develop
777 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Devon Hudson
|
df24e0f302 |
Fix support for older versions of zope-interface (#19274)
Fixes #19269 Versions of zope-interface from RHEL, Ubuntu LTS 22 & 24 and OpenSuse don't support the new python union `X | Y` syntax for interfaces. This PR partially reverts the change over to fully use the new syntax, adds a minimum supported version of zope-interface to Synapse's dependency list, and removes the linter auto-upgrades which prefer the newer syntax. ### Pull Request Checklist <!-- Please read https://element-hq.github.io/synapse/latest/development/contributing_guide.html before submitting your pull request --> * [X] Pull request is based on the develop branch * [X] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [X] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters)) --------- Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> |
||
|
Devon Hudson
|
cdf286d405 |
Use uv to test full set of minimum deps in CI (#19289)
Stemming from #19274 this updates the `olddeps` CI to test against not just the minimum version of our explicit dependencies, but also the minimum version of all implicit (transitive) dependencies that are pulled in from the explicit dependencies themselves. ### Pull Request Checklist <!-- Please read https://element-hq.github.io/synapse/latest/development/contributing_guide.html before submitting your pull request --> * [X] Pull request is based on the develop branch * [X] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [X] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters)) |
||
|
dependabot[bot]
|
ba774e2311 |
Bump ruff from 0.14.5 to 0.14.6 in the minor-and-patches group across 1 directory (#19296)
Bumps the minor-and-patches group with 1 update in the / directory: [ruff](https://github.com/astral-sh/ruff). Updates `ruff` from 0.14.5 to 0.14.6 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/astral-sh/ruff/releases">ruff's releases</a>.</em></p> <blockquote> <h2>0.14.6</h2> <h2>Release Notes</h2> <p>Released on 2025-11-21.</p> <h3>Preview features</h3> <ul> <li>[<code>flake8-bandit</code>] Support new PySNMP API paths (<code>S508</code>, <code>S509</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/21374">#21374</a>)</li> </ul> <h3>Bug fixes</h3> <ul> <li>Adjust own-line comment placement between branches (<a href="https://redirect.github.com/astral-sh/ruff/pull/21185">#21185</a>)</li> <li>Avoid syntax error when formatting attribute expressions with outer parentheses, parenthesized value, and trailing comment on value (<a href="https://redirect.github.com/astral-sh/ruff/pull/20418">#20418</a>)</li> <li>Fix panic when formatting comments in unary expressions (<a href="https://redirect.github.com/astral-sh/ruff/pull/21501">#21501</a>)</li> <li>Respect <code>fmt: skip</code> for compound statements on a single line (<a href="https://redirect.github.com/astral-sh/ruff/pull/20633">#20633</a>)</li> <li>[<code>refurb</code>] Fix <code>FURB103</code> autofix (<a href="https://redirect.github.com/astral-sh/ruff/pull/21454">#21454</a>)</li> <li>[<code>ruff</code>] Fix false positive for complex conversion specifiers in <code>logging-eager-conversion</code> (<code>RUF065</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/21464">#21464</a>)</li> </ul> <h3>Rule changes</h3> <ul> <li>[<code>ruff</code>] Avoid false positive on <code>ClassVar</code> reassignment (<code>RUF012</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/21478">#21478</a>)</li> </ul> <h3>CLI</h3> <ul> <li>Render hyperlinks for lint errors (<a href="https://redirect.github.com/astral-sh/ruff/pull/21514">#21514</a>)</li> <li>Add a <code>ruff analyze</code> option to skip over imports in <code>TYPE_CHECKING</code> blocks (<a href="https://redirect.github.com/astral-sh/ruff/pull/21472">#21472</a>)</li> </ul> <h3>Documentation</h3> <ul> <li>Limit <code>eglot-format</code> hook to eglot-managed Python buffers (<a href="https://redirect.github.com/astral-sh/ruff/pull/21459">#21459</a>)</li> <li>Mention <code>force-exclude</code> in "Configuration > Python file discovery" (<a href="https://redirect.github.com/astral-sh/ruff/pull/21500">#21500</a>)</li> </ul> <h3>Contributors</h3> <ul> <li><a href="https://github.com/ntBre"><code>@ntBre</code></a></li> <li><a href="https://github.com/dylwil3"><code>@dylwil3</code></a></li> <li><a href="https://github.com/gauthsvenkat"><code>@gauthsvenkat</code></a></li> <li><a href="https://github.com/MichaReiser"><code>@MichaReiser</code></a></li> <li><a href="https://github.com/thamer"><code>@thamer</code></a></li> <li><a href="https://github.com/Ruchir28"><code>@Ruchir28</code></a></li> <li><a href="https://github.com/thejcannon"><code>@thejcannon</code></a></li> <li><a href="https://github.com/danparizher"><code>@danparizher</code></a></li> <li><a href="https://github.com/chirizxc"><code>@chirizxc</code></a></li> </ul> <h2>Install ruff 0.14.6</h2> <h3>Install prebuilt binaries via shell script</h3> <pre lang="sh"><code>curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/ruff/releases/download/0.14.6/ruff-installer.sh | sh </tr></table> </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md">ruff's changelog</a>.</em></p> <blockquote> <h2>0.14.6</h2> <p>Released on 2025-11-21.</p> <h3>Preview features</h3> <ul> <li>[<code>flake8-bandit</code>] Support new PySNMP API paths (<code>S508</code>, <code>S509</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/21374">#21374</a>)</li> </ul> <h3>Bug fixes</h3> <ul> <li>Adjust own-line comment placement between branches (<a href="https://redirect.github.com/astral-sh/ruff/pull/21185">#21185</a>)</li> <li>Avoid syntax error when formatting attribute expressions with outer parentheses, parenthesized value, and trailing comment on value (<a href="https://redirect.github.com/astral-sh/ruff/pull/20418">#20418</a>)</li> <li>Fix panic when formatting comments in unary expressions (<a href="https://redirect.github.com/astral-sh/ruff/pull/21501">#21501</a>)</li> <li>Respect <code>fmt: skip</code> for compound statements on a single line (<a href="https://redirect.github.com/astral-sh/ruff/pull/20633">#20633</a>)</li> <li>[<code>refurb</code>] Fix <code>FURB103</code> autofix (<a href="https://redirect.github.com/astral-sh/ruff/pull/21454">#21454</a>)</li> <li>[<code>ruff</code>] Fix false positive for complex conversion specifiers in <code>logging-eager-conversion</code> (<code>RUF065</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/21464">#21464</a>)</li> </ul> <h3>Rule