Skip to content

chore(deps): bump the production group across 1 directory with 19 updates#448

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/production-080c41b1b9
Open

chore(deps): bump the production group across 1 directory with 19 updates#448
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/production-080c41b1b9

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 13, 2026
edited
Loading

Bumps the production group with 19 updates in the / directory:

Package From To
orjson 3.10.18 3.11.8
pyjwt 2.10.1 2.12.1
pyyaml 6.0.2 6.0.3
requests 2.32.3 2.33.1
pynacl 1.5.0 1.6.2
numpy 2.3.5 2.4.4
python-docx 1.1.2 1.2.0
opentelemetry-api 1.35.0 1.41.0
opentelemetry-sdk 1.35.0 1.41.0
opentelemetry-exporter-otlp 1.35.0 1.41.0
opentelemetry-exporter-otlp-proto-http 1.35.0 1.41.0
opentelemetry-instrumentation-fastapi 0.56b0 0.62b0
opentelemetry-instrumentation-httpx 0.56b0 0.62b0
sentry-sdk 2.41.0 2.57.0
web3 7.13.0 7.15.0
sqlalchemy 2.0.44 2.0.49
alembic 1.17.2 1.18.4
redis 7.1.0 7.4.0
cookiecutter 2.6.0 2.7.1

Updates orjson from 3.10.18 to 3.11.8

Release notes

Sourced from orjson's releases.

3.11.8

Changed

  • Build and compatibility improvements.

3.11.7

Changed

  • Use a faster library to serialize float. Users with byte-exact regression tests should note positive exponents are now written using a +, e.g., 1.2e+30 instead of 1.2e30. Both formats are spec-compliant.
  • ABI compatibility with CPython 3.15 alpha 5 free-threading.

3.11.6

Changed

  • orjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).
  • Drop support for Python 3.9.
  • ABI compatibility with CPython 3.15 alpha 5.
  • Build now depends on Rust 1.89 or later instead of 1.85.

Fixed

  • Fix sporadic crash serializing deeply nested list of dict.

3.11.5

Changed

  • Show simple error message instead of traceback when attempting to build on unsupported Python versions.

3.11.4

Changed

  • ABI compatibility with CPython 3.15 alpha 1.
  • Publish PyPI wheels for 3.14 and manylinux i686, manylinux arm7, manylinux ppc64le, manylinux s390x.
  • Build now requires a C compiler.

3.11.3

Fixed

  • Fix PyPI project metadata when using maturin 1.9.2 or later.

3.11.2

Fixed

  • Fix build using Rust 1.89 on amd64.

Changed

... (truncated)

Changelog

Sourced from orjson's changelog.

3.11.8 - 2026-03-31

Changed

  • Build and compatibility improvements.

3.11.7 - 2026-02-02

Changed

  • Use a faster library to serialize float. Users with byte-exact regression tests should note positive exponents are now written using a +, e.g., 1.2e+30 instead of 1.2e30. Both formats are spec-compliant.
  • ABI compatibility with CPython 3.15 alpha 5 free-threading.

3.11.6 - 2026-01-29

Changed

  • orjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).
  • Drop support for Python 3.9.
  • ABI compatibility with CPython 3.15 alpha 5.
  • Build now depends on Rust 1.89 or later instead of 1.85.

Fixed

  • Fix sporadic crash serializing deeply nested list of dict.

3.11.5 - 2025-12-06

Changed

  • Show simple error message instead of traceback when attempting to build on unsupported Python versions.

3.11.4 - 2025-10-24

Changed

  • ABI compatibility with CPython 3.15 alpha 1.
  • Publish PyPI wheels for 3.14 and manylinux i686, manylinux arm7, manylinux ppc64le, manylinux s390x.
  • Build now requires a C compiler.

3.11.3 - 2025-08-26

... (truncated)

Commits

Updates pyjwt from 2.10.1 to 2.12.1

Release notes

Sourced from pyjwt's releases.

