Update Python packages - abandoned

[Erwan-loot]

This PR contains the following updates:

Package	Update	Change	OpenSSF	Age	Adoption	Passing	Confidence
APScheduler (changelog)	minor	==3.10.4 -> ==3.11.0
Authlib	minor	==1.3.1 -> ==1.6.5
Babel (source)	minor	==2.16.0 -> ==2.17.0
Flask (changelog)	minor	==3.0.3 -> ==3.1.2
PyJWT	minor	==2.8.0 -> ==2.10.1
Werkzeug (changelog)	minor	==3.0.3 -> ==3.1.3
apprise	patch	==1.9.3 -> ==1.9.5
email-validator	minor	==2.1.1 -> ==2.3.0
flask-cors	patch	==4.0.1 -> ==4.0.2
gevent (changelog)	minor	==24.10.1 -> ==24.11.1
psycopg2 (source, changelog)	patch	==2.9.10 -> ==2.9.11
python-dateutil	patch	==2.9.0 -> ==2.9.0.post0
requests (source, changelog)	patch	==2.32.3 -> ==2.32.5
setuptools (changelog)	pin	<81 -> ==80.9.0

---

Release Notes

agronholm/apscheduler (APScheduler)

v3.11.0

Compare Source

• Dropped support for Python 3.6 and 3.7
• Added support for ZoneInfo time zones and deprecated support for pytz time zones
• Added CalendarIntervalTrigger, backported from the 4.x series
• Added the ability to export and import jobs via scheduler.export_jobs() and scheduler.import_jobs(), respectively
• Removed the dependency on six
• Changed ProcessPoolExecutor to spawn new subprocesses from scratch instead of forking on all platform
• Fixed AsyncIOScheduler inadvertently creating a defunct event loop at start, leading to the scheduler not working at all
• Fixed ProcessPoolExecutor not respecting the passed keyword arguments when a broken pool was being replaced

authlib/authlib (Authlib)

v1.6.5

Compare Source

v1.6.4

Compare Source

What's Changed

• fix(jose): prevent public/unprotected header overwriting protected header by @​lepture in #​809
• Fix InsecureTransportError raising by @​azmeuk in #​810
• Add conventional-commits pre-commit hook by @​azmeuk in #​811
• Fix response_mode=form_post with Starlette client by @​azmeuk in #​812
• Specify README.md as project long description by @​EpicWink in #​817
• Migrate tests to pytest paradigm by @​azmeuk in #​813
• jose/jws: Reject unprotected ‘crit’ and enforce type; add tests by @​AL-Cybision in #​823
• Use explicit *.test urls in unit tests by @​azmeuk in #​824

New Contributors

• @​EpicWink made their first contribution in #​817
• @​AL-Cybision made their first contribution in #​823

Full Changelog: authlib/authlib@v1.6.3...v1.6.4

v1.6.3: Version 1.6.3

Compare Source

What's Changed

• Add diff-cover check in GHA by @​azmeuk in #​803
• Run GHA unit tests with uv by @​azmeuk in #​805
• Move from pre-commit to prek by @​azmeuk in #​804
• Sign OIDC id_token according to id_token_signed_response_alg client metadata by @​azmeuk in #​802

Full Changelog: authlib/authlib@v1.6.2...v1.6.3

v1.6.2: Version 1.6.2

Compare Source

What's Changed

• Allow insecure transport for 127.0.0.1 for debugging by @​geigerzaehler in #​788
• Raise a MissingCodeError when code parameter is missing by @​lepture in #​786
• Temporarily restore OAuth2Request body parameter by @​azmeuk in #​791
• Raise MissingCodeException when code parameter is missing by @​lepture in #​794
• Fix id_token generation with EdDSA alg by @​azmeuk in #​800

Full Changelog: authlib/authlib@v1.6.1...v1.6.2

v1.6.1: Version 1.6.1

Compare Source

• Filter key set with additional "alg" and "use" parameters.

v1.6.0: Version 1.6.0

Compare Source

• Fix issue when RFC9207 is enabled and the authorization endpoint response is not a redirection. pull request #​733
• Fix missing state parameter in authorization error responses. issue #​525
• Support for acr and amr claims in id_token. issue #​734
• Support for the none JWS algorithm.
• Fix response_types strict order during dynamic client registration. issue #​760
• Implement RFC9101 The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request (JAR). issue #​723
• OIDC UserInfo endpoint support. issue #​459

v1.5.2: Version 1.5.2

Compare Source

Released on Apr 1, 2025

• Forbid fragments in redirect_uris. #​714
• Fix invalid characters in error_description. #​720
• Add claims_cls parameter for client's parse_id_token method. #​725

v1.5.1: Version 1.5.1

Compare Source

Released on Feb 28, 2025

• Fix RFC9207 iss parameter. #​715

v1.5.0: Version 1.5.0

Compare Source

• Fix token introspection auth method for clients. #​662
• Optional typ claim in JWT tokens. #​696
• JWT validation leeway. #​689
• Implement server-side RFC9207. #​700 #​701
• generate_id_token can take a kid parameter. #​702
• More detailed InvalidClientError. #​706
• OpenID Connect Dynamic Client Registration implementation. #​707

v1.4.1: Version 1.4.1

Compare Source

• Improve garbage collection on OAuth clients. #​698
• Fix client parameters for httpx. #​694

v1.4.0: Version 1.4.0

Compare Source

Bugfixes

• Fix id_token decoding when kid is null. #​659
• Support for Python 3.13. #​682
• Force login if the prompt parameter value is login. #​637
• Support for httpx 0.28. #​695

Breaking changes

• Stop support for Python 3.8. #​682

v1.3.2: Version 1.3.2

Compare Source

• Prevent ever-growing session size for OAuth clients.
• Revert quote client id and secret.
• unquote basic auth header for authorization server.

python-babel/babel (Babel)

v2.17.0

Compare Source

Happy 2025! This release is being made from FOSDEM 2025, in Brussels, Belgium.

Thank you to all contributors, new and old,
and here's to another great year of internationalization and localization!

Features

* CLDR: Babel now uses CLDR 46, by @​tomasr8 in :gh:`1145`
* Dates: Allow specifying an explicit format in parse_date/parse_time by @​tomasr8 in :gh:`1131`
* Dates: More alternate characters are now supported by `format_skeleton`. By @​tomasr8 in :gh:`1122`
* Dates: Support short and narrow formats for format_timedelta when using `add_direction`, by @​akx in :gh:`1163`
* Messages: .po files now enclose white spaces in filenames like GNU gettext does. By @​Dunedan in :gh:`1105`, and @​tomasr8 in :gh:`1120`
* Messages: Initial support for `Message.python_brace_format`, by @​tomasr8 in :gh:`1169`
* Numbers: LC_MONETARY is now preferred when formatting currencies, by @​akx in :gh:`1173`

Bugfixes

• Dates: Make seconds optional in parse_time time formats by @​tomasr8 in :gh:1141
• Dates: Replace str.index with str.find by @​tomasr8 in :gh:1130
• Dates: Strip extra leading slashes in /etc/localtime by @​akx in :gh:1165
• Dates: Week numbering and formatting of dates with week numbers was repaired by @​jun66j5 in :gh:1179
• General: Improve handling for locale=None by @​akx in :gh:1164
• General: Remove redundant assignment in Catalog.__setitem__ by @​tomasr8 in :gh:1167
• Messages: Fix extracted lineno with nested calls, by @​dylankiss in :gh:1126
• Messages: Fix of list index out of range when translations is empty, by @​gabe-sherman in :gh:1135
• Messages: Fix the way obsolete messages are stored by @​tomasr8 in :gh:1132
• Messages: Simplify read_mo logic regarding catalog.charset by @​tomasr8 in :gh:1148
• Messages: Use the first matching method & options, rather than first matching method & last options, by @​jpmckinney in :gh:1121

Deprecation and compatibility

* Dates: Fix deprecation warnings for `datetime.utcnow()` by @​tomasr8 in :gh:`1119`
* Docs: Adjust docs/conf.py to add compatibility with sphinx 8 by @​hrnciar in :gh:`1155`
* General: Import `Literal` from the typing module by @​tomasr8 in :gh:`1175`
* General: Replace `OrderedDict` with just `dict` by @​tomasr8 in :gh:`1149`
* Messages: Mark `wraptext` deprecated; use `TextWrapper` directly in `write_po` by @​akx in :gh:`1140`