changes</h3> <ul> <li>[<code>ruff</code>] Avoid false positive on <code>ClassVar</code> reassignment (<code>RUF012</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/21478">#21478</a>)</li> </ul> <h3>CLI</h3> <ul> <li>Render hyperlinks for lint errors (<a href="https://redirect.github.com/astral-sh/ruff/pull/21514">#21514</a>)</li> <li>Add a <code>ruff analyze</code> option to skip over imports in <code>TYPE_CHECKING</code> blocks (<a href="https://redirect.github.com/astral-sh/ruff/pull/21472">#21472</a>)</li> </ul> <h3>Documentation</h3> <ul> <li>Limit <code>eglot-format</code> hook to eglot-managed Python buffers (<a href="https://redirect.github.com/astral-sh/ruff/pull/21459">#21459</a>)</li> <li>Mention <code>force-exclude</code> in "Configuration > Python file discovery" (<a href="https://redirect.github.com/astral-sh/ruff/pull/21500">#21500</a>)</li> </ul> <h3>Contributors</h3> <ul> <li><a href="https://github.com/ntBre"><code>@ntBre</code></a></li> <li><a href="https://github.com/dylwil3"><code>@dylwil3</code></a></li> <li><a href="https://github.com/gauthsvenkat"><code>@gauthsvenkat</code></a></li> <li><a href="https://github.com/MichaReiser"><code>@MichaReiser</code></a></li> <li><a href="https://github.com/thamer"><code>@thamer</code></a></li> <li><a href="https://github.com/Ruchir28"><code>@Ruchir28</code></a></li> <li><a href="https://github.com/thejcannon"><code>@thejcannon</code></a></li> <li><a href="https://github.com/danparizher"><code>@danparizher</code></a></li> <li><a href="https://github.com/chirizxc"><code>@chirizxc</code></a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
09fd2645c2 |
Bump urllib3 from 2.5.0 to 2.6.0 (#19282)
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.5.0 to 2.6.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/releases">urllib3's releases</a>.</em></p> <blockquote> <h2>2.6.0</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h2>Security</h2> <ul> <li>Fixed a security issue where streaming API could improperly handle highly compressed HTTP content ("decompression bombs") leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (CVE-2025-66471 reported by <a href="https://github.com/Cycloctane"><code>@Cycloctane</code></a>, 8.9 High, GHSA-2xpw-w6gg-jr37)</li> <li>Fixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the <code>Content-Encoding</code> header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (CVE-2025-66418 reported by <a href="https://github.com/illia-v"><code>@illia-v</code></a>, 8.9 High, GHSA-gm62-xv2j-4w53)</li> </ul> <blockquote> <p>[!IMPORTANT]</p> <ul> <li>If urllib3 is not installed with the optional <code>urllib3[brotli]</code> extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to benefit from the security fixes and avoid warnings. Prefer using <code>urllib3[brotli]</code> to install a compatible Brotli package automatically.</li> <li>If you use custom decompressors, please make sure to update them to respect the changed API of <code>urllib3.response.ContentDecoder</code>.</li> </ul> </blockquote> <h2>Features</h2> <ul> <li>Enabled retrieval, deletion, and membership testing in <code>HTTPHeaderDict</code> using bytes keys. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3653">#3653</a>)</li> <li>Added host and port information to string representations of <code>HTTPConnection</code>. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3666">#3666</a>)</li> <li>Added support for Python 3.14 free-threading builds explicitly. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3696">#3696</a>)</li> </ul> <h2>Removals</h2> <ul> <li>Removed the <code>HTTPResponse.getheaders()</code> method in favor of <code>HTTPResponse.headers</code>. Removed the <code>HTTPResponse.getheader(name, default)</code> method in favor of <code>HTTPResponse.headers.get(name, default)</code>. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3622">#3622</a>)</li> </ul> <h2>Bugfixes</h2> <ul> <li>Fixed redirect handling in <code>urllib3.PoolManager</code> when an integer is passed for the retries parameter. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3649">#3649</a>)</li> <li>Fixed <code>HTTPConnectionPool</code> when used in Emscripten with no explicit port. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3664">#3664</a>)</li> <li>Fixed handling of <code>SSLKEYLOGFILE</code> with expandable variables. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3700">#3700</a>)</li> </ul> <h2>Misc</h2> <ul> <li>Changed the <code>zstd</code> extra to install <code>backports.zstd</code> instead of <code>zstandard</code> on Python 3.13 and before. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3693">#3693</a>)</li> <li>Improved the performance of content decoding by optimizing <code>BytesQueueBuffer</code> class. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3710">#3710</a>)</li> <li>Allowed building the urllib3 package with newer setuptools-scm v9.x. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3652">#3652</a>)</li> <li>Ensured successful urllib3 builds by setting Hatchling requirement to ≥ 1.27.0. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3638">#3638</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's changelog</a>.</em></p> <blockquote> <h1>2.6.0 (2025-12-05)</h1> <h2>Security</h2> <ul> <li>Fixed a security issue where streaming API could improperly handle highly compressed HTTP content ("decompression bombs") leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (<code>GHSA-2xpw-w6gg-jr37 <https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37></code>__)</li> <li>Fixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the <code>Content-Encoding</code> header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (<code>GHSA-gm62-xv2j-4w53 <https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53></code>__)</li> </ul> <p>.. caution::</p> <ul> <li> <p>If urllib3 is not installed with the optional <code>urllib3[brotli]</code> extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to benefit from the security fixes and avoid warnings. Prefer using <code>urllib3[brotli]</code> to install a compatible Brotli package automatically.</p> </li> <li> <p>If you use custom decompressors, please make sure to update them to respect the changed API of <code>urllib3.response.ContentDecoder</code>.