2.12.1

What's Changed

Full Changelog: jpadilla/pyjwt@2.12.0...2.12.1

2.12.0

Security

What's Changed

New Contributors

Full Changelog: jpadilla/pyjwt@2.11.0...2.12.0

2.11.0

What's Changed

... (truncated)

Changelog

Sourced from pyjwt's changelog.

v2.12.1 <https://github.com/jpadilla/pyjwt/compare/2.12.0...2.12.1>__

Fixed


- Add missing ``typing_extensions`` dependency for Python < 3.11 in `[#1150](https://github.com/jpadilla/pyjwt/issues/1150) <https://github.com/jpadilla/pyjwt/issues/1150>`__

v2.12.0 &lt;https://github.com/jpadilla/pyjwt/compare/2.11.0...2.12.0&gt;__


Fixed

  • Annotate PyJWKSet.keys for pyright by @​tamird in [#1134](https://github.com/jpadilla/pyjwt/issues/1134) <https://github.com/jpadilla/pyjwt/pull/1134>__
  • Close HTTPError response to prevent ResourceWarning on Python 3.14 by @​veeceey in [#1133](https://github.com/jpadilla/pyjwt/issues/1133) <https://github.com/jpadilla/pyjwt/pull/1133>__
  • Do not keep algorithms dict in PyJWK instances by @​akx in [#1143](https://github.com/jpadilla/pyjwt/issues/1143) <https://github.com/jpadilla/pyjwt/pull/1143>__
  • Validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. by @​dmbs335 in GHSA-752w-5fwx-jx9f <https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f>__
  • Use PyJWK algorithm when encoding without explicit algorithm in [#1148](https://github.com/jpadilla/pyjwt/issues/1148) <https://github.com/jpadilla/pyjwt/pull/1148>__

Added


- Docs: Add ``PyJWKClient`` API reference and document the two-tier caching system (JWK Set cache and signing key LRU cache).

v2.11.0 &lt;https://github.com/jpadilla/pyjwt/compare/2.10.1...2.11.0&gt;__


Fixed

  • Enforce ECDSA curve validation per RFC 7518 Section 3.4.
  • Fix build system warnings by @​kurtmckee in [#1105](https://github.com/jpadilla/pyjwt/issues/1105) <https://github.com/jpadilla/pyjwt/pull/1105>__
  • Validate key against allowed types for Algorithm family in [#964](https://github.com/jpadilla/pyjwt/issues/964) <https://github.com/jpadilla/pyjwt/pull/964>__
  • Add iterator for JWKSet in [#1041](https://github.com/jpadilla/pyjwt/issues/1041) <https://github.com/jpadilla/pyjwt/pull/1041>__
  • Validate iss claim is a string during encoding and decoding by @​pachewise in [#1040](https://github.com/jpadilla/pyjwt/issues/1040) <https://github.com/jpadilla/pyjwt/pull/1040>__
  • Improve typing/logic for options in decode, decode_complete by @​pachewise in [#1045](https://github.com/jpadilla/pyjwt/issues/1045) <https://github.com/jpadilla/pyjwt/pull/1045>__
  • Declare float supported type for lifespan and timeout by @​nikitagashkov in [#1068](https://github.com/jpadilla/pyjwt/issues/1068) <https://github.com/jpadilla/pyjwt/pull/1068>__
  • Fix SyntaxWarning\s/DeprecationWarning\s caused by invalid escape sequences by @​kurtmckee in [#1103](https://github.com/jpadilla/pyjwt/issues/1103) <https://github.com/jpadilla/pyjwt/pull/1103>__
  • Development: Build a shared wheel once to speed up test suite setup times by @​kurtmckee in [#1114](https://github.com/jpadilla/pyjwt/issues/1114) <https://github.com/jpadilla/pyjwt/pull/1114>__
  • Development: Test type annotations across all supported Python versions, increase the strictness of the type checking, and remove the mypy pre-commit hook by @​kurtmckee in [#1112](https://github.com/jpadilla/pyjwt/issues/1112) <https://github.com/jpadilla/pyjwt/pull/1112>__

