36820)
  • 0516156 fix(openai): use SSRF-safe transport for image token counting (#36819)
  • 338aa81 fix(core): restore cloud metadata IPs and link-local range in SSRF policy (#3...
  • 51e9548 chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/text-splitters (#36797)
  • e85c418 chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/model-profiles (#36798)
  • 789126e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/standard-tests (#36799)
  • 937b3eb chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/langchain_v1 (#36800)
  • Additional commits viewable in compare view

Updates pypdf from 6.7.5 to 6.10.2

Release notes

Sourced from pypdf's releases.

Version 6.10.2, 2026-04-15

What's new

Security (SEC)

Full Changelog

Version 6.10.1, 2026-04-14

What's new

Security (SEC)

Robustness (ROB)

Documentation (DOC)

Full Changelog

Version 6.10.0, 2026-04-10

What's new

Security (SEC)

New Features (ENH)

  • Skip MD5 key derivation for AES-256 encrypted PDFs (#3694) by @​Ygnas

Bug Fixes (BUG)

Documentation (DOC)

Full Changelog

Version 6.9.2, 2026-03-23

What's new

Security (SEC)

... (truncated)

Changelog

Sourced from pypdf's changelog.

Version 6.10.2, 2026-04-15

Security (SEC)

  • Do not rely on possibly invalid /Size for incremental cloning (#3735)
  • Introduce limits for FlateDecode parameters and image decoding (#3734)

Full Changelog

Version 6.10.1, 2026-04-14

Security (SEC)

  • Limit the allowed size of xref and object streams (#3733)

Robustness (ROB)

  • Consider strict mode setting for decryption errors (#3731)

Documentation (DOC)

  • Use new parameter names for compress_identical_objects

Full Changelog

Version 6.10.0, 2026-04-10

Security (SEC)

  • Disallow custom XML entity declarations for XMP metadata (#3724)

New Features (ENH)

  • Skip MD5 key derivation for AES-256 encrypted PDFs (#3694)

Bug Fixes (BUG)

  • Use remove_orphans in compress_identical_objects (#3310)
  • Fix PdfReadError when xref table contains comments before trailer (#3710)
  • Correctly verify AES padding during decryption (#3699)
  • Fix stale object cache from non-authoritative object streams (#3698)
  • Fix extract_links pairing when annotations include non-links (#3687)

Documentation (DOC)

Full Changelog

Version 6.9.2, 2026-03-23

Security (SEC)

  • Avoid infinite loop in read_from_stream for broken files (#3693)

Robustness (ROB)

  • Resolve UnboundLocalError for xobjs in _get_image (#3684)

Full Changelog

... (truncated)

Commits
  • c476b4f REL: 6.10.2
  • c50a010 SEC: Do not rely on possibly invalid /Size for incremental cloning (#3735)
  • ac734da SEC: Introduce limits for FlateDecode parameters and image decoding (#3734)
  • b49e7eb REL: 6.10.1
  • 62338e9 SEC: Limit the allowed size of xref and object streams (#3733)
  • 5dcc0ae DEV: Update pytest-benchmark to 5.2.3
  • b42e4aa DEV: Update pinned pillow and pytest where possible (#3732)
  • 717446b ROB: Consider strict mode setting for decryption errors (#3731)
  • 9e461d3 DEV: Bump softprops/action-gh-release from 2 to 3 (#3730)
  • 500d09d TST: Update test_embedded_file__basic to use tmp_path fixture (#3726)
  • Additional commits viewable in compare view

Updates nltk from 3.9.3 to 3.9.4

Changelog

Sourced from nltk's changelog.

Version 3.9.4 2026-03-24

  • Support Python 3.14
  • Fix bug in Levenshtein distance when substitution_cost > 2
  • Fix bug in Treebank detokeniser re quote ordering
  • Fix bug in Jaro similarity for empty strings
  • Several security enhancements
  • Fix GHSA-rf74-v2fm-23pw: unbounded recursion in JSONTaggedDecoder
  • Implement TextTiling vocabulary introduction method (Hearst 1997)
  • Fix ALINE feature matrix errors and add comprehensive tests
  • Support multiple VerbNet versions, fix longid/shortid regex for VerbNet ids
  • Let downloader fallback to md5 when sha256 is unavailable
  • Several other minor bugfixes and code cleanups

Thanks to the following contributors to 3.9.4: Min-Yen Kan, Eric Kafe, Emily Voss, bowiechen, Hrudhai01, jancallewaert, Mr-Neutr0n, pollak.peter89, ylwango613,

Version 3.9.3 2026-02-21

  • Fix CVE-2025-14009: secure ZIP extraction in nltk.downloader (#3468)
  • Block path traversal/arbitrary reads in nltk.data for protocol-less refs (#3467)
  • Block path traversal/abs paths in corpus readers and FS pointers (#3479, #3480)
  • Validate external StanfordSegmenter JARs using SHA256 (#3477)
  • Add optional sandbox enforcement for filestring() (#3485)
  • Maintenance: downloader/zipped models, CI/tooling updates

Thanks to the following contributors to 3.9.3: Chris Clauss, Eric Kafe, HyperPS, purificant, Shivansh-Game, Christopher Smith

Version 3.9.2 2025-10-01

  • Update download checksums to use SHA256 in built index
  • Fix percentage escape in new-style string formatting
  • replace shortened URLs using goo.gl
  • Make Wordnet interoperable with various taggers and tagged corpora
  • Fix saving PerceptronTagger
  • Document how to reproduce old Wordnet studies
  • properly initialize Portuguese corpus reader
  • support for mixed rules conversion into Chomsky Normal Form
  • only import tkinter if a GUI is needed
  • issue #2112 with Corenlp
  • new environment variable NLTK_DOWNLOADER_FORCE_INTERACTIVE_SHELL
  • Lesk defaults to most frequent sense in case of ties

Thanks to the following contributors to 3.9.2: Jose Cols, Peter de Blanc, GeneralPoxter, Eric Kafe, William LaCroix, Jason Liu, Samer Masterson, Mike014, purificant, Andrew Ernest Ritz, samertm, Ikram Ul Haq, Christopher Smith, Ryan Mannion

Version 3.9.1 2024-08-19

... (truncated)

Commits
  • ad9c96b Update copyright year
  • 7edcddf Updates for 3.9.4 release
  • 67a2736 Merge pull request #3180 from yzhaoinuw/bug-on-edit_distance_align
  • 2b17ac5 Fix edit_distance_align backtrace for high substitution costs
  • 4b72976 Merge pull request #3018 from JuanIMartinezB/bug/shortid-longid
  • 8a5619f Merge pull request #3222 from Syzygy2048/feature/texttiling-vocabulary-introd...
  • c6574d7 Merge pull request #3289 from ihitamandal/codeflash/optimize-windowdiff-2024-...
  • 98ff5d9 Merge pull request #3435 from Hrudhai01/fix-3260-detokenize-quotes
  • aec4fce Merge pull request #3522 from ekaf/pathsec
  • eec4ee3 Merge pull request #3526 from nltk/update-contributing
  • Additional commits viewable in compare view

Updates pillow from 12.1.1 to 12.2.0

Release notes

Sourced from pillow's releases.

12.2.0

https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html

Documentation

Dependencies

Testing

Other changes

... (truncated)

Commits

Updates pytest from 8.3.4 to 9.0.3

Release notes

Sourced from pytest's releases.

9.0.3

pytest 9.0.3 (2026-04-07)

Bug fixes

  • #12444: Fixed pytest.approx which now correctly takes into account ~collections.abc.Mapping keys order to compare them.

  • #13634: Blocking a conftest.py file using the -p no: option is now explicitly disallowed.

    Previously this resulted in an internal assertion failure during plugin loading.

    Pytest now raises a clear UsageError explaining that conftest files are not plugins and cannot be disabled via -p.

  • #13734: Fixed crash when a test raises an exceptiongroup with __tracebackhide__ = True.

  • #14195: Fixed an issue where non-string messages passed to unittest.TestCase.subTest() were not printed.

  • #14343: Fixed use of insecure temporary directory (CVE-2025-71176).

Improved documentation

  • #13388: Clarified documentation for -p vs PYTEST_PLUGINS plugin loading and fixed an incorrect -p example.
  • #13731: Clarified that capture fixtures (e.g. capsys and capfd) take precedence over the -s / --capture=no command-line options in Accessing captured output from a test function <accessing-captured-output>.
  • #14088: Clarified that the default pytest_collection hook sets session.items before it calls pytest_collection_finish, not after.
  • #14255: TOML integer log levels must be quoted: Updating reference documentation.

Contributor-facing changes

  • #12689: The test reports are now published to Codecov from GitHub Actions. The test statistics is visible on the web interface.

    -- by aleguy02

9.0.2

pytest 9.0.2 (2025-12-06)

Bug fixes

  • #13896: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.

    You may enable it again by passing -p terminalprogress. We may enable it by default again once compatibility improves in the future.

    Additionally, when the environment variable TERM is dumb, the escape codes are no longer emitted, even if the plugin is enabled.

  • #13904: Fixed the TOML type of the tmp_path_retention_count settings in the API reference from number to string.