</p> </li> </ul> <h2>Features</h2> <ul> <li>Enabled retrieval, deletion, and membership testing in <code>HTTPHeaderDict</code> using bytes keys. (<code>[#3653](https://github.com/urllib3/urllib3/issues/3653) <https://github.com/urllib3/urllib3/issues/3653></code>__)</li> <li>Added host and port information to string representations of <code>HTTPConnection</code>. (<code>[#3666](https://github.com/urllib3/urllib3/issues/3666) <https://github.com/urllib3/urllib3/issues/3666></code>__)</li> <li>Added support for Python 3.14 free-threading builds explicitly. (<code>[#3696](https://github.com/urllib3/urllib3/issues/3696) <https://github.com/urllib3/urllib3/issues/3696></code>__)</li> </ul> <h2>Removals</h2> <ul> <li>Removed the <code>HTTPResponse.getheaders()</code> method in favor of <code>HTTPResponse.headers</code>. Removed the <code>HTTPResponse.getheader(name, default)</code> method in favor of <code>HTTPResponse.headers.get(name, default)</code>. (<code>[#3622](https://github.com/urllib3/urllib3/issues/3622) <https://github.com/urllib3/urllib3/issues/3622></code>__)</li> </ul> <h2>Bugfixes</h2> <ul> <li>Fixed redirect handling in <code>urllib3.PoolManager</code> when an integer is passed for the retries parameter. (<code>[#3649](https://github.com/urllib3/urllib3/issues/3649) <https://github.com/urllib3/urllib3/issues/3649></code>__)</li> <li>Fixed <code>HTTPConnectionPool</code> when used in Emscripten with no explicit port. (<code>[#3664](https://github.com/urllib3/urllib3/issues/3664) <https://github.com/urllib3/urllib3/issues/3664></code>__)</li> <li>Fixed handling of <code>SSLKEYLOGFILE</code> with expandable variables. (<code>[#3700](https://github.com/urllib3/urllib3/issues/3700) <https://github.com/urllib3/urllib3/issues/3700></code>__)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
891983f3f4 |
Bump the minor-and-patches group with 3 updates (#19280)
Bumps the minor-and-patches group with 3 updates: [mypy](https://github.com/python/mypy), [mypy-zope](https://github.com/Shoobx/mypy-zope) and [phonenumbers](https://github.com/daviddrysdale/python-phonenumbers). Updates `mypy` from 1.17.1 to 1.18.2 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/python/mypy/blob/master/CHANGELOG.md">mypy's changelog</a>.</em></p> <blockquote> <h3>Mypy 1.18.2</h3> <ul> <li>Fix crash on recursive alias (Ivan Levkivskyi, PR <a href="https://redirect.github.com/python/mypy/pull/19845">19845</a>)</li> <li>Add additional guidance for stubtest errors when runtime is <code>object.__init__</code> (Stephen Morton, PR <a href="https://redirect.github.com/python/mypy/pull/19733">19733</a>)</li> <li>Fix handling of None values in f-string expressions in mypyc (BobTheBuidler, PR <a href="https://redirect.github.com/python/mypy/pull/19846">19846</a>)</li> </ul> <h3>Acknowledgements</h3> <p>Thanks to all mypy contributors who contributed to this release:</p> <ul> <li>Ali Hamdan</li> <li>Anthony Sottile</li> <li>BobTheBuidler</li> <li>Brian Schubert</li> <li>Chainfire</li> <li>Charlie Denton</li> <li>Christoph Tyralla</li> <li>CoolCat467</li> <li>Daniel Hnyk</li> <li>Emily</li> <li>Emma Smith</li> <li>Ethan Sarp</li> <li>Ivan Levkivskyi</li> <li>Jahongir Qurbonov</li> <li>Jelle Zijlstra</li> <li>Joren Hammudoglu</li> <li>Jukka Lehtosalo</li> <li>Marc Mueller</li> <li>Omer Hadari</li> <li>Piotr Sawicki</li> <li>PrinceNaroliya</li> <li>Randolf Scholz</li> <li>Robsdedude</li> <li>Saul Shanabrook</li> <li>Shantanu</li> <li>Stanislav Terliakov</li> <li>Stephen Morton</li> <li>wyattscarpenter</li> </ul> <p>I’d also like to thank my employer, Dropbox, for supporting mypy development.</p> <h2>Mypy 1.17</h2> <p>We’ve just uploaded mypy 1.17 to the Python Package Index (<a href="https://pypi.org/project/mypy/">PyPI</a>). Mypy is a static type checker for Python. This release includes new features and bug fixes. You can install it as follows:</p> <pre><code>python3 -m pip install -U mypy </code></pre> <p>You can read the full documentation for this release on <a href="http://mypy.readthedocs.io">Read the Docs</a>.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
93e658bd13 |
Bump cryptography from 45.0.7 to 46.0.3 (#19266)
Bumps [cryptography](https://github.com/pyca/cryptography) from 45.0.7 to 46.0.3. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst">cryptography's changelog</a>.</em></p> <blockquote> <p>46.0.3 - 2025-10-15</p> <pre><code> * Fixed compilation when using LibreSSL 4.2.0. <p>.. _v46-0-2:</p> <p>46.0.2 - 2025-09-30<br /> </code></pre></p> <ul> <li>Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.4.</li> </ul> <p>.. _v46-0-1:</p> <p>46.0.1 - 2025-09-16</p> <pre><code> * Fixed an issue where users installing via ``pip`` on Python 3.14 development versions would not properly install a dependency. * Fixed an issue building the free-threaded macOS 3.14 wheels. <p>.. _v46-0-0:</p> <p>46.0.0 - 2025-09-16<br /> </code></pre></p> <ul> <li><strong>BACKWARDS INCOMPATIBLE:</strong> Support for Python 3.7 has been removed.</li> <li>Support for OpenSSL < 3.0 is deprecated and will be removed in the next release.</li> <li>Support for <code>x86_64</code> macOS (including publishing wheels) is deprecated and will be removed in two releases. We will switch to publishing an <code>arm64</code> only wheel for macOS.</li> <li>Support for 32-bit Windows (including publishing wheels) is deprecated and will be removed in two releases. Users should move to a 64-bit Python installation.</li> <li>Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.3.</li> <li>We now build <code>ppc64le</code> <code>manylinux</code> wheels and publish them to PyPI.</li> <li>We now build <code>win_arm64</code> (Windows on Arm) wheels and publish them to PyPI.</li> <li>Added support for free-threaded Python 3.14.</li> <li>Removed the deprecated <code>get_attribute_for_oid</code> method on :class:<code>~cryptography.x509.CertificateSigningRequest</code>. Users should use :meth:<code>~cryptography.x509.Attributes.get_attribute_for_oid</code> instead.</li> <li>Removed the deprecated <code>CAST5</code>, <code>SEED</code>, <code>IDEA</code>, and <code>Blowfish</code> classes from the cipher module. These are still available in :doc:<code>/hazmat/decrepit/index</code>.</li> <li>In X.509, when performing a PSS signature with a SHA-3 hash, it is now encoded with the official NIST SHA3 OID.</li> </ul> <p>.. _v45-0-7:</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
aff90a5245 |
Bump bleach from 6.2.0 to 6.3.0 (#19265)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
afdf9af6b5 |
Bump types-jsonschema from 4.25.1.20250822 to 4.25.1.20251009 (#19252)