Added


- Support Python 3.14, and test against PyPy 3.10 and 3.11 by @kurtmckee in `[#1104](https://github.com/jpadilla/pyjwt/issues/1104) <https://github.com/jpadilla/pyjwt/pull/1104>`__
- Development: Migrate to ``build`` to test package building in CI by @kurtmckee in `[#1108](https://github.com/jpadilla/pyjwt/issues/1108) <https://github.com/jpadilla/pyjwt/pull/1108>`__
- Development: Improve coverage config and eliminate unused test suite code by @kurtmckee in `[#1115](https://github.com/jpadilla/pyjwt/issues/1115) <https://github.com/jpadilla/pyjwt/pull/1115>`__
</tr></table>

... (truncated)

Commits

Updates pyyaml from 6.0.2 to 6.0.3

Release notes

Sourced from pyyaml's releases.

6.0.3

What's Changed

  • Support for Python 3.14 and free-threading (experimental).

Full Changelog: yaml/pyyaml@6.0.2...6.0.3

Changelog

Sourced from pyyaml's changelog.

6.0.3 (2025-09-25)

  • yaml/pyyaml#864 -- Support for Python 3.14 and free-threading (experimental)
Commits

Updates requests from 2.32.3 to 2.33.1

Release notes

Sourced from requests's releases.

v2.33.1

2.33.1 (2026-03-30)

Bugfixes

  • Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)
  • Fixed Content-Type header parsing for malformed values. (#7309)
  • Improved error consistency for malformed header values. (#7308)

New Contributors

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2331-2026-03-30

v2.33.0

2.33.0 (2026-03-25)

Announcements

  • 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

  • CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

  • Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

  • Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

  • Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

  • Various typo fixes and doc improvements.

New Contributors

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25

v2.32.5

2.32.5 (2025-08-18)

... (truncated)

Changelog

Sourced from requests's changelog.

2.33.1 (2026-03-30)

Bugfixes

  • Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)
  • Fixed Content-Type header parsing for malformed values. (#7309)
  • Improved error consistency for malformed header values. (#7308)

2.33.0 (2026-03-25)

Announcements

  • 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

  • CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

  • Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

  • Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

  • Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

  • Various typo fixes and doc improvements.

2.32.5 (2025-08-18)

Bugfixes

  • The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

  • Added support for Python 3.14.

... (truncated)

Commits

Updates pynacl from 1.5.0 to 1.6.2

Changelog

Sourced from pynacl's changelog.

1.6.2 (2026-01-01)

  • Updated libsodium to 1.0.20-stable (2025-12-31 build) to resolve CVE-2025-69277.

1.6.1 (2025-11-10)

  • The MAKE environment variable can now be used to specify the make binary that should be used in the build process.

1.6.0 (2025-09-11)

  • BACKWARDS INCOMPATIBLE: Removed support for Python 3.6 and 3.7.
  • Added support for the low level AEAD AES bindings.
  • Added support for crypto_core_ed25519_from_uniform.
  • Update libsodium to 1.0.20-stable (2025-08-27 build).
  • Added support for free-threaded Python 3.14.
  • Added support for Windows on ARM wheels.
Commits

Updates numpy from 2.3.5 to 2.4.4

Release notes

Sourced from numpy's releases.

2.4.4 (Mar 29, 2026)

NumPy 2.4.4 Release Notes

The NumPy 2.4.4 is a patch release that fixes bugs discovered after the 2.4.3 release. It should finally close issue #30816, the OpenBLAS threading problem on ARM.

This release supports Python versions 3.11-3.14

Contributors

A total of 8 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

  • Charles Harris
  • Daniel Haag +
  • Denis Prokopenko +
  • Harshith J +
  • Koki Watanabe
  • Marten van Kerkwijk
  • Matti Picus
  • Nathan Goldbaum

Pull requests merged

A total of 7 pull requests were merged for this release.

  • #30978: MAINT: Prepare 2.4.x for further development
  • #31049: BUG: Add test to reproduce problem described in #30816 (#30818)
  • #31052: BUG: fix FNV-1a 64-bit selection by using NPY_SIZEOF_UINTP (#31035)
  • #31053: BUG: avoid warning on ufunc with where=True and no output
  • #31058: DOC: document caveats of ndarray.resize on 3.14 and newer
  • #31079: TST: fix POWER VSX feature mapping (#30801)
  • #31084: MAINT: numpy.i: Replace deprecated sprintf with snprintf...

2.4.3 (Mar 9, 2026)

NumPy 2.4.3 Release Notes

The NumPy 2.4.3 is a patch release that fixes bugs discovered after the 2.4.2 release. The most user visible fix may be a threading fix for OpenBLAS on ARM, closing issue #30816.

This release supports Python versions 3.11-3.14

Contributors

A total of 11 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

  • Antareep Sarkar +

... (truncated)

Changelog

Sourced from numpy's changelog.

This is a walkthrough of the NumPy 2.4.0 release on Linux, which will be the first feature release using the numpy/numpy-release <https://github.com/numpy/numpy-release>__ repository.

The commands can be copied into the command line, but be sure to replace 2.4.0 with the correct version. This should be read together with the :ref:general release guide <prepare_release>.

Facility preparation

Before beginning to make a release, use the requirements/*_requirements.txt files to ensure that you have the needed software. Most software can be installed with pip, but some will require apt-get, dnf, or whatever your system uses for software. You will also need a GitHub personal access token (PAT) to push the documentation. There are a few ways to streamline things:

  • Git can be set up to use a keyring to store your GitHub personal access token. Search online for the details.

Prior to release

Add/drop Python versions

When adding or dropping Python versions, multiple config and CI files need to be edited in addition to changing the minimum version in pyproject.toml. Make these changes in an ordinary PR against main and backport if necessary. We currently release wheels for new Python versions after the first Python RC once manylinux and cibuildwheel support that new Python version.

Backport pull requests

Changes that have been marked for this release must be backported to the maintenance/2.4.x branch.

Update 2.4.0 milestones

Look at the issues/prs with 2.4.0 milestones and either push them off to a later version, or maybe remove the milestone. You may need to add a milestone.

Check the numpy-release repo

... (truncated)

Commits
  • be93fe2 Merge pull request #31090 from charris/prepare-2.4.4
  • f5245dc REL: Prepare for the NumPy 2.4.4 release
  • 02e838b Merge pull request #31084 from charris/backport-31056
  • fa74b2d MAINT: numpy.i: Replace deprecated sprintf with snprintf (#31056)
  • 533a6db Merge pull request #31079 from charris/backport-20801
  • 9e496cb TST: fix POWER VSX feature mapping (#30801)
  • 8052c4b Merge pull request #31058 from charris/backport-31021
  • 7f13b5a MAINT: Skip test on PyPy.
  • 4c5fdd6 MAINT: Remove unused import of tracemalloc.
  • a3ca5ed Update numpy/_core/src/multiarray/shape.c
  • Additional commits viewable in compare view

Updates python-docx from 1.1.2 to 1.2.0

Changelog

Sourced from python-docx's changelog.

1.2.0 (2025-06-16) ++++++++++++++++++

  • Add support for comments
  • Drop support for Python 3.8, add testing for Python 3.13
Commits
  • e454546 release: prepare v1.2.0 release
  • 1fe6601 build: small adjustments for tox
  • 4fbe1f6 docs: add Comments docs
  • a809d6c comments: add Comment.text
  • e3a321d comments: add Run.mark_comment_range()
  • af3b973 comments: add Document.add_comment()
  • 66da522 xfail: acceptance test for Document.add_comment()
  • 761f4cc comments: add Comment.author, .initials setters
  • 8ac9fc4 comments: add Comments.add_comment()
  • d360409 xfail: acceptance test for Comment mutations
  • Additional commits viewable in compare view

Updates opentelemetry-api from 1.35.0 to 1.41.0

Changelog

Sourced from opentelemetry-api's changelog.