  • #13946: The private config.inicfg attribute was changed in a breaking manner in pytest 9.0.0. Due to its usage in the ecosystem, it is now restored to working order using a compatibility shim. It will be deprecated in pytest 9.1 and removed in pytest 10.

... (truncated)

Commits

Updates ecdsa from 0.19.0 to 0.19.2

Release notes

Sourced from ecdsa's releases.

0.19.2

Bug fixes:

  • Fix CVE-2026-33936, a DER parsing issue in remove_octet_string(), remove_constructed(), and remove_implitic() where a truncated buffer wasn't detected. This can lead to high level functions, like SigningKey.from_der() to raise unexpected exceptions. (Mohamed Abdelaal (0xmrma))

Maintenance:

  • Update CI to use newer version of Ubuntu.

ecdsa 0.19.1

New API:

  • der.remove_implicit and der.encode_implicit for decoding and encoding DER IMPLICIT values with custom tag values and arbitrary classes

Bug fixes:

  • Minor fixes around arithmetic with curves that have non-prime order (useful for experimentatio...

    Description has been truncated

    🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/open-webui/open-webui/pull/23914 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 4/21/2026 **Status:** ❌ Closed **Base:** `main` ← **Head:** `dependabot/uv/uv-5d7ccbab34` --- ### 📝 Commits (1) - [`9f7ed71`](https://github.com/open-webui/open-webui/commit/9f7ed71d95c50dac34560e8dfc60de2e4fac0853) Bump the uv group across 2 directories with 20 updates ### 📊 Changes **4 files changed** (+1781 additions, -1307 deletions) <details> <summary>View changed files</summary> 📝 `backend/requirements-min.txt` (+3 -3) 📝 `backend/requirements.txt` (+10 -10) 📝 `pyproject.toml` (+10 -10) 📝 `uv.lock` (+1758 -1284) </details> ### 📄 Description Bumps the uv group with 16 updates in the / directory: | Package | From | To | | --- | --- | --- | | [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.22` | `0.0.26` | | [cryptography](https://github.com/pyca/cryptography) | `46.0.5` | `46.0.7` | | [authlib](https://github.com/authlib/authlib) | `1.6.10` | `1.6.11` | | [anthropic](https://github.com/anthropics/anthropic-sdk-python) | `0.86.0` | `0.87.0` | | [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `1.1.1` | `1.1.2` | | [pypdf](https://github.com/py-pdf/pypdf) | `6.7.5` | `6.10.2` | | [nltk](https://github.com/nltk/nltk) | `3.9.3` | `3.9.4` | | [pillow](https://github.com/python-pillow/Pillow) | `12.1.1` | `12.2.0` | | [pytest](https://github.com/pytest-dev/pytest) | `8.3.4` | `9.0.3` | | [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) | `0.19.0` | `0.19.2` | | [filelock](https://github.com/tox-dev/py-filelock) | `3.16.1` | `3.20.3` | | [flask](https://github.com/pallets/flask) | `3.1.0` | `3.1.3` | | [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.4.5` | `0.7.31` | | [marshmallow](https://github.com/marshmallow-code/marshmallow) | `3.25.1` | `3.26.2` | | [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.0` | | [werkzeug](https://github.com/pallets/werkzeug) | `3.1.3` | `3.1.6` | Bumps the uv group with 8 updates in the /backend directory: | Package | From | To | | --- | --- | --- | | [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.22` | `0.0.26` | | [cryptography](https://github.com/pyca/cryptography) | `46.0.5` | `46.0.7` | | [authlib](https://github.com/authlib/authlib) | `1.6.10` | `1.6.11` | | [anthropic](https://github.com/anthropics/anthropic-sdk-python) | `0.86.0` | `0.87.0` | | [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `1.1.1` | `1.1.2` | | [pypdf](https://github.com/py-pdf/pypdf) | `6.7.5` | `6.10.2` | | [nltk](https://github.com/nltk/nltk) | `3.9.3` | `3.9.4` | | [pillow](https://github.com/python-pillow/Pillow) | `12.1.1` | `12.2.0` | Updates `python-multipart` from 0.0.22 to 0.0.26 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/Kludex/python-multipart/releases">python-multipart's releases</a>.</em></p> <blockquote> <h2>Version 0.0.26</h2> <h2>What's Changed</h2> <ul> <li>Skip preamble before first multipart boundary by <a href="https://github.com/Kludex"><code>@​Kludex</code></a> in <a href="https://redirect.github.com/Kludex/python-multipart/pull/262">Kludex/python-multipart#262</a></li> <li>Silently discard epilogue data after the closing boundary by <a href="https://github.com/Kludex"><code>@​Kludex</code></a> in <a href="https://redirect.github.com/Kludex/python-multipart/pull/259">Kludex/python-multipart#259</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/Kludex/python-multipart/compare/0.0.25...0.0.26">https://github.com/Kludex/python-multipart/compare/0.0.25...0.0.26</a></p> <h2>Version 0.0.25</h2> <h2>What's Changed</h2> <ul> <li>Apply Apache-2.0 properly by <a href="https://github.com/Kludex"><code>@​Kludex</code></a> in <a href="https://redirect.github.com/Kludex/python-multipart/pull/247">Kludex/python-multipart#247</a></li> <li>Handle multipart headers case-insensitively by <a href="https://github.com/Kludex"><code>@​Kludex</code></a> in <a href="https://redirect.github.com/Kludex/python-multipart/pull/252">Kludex/python-multipart#252</a></li> <li>Emit <code>field_end</code> for trailing bare field names on finalize by <a href="https://github.com/bysiber"><code>@​bysiber</code></a> in <a href="https://redirect.github.com/Kludex/python-multipart/pull/230">Kludex/python-multipart#230</a></li> <li>Add <code>UPLOAD_DELETE_TMP</code> to <code>FormParser</code> config by <a href="https://github.com/Kludex"><code>@​Kludex</code></a> in <a href="https://redirect.github.com/Kludex/python-multipart/pull/254">Kludex/python-multipart#254</a></li> <li>Remove custom FormParser classes by <a href="https://github.com/Kludex"><code>@​Kludex</code></a> in <a href="https://redirect.github.com/Kludex/python-multipart/pull/257">Kludex/python-multipart#257</a></li> <li>Handle CTE values case-insensitively by <a href="https://github.com/Kludex"><code>@​Kludex</code></a> in <a href="https://redirect.github.com/Kludex/python-multipart/pull/258">Kludex/python-multipart#258</a></li> <li>Add MIME content type info to File by <a href="https://github.com/jhnstrk"><code>@​jhnstrk</code></a> in <a href="https://redirect.github.com/Kludex/python-multipart/pull/143">Kludex/python-multipart#143</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/Kludex/python-multipart/compare/0.0.24...0.0.25">https://github.com/Kludex/python-multipart/compare/0.0.24...0.0.25</a></p> <h2>Version 0.0.24</h2> <h2>What's Changed</h2> <ul> <li>Validate <code>chunk_size</code> in <code>parse_form()</code> by <a href="https://github.com/Kludex"><code>@​Kludex</code></a> in <a href="https://redirect.github.com/Kludex/python-multipart/pull/244">Kludex/python-multipart#244</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/Kludex/python-multipart/compare/0.0.23...0.0.24">https://github.com/Kludex/python-multipart/compare/0.0.23...0.0.24</a></p> <h2>Version 0.0.23</h2> <h2>What's Changed</h2> <ul> <li>Remove unused <code>trust_x_headers</code> parameter and <code>X-File-Name</code> fallback by <a href="https://github.com/jhnstrk"><code>@​jhnstrk</code></a> in <a href="https://redirect.github.com/Kludex/python-multipart/pull/196">Kludex/python-multipart#196</a></li> <li>Return processed length from <code>QuerystringParser._internal_write</code> by <a href="https://github.com/bysiber"><code>@​bysiber</code></a> in <a href="https://redirect.github.com/Kludex/python-multipart/pull/229">Kludex/python-multipart#229</a></li> <li>Cleanup metadata dunders from <code>__init__.py</code> by <a href="https://github.com/Chesars"><code>@​Chesars</code></a> in <a href="https://redirect.github.com/Kludex/python-multipart/pull/227">Kludex/python-multipart#227</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Chesars"><code>@​Chesars</code></a> made their first contribution in <a href="https://redirect.github.com/Kludex/python-multipart/pull/227">Kludex/python-multipart#227</a></li> <li><a href="https://github.com/bysiber"><code>@​bysiber</code></a> made their first contribution in <a href="https://redirect.github.com/Kludex/python-multipart/pull/229">Kludex/python-multipart#229</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/Kludex/python-multipart/compare/0.0.22...0.0.23">https://github.com/Kludex/python-multipart/compare/0.0.22...0.0.23</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/Kludex/python-multipart/blob/master/CHANGELOG.md">python-multipart's changelog</a>.</em></p> <blockquote> <h2>0.0.26 (2026-04-10)</h2> <ul> <li>Skip preamble before the first multipart boundary more efficiently <a href="https://redirect.github.com/Kludex/python-multipart/pull/262">#262</a>.</li> <li>Silently discard epilogue data after the closing multipart boundary <a href="https://redirect.github.com/Kludex/python-multipart/pull/259">#259</a>.</li> </ul> <h2>0.0.25 (2026-04-10)</h2> <ul> <li>Add MIME content type info to <code>File</code> <a href="https://redirect.github.com/Kludex/python-multipart/pull/143">#143</a>.</li> <li>Handle CTE values case-insensitively <a href="https://redirect.github.com/Kludex/python-multipart/pull/258">#258</a>.