Infrastructure
~~~~~~~~~~~~~~

* Add tzdata as dev dependency and sync with tox.ini by @​wandrew004 in :gh:`1159`
* Duplicate test code was deleted by @​mattdiaz007 in :gh:`1138`
* Increase test coverage of the `python_format` checker by @​tomasr8 in :gh:`1176`
* Small cleanups by @​akx in :gh:`1160`, :gh:`1166`, :gh:`1170` and :gh:`1172`
* Update CI to use python 3.13 and Ubuntu 24.04 by @​tomasr8 in :gh:`1153`

pallets/flask (Flask)

v3.1.2

Compare Source

Released 2025-08-19

• stream_with_context does not fail inside async views. :issue:5774
• When using follow_redirects in the test client, the final state
  of session is correct. :issue:5786
• Relax type hint for passing bytes IO to send_file. :issue:5776

v3.1.1

Compare Source

Released 2025-05-13

• Fix signing key selection order when key rotation is enabled via
  SECRET_KEY_FALLBACKS. :ghsa:4grg-w6v8-c28g
• Fix type hint for cli_runner.invoke. :issue:5645
• flask --help loads the app and plugins first to make sure all commands
  are shown. :issue:5673
• Mark sans-io base class as being able to handle views that return
  AsyncIterable. This is not accurate for Flask, but makes typing easier
  for Quart. :pr:5659

v3.1.0

Compare Source

Released 2024-11-13

• Drop support for Python 3.8. :pr:5623
• Update minimum dependency versions to latest feature releases.
  Werkzeug >= 3.1, ItsDangerous >= 2.2, Blinker >= 1.9. :pr:5624,5633
• Provide a configuration option to control automatic option
  responses. :pr:5496
• Flask.open_resource/open_instance_resource and
  Blueprint.open_resource take an encoding parameter to use when
  opening in text mode. It defaults to utf-8. :issue:5504
• Request.max_content_length can be customized per-request instead of only
  through the MAX_CONTENT_LENGTH config. Added
  MAX_FORM_MEMORY_SIZE and MAX_FORM_PARTS config. Added documentation
  about resource limits to the security page. :issue:5625
• Add support for the Partitioned cookie attribute (CHIPS), with the
  SESSION_COOKIE_PARTITIONED config. :issue:5472
• -e path takes precedence over default .env and .flaskenv files.
  load_dotenv loads default files in addition to a path unless
  load_defaults=False is passed. :issue:5628
• Support key rotation with the SECRET_KEY_FALLBACKS config, a list of old
  secret keys that can still be used for unsigning. Extensions will need to
  add support. :issue:5621
• Fix how setting host_matching=True or subdomain_matching=False
  interacts with SERVER_NAME. Setting SERVER_NAME no longer restricts
  requests to only that domain. :issue:5553
• Request.trusted_hosts is checked during routing, and can be set through
  the TRUSTED_HOSTS config. :issue:5636

jpadilla/pyjwt (PyJWT)

v2.10.1

Compare Source

Fixed

- Validate key against allowed types for Algorithm family in `#&#8203;964 <https://github.com/jpadilla/pyjwt/pull/964>`__
- Add iterator for JWKSet in `#&#8203;1041 <https://github.com/jpadilla/pyjwt/pull/1041>`__
- Validate `iss` claim is a string during encoding and decoding by @&#8203;pachewise in `#&#8203;1040 <https://github.com/jpadilla/pyjwt/pull/1040>`__
- Improve typing/logic for `options` in decode, decode_complete by @&#8203;pachewise in `#&#8203;1045 <https://github.com/jpadilla/pyjwt/pull/1045>`__
- Declare float supported type for lifespan and timeout by @&#8203;nikitagashkov in `#&#8203;1068 <https://github.com/jpadilla/pyjwt/pull/1068>`__

Added

• Docs: Add example of using leeway with nbf by @​djw8605 in #&#8203;1034 <https://github.com/jpadilla/pyjwt/pull/1034>__
• Docs: Refactored docs with autodoc; added PyJWS and jwt.algorithms docs by @​pachewise in #&#8203;1045 <https://github.com/jpadilla/pyjwt/pull/1045>__
• Docs: Documentation improvements for "sub" and "jti" claims by @​cleder in #&#8203;1088 <https://github.com/jpadilla/pyjwt/pull/1088>

v2.10.0

Compare Source

Fixed

- Prevent partial matching of `iss` claim by @&#8203;fabianbadoi in `GHSA-75c5-xw7c-p5pm <https://github.com/jpadilla/pyjwt/security/advisories/GHSA-75c5-xw7c-p5pm>`__

v2.9.0

Compare Source

Changed

- Remove algorithm requirement from JWT API, instead relying on JWS API for enforcement, by @&#8203;luhn in `#&#8203;975 <https://github.com/jpadilla/pyjwt/pull/975>`__
- Use ``Sequence`` for parameter types rather than ``List`` where applicable by @&#8203;imnotjames in `#&#8203;970 <https://github.com/jpadilla/pyjwt/pull/970>`__
- Add JWK support to JWT encode by @&#8203;luhn in `#&#8203;979 <https://github.com/jpadilla/pyjwt/pull/979>`__
- Encoding and decoding payloads using the `none` algorithm by @&#8203;jpadilla in `#c2629f6 <https://github.com/jpadilla/pyjwt/commit/c2629f66c593459e02616048443231ccbe18be16>`

  Before:

  .. code-block:: pycon

   >>> import jwt
   >>> jwt.encode({"payload": "abc"}, key=None, algorithm=None)

  After:

  .. code-block:: pycon

   >>> import jwt
   >>> jwt.encode({"payload": "abc"}, key=None, algorithm="none")

- Added validation for 'sub' (subject) and 'jti' (JWT ID) claims in tokens by @&#8203;Divan009 in `#&#8203;1005 <https://github.com/jpadilla/pyjwt/pull/1005>`__
- Refactor project configuration files from ``setup.cfg`` to ``pyproject.toml`` by @&#8203;cleder in `#&#8203;995 <https://github.com/jpadilla/pyjwt/pull/995>`__
- Ruff linter and formatter changes by @&#8203;gagandeepp in `#&#8203;1001 <https://github.com/jpadilla/pyjwt/pull/1001>`__
- Drop support for Python 3.8 (EOL) by @&#8203;kkirsche in `#&#8203;1007 <https://github.com/jpadilla/pyjwt/pull/1007>`__

Fixed
~~~~~

- Encode EC keys with a fixed bit length by @&#8203;etianen in `#&#8203;990 <https://github.com/jpadilla/pyjwt/pull/990>`__
- Add an RTD config file to resolve Read the Docs build failures by @&#8203;kurtmckee in `#&#8203;977 <https://github.com/jpadilla/pyjwt/pull/977>`__
- Docs: Update ``iat`` exception docs by @&#8203;pachewise in `#&#8203;974 <https://github.com/jpadilla/pyjwt/pull/974>`__
- Docs: Fix ``decode_complete`` scope and algorithms by @&#8203;RbnRncn in `#&#8203;982 <https://github.com/jpadilla/pyjwt/pull/982>`__
- Fix doctest for ``docs/usage.rst`` by @&#8203;pachewise in `#&#8203;986 <https://github.com/jpadilla/pyjwt/pull/986>`__
- Fix ``test_utils.py`` not to xfail by @&#8203;pachewise in `#&#8203;987 <https://github.com/jpadilla/pyjwt/pull/987>`__
- Docs: Correct `jwt.decode` audience param doc expression by @&#8203;peter279k in `#&#8203;994 <https://github.com/jpadilla/pyjwt/pull/994>`__

Added
~~~~~

- Add support for python 3.13 by @&#8203;hugovk in `#&#8203;972 <https://github.com/jpadilla/pyjwt/pull/972>`__
- Create SECURITY.md by @&#8203;auvipy and @&#8203;jpadilla in `#&#8203;973 <https://github.com/jpadilla/pyjwt/pull/973>`__
- Docs: Add PS256 encoding and decoding usage by @&#8203;peter279k in `#&#8203;992 <https://github.com/jpadilla/pyjwt/pull/992>`__
- Docs: Add API docs for PyJWK by @&#8203;luhn in `#&#8203;980 <https://github.com/jpadilla/pyjwt/pull/980>`__
- Docs: Add EdDSA algorithm encoding/decoding usage by @&#8203;peter279k in `#&#8203;993 <https://github.com/jpadilla/pyjwt/pull/993>`__
- Include checkers and linters for ``pyproject.toml`` in ``pre-commit`` by @&#8203;cleder in `#&#8203;1002 <https://github.com/jpadilla/pyjwt/pull/1002>`__
- Docs: Add ES256 decoding usage by @&#8203;Gautam-Hegde in `#&#8203;1003 <https://github.com/jpadilla/pyjwt/pull/1003>`

caronc/apprise (apprise)

v1.9.5

Compare Source

What's Changed

This is just a small release to bundle accumulated changes since v1.9.4.

📣 New Notification Services:

n/a

🐞 Bugfixes

• pyobject availability does not impact glib testing in #​1384
• Fix test case to compare url ids by @​emmanuel-ferdman in #​1371
• slack:// now has timestamp=yes/no kwarg support in #​1394
• Fix AppriseURLTester usage of meta["self"] by @​LaFeev in #​1412
• Fix test_time_zoneinfo edge case by @​LaFeev in #​1411

💡 Features

• Added support for discord:// flags=in #​1409
• Global Timezone support added (tz=) in #​1398
• feat: add icon field support for bark plugin by @​HerbertGao in #​1393
• Add twilio phone calls support by @​amanda-her in #​1408

❤️ Life-Cycle Support

• Add Power Automate (Workflows/MS Teams) alternative url support by @​LaFeev in #​1407
• Environment improvments (updates to PR #​1385) in #​1395
• PEM backend definitions handling for forwards compatability in #​1410
• build environment improvements in #​1385
• RUF059 linting fixes against codebase in #​1413

New Contributors

• @​HerbertGao made their first contribution in #​1393
• @​amanda-her made their first contribution in #​1408
• @​LaFeev made their first contribution in #​1412

Installation

Apprise is available on PyPI through pip:

### Install Apprise v1.9.5 from PyPI
pip install apprise==1.9.5

Full Changelog: caronc/apprise@v1.9.4...v1.9.5

v1.9.4

Compare Source

What's Changed

It has been some time since I pushed a release; so this one just bundles all of the outstanding fixes/enhancments together.

This release introduces a major refactor of the code base to modernize it (for Python v3.9+). The change added more then 13,000 lines of code and refactored 70,000 lines. It took a very, very long time to do, but I'm happy how things turned out. It should make it easier for others to adapt and add to the code base. This change also greatly improved the type hinting offered by the library. I debated marking this release v2.0.0 due to the signifgance of it, but will just bump the minor to catch any fallout from the change I may have overlooked.

Please don't hesitate to open a ticket if you find any issus at all.

📣 New Notification Services:

• Added Spike.sh support in #​1364
• Added Spug Push Support in #​1365
• Added Lark Support in #​1361
• Added QQ Push Support in #​1366
• Added SIGNL4 Support by @​rons4 in #​1379
• Added SendPulse Support in #​1192
• Added Clickatell support by @​thmasker in #​1347
• Added Vapid/WebPush Support in #​1323
• Added SMPP support by @​thmasker in #​1354

🐞 Bugfixes

• Fix throttling in matrix plugin by @​wolfgesbro in #​1352
• minor fixes lingering from PR #​1368 in #​1378
  • This is the major update identified in the Life-Cycle Support
• bluesky resolve did custom domains in #​1363
• Update token regex on chanify by @​edwinbernadus in #​1325
• Fix matrix v3 attachments by @​privacyfr3ak in #​1373
• Minor typos and fixes in #​1357
• Improved Google Chat thread handling in #​1376

💡 Features

• Display SMTP host in debug mode by @​emmanuel-ferdman in #​1331
• Support mailto://localhost (default user is root) in #​1360
• Dbus/Glib Python binding modernization + test refactoring in #​1377

❤️ Life-Cycle Support

• Add Codecov Test Analytics by @​katia-sentry in #​1321

• Removed LunaSea as it's services are offline as of April 30th, 2025 in #​1362

• 🔥 Apprise Build System Modernization (PEP 621 / RPM CI) in #​1368

  • Addresses Red Hat Bugzilla 2377453 filed against the Apprise RPM Build structure.
  • Replaced setup.py with pyproject.toml (setuptools.build_meta backend)
  • Replaced legacy dynamic keyword loading with static [project.keywords]
  • Added SPDX-compliant license (BSD-2-Clause)
  • Introduced tox -e release for full packaging lifecycle
  • Man page generation and translation compilation included in CI
  • Verified RPM builds using Fedora-compatible GitHub Actions
  • CI test matrix now supports Python 3.9–3.12, across Ubuntu, macOS, and Windows
  • .coverage files now consistently written to root; parallel coverage disabled for simpler merging
  • Artifact uploads now uniquely named per ${{ matrix.os }}-${{ matrix.python-version }}-${{ matrix.tox_env }}
  • tox.ini now supports clean qa, minimal, and release testing workflows
  • ruff linter applied to entire code-base
  • .pyi files dropped and type hinting integrated into main code base

• Test coverge added to investigate ticket #​1356 in #​1358

• EL9 RPM build container public; workflow fixed to accommodate in #​1375

New Contributors

• @​katia-sentry made their first contribution in #​1321
• @​edwinbernadus made their first contribution in #​1325
• @​emmanuel-ferdman made their first contribution in #​1331
• @​thmasker made their first contribution in #​1347
• @​wolfgesbro made their first contribution in #​1352
• @​privacyfr3ak made their first contribution in #​1373
• @​rons4 made their first contribution in #​1379

Installation

Apprise is available on PyPI through pip:

### Install Apprise v1.9.4 from PyPI
pip install apprise==1.9.4

Full Changelog: caronc/apprise@v1.9.3...v1.9.4

JoshData/python-email-validator (email-validator)

v2.3.0

Compare Source

• The package name is changed from using an underscore (email_validator) to a dash (email-validator) to match PyPi's normalized package name.
• The library no longer checks that the local part is at most 64 characters because a more careful reading of RFC 5321 indicates the limit is optional and such email addresses have been found in the wild. However the check can be restored using a new strict=True parameter, and the overall 254 character email address length limit is still in place.
• New EmailSyntaxError messages are used for some exiting syntax errors related to @​-sign homoglyphs and invalid characters in internationalized domains.
• When using allow_display_name=True, display names are now returned with Unicode NFC normalization.
• TypeError is now raised if something other than str (or bytes) is passed as the email address.

v2.2.0

Compare Source

• Email addresses with internationalized local parts could, with rare Unicode characters, be returned as valid but actually be invalid in their normalized form (returned in the normalized field). In particular, it is possible to get a normalized address with a ";" character, which is not valid and could change the interpretation of the address. Local parts now re-validated after Unicode NFC normalization to ensure that invalid characters cannot be injected into the normalized address and that characters with length-increasing NFC normalizations cannot cause a local part to exceed the maximum length after normalization. Thanks to khanh@calif.io from https://calif.io for reporting the issue.
• The length check for email addresses with internationalized local parts is now also applied to the original address string prior to Unicode NFC normalization, which may be longer and could exceed the maximum email address length, to protect callers who do not use the returned normalized address.
• Improved error message for IDNA domains that are too long or have invalid characters after Unicode normalization.
• A new option to parse My Name <address@domain> strings, i.e. a display name plus an email address in angle brackets, is now available. It is off by default.
• Improvements to Python typing.
• Some additional tests added.

v2.1.2

Compare Source

• The domain name length limit is corrected from 255 to 253 IDNA ASCII characters. I misread the RFCs.
• When a domain name has no MX record but does have an A or AAAA record, if none of the IP addresses in the response are globally reachable (i.e. not Private-Use, Loopback, etc.), the response is treated as if there was no A/AAAA response and the email address will fail the deliverability check.
• When a domain name has no MX record but does have an A or AAAA record, the mx field in the object returned by validate_email incorrectly held the IP addresses rather than the domain itself.
• Fixes in tests.

corydolphin/flask-cors (flask-cors)

v4.0.2

Compare Source

What's Changed

• Bump requests from 2.31.0 to 2.32.0 in /docs by @​dependabot in #​358
• Backwards Compatible Fix for CVE-2024-6221 by @​adrianosela in #​363
• Add unit tests for Private-Network by @​corydolphin in #​367

New Contributors

• @​dependabot made their first contribution in #​358
• @​adrianosela made their first contribution in #​363

Full Changelog: corydolphin/flask-cors@4.0.1...4.0.2

psycopg/psycopg2 (psycopg2)

v2.9.11

Compare Source

dateutil/dateutil (python-dateutil)

v2.9.0.post0

Compare Source

Version 2.9.0.post0 (2024-03-01)

Bugfixes

• Pinned setuptools_scm to <8, which should make the generated _version.py file compatible with all supported versions of Python.

psf/requests (requests)

v2.32.5

Compare Source

Bugfixes

• The SSLContext caching feature originally introduced in 2.32.0 has created
  a new class of issues in Requests that have had negative impact across a number
  of use cases. The Requests team has decided to revert this feature as long term
  maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

• Added support for Python 3.14.
• Dropped support for Python 3.8 following its end of support.

v2.32.4

Compare Source

Security

• CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted
  environment will retrieve credentials for the wrong hostname/machine from a
  netrc file.

Improvements

• Numerous documentation improvements

Deprecations

• Added support for pypy 3.11 for Linux and macOS.
• Dropped support for pypy 3.9 following its end of support.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[Erwan-loot]

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.

[Erwan-loot]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.