Bumps [types-jsonschema](https://github.com/typeshed-internal/stub_uploader) from 4.25.1.20250822 to 4.25.1.20251009. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/typeshed-internal/stub_uploader/commits">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
3cf21bc649 | Bump rpds-py from 0.29.0 to 0.30.0 (#19247) | ||
|
dependabot[bot]
|
e0e7a44fe9 | Bump pyopenssl from 25.1.0 to 25.3.0 (#19248) | ||
|
dependabot[bot]
|
c09298eeaf |
Bump pydantic from 2.12.4 to 2.12.5 (#19250)
Bumps [pydantic](https://github.com/pydantic/pydantic) from 2.12.4 to 2.12.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pydantic/pydantic/releases">pydantic's releases</a>.</em></p> <blockquote> <h2>v2.12.5 2025-11-26</h2> <h2>v2.12.5 (2025-11-26)</h2> <p>This is the fifth 2.12 patch release, addressing an issue with the <code>MISSING</code> sentinel and providing several documentation improvements.</p> <p>The next 2.13 minor release will be published in a couple weeks, and will include a new <em>polymorphic serialization</em> feature addressing the remaining unexpected changes to the <em>serialize as any</em> behavior.</p> <ul> <li>Fix pickle error when using <code>model_construct()</code> on a model with <code>MISSING</code> as a default value by <a href="https://github.com/ornariece"><code>@ornariece</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/12522">#12522</a>.</li> <li>Several updates to the documentation by <a href="https://github.com/Viicos"><code>@Viicos</code></a>.</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/pydantic/pydantic/compare/v2.12.4...v2.12.5">https://github.com/pydantic/pydantic/compare/v2.12.4...v2.12.5</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pydantic/pydantic/blob/main/HISTORY.md">pydantic's changelog</a>.</em></p> <blockquote> <h2>v2.12.5 (2025-11-26)</h2> <p><a href="https://github.com/pydantic/pydantic/releases/tag/v2.12.5">GitHub release</a></p> <p>This is the fifth 2.12 patch release, addressing an issue with the <code>MISSING</code> sentinel and providing several documentation improvements.</p> <p>The next 2.13 minor release will be published in a couple weeks, and will include a new <em>polymorphic serialization</em> feature addressing the remaining unexpected changes to the <em>serialize as any</em> behavior.</p> <ul> <li>Fix pickle error when using <code>model_construct()</code> on a model with <code>MISSING</code> as a default value by <a href="https://github.com/ornariece"><code>@ornariece</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/12522">#12522</a>.</li> <li>Several updates to the documentation by <a href="https://github.com/Viicos"><code>@Viicos</code></a>.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Erik Johnston
|
78ec3043d6 |
Use sqlglot to properly check SQL delta files (#19224)
Rather than using dodgy regexes which keep breaking. Also fixes a regression where it looks like we didn't fail CI if the delta was in the wrong place. |
||
|
dependabot[bot]
|
8b79583643 |
Bump sentry-sdk from 2.44.0 to 2.46.0 (#19218)
Bumps [sentry-sdk](https://github.com/getsentry/sentry-python) from 2.44.0 to 2.46.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/getsentry/sentry-python/releases">sentry-sdk's releases</a>.</em></p> <blockquote> <h2>2.46.0</h2> <h3>Various fixes & improvements</h3> <ul> <li>Preserve metadata on wrapped coroutines (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5105">#5105</a>) by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a></li> <li>Make imports defensive to avoid <code>ModuleNotFoundError</code> in Pydantic AI integration (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5135">#5135</a>) by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a></li> <li>Fix OpenAI agents integration mistakenly enabling itself (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5132">#5132</a>) by <a href="https://github.com/sentrivana"><code>@sentrivana</code></a></li> <li>Add instrumentation to embedding functions for various backends (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5120">#5120</a>) by <a href="https://github.com/constantinius"><code>@constantinius</code></a></li> <li>Improve embeddings support for OpenAI (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5121">#5121</a>) by <a href="https://github.com/constantinius"><code>@constantinius</code></a></li> <li>Enhance input handling for embeddings in LiteLLM integration (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5127">#5127</a>) by <a href="https://github.com/constantinius"><code>@constantinius</code></a></li> <li>Expect exceptions when re-raised (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5125">#5125</a>) by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a></li> <li>Remove <code>MagicMock</code> from mocked <code>ModelResponse</code> (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5126">#5126</a>) by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a></li> </ul> <h2>2.45.0</h2> <h3>Various fixes & improvements</h3> <ul> <li> <p>OTLPIntegration (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4877">#4877</a>) by <a href="https://github.com/sl0thentr0py"><code>@sl0thentr0py</code></a></p> <p>Enable the new OTLP integration with the code snippet below, and your OpenTelemetry instrumentation will be automatically sent to Sentry's OTLP ingestion endpoint.</p> <pre lang="python"><code> import sentry_sdk from sentry_sdk.integrations.otlp import OTLPIntegration <p>sentry_sdk.init(<br /> dsn="<your-dsn>",<br /> # Add data like inputs and responses;<br /> # see <a href="https://docs.sentry.io/platforms/python/data-management/data-collected/">https://docs.sentry.io/platforms/python/data-management/data-collected/</a> for more info<br /> send_default_pii=True,<br /> integrations=[<br /> OTLPIntegration(),<br /> ],<br /> )<br /> </code></pre></p> <p>Under the hood, this will setup:</p> <ul> <li>A <code>SpanExporter</code> that will automatically set up the OTLP ingestion endpoint from your DSN</li> <li>A <code>Propagator</code> that ensures Distributed Tracing works</li> <li>Trace/Span linking for all other Sentry events such as Errors, Logs, Crons and Metrics</li> </ul> <p>If you were using the <code>SentrySpanProcessor</code> before, we recommend migrating over to <code>OTLPIntegration</code> since it's a much simpler setup.</p> </li> <li> <p>feat(integrations): implement context management for invoke_agent spans (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5089">#5089</a>) by <a href="https://github.com/constantinius"><code>@constantinius</code></a></p> </li> <li> <p>feat(loguru): Capture extra (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5096">#5096</a>) by <a href="https://github.com/sentrivana"><code>@sentrivana</code></a></p> </li> <li> <p>feat: Attach <code>server.address</code> to metrics (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5113">#5113</a>) by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a></p> </li> <li> <p>fix: Cast message and detail attributes before appending exception notes (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5114">#5114</a>) by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a></p> </li> <li> <p>fix(integrations): ensure that GEN_AI_AGENT_NAME is properly set for GEN_AI spans under an invoke_agent span (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5030">#5030</a>) by <a href="https://github.com/constantinius"><code>@constantinius</code></a></p> </li> <li> <p>fix(logs): Update <code>sentry.origin</code> (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5112">#5112</a>) by <a href="https://github.com/sentrivana"><code>@sentrivana</code></a></p> </li> <li> <p>chore: Deprecate description truncation option for Redis spans (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5073">#5073</a>) by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a></p> </li> <li> <p>chore: Deprecate <code>max_spans</code> LangChain parameter (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5074">#5074</a>) by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a></p> </li> <li> <p>chore(toxgen): Check availability of pip and add detail to exceptions (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5076">#5076</a>) by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a></p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md">sentry-sdk's changelog</a>.</em></p> <blockquote> <h2>2.46.0</h2> <h3>Various fixes & improvements</h3> <ul> <li>Preserve metadata on wrapped coroutines (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5105">#5105</a>) by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a></li> <li>Make imports defensive to avoid <code>ModuleNotFoundError</code> in Pydantic AI integration (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5135">#5135</a>) by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a></li> <li>Fix OpenAI agents integration mistakenly enabling itself (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5132">#5132</a>) by <a href="https://github.com/sentrivana"><code>@sentrivana</code></a></li> <li>Add instrumentation to embedding functions for various backends (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5120">#5120</a>) by <a href="https://github.com/constantinius"><code>@constantinius</code></a></li> <li>Improve embeddings support for OpenAI (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5121">#5121</a>) by <a href="https://github.com/constantinius"><code>@constantinius</code></a></li> <li>Enhance input handling for embeddings in LiteLLM integration (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5127">#5127</a>) by <a href="https://github.com/constantinius"><code>@constantinius</code></a></li> <li>Expect exceptions when re-raised (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5125">#5125</a>) by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a></li> <li>Remove <code>MagicMock</code> from mocked <code>ModelResponse</code> (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5126">#5126</a>) by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a></li> </ul> <h2>2.45.0</h2> <h3>Various fixes & improvements</h3> <ul> <li> <p>OTLPIntegration (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4877">#4877</a>) by <a href="https://github.com/sl0thentr0py"><code>@sl0thentr0py</code></a></p> <p>Enable the new OTLP integration with the code snippet below, and your OpenTelemetry instrumentation will be automatically sent to Sentry's OTLP ingestion endpoint.</p> <pre lang="python"><code> import sentry_sdk from sentry_sdk.integrations.otlp import OTLPIntegration <p>sentry_sdk.init(<br /> dsn="<your-dsn>",<br /> # Add data like inputs and responses;<br /> # see <a href="https://docs.sentry.io/platforms/python/data-management/data-collected/">https://docs.sentry.io/platforms/python/data-management/data-collected/</a> for more info<br /> send_default_pii=True,<br /> integrations=[<br /> OTLPIntegration(),<br /> ],<br /> )<br /> </code></pre></p> <p>Under the hood, this will setup:</p> <ul> <li>A <code>SpanExporter</code> that will automatically set up the OTLP ingestion endpoint from your DSN</li> <li>A <code>Propagator</code> that ensures Distributed Tracing works</li> <li>Trace/Span linking for all other Sentry events such as Errors, Logs, Crons and Metrics</li> </ul> <p>If you were using the <code>SentrySpanProcessor</code> before, we recommend migrating over to <code>OTLPIntegration</code> since it's a much simpler setup.</p> </li> <li> <p>feat(integrations): implement context management for invoke_agent spans (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5089">#5089</a>) by <a href="https://github.com/constantinius"><code>@constantinius</code></a></p> </li> <li> <p>feat(loguru): Capture extra (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5096">#5096</a>) by <a href="https://github.com/sentrivana"><code>@sentrivana</code></a></p> </li> <li> <p>feat: Attach <code>server.address</code> to metrics (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5113">#5113</a>) by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a></p> </li> <li> <p>fix: Cast message and detail attributes before appending exception notes (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5114">#5114</a>) by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a></p> </li> <li> <p>fix(integrations): ensure that GEN_AI_AGENT_NAME is properly set for GEN_AI spans under an invoke_agent span (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5030">#5030</a>) by <a href="https://github.com/constantinius"><code>@constantinius</code></a></p> </li> <li> <p>fix(logs): Update <code>sentry.origin</code> (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5112">#5112</a>) by <a href="https://github.com/sentrivana"><code>@sentrivana</code></a></p> </li> <li> <p>chore: Deprecate description truncation option for Redis spans (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5073">#5073</a>) by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a></p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
1b78f0318a |
Bump rpds-py from 0.28.0 to 0.29.0 (#19216)
Bumps [rpds-py](https://github.com/crate-py/rpds) from 0.28.0 to 0.29.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/crate-py/rpds/releases">rpds-py's releases</a>.</em></p> <blockquote> <h2>v0.29.0</h2> <!-- raw HTML omitted --> <h2>What's Changed</h2> <ul> <li>Bump actions/download-artifact from 5 to 6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/crate-py/rpds/pull/195">crate-py/rpds#195</a></li> <li>Bump github/codeql-action from 4.30.9 to 4.31.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/crate-py/rpds/pull/194">crate-py/rpds#194</a></li> <li>Bump actions/upload-artifact from 4 to 5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/crate-py/rpds/pull/192">crate-py/rpds#192</a></li> <li>Bump astral-sh/setup-uv from 7.1.1 to 7.1.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/crate-py/rpds/pull/193">crate-py/rpds#193</a></li> <li>Bump github/codeql-action from 4.31.0 to 4.31.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/crate-py/rpds/pull/196">crate-py/rpds#196</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a>[bot] in <a href="https://redirect.github.com/crate-py/rpds/pull/199">crate-py/rpds#199</a></li> <li>Bump softprops/action-gh-release from 2.4.1 to 2.4.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/crate-py/rpds/pull/198">crate-py/rpds#198</a></li> <li>Bump rpds from 1.1.2 to 1.2.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/crate-py/rpds/pull/197">crate-py/rpds#197</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/crate-py/rpds/compare/v0.28.0...v0.29.0">https://github.com/crate-py/rpds/compare/v0.28.0...v0.29.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
a5d946bfcb |
Bump types-bleach from 6.2.0.20250809 to 6.3.0.20251115 (#19217)
Bumps [types-bleach](https://github.com/typeshed-internal/stub_uploader) from 6.2.0.20250809 to 6.3.0.20251115. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/typeshed-internal/stub_uploader/commits">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
ea3e08c49c |
Bump attrs from 25.3.0 to 25.4.0 (#19215)
Bumps [attrs](https://github.com/sponsors/hynek) from 25.3.0 to 25.4.0. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/sponsors/hynek/commits">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
34d93c96ed |
Bump click from 8.1.8 to 8.3.1 (#19195)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
ce65b5c8ba |
Bump sentry-sdk from 2.43.0 to 2.44.0 (#19197)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
26ddedb753 |
Bump ruff from 0.14.3 to 0.14.5 (#19196)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
fca80e2eaa |
Bump tomli from 2.2.1 to 2.3.0 (#19194)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Andrew Ferrazzutti
|
97cc05d1d8 |
Bump lower bounds of unit test exclusive dependencies for Python 3.10 support (#19167)
Co-authored-by: Andrew Morgan <andrew@amorgan.xyz> Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> |
||
|
Andrew Morgan
|
9722e05479 |
Update pyproject.toml to be compatible with other standard Python packaging tools (#19137)
|
||
|
dependabot[bot]
|
03e873e77a |
Bump cryptography from 43.0.3 to 45.0.7 (#19159)
Bumps [cryptography](https://github.com/pyca/cryptography) from 43.0.3 to 45.0.7. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst">cryptography's changelog</a>.</em></p> <blockquote> <p>45.0.7 - 2025-09-01</p> <pre><code> * Added a function to support an upcoming ``pyOpenSSL`` release. <p>.. _v45-0-6:</p> <p>45.0.6 - 2025-08-05<br /> </code></pre></p> <ul> <li>Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.2.</li> </ul> <p>.. _v45-0-5:</p> <p>45.0.5 - 2025-07-02</p> <pre><code> * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.1. <p>.. _v45-0-4:</p> <p>45.0.4 - 2025-06-09<br /> </code></pre></p> <ul> <li>Fixed decrypting PKCS#8 files encrypted with SHA1-RC4. (This is not considered secure, and is supported only for backwards compatibility.)</li> </ul> <p>.. _v45-0-3:</p> <p>45.0.3 - 2025-05-25</p> <pre><code> * Fixed decrypting PKCS#8 files encrypted with long salts (this impacts keys encrypted by Bouncy Castle). * Fixed decrypting PKCS#8 files encrypted with DES-CBC-MD5. While wildly insecure, this remains prevalent. <p>.. _v45-0-2:</p> <p>45.0.2 - 2025-05-17<br /> </code></pre></p> <ul> <li>Fixed using <code>mypy</code> with <code>cryptography</code> on older versions of Python.</li> </ul> <p>.. _v45-0-1:</p> <p>45.0.1 - 2025-05-17</p> <pre><code> * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.0. </tr></table> </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
2e66cf10e8 |
Bump types-netaddr from 1.3.0.20240530 to 1.3.0.20251108 (#19160)
Bumps [types-netaddr](https://github.com/typeshed-internal/stub_uploader) from 1.3.0.20240530 to 1.3.0.20251108. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/typeshed-internal/stub_uploader/commits">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
91c2845180 |
Bump pydantic from 2.12.3 to 2.12.4 (#19158)
Bumps [pydantic](https://github.com/pydantic/pydantic) from 2.12.3 to 2.12.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pydantic/pydantic/releases">pydantic's releases</a>.</em></p> <blockquote> <h2>v2.12.4 2025-11-05</h2> <h2>v2.12.4 (2025-11-05)</h2> <p>This is the fourth 2.12 patch release, fixing more regressions, and reverting a change in the <code>build()</code> method of the <a href="https://docs.pydantic.dev/latest/api/networks/"><code>AnyUrl</code> and Dsn types</a>.</p> <p>This patch release also fixes an issue with the serialization of IP address types, when <code>serialize_as_any</code> is used. The next patch release will try to address the remaining issues with <em>serialize as any</em> behavior by introducing a new <em>polymorphic serialization</em> feature, that should be used in most cases in place of <em>serialize as any</em>.</p> <ul> <li> <p>Fix issue with forward references in parent <code>TypedDict</code> classes by <a href="https://github.com/Viicos"><code>@Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/12427">#12427</a>.</p> <p>This issue is only relevant on Python 3.14 and greater.</p> </li> <li> <p>Exclude fields with <code>exclude_if</code> from JSON Schema required fields by <a href="https://github.com/Viicos"><code>@Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/12430">#12430</a></p> </li> <li> <p>Revert URL percent-encoding of credentials in the <code>build()</code> method of the <a href="https://docs.pydantic.dev/latest/api/networks/"><code>AnyUrl</code> and Dsn types</a> by <a href="https://github.com/davidhewitt"><code>@davidhewitt</code></a> in <a href="https://redirect.github.com/pydantic/pydantic-core/pull/1833">pydantic-core#1833</a>.</p> <p>This was initially considered as a bugfix, but caused regressions and as such was fully reverted. The next release will include an opt-in option to percent-encode components of the URL.</p> </li> <li> <p>Add type inference for IP address types by <a href="https://github.com/davidhewitt"><code>@davidhewitt</code></a> in <a href="https://redirect.github.com/pydantic/pydantic-core/pull/1868">pydantic-core#1868</a>.</p> <p>The 2.12 changes to the <code>serialize_as_any</code> behavior made it so that IP address types could not properly serialize to JSON.</p> </li> <li> <p>Avoid getting default values from defaultdict by <a href="https://github.com/davidhewitt"><code>@davidhewitt</code></a> in <a href="https://redirect.github.com/pydantic/pydantic-core/pull/1853">pydantic-core#1853</a>.</p> <p>This fixes a subtle regression in the validation behavior of the <a href="https://docs.python.org/3/library/collections.html#collections.defaultdict"><code>collections.defaultdict</code></a> type.</p> </li> <li> <p>Fix issue with field serializers on nested typed dictionaries by <a href="https://github.com/davidhewitt"><code>@davidhewitt</code></a> in <a href="https://redirect.github.com/pydantic/pydantic-core/pull/1879">pydantic-core#1879</a>.</p> </li> <li> <p>Add more <code>pydantic-core</code> builds for the three-threaded version of Python 3.14 by <a href="https://github.com/davidhewitt"><code>@davidhewitt</code></a> in <a href="https://redirect.github.com/pydantic/pydantic-core/pull/1864">pydantic-core#1864</a>.</p> </li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/pydantic/pydantic/compare/v2.12.3...v2.12.4">https://github.com/pydantic/pydantic/compare/v2.12.3...v2.12.4</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pydantic/pydantic/blob/v2.12.4/HISTORY.md">pydantic's changelog</a>.</em></p> <blockquote> <h2>v2.12.4 (2025-11-05)</h2> <p><a href="https://github.com/pydantic/pydantic/releases/tag/v2.12.4">GitHub release</a></p> <p>This is the fourth 2.12 patch release, fixing more regressions, and reverting a change in the <code>build()</code> method of the <a href="https://docs.pydantic.dev/latest/api/networks/"><code>AnyUrl</code> and Dsn types</a>.</p> <p>This patch release also fixes an issue with the serialization of IP address types, when <code>serialize_as_any</code> is used. The next patch release will try to address the remaining issues with <em>serialize as any</em> behavior by introducing a new <em>polymorphic serialization</em> feature, that should be used in most cases in place of <em>serialize as any</em>.</p> <ul> <li> <p>Fix issue with forward references in parent <code>TypedDict</code> classes by <a href="https://github.com/Viicos"><code>@Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/12427">#12427</a>.</p> <p>This issue is only relevant on Python 3.14 and greater.</p> </li> <li> <p>Exclude fields with <code>exclude_if</code> from JSON Schema required fields by <a href="https://github.com/Viicos"><code>@Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/12430">#12430</a></p> </li> <li> <p>Revert URL percent-encoding of credentials in the <code>build()</code> method of the <a href="https://docs.pydantic.dev/latest/api/networks/"><code>AnyUrl</code> and Dsn types</a> by <a href="https://github.com/davidhewitt"><code>@davidhewitt</code></a> in <a href="https://redirect.github.com/pydantic/pydantic-core/pull/1833">pydantic-core#1833</a>.</p> <p>This was initially considered as a bugfix, but caused regressions and as such was fully reverted. The next release will include an opt-in option to percent-encode components of the URL.</p> </li> <li> <p>Add type inference for IP address types by <a href="https://github.com/davidhewitt"><code>@davidhewitt</code></a> in <a href="https://redirect.github.com/pydantic/pydantic-core/pull/1868">pydantic-core#1868</a>.</p> <p>The 2.12 changes to the <code>serialize_as_any</code> behavior made it so that IP address types could not properly serialize to JSON.</p> </li> <li> <p>Avoid getting default values from defaultdict by <a href="https://github.com/davidhewitt"><code>@davidhewitt</code></a> in <a href="https://redirect.github.com/pydantic/pydantic-core/pull/1853">pydantic-core#1853</a>.</p> <p>This fixes a subtle regression in the validation behavior of the <a href="https://docs.python.org/3/library/collections.html#collections.defaultdict"><code>collections.defaultdict</code></a> type.</p> </li> <li> <p>Fix issue with field serializers on nested typed dictionaries by <a href="https://github.com/davidhewitt"><code>@davidhewitt</code></a> in <a href="https://redirect.github.com/pydantic/pydantic-core/pull/1879">pydantic-core#1879</a>.</p> </li> <li> <p>Add more <code>pydantic-core</code> builds for the three-threaded version of Python 3.14 by <a href="https://github.com/davidhewitt"><code>@davidhewitt</code></a> in <a href="https://redirect.github.com/pydantic/pydantic-core/pull/1864">pydantic-core#1864</a>.</p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
674b932b33 |
Bump sentry-sdk from 2.34.1 to 2.43.0 (#19157)
Bumps [sentry-sdk](https://github.com/getsentry/sentry-python) from 2.34.1 to 2.43.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/getsentry/sentry-python/releases">sentry-sdk's releases</a>.</em></p> <blockquote> <h2>2.43.0</h2> <h3>Various fixes & improvements</h3> <ul> <li> <p>Pydantic AI integration (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4906">#4906</a>) by <a href="https://github.com/constantinius"><code>@constantinius</code></a></p> <p>Enable the new Pydantic AI integration with the code snippet below, and you can use the Sentry AI dashboards to observe your AI calls:</p> <pre lang="python"><code>import sentry_sdk from sentry_sdk.integrations.pydantic_ai import PydanticAIIntegration sentry_sdk.init( dsn="<your-dsn>", # Set traces_sample_rate to 1.0 to capture 100% # of transactions for tracing. traces_sample_rate=1.0, # Add data like inputs and responses; # see https://docs.sentry.io/platforms/python/data-management/data-collected/ for more info send_default_pii=True, integrations=[ PydanticAIIntegration(), ], ) </code></pre> </li> <li> <p>MCP Python SDK (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4964">#4964</a>) by <a