</li> <li>Remove custom <code>FormParser</code> classes <a href="https://redirect.github.com/Kludex/python-multipart/pull/257">#257</a>.</li> <li>Add <code>UPLOAD_DELETE_TMP</code> to <code>FormParser</code> config <a href="https://redirect.github.com/Kludex/python-multipart/pull/254">#254</a>.</li> <li>Emit <code>field_end</code> for trailing bare field names on finalize <a href="https://redirect.github.com/Kludex/python-multipart/pull/230">#230</a>.</li> <li>Handle multipart headers case-insensitively <a href="https://redirect.github.com/Kludex/python-multipart/pull/252">#252</a>.</li> <li>Apply Apache-2.0 properly <a href="https://redirect.github.com/Kludex/python-multipart/pull/247">#247</a>.</li> </ul> <h2>0.0.24 (2026-04-05)</h2> <ul> <li>Validate <code>chunk_size</code> in <code>parse_form()</code> <a href="https://redirect.github.com/Kludex/python-multipart/pull/244">#244</a>.</li> </ul> <h2>0.0.23 (2026-04-05)</h2> <ul> <li>Remove unused <code>trust_x_headers</code> parameter and <code>X-File-Name</code> fallback <a href="https://redirect.github.com/Kludex/python-multipart/pull/196">#196</a>.</li> <li>Return processed length from <code>QuerystringParser._internal_write</code> <a href="https://redirect.github.com/Kludex/python-multipart/pull/229">#229</a>.</li> <li>Cleanup metadata dunders from <code>__init__.py</code> <a href="https://redirect.github.com/Kludex/python-multipart/pull/227">#227</a>.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/Kludex/python-multipart/commit/28f47859b4a40c2e11e02dc514b2e9743ceedd2e"><code>28f4785</code></a> Version 0.0.26 (<a href="https://redirect.github.com/Kludex/python-multipart/issues/263">#263</a>)</li> <li><a href="https://github.com/Kludex/python-multipart/commit/d4452a78bbde94995dd3c0d1b4aff3610a5c472f"><code>d4452a7</code></a> Silently discard epilogue data after the closing boundary (<a href="https://redirect.github.com/Kludex/python-multipart/issues/259">#259</a>)</li> <li><a href="https://github.com/Kludex/python-multipart/commit/6a7b76dd2653d99d8e5981d7ff09a4a047750b37"><code>6a7b76d</code></a> Skip preamble before first multipart boundary (<a href="https://redirect.github.com/Kludex/python-multipart/issues/262">#262</a>)</li> <li><a href="https://github.com/Kludex/python-multipart/commit/4addb60350fc843f77a1502f14247db91930b3bf"><code>4addb60</code></a> Version 0.0.25 (<a href="https://redirect.github.com/Kludex/python-multipart/issues/261">#261</a>)</li> <li><a href="https://github.com/Kludex/python-multipart/commit/d3a4698e0dc16cbd85f98076b2ebf9b696cd3604"><code>d3a4698</code></a> Add MIME content type info to File (<a href="https://redirect.github.com/Kludex/python-multipart/issues/143">#143</a>)</li> <li><a href="https://github.com/Kludex/python-multipart/commit/9a1ecbd074801fcd3911266f3f4442181d10ab92"><code>9a1ecbd</code></a> Handle CTE values case-insensitively (<a href="https://redirect.github.com/Kludex/python-multipart/issues/258">#258</a>)</li> <li><a href="https://github.com/Kludex/python-multipart/commit/ef2a0b94f95676ea6a7b77d2252b09f5797cb8ed"><code>ef2a0b9</code></a> Remove custom FormParser classes (<a href="https://redirect.github.com/Kludex/python-multipart/issues/257">#257</a>)</li> <li><a href="https://github.com/Kludex/python-multipart/commit/3a757d7cf209e654eb17cf7b7af868eed469f680"><code>3a757d7</code></a> Ignore local Claude state (<a href="https://redirect.github.com/Kludex/python-multipart/issues/255">#255</a>)</li> <li><a href="https://github.com/Kludex/python-multipart/commit/55e739617db7c40e2cd04c5ad8c7acf2ed0a1d19"><code>55e7396</code></a> fuzz: Add cifuzz (<a href="https://redirect.github.com/Kludex/python-multipart/issues/186">#186</a>)</li> <li><a href="https://github.com/Kludex/python-multipart/commit/d6d1d111e7de9ce3d3f8623fe5f5e4201c0a5fd1"><code>d6d1d11</code></a> Bump the github-actions group with 2 updates (<a href="https://redirect.github.com/Kludex/python-multipart/issues/249">#249</a>)</li> <li>Additional commits viewable in <a href="https://github.com/Kludex/python-multipart/compare/0.0.22...0.0.26">compare view</a></li> </ul> </details> <br /> Updates `cryptography` from 46.0.5 to 46.0.7 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst">cryptography's changelog</a>.</em></p> <blockquote> <p>46.0.7 - 2026-04-07</p> <pre><code> * **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be passed to APIs that accept Python buffers, which could lead to buffer overflow. **CVE-2026-39892** * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6. <p>.. _v46-0-6:</p> <p>46.0.6 - 2026-03-25<br /> </code></pre></p> <ul> <li><strong>SECURITY ISSUE</strong>: Fixed a bug where name constraints were not applied to peer names during verification when the leaf certificate contains a wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug, including those used by the Web PKI. Credit to <strong>Oleh Konko (1seal)</strong> for reporting the issue. <strong>CVE-2026-34073</strong></li> </ul> <p>.. _v46-0-5:</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5"><code>622d672</code></a> 46.0.7 release (<a href="https://redirect.github.com/pyca/cryptography/issues/14602">#14602</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587"><code>91d7288</code></a> Cherry-pick <a href="https://redirect.github.com/pyca/cryptography/issues/14542">#14542</a> (<a href="https://redirect.github.com/pyca/cryptography/issues/14543">#14543</a>)</li> <li>See full diff in <a href="https://github.com/pyca/cryptography/compare/46.0.5...46.0.7">compare view</a></li> </ul> </details> <br /> Updates `authlib` from 1.6.10 to 1.6.11 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/authlib/authlib/releases">authlib's releases</a>.</em></p> <blockquote> <h2>v1.6.11</h2> <p><strong>Full Changelog</strong>: <a href="https://github.com/authlib/authlib/compare/v1.6.10...v1.6.11">https://github.com/authlib/authlib/compare/v1.6.10...v1.6.11</a></p> <ul> <li>Fix CSRF issue with starlette client</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/authlib/authlib/blob/v1.6.11/docs/changelog.rst">authlib's changelog</a>.</em></p> <blockquote> <h2>Version 1.6.11</h2> <p><strong>Released on Apr 16, 2026</strong></p> <ul> <li>Fix CSRF vulnerability in the Starlette OAuth client when a <code>cache</code> is configured.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/authlib/authlib/commit/0dc0e5b4dc84f155319518a3732113af6fa47525"><code>0dc0e5b</code></a> chore: bump to 1.6.11</li> <li><a href="https://github.com/authlib/authlib/commit/aa7b8e46e00d0622658666476782042ac00153a5"><code>aa7b8e4</code></a> Merge commit from fork</li> <li><a href="https://github.com/authlib/authlib/commit/401a7709c3fe43bce1b2105d16a475b688faa788"><code>401a770</code></a> fix: CSRF issue with starlette client</li> <li>See full diff in <a href="https://github.com/authlib/authlib/compare/v1.6.10...v1.6.11">compare view</a></li> </ul> </details> <br /> Updates `anthropic` from 0.86.0 to 0.87.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/anthropics/anthropic-sdk-python/releases">anthropic's releases</a>.</em></p> <blockquote> <h2>v0.87.0</h2> <h2>0.87.0 (2026-03-31)</h2> <p>Full Changelog: <a href="https://github.com/anthropics/anthropic-sdk-python/compare/v0.86.0...v0.87.0">v0.86.0...v0.87.0</a></p> <h3>Features</h3> <ul> <li><strong>client:</strong> add error type field to APIStatusError (<a href="https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1587">#1587</a>) (<a href="https://github.com/anthropics/anthropic-sdk-python/commit/dd563c031c2a0be75ccb6175246685abd5806d7d">dd563c0</a>)</li> <li><strong>internal:</strong> implement indices array format for query and form serialization (<a href="https://github.com/anthropics/anthropic-sdk-python/commit/11a624467bd44175bc602f0135ff354895bdebdd">11a6244</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li>honor <strong>api_exclude</strong> in async transform path (<a href="https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1612">#1612</a>) (<a href="https://github.com/anthropics/anthropic-sdk-python/commit/8172232a8bb19e0d0bf10df1c3c21ed492784585">8172232</a>), closes <a href="https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1610">#1610</a></li> <li><strong>memory:</strong> return resolved path from async _validate_path (<a href="https://github.com/anthropics/anthropic-sdk-python/commit/7b0add32bd5fc59ad0fa277ef6982ee1df1eed7a">7b0add3</a>)</li> <li><strong>memory:</strong> use restrictive file mode for memory files (<a href="https://github.com/anthropics/anthropic-sdk-python/commit/47ba5b8f5f74beb1e1babef249754e1312b9dddf">47ba5b8</a>)</li> <li>sanitize endpoint path params (<a href="https://github.com/anthropics/anthropic-sdk-python/commit/98f60e42039392a133d83c8673d659f514c15a35">98f60e4</a>)</li> <li><strong>transform schema:</strong> support enums (<a href="https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1275">#1275</a>) (<a href="https://github.com/anthropics/anthropic-sdk-python/commit/5c088ab1d162b1c1a18f566688b31bfbd7610825">5c088ab</a>)</li> </ul> <h3>Chores</h3> <ul> <li><strong>ci:</strong> run builds on CI even if only spec metadata changed (<a href="https://github.com/anthropics/anthropic-sdk-python/commit/194c05029403cef820897c3c6b2c26d4df0736f7">194c050</a>)</li> <li><strong>ci:</strong> skip lint on metadata-only changes (<a href="https://github.com/anthropics/anthropic-sdk-python/commit/03e2ab9e95ec452d7d519e0b419c8881f3ae3a08">03e2ab9</a>)</li> <li><strong>internal:</strong> update gitignore (<a href="https://github.com/anthropics/anthropic-sdk-python/commit/94ede14b443c78b51931c185d1cd44f4ef201eae">94ede14</a>)</li> <li><strong>tests:</strong> bump steady to v0.19.4 (<a href="https://github.com/anthropics/anthropic-sdk-python/commit/2d6d58fa0101930c8f5cd9e9a94e7e988055f371">2d6d58f</a>)</li> <li><strong>tests:</strong> bump steady to v0.19.5 (<a href="https://github.com/anthropics/anthropic-sdk-python/commit/8fb439afeadaf608cbf7d4630d01735f97227e3e">8fb439a</a>)</li> <li><strong>tests:</strong> bump steady to v0.19.6 (<a href="https://github.com/anthropics/anthropic-sdk-python/commit/76da5fdd03b7ffc65a8b58b9f2a0df3e03c587c9">76da5fd</a>)</li> <li><strong>tests:</strong> bump steady to v0.19.7 (<a href="https://github.com/anthropics/anthropic-sdk-python/commit/bfa40e5c5bed65da0f3f664082e58e85c26b9c66">bfa40e5</a>)</li> <li><strong>tests:</strong> bump steady to v0.20.1 (<a href="https://github.com/anthropics/anthropic-sdk-python/commit/4fd9446332ae114072dac968134e6451c62138bb">4fd9446</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/anthropics/anthropic-sdk-python/blob/main/CHANGELOG.md">anthropic's changelog</a>.</em></p> <blockquote> <h2>0.87.0 (2026-03-31)</h2> <p>Full Changelog: <a href="https://github.com/anthropics/anthropic-sdk-python/compare/v0.86.0...v0.87.0">v0.86.0...v0.87.0</a></p> <h3>Features</h3> <ul> <li><strong>client:</strong> add error type field to APIStatusError (<a href="https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1587">#1587</a>) (<a href="https://github.com/anthropics/anthropic-sdk-python/commit/dd563c031c2a0be75ccb6175246685abd5806d7d">dd563c0</a>)</li> <li><strong>internal:</strong> implement indices array format for query and form serialization (<a href="https://github.com/anthropics/anthropic-sdk-python/commit/11a624467bd44175bc602f0135ff354895bdebdd">11a6244</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li>honor <strong>api_exclude</strong> in async transform path (<a href="https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1612">#1612</a>) (<a href="https://github.com/anthropics/anthropic-sdk-python/commit/8172232a8bb19e0d0bf10df1c3c21ed492784585">8172232</a>), closes <a href="https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1610">#1610</a></li> <li><strong>memory:</strong> return resolved path from async _validate_path (<a href="https://github.com/anthropics/anthropic-sdk-python/commit/7b0add32bd5fc59ad0fa277ef6982ee1df1eed7a">7b0add3</a>)</li> <li><strong>memory:</strong> use restrictive file mode for memory files (<a href="https://github.com/anthropics/anthropic-sdk-python/commit/47ba5b8f5f74beb1e1babef249754e1312b9dddf">47ba5b8</a>)</li> <li>sanitize endpoint path params (<a href="https://github.com/anthropics/anthropic-sdk-python/commit/98f60e42039392a133d83c8673d659f514c15a35">98f60e4</a>)</li> <li><strong>transform schema:</strong> support enums (<a href="https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1275">#1275</a>) (<a href="https://github.com/anthropics/anthropic-sdk-python/commit/5c088ab1d162b1c1a18f566688b31bfbd7610825">5c088ab</a>)</li> </ul> <h3>Chores</h3> <ul> <li><strong>ci:</strong> run builds on CI even if only spec metadata changed (<a href="https://github.com/anthropics/anthropic-sdk-python/commit/194c05029403cef820897c3c6b2c26d4df0736f7">194c050</a>)</li> <li><strong>ci:</strong> skip lint on metadata-only changes (<a href="https://github.com/anthropics/anthropic-sdk-python/commit/03e2ab9e95ec452d7d519e0b419c8881f3ae3a08">03e2ab9</a>)</li> <li><strong>internal:</strong> update gitignore (<a href="https://github.com/anthropics/anthropic-sdk-python/commit/94ede14b443c78b51931c185d1cd44f4ef201eae">94ede14</a>)</li> <li><strong>tests:</strong> bump steady to v0.19.4 (<a href="https://github.com/anthropics/anthropic-sdk-python/commit/2d6d58fa0101930c8f5cd9e9a94e7e988055f371">2d6d58f</a>)</li> <li><strong>tests:</strong> bump steady to v0.19.5 (<a href="https://github.com/anthropics/anthropic-sdk-python/commit/8fb439afeadaf608cbf7d4630d01735f97227e3e">8fb439a</a>)</li> <li><strong>tests:</strong> bump steady to v0.19.6 (<a href="https://github.com/anthropics/anthropic-sdk-python/commit/76da5fdd03b7ffc65a8b58b9f2a0df3e03c587c9">76da5fd</a>)</li> <li><strong>tests:</strong> bump steady to v0.19.7 (<a href="https://github.com/anthropics/anthropic-sdk-python/commit/bfa40e5c5bed65da0f3f664082e58e85c26b9c66">bfa40e5</a>)</li> <li><strong>tests:</strong> bump steady to v0.20.1 (<a href="https://github.com/anthropics/anthropic-sdk-python/commit/4fd9446332ae114072dac968134e6451c62138bb">4fd9446</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/anthropics/anthropic-sdk-python/commit/ab0c4460a170183ff036e2a3dad320ac4ac2c76d"><code>ab0c446</code></a> release: 0.87.0</li> <li><a href="https://github.com/anthropics/anthropic-sdk-python/commit/6599043eee6e86dce16953fcd1fd828052052be6"><code>6599043</code></a> fix(memory): return resolved path from async _validate_path</li> <li><a href="https://github.com/anthropics/anthropic-sdk-python/commit/715030ceb4d6dd8d3546e999c680e29532bf1255"><code>715030c</code></a> fix(memory): use restrictive file mode for memory files</li> <li><a href="https://github.com/anthropics/anthropic-sdk-python/commit/6cdbc5f37105e464704d911ef590b88c7e5ae427"><code>6cdbc5f</code></a> chore(tests): bump steady to v0.20.1</li> <li><a href="https://github.com/anthropics/anthropic-sdk-python/commit/4beda3cc966b49166387aa9275cec8f88b004154"><code>4beda3c</code></a> Add output-300k-2026-03-24 beta header</li> <li><a href="https://github.com/anthropics/anthropic-sdk-python/commit/3b77b826ce402881bcb2a43092e758368fccc99a"><code>3b77b82</code></a> chore(ci): run builds on CI even if only spec metadata changed</li> <li><a href="https://github.com/anthropics/anthropic-sdk-python/commit/764ddbab9bcd6c4e076bf2618d4930e5b39cfb7c"><code>764ddba</code></a> feat(internal): implement indices array format for query and form serialization</li> <li><a href="https://github.com/anthropics/anthropic-sdk-python/commit/8a06a905bb89bf8126e552d951270fe90869bc1d"><code>8a06a90</code></a> codegen metadata</li> <li><a href="https://github.com/anthropics/anthropic-sdk-python/commit/7f8cf3c4c0c7a601847538364f6eccf00e72a2c4"><code>7f8cf3c</code></a> chore(tests): bump steady to v0.19.7</li> <li><a href="https://github.com/anthropics/anthropic-sdk-python/commit/0eba0dd8f9590254b91eaadb79e44b792d56d85b"><code>0eba0dd</code></a> chore(ci): skip lint on metadata-only changes</li> <li>Additional commits viewable in <a href="https://github.com/anthropics/anthropic-sdk-python/compare/v0.86.0...v0.87.0">compare view</a></li> </ul> </details> <br /> Updates `langchain-text-splitters` from 1.1.1 to 1.1.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/langchain-ai/langchain/releases">langchain-text-splitters's releases</a>.</em></p> <blockquote> <h2>langchain-text-splitters==1.1.2</h2> <p>Changes since langchain-text-splitters==1.1.1</p> <p>release(text-splitters): 1.1.2 (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36822">#36822</a>) fix(text-splitters): deprecate and use SSRF-safe transport in split_text_from_url (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36821">#36821</a>) chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/text-splitters (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36797">#36797</a>) chore(deps): bump pytest to <code>9.0.3</code> (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36801">#36801</a>) chore: bump pytest from 9.0.2 to 9.0.3 in /libs/text-splitters (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36714">#36714</a>) chore: add comment explaining <code>pygments&gt;=2.20.0</code> (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36570">#36570</a>) release(core): 1.2.26 (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36511">#36511</a>) chore: pygments&gt;=2.20.0 across all packages (CVE-2026-4539) (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36385">#36385</a>) fix(text-splitters): prevent silent data loss for empty dict values in RecursiveJsonSplitter (<a href="https://redirect.github.com/langchain-ai/langchain/issues/35079">#35079</a>) feat(text-splitters): support spacy tests with Python 3.14 (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36198">#36198</a>) fix(infra): correct lint_diff relative paths in package makefiles (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36333">#36333</a>) chore: bump requests from 2.32.5 to 2.33.0 in /libs/text-splitters (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36238">#36238</a>) chore: bump nltk from 3.9.3 to 3.9.4 in /libs/text-splitters (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36237">#36237</a>) chore(partners): bump <code>langchain-core</code> min to <code>1.2.21</code> (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36183">#36183</a>) chore(text-splitters): bump nltk in lock file (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36112">#36112</a>) ci: suppress pytest streaming output in CI (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36092">#36092</a>) chore(text-splitters): speed up ci (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36050">#36050</a>) ci: avoid unnecessary dep installs in lint targets (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36046">#36046</a>) chore: bump orjson from 3.11.5 to 3.11.6 in /libs/text-splitters (<a href="https://redirect.github.com/langchain-ai/langchain/issues/35856">#35856</a>) chore: bump locks, lint (<a href="https://redirect.github.com/langchain-ai/langchain/issues/35985">#35985</a>) perf(.github): set a timeout on get min versions HTTP calls (<a href="https://redirect.github.com/langchain-ai/langchain/issues/35851">#35851</a>) chore: bump tornado from 6.5.2 to 6.5.5 in /libs/text-splitters (<a href="https://redirect.github.com/langchain-ai/langchain/issues/35774">#35774</a>) chore: bump the minor-and-patch group across 3 directories with 3 updates (<a href="https://redirect.github.com/langchain-ai/langchain/issues/35589">#35589</a>) chore: bump the other-deps group across 3 directories with 2 updates (<a href="https://redirect.github.com/langchain-ai/langchain/issues/35512">#35512</a>) chore: bump nltk from 3.9.2 to 3.9.3 in /libs/text-splitters (<a href="https://redirect.github.com/langchain-ai/langchain/issues/35449">#35449</a>) chore: bump the other-deps group across 3 directories with 2 updates (<a href="https://redirect.github.com/langchain-ai/langchain/issues/35407">#35407</a>)</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/langchain-ai/langchain/commit/58c4e5bbdd9d18d7fe7ec83b5a05477d06fe2a8e"><code>58c4e5b</code></a> release(text-splitters): 1.1.2 (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36822">#36822</a>)</li> <li><a href="https://github.com/langchain-ai/langchain/commit/c289bf10e940e960a132d7403482283114063063"><code>c289bf1</code></a> fix(text-splitters): deprecate and use SSRF-safe transport in split_text_from...</li> <li><a href="https://github.com/langchain-ai/langchain/commit/b7447c6969fc928ec3f29c200e2e56c0a46c4c77"><code>b7447c6</code></a> fix(infra): skip serdes tests in min-version release step (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36818">#36818</a>)</li> <li><a href="https://github.com/langchain-ai/langchain/commit/41c0cc58b0dac82000d24715f7a4b44dc8b01fd3"><code>41c0cc5</code></a> release(openai): 1.1.14 (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36820">#36820</a>)</li> <li><a href="https://github.com/langchain-ai/langchain/commit/0516156ef98f5001129f6d47bc8682d6536d58fb"><code>0516156</code></a> fix(openai): use SSRF-safe transport for image token counting (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36819">#36819</a>)</li> <li><a href="https://github.com/langchain-ai/langchain/commit/338aa8131a8124e7aa1e042616ccd2366ff9f699"><code>338aa81</code></a> fix(core): restore cloud metadata IPs and link-local range in SSRF policy (<a href="https://redirect.github.com/langchain-ai/langchain/issues/3">#3</a>...</li> <li><a href="https://github.com/langchain-ai/langchain/commit/51e954877efd2d2c3c5bf09364dcfec8794eadb0"><code>51e9548</code></a> chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/text-splitters (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36797">#36797</a>)</li> <li><a href="https://github.com/langchain-ai/langchain/commit/e85c418cfa559d4a794ddc6db92c6febab44651c"><code>e85c418</code></a> chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/model-profiles (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36798">#36798</a>)</li> <li><a href="https://github.com/langchain-ai/langchain/commit/789126e6c78ad74664bea26228dda6e72e135dce"><code>789126e</code></a> chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/standard-tests (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36799">#36799</a>)</li> <li><a href="https://github.com/langchain-ai/langchain/commit/937b3eb3827551d17ee4736f9acc4aa57e88c716"><code>937b3eb</code></a> chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/langchain_v1 (<a href="https://redirect.github.com/langchain-ai/langchain/issues/36800">#36800</a>)</li> <li>Additional commits viewable in <a href="https://github.com/langchain-ai/langchain/compare/langchain-text-splitters==1.1.1...langchain-text-splitters==1.1.2">compare view</a></li> </ul> </details> <br /> Updates `pypdf` from 6.7.5 to 6.10.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/py-pdf/pypdf/releases">pypdf's releases</a>.</em></p> <blockquote> <h2>Version 6.10.2, 2026-04-15</h2> <h2>What's new</h2> <h3>Security (SEC)</h3> <ul> <li>Do not rely on possibly invalid /Size for incremental cloning (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3735">#3735</a>) by <a href="https://github.com/stefan6419846"><code>@​stefan6419846</code></a></li> <li>Introduce limits for FlateDecode parameters and image decoding (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3734">#3734</a>) by <a href="https://github.com/stefan6419846"><code>@​stefan6419846</code></a></li> </ul> <p><a href="https://github.com/py-pdf/pypdf/compare/6.10.1...6.10.2">Full Changelog</a></p> <h2>Version 6.10.1, 2026-04-14</h2> <h2>What's new</h2> <h3>Security (SEC)</h3> <ul> <li>Limit the allowed size of xref and object streams (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3733">#3733</a>) by <a href="https://github.com/stefan6419846"><code>@​stefan6419846</code></a></li> </ul> <h3>Robustness (ROB)</h3> <ul> <li>Consider strict mode setting for decryption errors (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3731">#3731</a>) by <a href="https://github.com/stefan6419846"><code>@​stefan6419846</code></a></li> </ul> <h3>Documentation (DOC)</h3> <ul> <li>Use new parameter names for compress_identical_objects by <a href="https://github.com/stefan6419846"><code>@​stefan6419846</code></a></li> </ul> <p><a href="https://github.com/py-pdf/pypdf/compare/6.10.0...6.10.1">Full Changelog</a></p> <h2>Version 6.10.0, 2026-04-10</h2> <h2>What's new</h2> <h3>Security (SEC)</h3> <ul> <li>Disallow custom XML entity declarations for XMP metadata (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3724">#3724</a>) by <a href="https://github.com/stefan6419846"><code>@​stefan6419846</code></a></li> </ul> <h3>New Features (ENH)</h3> <ul> <li>Skip MD5 key derivation for AES-256 encrypted PDFs (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3694">#3694</a>) by <a href="https://github.com/Ygnas"><code>@​Ygnas</code></a></li> </ul> <h3>Bug Fixes (BUG)</h3> <ul> <li>Use remove_orphans in compress_identical_objects (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3310">#3310</a>) by <a href="https://github.com/j-t-1"><code>@​j-t-1</code></a></li> <li>Fix PdfReadError when xref table contains comments before trailer (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3710">#3710</a>) by <a href="https://github.com/rassie"><code>@​rassie</code></a></li> <li>Correctly verify AES padding during decryption (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3699">#3699</a>) by <a href="https://github.com/stefan6419846"><code>@​stefan6419846</code></a></li> <li>Fix stale object cache from non-authoritative object streams (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3698">#3698</a>) by <a href="https://github.com/astahlman"><code>@​astahlman</code></a></li> <li>Fix extract_links pairing when annotations include non-links (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3687">#3687</a>) by <a href="https://github.com/ReinerBRO"><code>@​ReinerBRO</code></a></li> </ul> <h3>Documentation (DOC)</h3> <ul> <li>Add AI policy (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3717">#3717</a>) by <a href="https://github.com/stefan6419846"><code>@​stefan6419846</code></a></li> </ul> <p><a href="https://github.com/py-pdf/pypdf/compare/6.9.2...6.10.0">Full Changelog</a></p> <h2>Version 6.9.2, 2026-03-23</h2> <h2>What's new</h2> <h3>Security (SEC)</h3> <ul> <li>Avoid infinite loop in read_from_stream for broken files (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3693">#3693</a>) by <a href="https://github.com/stefan6419846"><code>@​stefan6419846</code></a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md">pypdf's changelog</a>.</em></p> <blockquote> <h2>Version 6.10.2, 2026-04-15</h2> <h3>Security (SEC)</h3> <ul> <li>Do not rely on possibly invalid /Size for incremental cloning (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3735">#3735</a>)</li> <li>Introduce limits for FlateDecode parameters and image decoding (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3734">#3734</a>)</li> </ul> <p><a href="https://github.com/py-pdf/pypdf/compare/6.10.1...6.10.2">Full Changelog</a></p> <h2>Version 6.10.1, 2026-04-14</h2> <h3>Security (SEC)</h3> <ul> <li>Limit the allowed size of xref and object streams (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3733">#3733</a>)</li> </ul> <h3>Robustness (ROB)</h3> <ul> <li>Consider strict mode setting for decryption errors (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3731">#3731</a>)</li> </ul> <h3>Documentation (DOC)</h3> <ul> <li>Use new parameter names for compress_identical_objects</li> </ul> <p><a href="https://github.com/py-pdf/pypdf/compare/6.10.0...6.10.1">Full Changelog</a></p> <h2>Version 6.10.0, 2026-04-10</h2> <h3>Security (SEC)</h3> <ul> <li>Disallow custom XML entity declarations for XMP metadata (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3724">#3724</a>)</li> </ul> <h3>New Features (ENH)</h3> <ul> <li>Skip MD5 key derivation for AES-256 encrypted PDFs (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3694">#3694</a>)</li> </ul> <h3>Bug Fixes (BUG)</h3> <ul> <li>Use remove_orphans in compress_identical_objects (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3310">#3310</a>)</li> <li>Fix PdfReadError when xref table contains comments before trailer (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3710">#3710</a>)</li> <li>Correctly verify AES padding during decryption (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3699">#3699</a>)</li> <li>Fix stale object cache from non-authoritative object streams (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3698">#3698</a>)</li> <li>Fix extract_links pairing when annotations include non-links (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3687">#3687</a>)</li> </ul> <h3>Documentation (DOC)</h3> <ul> <li>Add AI policy (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3717">#3717</a>)</li> </ul> <p><a href="https://github.com/py-pdf/pypdf/compare/6.9.2...6.10.0">Full Changelog</a></p> <h2>Version 6.9.2, 2026-03-23</h2> <h3>Security (SEC)</h3> <ul> <li>Avoid infinite loop in read_from_stream for broken files (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3693">#3693</a>)</li> </ul> <h3>Robustness (ROB)</h3> <ul> <li>Resolve UnboundLocalError for xobjs in _get_image (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3684">#3684</a>)</li> </ul> <p><a href="https://github.com/py-pdf/pypdf/compare/6.9.1...6.9.2">Full Changelog</a></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/py-pdf/pypdf/commit/c476b4f293c8ef4cac07dfb755e5582d838fcdc0"><code>c476b4f</code></a> REL: 6.10.2</li> <li><a href="https://github.com/py-pdf/pypdf/commit/c50a0104cf083356f7c7f5d61410466a57f5c88a"><code>c50a010</code></a> SEC: Do not rely on possibly invalid /Size for incremental cloning (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3735">#3735</a>)</li> <li><a href="https://github.com/py-pdf/pypdf/commit/ac734dab4eef92bcce50d503949b4d9887d89f11"><code>ac734da</code></a> SEC: Introduce limits for FlateDecode parameters and image decoding (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3734">#3734</a>)</li> <li><a href="https://github.com/py-pdf/pypdf/commit/b49e7eb45422c19b68ac59c51b7699409e74d44e"><code>b49e7eb</code></a> REL: 6.10.1</li> <li><a href="https://github.com/py-pdf/pypdf/commit/62338e9d36419cf193ccec7331784f45df1d70b3"><code>62338e9</code></a> SEC: Limit the allowed size of xref and object streams (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3733">#3733</a>)</li> <li><a href="https://github.com/py-pdf/pypdf/commit/5dcc0aebaa2c732028ea8def2eb9982e324b7c11"><code>5dcc0ae</code></a> DEV: Update pytest-benchmark to 5.2.3</li> <li><a href="https://github.com/py-pdf/pypdf/commit/b42e4aa98ae5c7fdd02558d165d39fe639fdf97d"><code>b42e4aa</code></a> DEV: Update pinned pillow and pytest where possible (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3732">#3732</a>)</li> <li><a href="https://github.com/py-pdf/pypdf/commit/717446b1218a3eb236cb47d1bae2b68451ccb6c0"><code>717446b</code></a> ROB: Consider strict mode setting for decryption errors (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3731">#3731</a>)</li> <li><a href="https://github.com/py-pdf/pypdf/commit/9e461d361b9004da68fc8e6acc4308cce68aa304"><code>9e461d3</code></a> DEV: Bump softprops/action-gh-release from 2 to 3 (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3730">#3730</a>)</li> <li><a href="https://github.com/py-pdf/pypdf/commit/500d09d92fa80a6f1fcdfa46656893efd05e91ff"><code>500d09d</code></a> TST: Update <code>test_embedded_file__basic</code> to use <code>tmp_path</code> fixture (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3726">#3726</a>)</li> <li>Additional commits viewable in <a href="https://github.com/py-pdf/pypdf/compare/6.7.5...6.10.2">compare view</a></li> </ul> </details> <br /> Updates `nltk` from 3.9.3 to 3.9.4 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/nltk/nltk/blob/develop/ChangeLog">nltk's changelog</a>.</em></p> <blockquote> <p>Version 3.9.4 2026-03-24</p> <ul> <li>Support Python 3.14</li> <li>Fix bug in Levenshtein distance when substitution_cost &gt; 2</li> <li>Fix bug in Treebank detokeniser re quote ordering</li> <li>Fix bug in Jaro similarity for empty strings</li> <li>Several security enhancements</li> <li>Fix GHSA-rf74-v2fm-23pw: unbounded recursion in JSONTaggedDecoder</li> <li>Implement TextTiling vocabulary introduction method (Hearst 1997)</li> <li>Fix ALINE feature matrix errors and add comprehensive tests</li> <li>Support multiple VerbNet versions, fix longid/shortid regex for VerbNet ids</li> <li>Let downloader fallback to md5 when sha256 is unavailable</li> <li>Several other minor bugfixes and code cleanups</li> </ul> <p>Thanks to the following contributors to 3.9.4: Min-Yen Kan, Eric Kafe, Emily Voss, bowiechen, Hrudhai01, jancallewaert, Mr-Neutr0n, pollak.peter89, ylwango613,</p> <p>Version 3.9.3 2026-02-21</p> <ul> <li>Fix CVE-2025-14009: secure ZIP extraction in nltk.downloader (<a href="https://redirect.github.com/nltk/nltk/issues/3468">#3468</a>)</li> <li>Block path traversal/arbitrary reads in nltk.data for protocol-less refs (<a href="https://redirect.github.com/nltk/nltk/issues/3467">#3467</a>)</li> <li>Block path traversal/abs paths in corpus readers and FS pointers (<a href="https://redirect.github.com/nltk/nltk/issues/3479">#3479</a>, <a href="https://redirect.github.com/nltk/nltk/issues/3480">#3480</a>)</li> <li>Validate external StanfordSegmenter JARs using SHA256 (<a href="https://redirect.github.com/nltk/nltk/issues/3477">#3477</a>)</li> <li>Add optional sandbox enforcement for filestring() (<a href="https://redirect.github.com/nltk/nltk/issues/3485">#3485</a>)</li> <li>Maintenance: downloader/zipped models, CI/tooling updates</li> </ul> <p>Thanks to the following contributors to 3.9.3: Chris Clauss, Eric Kafe, HyperPS, purificant, Shivansh-Game, Christopher Smith</p> <p>Version 3.9.2 2025-10-01</p> <ul> <li>Update download checksums to use SHA256 in built index</li> <li>Fix percentage escape in new-style string formatting</li> <li>replace shortened URLs using goo.gl</li> <li>Make Wordnet interoperable with various taggers and tagged corpora</li> <li>Fix saving PerceptronTagger</li> <li>Document how to reproduce old Wordnet studies</li> <li>properly initialize Portuguese corpus reader</li> <li>support for mixed rules conversion into Chomsky Normal Form</li> <li>only import tkinter if a GUI is needed</li> <li>issue <a href="https://redirect.github.com/nltk/nltk/issues/2112">#2112</a> with Corenlp</li> <li>new environment variable NLTK_DOWNLOADER_FORCE_INTERACTIVE_SHELL</li> <li>Lesk defaults to most frequent sense in case of ties</li> </ul> <p>Thanks to the following contributors to 3.9.2: Jose Cols, Peter de Blanc, GeneralPoxter, Eric Kafe, William LaCroix, Jason Liu, Samer Masterson, Mike014, purificant, Andrew Ernest Ritz, samertm, Ikram Ul Haq, Christopher Smith, Ryan Mannion</p> <p>Version 3.9.1 2024-08-19</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/nltk/nltk/commit/ad9c96ba00a16923ffe917eacf63f1707bfa2d08"><code>ad9c96b</code></a> Update copyright year</li> <li><a href="https://github.com/nltk/nltk/commit/7edcddfda566627b897397397cc4d10ae91cb86d"><code>7edcddf</code></a> Updates for 3.9.4 release</li> <li><a href="https://github.com/nltk/nltk/commit/67a2736f89b286b028db08bd247134f17a11fc6b"><code>67a2736</code></a> Merge pull request <a href="https://redirect.github.com/nltk/nltk/issues/3180">#3180</a> from yzhaoinuw/bug-on-edit_distance_align</li> <li><a href="https://github.com/nltk/nltk/commit/2b17ac5358a1c8d4b97455766efde0b786e6cdb2"><code>2b17ac5</code></a> Fix edit_distance_align backtrace for high substitution costs</li> <li><a href="https://github.com/nltk/nltk/commit/4b72976a6ff3d180ed4012f11843e611a8f89516"><code>4b72976</code></a> Merge pull request <a href="https://redirect.github.com/nltk/nltk/issues/3018">#3018</a> from JuanIMartinezB/bug/shortid-longid</li> <li><a href="https://github.com/nltk/nltk/commit/8a5619f53a281149e5342b1a00fe05fe2fc6517f"><code>8a5619f</code></a> Merge pull request <a href="https://redirect.github.com/nltk/nltk/issues/3222">#3222</a> from Syzygy2048/feature/texttiling-vocabulary-introd...</li> <li><a href="https://github.com/nltk/nltk/commit/c6574d755e02b6163d9cd1d0b407076940e08864"><code>c6574d7</code></a> Merge pull request <a href="https://redirect.github.com/nltk/nltk/issues/3289">#3289</a> from ihitamandal/codeflash/optimize-windowdiff-2024-...</li> <li><a href="https://github.com/nltk/nltk/commit/98ff5d9eaa1a81511873b9aef857944519c28dc4"><code>98ff5d9</code></a> Merge pull request <a href="https://redirect.github.com/nltk/nltk/issues/3435">#3435</a> from Hrudhai01/fix-3260-detokenize-quotes</li> <li><a href="https://github.com/nltk/nltk/commit/aec4fce1b84ad725b8975f7365b23a4f626572a9"><code>aec4fce</code></a> Merge pull request <a href="https://redirect.github.com/nltk/nltk/issues/3522">#3522</a> from ekaf/pathsec</li> <li><a href="https://github.com/nltk/nltk/commit/eec4ee3591cb9cb8b8c2989f08012608c841d532"><code>eec4ee3</code></a> Merge pull request <a href="https://redirect.github.com/nltk/nltk/issues/3526">#3526</a> from nltk/update-contributing</li> <li>Additional commits viewable in <a href="https://github.com/nltk/nltk/compare/3.9.3...3.9.4">compare view</a></li> </ul> </details> <br /> Updates `pillow` from 12.1.1 to 12.2.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/python-pillow/Pillow/releases">pillow's releases</a>.</em></p> <blockquote> <h2>12.2.0</h2> <p><a href="https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html">https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html</a></p> <h2>Documentation</h2> <ul> <li>Update 12.2.0 release notes <a href="https://redirect.github.com/python-pillow/Pillow/issues/9522">#9522</a> [<a href="https://github.com/hugovk"><code>@​hugovk</code></a>]</li> <li>Add loader plugins: AMOS abk, Atari Degas, 40+ more obscure formats via Netpbm <a href="https://redirect.github.com/python-pillow/Pillow/issues/9482">#9482</a> [<a href="https://github.com/bitplane"><code>@​bitplane</code></a>]</li> <li>Update Python versions <a href="https://redirect.github.com/python-pillow/Pillow/issues/9515">#9515</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Jeffrey A. Clark -&gt; Jeffrey 'Alex' Clark <a href="https://redirect.github.com/python-pillow/Pillow/issues/9513">#9513</a> [<a href="https://github.com/aclark4life"><code>@​aclark4life</code></a>]</li> <li>Add release notes for <a href="https://redirect.github.com/python-pillow/Pillow/issues/9394">#9394</a>, <a href="https://redirect.github.com/python-pillow/Pillow/issues/9419">#9419</a> and <a href="https://redirect.github.com/python-pillow/Pillow/issues/9456">#9456</a> <a href="https://redirect.github.com/python-pillow/Pillow/issues/9467">#9467</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Add Amiga Workbench .info loader to 3rd party plugins list <a href="https://redirect.github.com/python-pillow/Pillow/issues/9459">#9459</a> [<a href="https://github.com/bitplane"><code>@​bitplane</code></a>]</li> <li>Merge PFM documentation into PPM <a href="https://redirect.github.com/python-pillow/Pillow/issues/9434">#9434</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Update macOS tested Pillow versions <a href="https://redirect.github.com/python-pillow/Pillow/issues/9431">#9431</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Fix CVE number <a href="https://redirect.github.com/python-pillow/Pillow/issues/9430">#9430</a> [<a href="https://github.com/hugovk"><code>@​hugovk</code></a>]</li> </ul> <h2>Dependencies</h2> <ul> <li>Update xz to 5.8.3 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9523">#9523</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Update libjpeg-turbo to 3.1.4.1 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9507">#9507</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Update libpng to 1.6.56 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9499">#9499</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Update freetype to 2.14.3 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9485">#9485</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Updated libavif to 1.4.1 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9479">#9479</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Updated harfbuzz to 13.2.1 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9461">#9461</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Update Ghostscript to 10.7.0 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9469">#9469</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Update harfbuzz to 13.0.1 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9453">#9453</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Update libavif to 1.4.0 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9460">#9460</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Update freetype to 2.14.2 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9449">#9449</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Update actions/download-artifact action to v8 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9451">#9451</a> [@<a href="https://github.com/apps/renovate">renovate[bot]</a>]</li> <li>Updated libpng to 1.6.55 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9425">#9425</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> </ul> <h2>Testing</h2> <ul> <li>Cleanup .spider extension in the same test where it is added <a href="https://redirect.github.com/python-pillow/Pillow/issues/9517">#9517</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Run tests in parallel via tox for 3.5x speedup <a href="https://redirect.github.com/python-pillow/Pillow/issues/9516">#9516</a> [<a href="https://github.com/hugovk"><code>@​hugovk</code></a>]</li> <li>Enable colour in CI logs <a href="https://redirect.github.com/python-pillow/Pillow/issues/9486">#9486</a> [<a href="https://github.com/hugovk"><code>@​hugovk</code></a>]</li> <li>Update Ghostscript to 10.7.0 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9469">#9469</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Simplify TGA test code <a href="https://redirect.github.com/python-pillow/Pillow/issues/9477">#9477</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Update tests to check for ValueError when encoding an empty image <a href="https://redirect.github.com/python-pillow/Pillow/issues/9464">#9464</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Upgrade CI from <code>macos-15-intel</code> to <code>macos-26-intel</code> <a href="https://redirect.github.com/python-pillow/Pillow/issues/9454">#9454</a> [<a href="https://github.com/hugovk"><code>@​hugovk</code></a>]</li> <li>Add check-case-conflict hook <a href="https://redirect.github.com/python-pillow/Pillow/issues/9446">#9446</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Specify platform when pulling docker image <a href="https://redirect.github.com/python-pillow/Pillow/issues/9440">#9440</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>GHA: Cache libavif and webp builds for Ubuntu <a href="https://redirect.github.com/python-pillow/Pillow/issues/9437">#9437</a> [<a href="https://github.com/hugovk"><code>@​hugovk</code></a>]</li> <li>Update macOS tested Pillow versions <a href="https://redirect.github.com/python-pillow/Pillow/issues/9431">#9431</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> </ul> <h2>Other changes</h2> <ul> <li>Check calloc return value <a href="https://redirect.github.com/python-pillow/Pillow/issues/9527">#9527</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Check all allocs in the Arrow tree <a href="https://redirect.github.com/python-pillow/Pillow/issues/9488">#9488</a> [<a href="https://github.com/wiredfool"><code>@​wiredfool</code></a>]</li> <li>Reject non-numeric elements inside list coords <a href="https://redirect.github.com/python-pillow/Pillow/issues/9526">#9526</a> [<a href="https://github.com/hugovk"><code>@​hugovk</code></a>]</li> <li>Move variable declaration inside define <a href="https://redirect.github.com/python-pillow/Pillow/issues/9525">#9525</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/python-pillow/Pillow/commit/3c41c095064200a02672d89cc5ff629eaf4b0d4f"><code>3c41c09</code></a> 12.2.0 version bump</li> <li><a href="https://github.com/python-pillow/Pillow/commit/cdaa29eb520291c4f1fb50fb71ae46502d41e460"><code>cdaa29e</code></a> Check calloc return value (<a href="https://redirect.github.com/python-pillow/Pillow/issues/9527">#9527</a>)</li> <li><a href="https://github.com/python-pillow/Pillow/commit/585b2f5a780722c8a5bfffb3a40f7f42e8a205be"><code>585b2f5</code></a> Check calloc return value</li> <li><a href="https://github.com/python-pillow/Pillow/commit/ecf011ea15991d4cebacd946e58270cc30b0f2c1"><code>ecf011e</code></a> Check all allocs in the Arrow tree (<a href="https://redirect.github.com/python-pillow/Pillow/issues/9488">#9488</a>)</li> <li><a href="https://github.com/python-pillow/Pillow/commit/cf6de8ca9b23e714aa5310e1c791eda66fc0b670"><code>cf6de8c</code></a> Reject non-numeric elements inside list coords (<a href="https://redirect.github.com/python-pillow/Pillow/issues/9526">#9526</a>)</li> <li><a href="https://github.com/python-pillow/Pillow/commit/ffdcede6516b28d9667c92929854023d17048b64"><code>ffdcede</code></a> Update 12.2.0 release notes (<a href="https://redirect.github.com/python-pillow/Pillow/issues/9522">#9522</a>)</li> <li><a href="https://github.com/python-pillow/Pillow/commit/7929d7760fe5a307ba5ae6eabdf70ae4486b147c"><code>7929d77</code></a> Added security release notes (<a href="https://redirect.github.com/python-pillow/Pillow/issues/149">#149</a>)</li> <li><a href="https://github.com/python-pillow/Pillow/commit/c4f7aa5dfb4dbd1242978ac235e01b9934ec6d3c"><code>c4f7aa5</code></a> Added security release notes</li> <li><a href="https://github.com/python-pillow/Pillow/commit/22cdb5f2e4b15250c06563b1124ac1667342712f"><code>22cdb5f</code></a> Move variable declaration inside define (<a href="https://redirect.github.com/python-pillow/Pillow/issues/9525">#9525</a>)</li> <li><a href="https://github.com/python-pillow/Pillow/commit/fc15b3b01899408ec989d7804c5283e13802d057"><code>fc15b3b</code></a> Resize tall images vertically first (<a href="https://redirect.github.com/python-pillow/Pillow/issues/9524">#9524</a>)</li> <li>Additional commits viewable in <a href="https://github.com/python-pillow/Pillow/compare/12.1.1...12.2.0">compare view</a></li> </ul> </details> <br /> Updates `pytest` from 8.3.4 to 9.0.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pytest-dev/pytest/releases">pytest's releases</a>.</em></p> <blockquote> <h2>9.0.3</h2> <h1>pytest 9.0.3 (2026-04-07)</h1> <h2>Bug fixes</h2> <ul> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/12444">#12444</a>: Fixed <code>pytest.approx</code> which now correctly takes into account <code>~collections.abc.Mapping</code> keys order to compare them.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/13634">#13634</a>: Blocking a <code>conftest.py</code> file using the <code>-p no:</code> option is now explicitly disallowed.</p> <p>Previously this resulted in an internal assertion failure during plugin loading.</p> <p>Pytest now raises a clear <code>UsageError</code> explaining that conftest files are not plugins and cannot be disabled via <code>-p</code>.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/13734">#13734</a>: Fixed crash when a test raises an exceptiongroup with <code>__tracebackhide__ = True</code>.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/14195">#14195</a>: Fixed an issue where non-string messages passed to <!-- raw HTML omitted -->unittest.TestCase.subTest()<!-- raw HTML omitted --> were not printed.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/14343">#14343</a>: Fixed use of insecure temporary directory (CVE-2025-71176).</p> </li> </ul> <h2>Improved documentation</h2> <ul> <li><a href="https://redirect.github.com/pytest-dev/pytest/issues/13388">#13388</a>: Clarified documentation for <code>-p</code> vs <code>PYTEST_PLUGINS</code> plugin loading and fixed an incorrect <code>-p</code> example.</li> <li><a href="https://redirect.github.com/pytest-dev/pytest/issues/13731">#13731</a>: Clarified that capture fixtures (e.g. <code>capsys</code> and <code>capfd</code>) take precedence over the <code>-s</code> / <code>--capture=no</code> command-line options in <code>Accessing captured output from a test function &lt;accessing-captured-output&gt;</code>.</li> <li><a href="https://redirect.github.com/pytest-dev/pytest/issues/14088">#14088</a>: Clarified that the default <code>pytest_collection</code> hook sets <code>session.items</code> before it calls <code>pytest_collection_finish</code>, not after.</li> <li><a href="https://redirect.github.com/pytest-dev/pytest/issues/14255">#14255</a>: TOML integer log levels must be quoted: Updating reference documentation.</li> </ul> <h2>Contributor-facing changes</h2> <ul> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/12689">#12689</a>: The test reports are now published to Codecov from GitHub Actions. The test statistics is visible <a href="https://app.codecov.io/gh/pytest-dev/pytest/tests">on the web interface</a>.</p> <p>-- by <code>aleguy02</code></p> </li> </ul> <h2>9.0.2</h2> <h1>pytest 9.0.2 (2025-12-06)</h1> <h2>Bug fixes</h2> <ul> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/13896">#13896</a>: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.</p> <p>You may enable it again by passing <code>-p terminalprogress</code>. We may enable it by default again once compatibility improves in the future.</p> <p>Additionally, when the environment variable <code>TERM</code> is <code>dumb</code>, the escape codes are no longer emitted, even if the plugin is enabled.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/13904">#13904</a>: Fixed the TOML type of the <code>tmp_path_retention_count</code> settings in the API reference from number to string.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/13946">#13946</a>: The private <code>config.inicfg</code> attribute was changed in a breaking manner in pytest 9.0.0. Due to its usage in the ecosystem, it is now restored to working order using a compatibility shim. It will be deprecated in pytest 9.1 and removed in pytest 10.</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e"><code>a7d58d7</code></a> Prepare release version 9.0.3</li> <li><a href="https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22"><code>089d981</code></a> Merge pull request <a href="https://redirect.github.com/pytest-dev/pytest/issues/14366">#14366</a> from bluetech/revert-14193-backport</li> <li><a href="https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac"><code>8127eaf</code></a> Revert &quot;Fix: assertrepr_compare respects dict insertion order (<a href="https://redirect.github.com/pytest-dev/pytest/issues/14050">#14050</a>) (<a href="https://redirect.github.com/pytest-dev/pytest/issues/14193">#14193</a>)&quot;</li> <li><a href="https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241"><code>99a7e60</code></a> Merge pull request <a href="https://redirect.github.com/pytest-dev/pytest/issues/14363">#14363</a> from pytest-dev/patchback/backports/9.0.x/95d8423bd...</li> <li><a href="https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95"><code>ddee02a</code></a> Merge pull request <a href="https://redirect.github.com/pytest-dev/pytest/issues/14343">#14343</a> from bluetech/cve-2025-71176-simple</li> <li><a href="https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619"><code>74eac69</code></a> doc: Update training info (<a href="https://redirect.github.com/pytest-dev/pytest/issues/14298">#14298</a>) (<a href="https://redirect.github.com/pytest-dev/pytest/issues/14301">#14301</a>)</li> <li><a href="https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869"><code>f92dee7</code></a> Merge pull request <a href="https://redirect.github.com/pytest-dev/pytest/issues/14267">#14267</a> from pytest-dev/patchback/backports/9.0.x/d6fa26c62...</li> <li><a href="https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439"><code>7ee58ac</code></a> Merge pull request <a href="https://redirect.github.com/pytest-dev/pytest/issues/12378">#12378</a> from Pierre-Sassoulas/fix-implicit-str-concat-and-d...</li> <li><a href="https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8"><code>37da870</code></a> Merge pull request <a href="https://redirect.github.com/pytest-dev/pytest/issues/14259">#14259</a> from mitre88/patch-4 (<a href="https://redirect.github.com/pytest-dev/pytest/issues/14268">#14268</a>)</li> <li><a href="https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed"><code>c34bfa3</code></a> Add explanation for string context diffs (<a href="https://redirect.github.com/pytest-dev/pytest/issues/14257">#14257</a>) (<a href="https://redirect.github.com/pytest-dev/pytest/issues/14266">#14266</a>)</li> <li>Additional commits viewable in <a href="https://github.com/pytest-dev/pytest/compare/8.3.4...9.0.3">compare view</a></li> </ul> </details> <br /> Updates `ecdsa` from 0.19.0 to 0.19.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tlsfuzzer/python-ecdsa/releases">ecdsa's releases</a>.</em></p> <blockquote> <h2>0.19.2</h2> <p>Bug fixes:</p> <ul> <li>Fix CVE-2026-33936, a DER parsing issue in <code>remove_octet_string()</code>, <code>remove_constructed()</code>, and <code>remove_implitic()</code> where a truncated buffer wasn't detected. This can lead to high level functions, like <code>SigningKey.from_der()</code> to raise unexpected exceptions. (Mohamed Abdelaal (0xmrma))</li> </ul> <p>Maintenance:</p> <ul> <li>Update CI to use newer version of Ubuntu.</li> </ul> <h2>ecdsa 0.19.1</h2> <p>New API:</p> <ul> <li><code>der.remove_implicit</code> and <code>der.encode_implicit</code> for decoding and encoding DER IMPLICIT values with custom tag values and arbitrary classes</li> </ul> <p>Bug fixes:</p> <ul> <li>Minor fixes around arithmetic with curves that have non-prime order (useful for experimentatio... _Description has been truncated_ --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-04-30 03:12:27 -05:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#50485
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?