Version 1.41.0/0.62b0 (2026-04-09)

  • opentelemetry-sdk: Add host resource detector support to declarative file configuration via detection_development.detectors[].host (#5002)
  • opentelemetry-sdk: Add container resource detector support to declarative file configuration via detection_development.detectors[].container, using entry point loading of the opentelemetry-resource-detector-containerid contrib package (#5004)
  • opentelemetry-sdk: Add create_tracer_provider/configure_tracer_provider to declarative file configuration, enabling TracerProvider instantiation from config files without reading env vars (#4985)
  • Enabled the flake8-tidy-import plugins rules for the ruff linter. These rules throw warnings for relative imports in the modules. (#5019)
  • opentelemetry-sdk: Fix AttributeError in ExplicitBucketHistogramAggregation when applied to non-Histogram instruments without explicit boundaries (#5034)
  • Fix BatchLogRecordProcessor default schedule_delay_millis from 5000ms to 1000ms to comply with the OTel specification. Note: logs may be exported 5x more frequently by default (e.g. for users who don't explicitly set the OTEL_BLRP_SCHEDULE_DELAY env var). (#4998)
  • opentelemetry-sdk: Add process resource detector support to declarative file configuration via detection_development.detectors[].process (#5001)
  • opentelemetry-sdk: Add shared _parse_headers helper for declarative config OTLP exporters (#5021)
  • opentelemetry-api: Replace a broad exception in attribute cleaning tests to satisfy pylint in the lint-opentelemetry-api CI job
  • opentelemetry-sdk: Add create_meter_provider/configure_meter_provider to declarative file configuration, enabling MeterProvider instantiation from config files without reading env vars (#4987)
  • opentelemetry-sdk: Add create_resource and create_propagator/configure_propagator to declarative file configuration, enabling Resource and propagator instantiation from config files without reading env vars (#4979)
  • opentelemetry-sdk: Map Python CRITICAL log level to OTel FATAL severity text per the specification (#4984)
  • opentelemetry-sdk: Add file configuration support with YAML/JSON loading, environment variable substitution, and schema validation against the vendored OTel config JSON schema (#4898)
  • Fix intermittent CI failures in getting-started and tracecontext jobs caused by GitHub git CDN SHA propagation lag by installing contrib packages from the already-checked-out local copy instead of a second git clone (#4958)
  • opentelemetry-sdk: fix type annotations on MetricReader and related types (#4938)
  • opentelemetry-sdk: implement log creation metric (#4935)
  • opentelemetry-sdk: implement metric reader metrics (#4970)
  • opentelemetry-sdk: implement processor metrics (#5012)
  • opentelemetry-sdk: upgrade vendored OTel configuration schema from v1.0.0-rc.3 to v1.0.0 (#4965)
  • improve check-links ci job (#4978)
  • Resolve some Pyright type errors in Span/ReadableSpan and utility stubs (#4973)
  • opentelemetry-exporter-prometheus: Fix metric name prefix (#4895)
  • opentelemetry-api, opentelemetry-sdk: Add deepcopy support for BoundedAttributes and BoundedList (#4934)
  • opentelemetry-proto-json, opentelemetry-codegen-json: Implement custom protoc plugin to generate OTLP JSON class definitions (#4910)
  • Add configurable max_export_batch_size to OTLP HTTP metrics exporter

... (truncated)

Commits
  • 1a178fc [release/v1.41.x-0.62bx] Prepare release 1.41.0/0.62b0 (#5064)
  • 37dea4b feat: add experimental logger configurator (#4980)
  • 7c860ca misc: update version for codegen-json and proto-json packages (#5061)
  • b3d98b3 [chore]: update readme (#5060)
  • dbbd1bc feat(config): Add MeterProvider support for declarative config (#4987)
  • 6faa58c feat(config): add host resource detector support for declarative config (#5002)
  • c0cbfbd feat(config): wire container resource detector via entry point loading (#5004)
  • f764e45 feat(config): Add TracerProvider support for declarative config (#4985)
  • e301732 Add MikeGoldsmith to approvers (#5038)
  • 8783a58 introduce alls-green action for required checks (#4988)
  • Additional commits viewable in compare view

Updates opentelemetry-sdk from 1.35.0 to 1.41.0

Changelog

Sourced from opentelemetry-sdk's changelog.

Version 1.41.0/0.62b0 (2026-04-09)

  • opentelemetry-sdk: Add host resource detector support to declarative file configuration via detection_development.detectors[].host (#5002)
  • opentelemetry-sdk: Add container resource detector support to declarative file configuration via detection_development.detectors[].container, using entry point loading of the opentelemetry-resource-detector-containerid contrib package (#5004)
  • opentelemetry-sdk: Add create_tracer_provider/configure_tracer_provider to declarative file configuration, enabling TracerProvider instantiation from config files without reading env vars (#4985)
  • Enabled the flake8-tidy-import plugins rules for the ruff linter. These rules throw warnings for relative imports in the modules. (#5019)
  • opentelemetry-sdk: Fix AttributeError in ExplicitBucketHistogramAggregation when applied to non-Histogram instruments without explicit boundaries (#5034)
  • Fix BatchLogRecordProcessor default schedule_delay_millis from 5000ms to 1000ms to comply with the OTel specification. Note: logs may be exported 5x more frequently by default (e.g. for users who don't explicitly set the OTEL_BLRP_SCHEDULE_DELAY env var). (#4998)
  • opentelemetry-sdk: Add process resource detector support to declarative file configuration via detection_development.detectors[].process (#5001)
  • opentelemetry-sdk: Add shared _parse_headers helper for declarative config OTLP exporters (#5021)
  • opentelemetry-api: Replace a broad exception in attribute cleaning tests to satisfy pylint in the lint-opentelemetry-api CI job
  • opentelemetry-sdk: Add create_meter_provider/configure_meter_provider to declarative file configuration, enabling MeterProvider instantiation from config files without reading env vars (#4987)
  • opentelemetry-sdk: Add create_resource and create_propagator/configure_propagator to declarative file configuration, enabling Resource and propagator instantiation from config files without reading env vars (#4979)
  • opentelemetry-sdk: Map Python CRITICAL log level to OTel FATAL severity text per the specification (#4984)
  • opentelemetry-sdk: Add file configuration support with YAML/JSON loading, environment variable substitution, and schema validation against the vendored OTel config JSON schema (#4898)
  • Fix intermittent CI failures in getting-started and tracecontext jobs caused by GitHub git CDN SHA propagation lag by installing contrib packages from the already-checked-out local copy instead of a second git clone (#4958)
  • opentelemetry-sdk: fix type annotations on MetricReader and related types (#4938)
  • opentelemetry-sdk: implement log creation metric (#4935)
  • opentelemetry-sdk: implement metric reader metrics (#4970)
  • opentelemetry-sdk: implement processor metrics (#5012)
  • opentelemetry-sdk: upgrade vendored OTel configuration schema from v1.0.0-rc.3 to v1.0.0 (#4965)
  • improve check-links ci job (#4978)
  • Resolve some Pyright type errors in Span/ReadableSpan and utility stubs (#4973)
  • opentelemetry-exporter-prometheus: Fix metric name prefix (#4895)
  • opentelemetry-api, opentelemetry-sdk: Add deepcopy support for BoundedAttributes and BoundedList (#4934)
  • opentelemetry-proto-json, opentelemetry-codegen-json: Implement custom protoc plugin to generate OTLP JSON class definitions (#4910)
  • Add configurable max_export_batch_size to OTLP HTTP metrics exporter

... (truncated)

Commits
  • 1a178fc [release/v1.41.x-0.62bx] Prepare release 1.41.0/0.62b0 (#5064)
  • 37dea4b feat: add experimental logger configurator (#4980)
  • 7c860ca misc: update version for codegen-json and proto-json packages (#5061)
  • b3d98b3 [chore]: update readme (#5060)
  • dbbd1bc feat(config): Add MeterProvider support for declarative config (#4987)
  • 6faa58c feat(config): add host resource detector support for declarative config (#5002)
  • c0cbfbd feat(config): wire container resource detector via entry point loading (#5004)
  • f764e45 feat(config): Add TracerProvider support for declarative config (#4985)
  • e301732 Add MikeGoldsmith to approvers (#5038)