href="https://github.com/constantinius"><code>@constantinius</code></a></p> <p>Enable the new Python MCP integration with the code snippet below:</p> <pre lang="python"><code>import sentry_sdk from sentry_sdk.integrations.mcp import MCPIntegration sentry_sdk.init( dsn="<your-dsn>", # Set traces_sample_rate to 1.0 to capture 100% # of transactions for tracing. traces_sample_rate=1.0, # Add data like inputs and responses; # see https://docs.sentry.io/platforms/python/data-management/data-collected/ for more info send_default_pii=True, integrations=[ MCPIntegration(), ], ) </code></pre> </li> <li> <p>fix(strawberry): Remove autodetection, always use sync extension (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4984">#4984</a>) by <a href="https://github.com/sentrivana"><code>@sentrivana</code></a></p> <p>Previously, <code>StrawberryIntegration</code> would try to guess whether it should install the sync or async version of itself. This auto-detection was very brittle and could lead to us auto-enabling async code in a sync context. With this change, <code>StrawberryIntegration</code> remains an auto-enabling integration, but it'll enable the sync version by default. If you want to enable the async version, pass the option explicitly:</p> <pre lang="python"><code>sentry_sdk.init( # ... </code></pre> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md">sentry-sdk's changelog</a>.</em></p> <blockquote> <h2>2.43.0</h2> <h3>Various fixes & improvements</h3> <ul> <li> <p>Pydantic AI integration (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4906">#4906</a>) by <a href="https://github.com/constantinius"><code>@constantinius</code></a></p> <p>Enable the new Pydantic AI integration with the code snippet below, and you can use the Sentry AI dashboards to observe your AI calls:</p> <pre lang="python"><code>import sentry_sdk from sentry_sdk.integrations.pydantic_ai import PydanticAIIntegration sentry_sdk.init( dsn="<your-dsn>", # Set traces_sample_rate to 1.0 to capture 100% # of transactions for tracing. traces_sample_rate=1.0, # Add data like inputs and responses; # see https://docs.sentry.io/platforms/python/data-management/data-collected/ for more info send_default_pii=True, integrations=[ PydanticAIIntegration(), ], ) </code></pre> </li> <li> <p>MCP Python SDK (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4964">#4964</a>) by <a href="https://github.com/constantinius"><code>@constantinius</code></a></p> <p>Enable the new Python MCP integration with the code snippet below:</p> <pre lang="python"><code>import sentry_sdk from sentry_sdk.integrations.mcp import MCPIntegration sentry_sdk.init( dsn="<your-dsn>", # Set traces_sample_rate to 1.0 to capture 100% # of transactions for tracing. traces_sample_rate=1.0, # Add data like inputs and responses; # see https://docs.sentry.io/platforms/python/data-management/data-collected/ for more info send_default_pii=True, integrations=[ MCPIntegration(), ], ) </code></pre> </li> <li> <p>fix(strawberry): Remove autodetection, always use sync extension (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4984">#4984</a>) by <a href="https://github.com/sentrivana"><code>@sentrivana</code></a></p> <p>Previously, <code>StrawberryIntegration</code> would try to guess whether it should install the sync or async version of itself. This auto-detection was very brittle and could lead to us auto-enabling async code in a sync context. With this change, <code>StrawberryIntegration</code> remains an auto-enabling integration, but it'll enable the sync version by default. If you want to enable the async version, pass the option explicitly:</p> <pre lang="python"><code>sentry_sdk.init( </code></pre> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
4f9dc3b613 |
Bump psycopg2 from 2.9.10 to 2.9.11 (#19125)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
f02ac5a4d5 |
Bump markdown-it-py from 3.0.0 to 4.0.0 (#19123)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
bc926bd99e |
Bump ruff from 0.12.10 to 0.14.3 (#19124)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Andrew Morgan
|
69bab78b44 |
Python 3.14 support (#19055)
Co-authored-by: Eric Eastwood <erice@element.io> |
||
|
V02460
|
3595ff921f |
Pydantic v2 (#19071)
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> Co-authored-by: Andrew Morgan <andrew@amorgan.xyz> |
||
|
Andrew Ferrazzutti
|
e0838c2567 |
Drop Python 3.9, bump tests/builds to Python 3.10 (#19099)
Python 3.9 EOL is on 2025-10-31 |
||
|
dependabot[bot]
|
1a78fc8a65 |
Bump pyyaml from 6.0.2 to 6.0.3 (#19105)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
66a42d4e54 |
Bump hiredis from 3.2.1 to 3.3.0 (#19103)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
634f7cf18b |
Bump types-psycopg2 from 2.9.21.20250915 to 2.9.21.20251012 (#19054)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
40893be93c |
Bump idna from 3.10 to 3.11 (#19053)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
1419b35a40 |
Bump ijson from 3.4.0 to 3.4.0.post0 (#19051)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
a2fa61d1b5 |
Bump msgpack from 1.1.1 to 1.1.2 (#19050)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Andrew Morgan
|
123eff1bc0 | Update poetry dev dependencies name (#19081) | ||
|
Andrew Morgan
|
a7303c5311 | Fix deprecated token field in release script (#19039) | ||
|
dependabot[bot]
|
fb12d516cd |
Bump authlib from 1.6.4 to 1.6.5 (#19019)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
dde4e0e83d |
Bump types-pyyaml from 6.0.12.20250809 to 6.0.12.20250915 (#19018)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
8696551e7f |
Bump pydantic from 2.11.9 to 2.11.10 (#19017)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
28bc486bff |
Bump prometheus-client from 0.22.1 to 0.23.1 (#19016)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
0615b64bb4 |
Bump phonenumbers from 9.0.14 to 9.0.15 (#18991)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
84e1d15232 |
Bump twine from 6.1.0 to 6.2.0 (#18985)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
2b7a398b14 |
Bump bcrypt from 4.3.0 to 5.0.0 (#18984)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
2eb6239ad8 |
Bump setuptools-rust from 1.11.1 to 1.12.0 (#18980)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
26583f8623 |
Bump lxml from 6.0.0 to 6.0.2 (#18979)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
6ff181dbc7 |
Bump typing-extensions from 4.14.1 to 4.15.0 (#18956)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |