Bump the python-dependencies group with 24 updates

[dependabot]

Bumps the python-dependencies group with 24 updates:

Package	From	To
boto3	1.43.3	1.43.6
botocore	1.43.3	1.43.6
coverage	7.13.5	7.14.0
cryptography	47.0.0	48.0.0
django-import-export	4.4.0	4.4.1
django-stubs-ext	6.0.3	6.0.4
django-stubs	6.0.3	6.0.4
django-unfold	0.92.0	0.93.0
gunicorn	25.3.0	26.0.0
langchain-core	1.3.3	1.4.0
langgraph-sdk	0.3.13	0.3.14
langsmith	0.8.0	0.8.3
librt	0.9.0	0.11.0
mypy	1.20.2	2.1.0
pyopenssl	26.1.0	26.2.0
qdrant-client	1.17.1	1.18.0
svix	1.92.2	1.93.0
twisted	25.5.0	26.4.0
types-deprecated	1.3.1.20260408	1.3.1.20260508
types-python-dateutil	2.9.0.20260408	2.9.0.20260508
types-pyyaml	6.0.12.20260408	6.0.12.20260510
types-requests	2.33.0.20260503	2.33.0.20260508
ujson	5.12.0	5.12.1
uuid-utils	0.14.1	0.15.0

Updates boto3 from 1.43.3 to 1.43.6

Commits

• f2ccf9f Merge branch 'release-1.43.6'
• ffb5712 Bumping version to 1.43.6
• cc7756a Add changelog entries from botocore
• 500f6a7 Merge branch 'release-1.43.5'
• 05f5628 Merge branch 'release-1.43.5' into develop
• 65d9798 Bumping version to 1.43.5
• 357614a Add changelog entries from botocore
• 5128f23 Bump https://github.com/astral-sh/ruff-pre-commit (#4785)
• 96f1897 Merge branch 'release-1.43.4'
• 91de1d8 Merge branch 'release-1.43.4' into develop
• Additional commits viewable in compare view

Updates botocore from 1.43.3 to 1.43.6

Commits

• 4fa2154 Merge branch 'release-1.43.6'
• 9835cd8 Bumping version to 1.43.6
• 9246f14 Update endpoints model
• b99db2c Update to latest models
• 3734ccb Bump https://github.com/astral-sh/ruff-pre-commit (#3700)
• 7068f3e Merge branch 'release-1.43.5'
• cdd9b5c Merge branch 'release-1.43.5' into develop
• 8a75d89 Bumping version to 1.43.5
• 486f1a3 Update to latest models
• d2715d8 Merge customizations for SecurityHub
• Additional commits viewable in compare view

Updates coverage from 7.13.5 to 7.14.0

Changelog

Sourced from coverage's changelog.

Version 7.14.0 — 2026-05-10

• Feature: now when running one of the reporting commands, if there are parallel data files that need combining, they will be implicitly combined before creating the report. There is no option to avoid the combination; let us know if you have a use case that requires it. Thanks, Tim Hatch <pull 2162_>. Closes issue 1781.

• Fix: the output from combine was too verbose, listing each file considered. Now it shows a single line with the counts of files combined, files skipped, and files with errors. The -q flag suppresses this line. The old detailed lines are available with the new --debug=combine option.

• Fix: running a Python file through a symlink now sets the sys.path correctly, matching regular Python behavior. Fixes issue 2157_.

• Fix: Collector.flush_data could fail with "RuntimeError: Set changed size during iteration" when a tracer in another thread added a line to the per-file set that add_lines (or add_arcs) was iterating. The values passed to CoverageData are now snapshotted via dict.copy() and set.copy(), which are atomic under the GIL. Thanks, Alex Vandiver <pull 2165_>_.

• Fix: the soft keyword lazy is now bolded in HTML reports.

• We are no longer testing eventlet support. Eventlet started issuing stern deprecation warnings that break our tests. Our support code is still there.

.. _issue 1781: coveragepy/coveragepy#1781 .. _issue 2157: coveragepy/coveragepy#2157 .. _pull 2162: coveragepy/coveragepy#2162 .. _pull 2165: coveragepy/coveragepy#2165

.. _changes_7-13-5:

Commits

• 646351b docs: sample HTML for 7.14.0
• 39cd015 docs: prep for 7.14.0
• 649e8aa docs: thanks Alex Vandiver for #2165
• 8cd392e fix: snapshot data in Collector.flush_data to avoid threading race (#2165)
• c48e0ed fix: less output for combining
• c2a3a28 docs: explain the change from #2162
• 1cd47aa fix: implicit combine-during-report now removes the combined data files
• 2d99fd7 feat: automatically combine coverage in report, thanks Tim Hatch (#2162)
• 9fbdcdf fix: lazy soft keywords are bolded
• 5de7d02 build: oops, misplaced quote
• Additional commits viewable in compare view

Updates cryptography from 47.0.0 to 48.0.0

Changelog

Sourced from cryptography's changelog.

48.0.0 - 2026-05-04

* **BACKWARDS INCOMPATIBLE:** Support for Python 3.8 has been removed.
  ``cryptography`` now requires Python 3.9 or later.
* **BACKWARDS INCOMPATIBLE:** Loading an X.509 CRL whose inner
  ``TBSCertList.signature`` algorithm does not match the outer
  ``signatureAlgorithm`` now raises ``ValueError``. Previously, such CRLs
  were parsed successfully and only rejected during signature validation.
* Added support for :doc:`/hazmat/primitives/asymmetric/mlkem` and
  :doc:`/hazmat/primitives/asymmetric/mldsa` when using OpenSSL 3.5.0 or
  later, in addition to the existing AWS-LC and BoringSSL support. This means
  post-quantum algorithms are now available to users of our wheels.

Note: Going forward, we do not guarantee that all functionality

in cryptography will be available when building against

OpenSSL. See :doc:/statements/state-of-openssl for more information.

.. _v47-0-0:

Commits

• 8e03e30 bump for 48.0.0 release (#14796)
• 295e0d2 Add AGENTS.md with CLAUDE.md symlink (#14794)
• 104a2de Bump BoringSSL, OpenSSL, AWS-LC in CI (#14793)
• 67ec1e5 call check_length early on AesSiv::encrypt (#14792)
• b2da57a changelog for mldsa/mlkem for openssl (#14791)
• 3cf44ad ML-KEM OpenSSL support (#14781)
• 2e31639 ML-DSA OpenSSL support (#14773)
• 5affe5a fix rust nightly clippy (#14790)
• 2e73ca4 bump rust-openssl dep and update EcPoint::mul_generator to mul_generator2 (#1...
• 82ebd3b Bump BoringSSL, OpenSSL, AWS-LC in CI (#14785)
• Additional commits viewable in compare view

Updates django-import-export from 4.4.0 to 4.4.1

Release notes

Sourced from django-import-export's releases.

4.4.1

• Changelog

Changelog

Sourced from django-import-export's changelog.

4.4.1 (2026-05-05)

• Refactor lookup value retrieval in Field and CachedForeignKeyWidget (2146 <https://github.com/django-import-export/django-import-export/pull/2146>_)
• Fix IncorrectLookupParameters when exporting from filtered change view (2154 <https://github.com/django-import-export/django-import-export/pull/2154>_)
• Fix console error 'resource select input not found' on export (2158 <https://github.com/django-import-export/django-import-export/pull/2158>_)
• Fix CachedForeignKeyWidget type mismatch on non-string lookup fields (2159 <https://github.com/django-import-export/django-import-export/pull/2159>_)

Commits

• f4cfc4d updated changelog
• See full diff in compare view

Updates django-stubs-ext from 6.0.3 to 6.0.4

Commits

• 928eec4 Version 6.0.4 release (#3375)
• a994204 Update dependency mypy to v2 (#3374)
• ec8107b Update dependency pyrefly to v0.64.0 (#3373)
• 28d997b Remove unused get_field_lookup_exact_type from helpers (#3372)
• d312d60 Update dependency django to v5.2.14 (#3371)
• f20e490 Update Django to 6.0.5 (#3369)
• 6d9d0e2 Resolve default_alias for positional Aggregate in annotate() (#3362)
• 6dd9231 Update int128/hide-comment-action action to v1.58.0 (#3368)
• e270482 Update dependency psycopg to v3.3.4 (#3365)
• cfb0f9a Update dependency pyrefly to v0.63.1 (#3367)
• Additional commits viewable in compare view

Updates django-stubs from 6.0.3 to 6.0.4

Commits

• 928eec4 Version 6.0.4 release (#3375)
• a994204 Update dependency mypy to v2 (#3374)
• ec8107b Update dependency pyrefly to v0.64.0 (#3373)
• 28d997b Remove unused get_field_lookup_exact_type from helpers (#3372)
• d312d60 Update dependency django to v5.2.14 (#3371)
• f20e490 Update Django to 6.0.5 (#3369)
• 6d9d0e2 Resolve default_alias for positional Aggregate in annotate() (#3362)
• 6dd9231 Update int128/hide-comment-action action to v1.58.0 (#3368)
• e270482 Update dependency psycopg to v3.3.4 (#3365)
• cfb0f9a Update dependency pyrefly to v0.63.1 (#3367)
• Additional commits viewable in compare view

Updates django-unfold from 0.92.0 to 0.93.0

Release notes

Sourced from django-unfold's releases.

0.93.0

v0.93.0 (2026-05-11)

This release is published under the MIT License.

Bug Fixes

• Crispy forms hr dark mode (#2025, 3e27e22)

• Disable dataset sorting (#2027, 008d290)

• Django 6.0 readonly password widget (#2013, 0bf41ba)

• Filters custom label (#2021, 2dd5b81)

Features

• Fieldset tabs redesign (#2014, adf9a6a)

• Horizontal filters (#1935, 73273ab)

---

Detailed Changes: 0.92.0...0.93.0

Changelog

Sourced from django-unfold's changelog.

v0.93.0 (2026-05-11)

Bug Fixes

• Crispy forms hr dark mode (#2025, 3e27e22)

• Disable dataset sorting (#2027, 008d290)

• Django 6.0 readonly password widget (#2013, 0bf41ba)

• Filters custom label (#2021, 2dd5b81)

Features

• Fieldset tabs redesign (#2014, adf9a6a)

• Horizontal filters (#1935, 73273ab)

Commits

• 8518c6a 0.93.0
• 008d290 fix: disable dataset sorting (#2027)
• 787b862 chore(deps): bump gitpython from 3.1.49 to 3.1.50 (#2029)
• 2c4418f chore(deps): bump django from 5.2.13 to 5.2.14 (#2028)
• 3e27e22 fix: crispy forms hr dark mode (#2025)
• 2d74ce9 chore: crispy forms tests (#2024)
• aab70ff chore(deps): bump gitpython from 3.1.47 to 3.1.49 (#2023)
• 2dd5b81 fix: filters custom label (#2021)
• b1857a6 chore: border colors (#2019)
• adf9a6a feat: fieldset tabs redesign (#2014)
• Additional commits viewable in compare view

Updates gunicorn from 25.3.0 to 26.0.0

Release notes

Sourced from gunicorn's releases.

26.0.0

Breaking Changes

• Eventlet worker removed: The eventlet worker class has been dropped. Migrate to gevent, gthread, or tornado.

New Features

• ASGI Framework Compatibility Suite: New end-to-end compatibility test harness covering Starlette, FastAPI, Litestar, Quart, Sanic, and BlackSheep. Current grid passes 438/444 tests (98%).
• ASGI Test Suite Expansion: 134 additional ASGI unit tests covering protocol semantics, lifespan, websockets, and chunked framing.

Security

• HTTP/1.1 Request-Target Validation (RFC 9112 sections 3.2.3, 3.2.4):
  • Reject authority-form request-target outside CONNECT
  • Reject asterisk-form request-target outside OPTIONS
  • Reject relative-reference request-targets
• Header Field Hardening (RFC 9110):
  • Reject control characters in header field-value (section 5.5)
  • Reject forbidden trailer field-names (section 6.5.1)
  • Reject Content-Length list form (RFC 9112 section 6.3)
• Request Smuggling Hardening:
  • Tighten keepalive gate and scope finish_body byte cap
  • Keep _body_receiver alive across the keepalive smuggling gate so pipelined requests cannot re-enter a closed body
  • Address parser/protocol findings from a six-point WSGI/ASGI audit
• PROXY Protocol (ASGI): Enforce proxy_allow_ips and tighten v1/v2 parsing in the ASGI callback parser.
• Connection Draining: Drain the connection on close per RFC 9112 section 9.6 to prevent reset-on-close truncation.

Bug Fixes

• Body Framing on HEAD/204/304:
  • Keep Content-Length on HEAD and 304 responses (#3621)
  • Drop body framing on HEAD/204/304 even when the framework set it
  • Warn once when an ASGI app emits a body for a no-body response
• HTTP/2 ASGI:
  • Fix _handle_stream_ended to set _body_complete in the async HTTP/2 handler so request bodies finalize correctly on stream end
  • Add InvalidChunkExtension mapping and fast-parser support in ASGI tests (#3565)
• HTTP/1.1 100-Continue: Stop adding Transfer-Encoding: chunked to 100-Continue interim responses.
• WebSocket Close Handshake (RFC 6455):
  • Comply with the close handshake state machine
  • Close the transport after the close handshake completes
  • Fix binary send when the text key is None
• Early Hints: Validate headers in the early_hints callback to match process_headers; pass only the header name to InvalidHeader (#3588).
• ASGI Framework Fixes:
  • Fix ASGI disconnect handling for Django-style apps
  • Fix Litestar request handling (use raw ASGI receive for body/headers)
  • Fix Litestar HTTP endpoints for compatibility tests
  • Fix Quart headers endpoint to normalize keys to lowercase
  • Fix Quart WebSocket close test app (missing accept())
  • Fix duplicate Transfer-Encoding header for BlackSheep streaming

... (truncated)

Commits

• 5d819cf release: 26.0.0
• b45c70d Merge pull request #3611 from zc-mattcen/docs-typo
• 99c8d48 Merge pull request #3623 from benoitc/chore/drop-eventlet-add-h2-uvloop-test-...
• 5a655af Merge pull request #3622 from benoitc/test/docker-port-and-ipv4-fixes
• 201df19 chore: remove eventlet worker; add h2 and uvloop to test deps
• f4ac8e1 test: pass action name to dirty client and stabilize after TTOU spam
• 54d38af test: unblock docker fixtures on macOS hosts
• 68843c8 Merge pull request #3621 from benoitc/fix/asgi-preserve-content-length-on-hea...
• 31f2618 Merge pull request #3620 from benoitc/fix/asgi-proxy-protocol-trust-and-parsing
• 41ec752 fix: keep Content-Length on HEAD and 304 responses
• Additional commits viewable in compare view

Updates langchain-core from 1.3.3 to 1.4.0

Release notes

Sourced from langchain-core's releases.

langchain-core==1.4.0

Changes since langchain-core==0.3.86

chore(infra): merge v1.4 into master (#37350) chore: bump urllib3 from 2.6.3 to 2.7.0 in /libs/core (#37329) fix(core): avoid eager pydantic.v1 import in @deprecated (#37308) chore: bump mistune from 3.1.4 to 3.2.1 in /libs/core (#37237) chore: bump jupyter-server from 2.17.0 to 2.18.0 in /libs/core (#37204) release(core): 1.3.3 (#37198) fix(core): set deprecation since to 1.3.3 to match release (#37200) fix(core, langchain): harden load() against untrusted manifests (#37197) chore: bump notebook from 7.5.0 to 7.5.6 in /libs/core (#37109) chore: bump types-pyyaml from 6.0.12.20250915 to 6.0.12.20260408 in /libs/core (#37129) fix(core): preserve structured inputs on tool runs in tracers (#37108) release(perplexity): 1.2.0 (#37091) chore(docs): update x handle references (#37081) fix(core): make removal optional in warn_deprecated (#37056) fix(core): validate batch_size in _batch and _abatch to prevent infinite loop (#36663) chore(core): mark stream_v2/astream_v2 as beta (#36992) release(core): 1.3.2 (#36990) feat(core): add content-block-centric streaming (v2) (#36834) release(core): 1.3.1 (#36972) feat(core): allow _format_output to pass through list of ToolOutputMixin instances (#36963) chore: bump nbconvert from 7.17.0 to 7.17.1 in /libs/core (#36923) feat(core): Update inheritance behavior for tracer metadata for special keys (#36900) chore: bump langsmith from 0.7.13 to 0.7.31 in /libs/core (#36813) release(core): release 1.3.0 (#36851) release(core): 1.3.0a3 (#36829) chore(core): keep checkpoint_ns behavior in streaming metadata for backwards compat (#36828) feat(core): Add chat model and LLM invocation params to traceable metadata (#36771) fix(core): restore cloud metadata IPs and link-local range in SSRF policy (#36816) chore(deps): bump pytest to 9.0.3 (#36801) chore(core): harden private SSRF utilities (#36768) fix(openai): handle content blocks without type key in responses api conversion (#36725) chore: bump pytest from 9.0.2 to 9.0.3 in /libs/core (#36719) release(core): 1.3.0.a2 (#36698) fix(core): Use reference counting for storing inherited run trees to support garbage collection (#36660) docs(core): nit (#36685) release(core): 1.3.0a1 (#36656) chore(core): reduce streaming metadata / perf (#36588) release(core): release 1.2.28 (#36614) fix(core): add more sanitization to templates (#36612) release(core): 1.2.27 (#36586) fix(core): handle symlinks in deprecated prompt save path (#36585) chore: add comment explaining pygments>=2.20.0 (#36570) release(core): 1.2.26 (#36511) fix(core): add init validator and serialization mappings for Bedrock models (#34510) feat(core): add ChatBaseten to serializable mapping (#36510) chore(core): drop gpt-3.5-turbo from docstrings (#36497) fix(core): correct parameter names in filter_messages docstring example (#36462)

... (truncated)

Commits

• 70e66a1 chore: bump urllib3 from 2.6.3 to 2.7.0 in /libs/partners/openrouter (#37352)
• da380bc chore(infra): merge v1.4 into master (#37350)
• bbd10fe chore: bump urllib3 from 2.6.3 to 2.7.0 in /libs/partners/anthropic (#37343)
• 11bbfb7 chore: bump urllib3 from 2.6.3 to 2.7.0 in /libs/partners/fireworks (#37339)
• 7fd61d2 chore: bump urllib3 from 2.6.3 to 2.7.0 in /libs/partners/mistralai (#37338)
• 5c096bb chore: bump urllib3 from 2.6.3 to 2.7.0 in /libs/partners/nomic (#37334)
• ac47d54 chore: bump urllib3 from 2.6.3 to 2.7.0 in /libs/partners/chroma (#37333)
• 7e5c570 chore: bump urllib3 from 2.6.3 to 2.7.0 in /libs/partners/qdrant (#37332)
• 2086b91 chore: bump urllib3 from 2.6.3 to 2.7.0 in /libs/core (#37329)
• 407e33a chore: bump urllib3 from 2.6.3 to 2.7.0 in /libs/langchain (#37327)
• Additional commits viewable in compare view

Updates langgraph-sdk from 0.3.13 to 0.3.14

Release notes

Sourced from langgraph-sdk's releases.

langgraph-sdk==0.3.14

Changes since sdk==0.3.13

• release(sdk-py): 0.3.14 (#7712)
• feat(sdk-py): add return_minimal to threads update (#7704)
• release: alpha bump (a4) for langgraph, checkpoint, checkpoint-postgres (#7701)
• release: alpha bump langgraph 1.2.0a6 (#7697)
• release: alpha bump prebuilt 1.1.0a2, langgraph 1.2.0a5 (#7682)
• release: alpha bump prebuilt 1.1.0a1, langgraph 1.2.0a4 (#7679)
• feat(langgraph): dispatch stream_events(version='v3') on Pregel (#7677)
• release: alpha bump (a3) for langgraph, checkpoint, checkpoint-postgres (#7678)
• release: alpha for timers (#7647)
• chore: update x links to langchain_oss (#7645)
• feat(langgraph): add streaming transformer infrastructure and tests (#7519)
• chore(deps): bump the minor-and-patch group across 1 directory with 4 updates (ty held back) (#7635)
• release(prebuilt): 1.0.12, langgraph 1.1.10 (#7623)
• release(checkpoint): 4.0.3 (#7625)
• release(prebuilt): 1.0.11 (#7610)
• feat(prebuilt): allow ToolNode tools to return list[Command | ToolMessage] (#7596)
• chore(langgraph): bump version 1.1.8 -> 1.1.9 (#7563)
• release(langgraph): 1.1.8 (#7545)
• release(prebuilt): 1.0.10 (#7541)
• release(langgraph): 1.1.7 (#7540)
• chore(deps): bump langsmith from 0.7.20 to 0.7.31 in /libs/sdk-py (#7528)
• release(checkpoint): 4.0.2 (#7518)
• chore(deps-dev): bump pytest from 9.0.2 to 9.0.3 in /libs/sdk-py (#7504)
• release(langgraph): 1.1.7a2 (#7511)
• chore: allow passing some metadata only for tracing purposes (#7383)
• release(langgraph): 1.1.7a1 (#7476)
• chore(deps): bump langchain-core from 1.2.22 to 1.2.28 in /libs/sdk-py (#7449)

Commits

• 477a43d Update pyproject.toml
• dd16ae4 When using global resume value, ensure subgraphs consume it
• eae1faa Fix
• 1976d65 Lint
• 54e1844 Fix concurrency issue in PregelScratchpad.consume_null_resume
• See full diff in compare view

Updates langsmith from 0.8.0 to 0.8.3

Release notes

Sourced from langsmith's releases.

v0.8.3

What's Changed

• fix(js): prevent sending [object Object] as span attribute when dealing with nested objects, send full langsmith.usage_metadata if present by @​dqbd in langchain-ai/langsmith-sdk#2845
• release(js): bump to 0.6.2 by @​dqbd in langchain-ai/langsmith-sdk#2856
• sdk(py): replace ttl_seconds with idle_ttl_seconds + delete_after_stop_seconds by @​DanielKneipp in langchain-ai/langsmith-sdk#2853
• sdk(js): replace ttlSeconds with idleTtlSeconds + deleteAfterStopSeconds by @​DanielKneipp in langchain-ai/langsmith-sdk#2854
• Fix push_agent URL owner for name-only identifiers by @​vishnu-ssuresh in langchain-ai/langsmith-sdk#2862
• docs(langsmith): clarify trust boundaries when working with hub by @​eyurtsev in langchain-ai/langsmith-sdk#2861
• release(py): 0.8.3 by @​vishnu-ssuresh in langchain-ai/langsmith-sdk#2863

Full Changelog: langchain-ai/langsmith-sdk@v0.8.2...v0.8.3

v0.8.2

What's Changed

• Bump JS SDK version to 0.6.1 by @​langchain-infra in langchain-ai/langsmith-sdk#2847
• fix: parse urllib3 version with packaging.Version by @​justinwolfington in langchain-ai/langsmith-sdk#2851
• Bump Python SDK version to 0.8.2 by @​langchain-infra in langchain-ai/langsmith-sdk#2855

New Contributors

• @​justinwolfington made their first contribution in langchain-ai/langsmith-sdk#2851

Full Changelog: langchain-ai/langsmith-sdk@v0.8.1...v0.8.2

v0.8.1

What's Changed

• chore(js): remove experimental opencode integration by @​dqbd in langchain-ai/langsmith-sdk#2836
• chore(deps-dev): bump google-adk from 1.10.0 to 1.28.1 in /python by @​dependabot[bot] in langchain-ai/langsmith-sdk#2823
• chore(deps): bump postcss from 8.5.8 to 8.5.12 in /js by @​dependabot[bot] in langchain-ai/langsmith-sdk#2827
• Add JS profile loading by @​langchain-infra in langchain-ai/langsmith-sdk#2834
• Add Python profile loading by @​langchain-infra in langchain-ai/langsmith-sdk#2835
• Extract JS profile auth service by @​langchain-infra in langchain-ai/langsmith-sdk#2846
• Bump Python SDK version to 0.8.1 by @​langchain-infra in langchain-ai/langsmith-sdk#2848

Full Changelog: langchain-ai/langsmith-sdk@v0.8.0...v0.8.1

Commits

• e2386ad release(py): 0.8.3 (#2863)
• 11d51a3 docs(langsmith): clarify trust boundaries when working with hub (#2861)
• d98c3ed Fix push_agent URL owner for name-only identifiers (#2862)
• 418fd41 sdk(js): replace ttlSeconds with idleTtlSeconds + deleteAfterStopSeconds (#2854)
• 1baa2c1 sdk(py): replace ttl_seconds with idle_ttl_seconds + delete_after_stop_second...
• 361c8dd release(js): bump to 0.6.2 (#2856)
• 0d42882 fix(js): prevent sending [object Object] as span attribute when dealing with ...
• 619818b Bump Python SDK version to 0.8.2 (#2855)
• 8a7d3c1 fix: parse urllib3 version with packaging.Version (#2851)
• 54f8877 Bump JS SDK version to 0.6.1 (#2847)
• Additional commits viewable in compare view

Updates librt from 0.9.0 to 0.11.0

Commits

• 862679a Sync mypy and bump version to 0.11.0 (#40)
• 1d5e9b2 Bump version to 0.10.0
• 963673e Sync mypy and add smoke tests (#38)
• See full diff in compare view

Updates mypy from 1.20.2 to 2.1.0

Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next Release

Mypy 2.1

We’ve just uploaded mypy 2.1.0 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

librt.vecs: Fast Growable Array Type for Mypyc

The new librt.vecs module provides an efficient growable array type vec that is optimized for mypyc use. It provides fast, packed arrays with integer and floating point value types, which can be several times faster than list, and tens of times faster than array.array in code compiled using mypyc. It also supports nested vec objects and non-value-type items, such as vec[vec[str]].

Refer to the documentation for the details.

Contributed by Jukka Lehtosalo.

librt.random: Fast Pseudo-Random Number Generation

The new librt.random module provides fast pseudo-random number generation that is optimized for code compiled using mypyc. It can be 3x to 10x faster than the stdlib random module in compiled code.

Refer to the documentation for the details.

Contributed by Jukka Lehtosalo (PR 21433).

Mypyc Improvements

• Make compilation order with multiple files consistent (Piotr Sawicki, PR 21419)
• Fix crash on accessing StopAsyncIteration (Piotr Sawicki, PR 21406)
• Fix incremental compilation with separate flag (Vaggelis Danias, PR 21299)

Fixes to Crashes

• Fix crash on partial type with --allow-redefinition and global declaration (Jukka Lehtosalo, PR 21428)
• Fix broken awaitable generator patching (Ivan Levkivskyi, PR 21435)

Changes to Messages

... (truncated)

Commits

• c1c336d Remove +dev from version
• 74df14b Add changelog for mypy 2.1 (#21464)
• 022d9bc Revert "TypeForm: Enable by default (#21262)"
• 8826288 [mypyc] Document librt.random (#21463)
• 3f4067b Bump librt version to 0.11.0 (#21458)
• 2b1eb58 [mypyc] Enable incremental self-compilation (#21369)
• 8152f4a Respect file config comments for stale modules (#21444)
• 116d60b Fix nondeterminism from nonassociativity of overload joins (#21455)
• 6c4af8e Fix function call message change for small number of args (#21432)
• 4b8fdca [mypyc] Add librt.random module (#21433)
• Additional commits viewable in compare view

Updates pyopenssl from 26.1.0 to 26.2.0

Changelog

Sourced from pyopenssl's changelog.

26.2.0 (2026-05-04)

Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Removed deprecated OpenSSL.crypto.X509Extension, OpenSSL.crypto.X50...

  Description has been truncated

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.