@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Apr 13, 2026
@dependabot
chore(deps): bump the production group across 1 directory with 19 upd…
5d95202 
…ates

Bumps the production group with 19 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [orjson](https://github.com/ijl/orjson) | `3.10.18` | `3.11.8` |
| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.10.1` | `2.12.1` |
| [pyyaml](https://github.com/yaml/pyyaml) | `6.0.2` | `6.0.3` |
| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.1` |
| [pynacl](https://github.com/pyca/pynacl) | `1.5.0` | `1.6.2` |
| [numpy](https://github.com/numpy/numpy) | `2.3.5` | `2.4.4` |
| [python-docx](https://github.com/python-openxml/python-docx) | `1.1.2` | `1.2.0` |
| [opentelemetry-api](https://github.com/open-telemetry/opentelemetry-python) | `1.35.0` | `1.41.0` |
| [opentelemetry-sdk](https://github.com/open-telemetry/opentelemetry-python) | `1.35.0` | `1.41.0` |
| [opentelemetry-exporter-otlp](https://github.com/open-telemetry/opentelemetry-python) | `1.35.0` | `1.41.0` |
| [opentelemetry-exporter-otlp-proto-http](https://github.com/open-telemetry/opentelemetry-python) | `1.35.0` | `1.41.0` |
| [opentelemetry-instrumentation-fastapi](https://github.com/open-telemetry/opentelemetry-python-contrib) | `0.56b0` | `0.62b0` |
| [opentelemetry-instrumentation-httpx](https://github.com/open-telemetry/opentelemetry-python-contrib) | `0.56b0` | `0.62b0` |
| [sentry-sdk](https://github.com/getsentry/sentry-python) | `2.41.0` | `2.57.0` |
| [web3](https://github.com/ethereum/web3.py) | `7.13.0` | `7.15.0` |
| [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) | `2.0.44` | `2.0.49` |
| [alembic](https://github.com/sqlalchemy/alembic) | `1.17.2` | `1.18.4` |
| [redis](https://github.com/redis/redis-py) | `7.1.0` | `7.4.0` |
| [cookiecutter](https://github.com/cookiecutter/cookiecutter) | `2.6.0` | `2.7.1` |



Updates `orjson` from 3.10.18 to 3.11.8
- [Release notes](https://github.com/ijl/orjson/releases)
- [Changelog](https://github.com/ijl/orjson/blob/master/CHANGELOG.md)
- [Commits](ijl/orjson@3.10.18...3.11.8)

Updates `pyjwt` from 2.10.1 to 2.12.1
- [Release notes](https://github.com/jpadilla/pyjwt/releases)
- [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst)
- [Commits](jpadilla/pyjwt@2.10.1...2.12.1)

Updates `pyyaml` from 6.0.2 to 6.0.3
- [Release notes](https://github.com/yaml/pyyaml/releases)
- [Changelog](https://github.com/yaml/pyyaml/blob/6.0.3/CHANGES)
- [Commits](yaml/pyyaml@6.0.2...6.0.3)

Updates `requests` from 2.32.3 to 2.33.1
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.32.3...v2.33.1)

Updates `pynacl` from 1.5.0 to 1.6.2
- [Changelog](https://github.com/pyca/pynacl/blob/main/CHANGELOG.rst)
- [Commits](pyca/pynacl@1.5.0...1.6.2)

Updates `numpy` from 2.3.5 to 2.4.4
- [Release notes](https://github.com/numpy/numpy/releases)
- [Changelog](https://github.com/numpy/numpy/blob/main/doc/RELEASE_WALKTHROUGH.rst)
- [Commits](numpy/numpy@v2.3.5...v2.4.4)

Updates `python-docx` from 1.1.2 to 1.2.0
- [Changelog](https://github.com/python-openxml/python-docx/blob/master/HISTORY.rst)
- [Commits](python-openxml/python-docx@v1.1.2...v1.2.0)

Updates `opentelemetry-api` from 1.35.0 to 1.41.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-python/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-python/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-python@v1.35.0...v1.41.0)

Updates `opentelemetry-sdk` from 1.35.0 to 1.41.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-python/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-python/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-python@v1.35.0...v1.41.0)

Updates `opentelemetry-exporter-otlp` from 1.35.0 to 1.41.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-python/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-python/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-python@v1.35.0...v1.41.0)

Updates `opentelemetry-exporter-otlp-proto-http` from 1.35.0 to 1.41.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-python/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-python/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-python@v1.35.0...v1.41.0)

Updates `opentelemetry-instrumentation-fastapi` from 0.56b0 to 0.62b0
- [Release notes](https://github.com/open-telemetry/opentelemetry-python-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-python-contrib/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-python-contrib/commits)

Updates `opentelemetry-instrumentation-httpx` from 0.56b0 to 0.62b0
- [Release notes](https://github.com/open-telemetry/opentelemetry-python-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-python-contrib/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-python-contrib/commits)

Updates `sentry-sdk` from 2.41.0 to 2.57.0
- [Release notes](https://github.com/getsentry/sentry-python/releases)
- [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md)
- [Commits](getsentry/sentry-python@2.41.0...2.57.0)

Updates `web3` from 7.13.0 to 7.15.0
- [Changelog](https://github.com/ethereum/web3.py/blob/main/docs/release_notes.rst)
- [Commits](ethereum/web3.py@v7.13.0...v7.15.0)

Updates `sqlalchemy` from 2.0.44 to 2.0.49
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)

Updates `alembic` from 1.17.2 to 1.18.4
- [Release notes](https://github.com/sqlalchemy/alembic/releases)
- [Changelog](https://github.com/sqlalchemy/alembic/blob/main/CHANGES)
- [Commits](https://github.com/sqlalchemy/alembic/commits)

Updates `redis` from 7.1.0 to 7.4.0
- [Release notes](https://github.com/redis/redis-py/releases)
- [Changelog](https://github.com/redis/redis-py/blob/master/CHANGES)
- [Commits](redis/redis-py@v7.1.0...v7.4.0)

Updates `cookiecutter` from 2.6.0 to 2.7.1
- [Release notes](https://github.com/cookiecutter/cookiecutter/releases)
- [Commits](cookiecutter/cookiecutter@2.6.0...v2.7.1)

---
updated-dependencies:
- dependency-name: orjson
  dependency-version: 3.11.8
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production
- dependency-name: pyjwt
  dependency-version: 2.12.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production
- dependency-name: pyyaml
  dependency-version: 6.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production
- dependency-name: requests
  dependency-version: 2.33.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production
- dependency-name: pynacl
  dependency-version: 1.6.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production
- dependency-name: numpy
  dependency-version: 2.4.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production
- dependency-name: python-docx
  dependency-version: 1.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production
- dependency-name: opentelemetry-api
  dependency-version: 1.41.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production
- dependency-name: opentelemetry-sdk
  dependency-version: 1.41.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production
- dependency-name: opentelemetry-exporter-otlp
  dependency-version: 1.41.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production
- dependency-name: opentelemetry-exporter-otlp-proto-http
  dependency-version: 1.41.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production
- dependency-name: opentelemetry-instrumentation-fastapi
  dependency-version: 0.62b0
  dependency-type: direct:production
  dependency-group: production
- dependency-name: opentelemetry-instrumentation-httpx
  dependency-version: 0.62b0
  dependency-type: direct:production
  dependency-group: production
- dependency-name: sentry-sdk
  dependency-version: 2.57.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production
- dependency-name: web3
  dependency-version: 7.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production
- dependency-name: sqlalchemy
  dependency-version: 2.0.49
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production
- dependency-name: alembic
  dependency-version: 1.18.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production
- dependency-name: redis
  dependency-version: 7.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production
- dependency-name: cookiecutter
  dependency-version: 2.7.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/pip/production-080c41b1b9 branch from 11ceb44 to 5d95202 Compare April 20, 2026 10:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants