chore(wren-ai-service): bump the all group across 1 directory with 41 updates

[dependabot]

Bumps the all group with 41 updates in the /wren-ai-service directory:

Package	From	To
fastapi	0.121.1	0.135.1
uvicorn	0.29.0	0.42.0
python-dotenv	1.2.1	1.2.2
haystack-ai	2.7.0	2.26.1
openai	1.109.1	2.29.0
qdrant-haystack	7.0.0	10.2.1
tqdm	4.67.1	4.67.3
numpy	1.26.4	2.4.3
sqlparse	0.5.3	0.5.5
orjson	3.11.5	3.11.7
ollama-haystack	0.0.6	1.1.0
langfuse	2.60.10	4.0.1
ollama	0.2.1	0.6.1
cachetools	5.5.2	6.2.6
pydantic-settings	2.12.0	2.13.1
google-auth	2.43.0	2.49.1
tiktoken	0.8.0	0.12.0
jsonschema	4.25.1	4.26.0
litellm	1.79.3	1.82.6
boto3	1.40.72	1.42.73
qdrant-client	1.17.0	1.17.1
filelock	3.20.3	3.25.2
werkzeug	3.1.5	3.1.6
marshmallow	3.26.2	4.2.2
protobuf	6.33.5	6.33.6
pre-commit	3.8.0	4.5.1
streamlit	1.51.0	1.55.0
watchdog	4.0.2	6.0.0
matplotlib	3.10.7	3.10.8
sseclient-py	1.8.0	1.9.0
dspy-ai	2.6.27	3.1.3
deepeval	3.8.8	3.9.2
tomlkit	0.13.3	0.14.0
gitpython	3.1.45	3.1.46
plotly	5.24.1	6.6.0
ipykernel	6.31.0	7.2.0
itables	2.5.2	2.7.3
gdown	5.2.0	5.2.1
locust	2.41.6	2.43.3
pytest-cov	6.3.0	7.1.0
pytest-asyncio	0.24.0	1.3.0

Updates fastapi from 0.121.1 to 0.135.1

Release notes

Sourced from fastapi's releases.

0.135.1

Fixes

• 🐛 Fix, avoid yield from a TaskGroup, only as an async context manager, closed in the request async exit stack. PR #15038 by @​tiangolo.

Docs

• ✏️ Fix typo in docs/en/docs/_llm-test.md. PR #15007 by @​adityagiri3600.
• 📝 Update Skill, optimize context, trim and refactor into references. PR #15031 by @​tiangolo.

Internal

• 👥 Update FastAPI People - Experts. PR #15037 by @​tiangolo.
• 👥 Update FastAPI People - Contributors and Translators. PR #15029 by @​tiangolo.
• 👥 Update FastAPI GitHub topic repositories. PR #15036 by @​tiangolo.

0.135.0

Features

• ✨ Add support for Server Sent Events. PR #15030 by @​tiangolo.
  • New docs: Server-Sent Events (SSE).

0.134.0

Features

• ✨ Add support for streaming JSON Lines and binary data with yield. PR #15022 by @​tiangolo.
  • This also upgrades Starlette from >=0.40.0 to >=0.46.0, as it's needed to properly unrwap and re-raise exceptions from exception groups.
  • New docs: Stream JSON Lines.
  • And new docs: Stream Data.

Docs

• 📝 Update Library Agent Skill with streaming responses. PR #15024 by @​tiangolo.
• 📝 Update docs for responses and new stream with yield. PR #15023 by @​tiangolo.
• 📝 Add await in StreamingResponse code example to allow cancellation. PR #14681 by @​casperdcl.
• 📝 Rename docs_src/websockets to docs_src/websockets_ to avoid import errors. PR #14979 by @​YuriiMotov.

Internal

• 🔨 Run tests with pytest-xdist and pytest-cov. PR #14992 by @​YuriiMotov.

0.133.1

Features

• 🔧 Add FastAPI Agent Skill. PR #14982 by @​tiangolo.
  • Read more about it in Library Agent Skills.

Internal

• ✅ Fix all tests are skipped on Windows. PR #14994 by @​YuriiMotov.

... (truncated)

Commits

• ca5f60e 🔖 Release version 0.135.1
• 87f75aa 📝 Update release notes
• 8a9258b 🐛 Fix, avoid yield from a TaskGroup, only as an async context manager, closed...
• 6038507 📝 Update release notes
• c796ba4 👥 Update FastAPI People - Experts (#15037)
• b24aa03 📝 Update release notes
• 2c61047 ✏️ Fix typo in docs/en/docs/_llm-test.md (#15007)
• e3bbeef 📝 Update release notes
• d726c8c 📝 Update release notes
• cf514e6 👥 Update FastAPI People - Contributors and Translators (#15029)
• Additional commits viewable in compare view

Updates uvicorn from 0.29.0 to 0.42.0

Release notes

Sourced from uvicorn's releases.

Version 0.42.0

Changed

• Use bytearray for request body accumulation to avoid O(n^2) allocation on fragmented bodies (#2845)

Fixed

• Escape brackets and backslash in httptools HEADER_RE regex (#2824)
• Fix multiple issues in websockets sans-io implementation (#2825)

---

New Contributors

• @​bysiber made their first contribution in Kludex/uvicorn#2825

---

Full Changelog: Kludex/uvicorn@0.41.0...0.42.0

Version 0.41.0

Added

• Add --limit-max-requests-jitter to stagger worker restarts (#2707)
• Add socket path to scope["server"] (#2561)

Changed

• Rename LifespanOn.error_occured to error_occurred (#2776)

Fixed

• Ignore permission denied errors in watchfiles reloader (#2817)
• Ensure lifespan shutdown runs when should_exit is set during startup (#2812)
• Reduce the log level of 'request limit exceeded' messages (#2788)

---

New Contributors

• @​t-kawasumi made their first contribution in Kludex/uvicorn#2776
• @​fardyn made their first contribution in Kludex/uvicorn#2800
• @​ewie made their first contribution in Kludex/uvicorn#2807
• @​shevron made their first contribution in Kludex/uvicorn#2788
• @​jonashaag made their first contribution in Kludex/uvicorn#2707

---

Full Changelog: Kludex/uvicorn@0.40.0...0.41.0

Version 0.40.0

What's Changed

... (truncated)

Changelog

Sourced from uvicorn's changelog.

0.42.0 (March 16, 2026)

Changed

• Use bytearray for request body accumulation to avoid O(n^2) allocation on fragmented bodies (#2845)

Fixed

• Escape brackets and backslash in httptools HEADER_RE regex (#2824)
• Fix multiple issues in websockets sans-io implementation (#2825)

0.41.0 (February 16, 2026)

Added

• Add --limit-max-requests-jitter to stagger worker restarts (#2707)
• Add socket path to scope["server"] (#2561)

Changed

• Rename LifespanOn.error_occured to error_occurred (#2776)

Fixed

• Ignore permission denied errors in watchfiles reloader (#2817)
• Ensure lifespan shutdown runs when should_exit is set during startup (#2812)
• Reduce the log level of 'request limit exceeded' messages (#2788)

0.40.0 (December 21, 2025)

Remove

• Drop support for Python 3.9 (#2772)

0.39.0 (December 21, 2025)

Fixed

• Send close frame on ASGI return for WebSockets (#2769)
• Explicitly start ASGI run with empty context (#2742)

0.38.0 (October 18, 2025)

Added

• Support Python 3.14 (#2723)

0.37.0 (September 23, 2025)

Added

... (truncated)

Commits

• 02bed6f Version 0.42.0 (#2852)
• d8f2501 chore: pre-create Config objects in benchmarks to measure protocol hot paths ...
• 9dbb783 Add WebSocket protocol benchmarks for wsproto and websockets-sansio (#2849)
• b3c69da Use bytearray for request body accumulation (#2845)
• 3f3ebee Disable pytest-xdist for CodSpeed benchmark runs (#2847)
• d072de7 Add fragmented body benchmark for chunked body accumulation (#2846)
• e300c2c Add CodSpeed benchmark suite for HTTP protocol hot paths (#2844)
• 1fa6976 Escape brackets and backslash in httptools HEADER_RE regex (#2824)
• 59ec1de Fix multiple issues in websockets sansio implementation (#2825)
• 2fc0efc Clarify Windows asyncio event loop selection in docs (#2843)
• Additional commits viewable in compare view

Updates python-dotenv from 1.2.1 to 1.2.2

Release notes

Sourced from python-dotenv's releases.

v1.2.2

Added

• Support for Python 3.14, including the free-threaded (3.14t) build. (#)

Changed

• The dotenv run command now forwards flags directly to the specified command by @​bbc2 in theskumar/python-dotenv#607
• Improved documentation clarity regarding override behavior and the reference page.
• Updated PyPy support to version 3.11.
• Documentation for FIFO file support.
• Support for Python 3.9.

Fixed

• Improved set_key and unset_key behavior when interacting with symlinks by @​bbc2 in #790c5
• Corrected the license specifier and added missing Python 3.14 classifiers in package metadata by @​JYOuyang in theskumar/python-dotenv#590

Breaking Changes

• dotenv.set_key and dotenv.unset_key used to follow symlinks in some situations. This is no longer the case. For that behavior to be restored in all cases, follow_symlinks=True should be used.

• In the CLI, set and unset used to follow symlinks in some situations. This is no longer the case.

• dotenv.set_key, dotenv.unset_key and the CLI commands set and unset used to reset the file mode of the modified .env file to 0o600 in some situations. This is no longer the case: The original mode of the file is now preserved. Is the file needed to be created or wasn't a regular file, mode 0o600 is used.

Misc

• skip 000 permission tests for root user by @​burnout-projects in theskumar/python-dotenv#561
• Bump actions/checkout from 5 to 6 in the github-actions group by @​dependabot[bot] in theskumar/python-dotenv#593
• Add Windows testing to CI by @​bbc2 in theskumar/python-dotenv#604
• Improve workflow efficiency with best practices by @​theskumar in theskumar/python-dotenv#609
• Remove the use of sh in tests by @​bbc2 in theskumar/python-dotenv#612

New Contributors

• @​JYOuyang made their first contribution in theskumar/python-dotenv#590
• @​burnout-projects made their first contribution in theskumar/python-dotenv#561
• @​cpackham-atlnz made their first contribution in theskumar/python-dotenv#597

Full Changelog: theskumar/python-dotenv@v1.2.1...v1.2.2

Changelog

Sourced from python-dotenv's changelog.

[1.2.2] - 2026-03-01

Added

• Support for Python 3.14, including the free-threaded (3.14t) build. (#588)

Changed

• The dotenv run command now forwards flags directly to the specified command by [@​bbc2] in #607
• Improved documentation clarity regarding override behavior and the reference page.
• Updated PyPy support to version 3.11.
• Documentation for FIFO file support.
• Dropped Support for Python 3.9.

Fixed

• Improved set_key and unset_key behavior when interacting with symlinks by [@​bbc2] in [790c5c0]
• Corrected the license specifier and added missing Python 3.14 classifiers in package metadata by [@​JYOuyang] in #590

Breaking Changes

• dotenv.set_key and dotenv.unset_key used to follow symlinks in some situations. This is no longer the case. For that behavior to be restored in all cases, follow_symlinks=True should be used.

• In the CLI, set and unset used to follow symlinks in some situations. This is no longer the case.

• dotenv.set_key, dotenv.unset_key and the CLI commands set and unset used to reset the file mode of the modified .env file to 0o600 in some situations. This is no longer the case: The original mode of the file is now preserved. Is the file needed to be created or wasn't a regular file, mode 0o600 is used.

Commits

• 36004e0 Bump version: 1.2.1 → 1.2.2
• eb20252 docs: update changelog for v1.2.2
• 790c5c0 Merge commit from fork
• 43340da Remove the use of sh in tests (#612)
• 09d7cee docs: clarify override behavior and document FIFO support (#610)
• c8de288 ci: improve workflow efficiency with best practices (#609)
• 7bd9e3d Add Windows testing to CI (#604)
• 1baaf04 Drop Python 3.9 support and update to PyPy 3.11 (#608)
• 4a22cf8 ci: enable testing on Python 3.14t (free-threaded) (#588)
• e2e8e77 Fix license specifier (#597)
• Additional commits viewable in compare view

Updates haystack-ai from 2.7.0 to 2.26.1

Release notes

Sourced from haystack-ai's releases.

v2.26.1

Security Notes

• Fixed an issue in ChatPromptBuilder where specially crafted template variables could be interpreted as structured content (e.g., images, tool calls) instead of plain text. Template variables are now automatically sanitized during rendering, ensuring they are always treated as plain text.

🐛 Bug Fixes

• Fix malformed log format string in DocumentCleaner. The warning for documents with None content used %{document_id} instead of {document_id}, preventing proper interpolation of the document ID.

v2.26.1-rc1

No release notes provided.

v2.26.0

⭐ Highlights

🧠 More Flexible Agents with Dynamic System Prompts

Agent now supports Jinja2 templating in system_prompt, enabling runtime parameter injection and conditional logic directly in system messages. This makes it easier to adapt agent behavior dynamically (e.g. language, tone, time-aware responses) and reuse agents across contexts without redefining prompts

from haystack.components.agents import Agent
from haystack.components.generators.chat import OpenAIChatGenerator
from haystack.dataclasses import ChatMessage
agent = Agent(
chat_generator=OpenAIChatGenerator(),
tools=[weather_tool],
system_prompt="""{% message role='system' %}
You always respond in {{language}}.
{% endmessage %}""",
required_variables=["language"],
)
result = agent.run(
messages=[ChatMessage.from_user("What is the weather in London?")],
language="Italian" # required variable for the system prompt
)
print(result["last_message"].text)
>> Il tempo a Londra è soleggiato.

🔍 LLMRanker for LLM-Based Reranking

LLMRanker introduces LLM-powered reranking, treating relevance as a semantic reasoning task rather than similarity scoring. This can yield better results for complex or multi-step queries compared to cross-encoders. The component can also filter out irrelevant/duplicate documents entirely, helping provide higher-quality context in RAG pipelines and agent workflows while keeping context windows lean.

from haystack import Document
from haystack.components.rankers import LLMRanker
ranker = LLMRanker()
documents = [
</tr></table>

... (truncated)

Commits

• 3dabe4b bump version to 2.26.1
• 95552b8 bump version to 2.26.1-rc1
• ebcc99c test: extend document stores Mixin tests (#10806)
• 3dfcf86 fix: Fix malformed log format string in DocumentCleaner (#10765)
• 99ab0b7 fix: improve Jinja2 Chat extension security (#10875)
• 4b49d32 Add SUPPORTED_MODELS to OpenAIResponsesChatGenerator (#10844)
• 6c995b9 bump version to 2.26.0
• 5a192fd bump version to 2.26.0-rc1
• a6339eb Sync Haystack API reference on Docusaurus (#10834)
• ca74143 Add warning if extra keys are output by a component that are not defined in @...
• Additional commits viewable in compare view

Updates openai from 1.109.1 to 2.29.0

Release notes

Sourced from openai's releases.

v2.29.0

2.29.0 (2026-03-17)

Full Changelog: v2.28.0...v2.29.0

Features

• api: 5.4 nano and mini model slugs (3b45666)
• api: add /v1/videos endpoint to batches create method (c0e7a16)
• api: add defer_loading field to ToolFunction (3167595)
• api: add in and nin operators to ComparisonFilter type (664f02b)

Bug Fixes

• deps: bump minimum typing-extensions version (a2fb2ca)
• pydantic: do not pass by_alias unless set (8ebe8fb)

Chores

• internal: tweak CI branches (96ccc3c)

v2.28.0

2.28.0 (2026-03-13)

Full Changelog: v2.27.0...v2.28.0

Features

• api: custom voices (50dc060)

v2.27.0

2.27.0 (2026-03-13)

Full Changelog: v2.26.0...v2.27.0

Features

• api: api update (60ab24a)
• api: manual updates (b244b09)
• api: manual updates (d806635)
• api: sora api improvements: character api, video extensions/edits, higher resolution exports. (58b70d3)

Bug Fixes

• api: repair merged videos resource (742d8ee)

... (truncated)

Changelog

Sourced from openai's changelog.

2.29.0 (2026-03-17)

Full Changelog: v2.28.0...v2.29.0

Features

• api: 5.4 nano and mini model slugs (3b45666)
• api: add /v1/videos endpoint to batches create method (c0e7a16)
• api: add defer_loading field to ToolFunction (3167595)
• api: add in and nin operators to ComparisonFilter type (664f02b)

Bug Fixes

• deps: bump minimum typing-extensions version (a2fb2ca)
• pydantic: do not pass by_alias unless set (8ebe8fb)

Chores

• internal: tweak CI branches (96ccc3c)

2.28.0 (2026-03-13)

Full Changelog: v2.27.0...v2.28.0

Features

• api: custom voices (50dc060)

2.27.0 (2026-03-13)

Full Changelog: v2.26.0...v2.27.0

Features

• api: api update (60ab24a)
• api: manual updates (b244b09)
• api: manual updates (d806635)
• api: sora api improvements: character api, video extensions/edits, higher resolution exports. (58b70d3)

Bug Fixes

• api: repair merged videos resource (742d8ee)

Chores

• internal: codegen related update (4e6498e)

... (truncated)

Commits

• acd0c54 release: 2.29.0
• 2c67256 feat(api): 5.4 nano and mini model slugs
• bc96310 feat(api): add in and nin operators to ComparisonFilter type
• cf8e9e7 chore(internal): tweak CI branches
• 11f50b6 fix(deps): bump minimum typing-extensions version
• 02b3071 fix(pydantic): do not pass by_alias unless set
• fdf7f83 codegen metadata
• 28bda04 codegen metadata
• f857bdc feat(api): add defer_loading field to ToolFunction
• c9ccb8f feat(api): add /v1/videos endpoint to batches create method
• Additional commits viewable in compare view

Updates qdrant-haystack from 7.0.0 to 10.2.1

Commits

• cda7e68 doc: fixing QdrantDocumentStore docstring parsing error (#2806)
• e1bec8f Update the changelog
• f706c17 count number of docs between deleted operation and return the difference afte...
• d87afdc Update the changelog
• 18e6d1e feat: adding count with filtering operations toQdrantDocumentStore (#2803)
• fe2dd54 Update the changelog
• 718165d feat: add SQLRetriever to ElasticsearchDocumentStore (#2801)
• 051ccb8 chore: exposing PineconeDocumentStore show_progress bar parameter and dis...
• 312e463 chore: disabling progress bar in QdrantDocumentStore tests (#2797)
• 66b8109 Update the changelog
• Additional commits viewable in compare view

Updates tqdm from 4.67.1 to 4.67.3

Release notes

Sourced from tqdm's releases.

tqdm v4.67.3 stable

• fix py3.7 dependencies (#1706 <- #1705)

tqdm v4.67.2 stable

• support pandas>=3 (#1703 <- #1701, #1650, #1700)
• fix format_interval for negative numbers (#1703)
• misc linting
• framework updates (#1704)
  • bump CI workflow & pre-commit dependencies
  • add pyupgrade
  • add py3.13 support
  • fix py3.7 tests
  • update setuptools-scm usage
  • support auto-dedented docstrings when building docs in py3.13
• tests: relax flaky benchmarks

Commits

• 75bdb6c fix py3.7 compat
• 09a863b bump version, merge pull request #1704 from tqdm/devel
• 33d24cd update pyproject syntax
• 70b9124 add py3.13 support
• a74d8f8 drop _dist_ver
• 14d72e2 Merge pull request #1703 from wingding12/fix-pandas-3.0-and-negative-interval
• a69dac8 fix dedented docstrings
• a986d22 tests: fix pandas deprecation warnings
• bb7aa4d tests: fix pandas deprecated applymap
• 0647db1 misc tidy
• Additional commits viewable in compare view

Updates numpy from 1.26.4 to 2.4.3

Release notes

Sourced from numpy's releases.

2.4.3 (Mar 9, 2026)

NumPy 2.4.3 Release Notes

The NumPy 2.4.3 is a patch release that fixes bugs discovered after the 2.4.2 release. The most user visible fix may be a threading fix for OpenBLAS on ARM, closing issue #30816.

This release supports Python versions 3.11-3.14

Contributors

A total of 11 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

• Antareep Sarkar +
• Charles Harris
• Joren Hammudoglu
• Matthieu Darbois
• Matti Picus
• Nathan Goldbaum
• Peter Hawkins
• Pieter Eendebak
• Sebastian Berg
• Warren Weckesser
• stratakis +

Pull requests merged

A total of 14 pull requests were merged for this release.

• #30759: MAINT: Prepare 2.4.x for further development
• #30827: BUG: Fix some leaks found via LeakSanitizer (#30756)
• #30841: MAINT: Synchronize 2.4.x submodules with main
• #30849: TYP: matlib: missing extended precision imports
• #30850: BUG: Fix weak hash function in np.isin(). (#30840)
• #30921: BUG: fix infinite recursion in np.ma.flatten_structured_array...
• #30922: BUG: Fix buffer overrun in CPU baseline validation (#30877)
• #30923: BUG: Fix busdaycalendar's handling of a bool array weekmask....
• #30924: BUG: Fix reference leaks and NULL pointer dereferences (#30908)
• #30925: MAINT: fix two minor issues noticed when touching the C API setup
• #30955: ENH: Test .kind not .char in np.testing.assert_equal (#30879)
• #30957: BUG: fix type issues in uses if PyDataType macros
• #30958: MAINT: Don't use vulture 2.15, it has false positives
• #30973: MAINT: update openblas (#30961)

2.4.2 (Feb 1, 2026)

NumPy 2.4.2 Release Notes

The NumPy 2.4.2 is a patch release that fixes bugs discovered after the 2.4.1 release. Highlights are:

... (truncated)

Changelog

Sourced from numpy's changelog.

This is a walkthrough of the NumPy 2.4.0 release on Linux, which will be the first feature release using the numpy/numpy-release <https://github.com/numpy/numpy-release>__ repository.

The commands can be copied into the command line, but be sure to replace 2.4.0 with the correct version. This should be read together with the :ref:general release guide <prepare_release>.

Facility preparation

Before beginning to make a release, use the requirements/*_requirements.txt files to ensure that you have the needed software. Most software can be installed with pip, but some will require apt-get, dnf, or whatever your system uses for software. You will also need a GitHub personal access token (PAT) to push the documentation. There are a few ways to streamline things:

• Git can be set up to use a keyring to store your GitHub personal access token. Search online for the details.

Prior to release

Add/drop Python versions

When adding or dropping Python versions, multiple config and CI files need to be edited in addition to changing the minimum version in pyproject.toml. Make these changes in an ordinary PR against main and backport if necessary. We currently release wheels for new Python versions after the first Python RC once manylinux and cibuildwheel support that new Python version.

Backport pull requests

Changes that have been marked for this release must be backported to the maintenance/2.4.x branch.

Update 2.4.0 milestones

Look at the issues/prs with 2.4.0 milestones and either push them off to a later version, or maybe remove the milestone. You may need to add a milestone.

Check the numpy-release repo

... (truncated)

Commits

• 8bcb2e7 Merge pull request #30974 from charris/prepare-2.4.3
• 9a2b5ee REL: Prepare for the NumPy 2.4.3 release
• a822ac2 Merge pull request #30973 from charris/backport-30961
• 039bf54 MAINT: update openblas (#30961)
• 254bafa Merge pull request #30955 from charris/backport-30879
• 0cc7d38 ENH: Test .kind not .char in np.testing.assert_equal (#30879)
• 9ee571d Merge pull request #30957 from charris/backport-30918
• f302a16 Merge pull request #30958 from charris/backport-30938
• d240a09 MAINT: Don't use vulture 2.15, it has false positives
• 4fc08e9 MAINT: Don't use vulture 2.15, it has false positives
• Additional commits viewable in compare view

Updates sqlparse from 0.5.3 to 0.5.5

Changelog

Sourced from sqlparse's changelog.

Release 0.5.5 (Dec 19, 2025)

Bug Fixes

• Fix DoS protection to raise SQLParseError instead of silently returning None when grouping limits are exceeded (issue827).
• Fix splitting of BEGIN TRANSACTION statements (issue826).

Release 0.5.4 (Nov 28, 2025)

Enhancements

• Add support for Python 3.14.
• Add type annotations to top-level API functions and include py.typed marker for PEP 561 compliance, enabling type checking with mypy and other tools (issue756).
• Add pre-commit hook support. sqlparse can now be used as a pre-commit hook to automatically format SQL files. The CLI now supports multiple files and an --in-place flag for in-place editing (issue537).
• Add ATTACH and DETACH to PostgreSQL keywords (pr808).
• Add INTERSECT to close keywords in WHERE clause (pr820).
• Support REGEXP BINARY comparison operator (pr817).

Bug Fixes

• Add additional protection against denial of service attacks when parsing very large lists of tuples. This enhances the existing recursion protections with configurable limits for token processing to prevent DoS through algorithmic complexity attacks. The new limits (MAX_GROUPING_DEPTH=100, MAX_GROUPING_TOKENS=10000) can be adjusted or disabled (by setting to None) if needed for legitimate large SQL statements.
• Remove shebang from cli.py and remove executable flag (pr818).
• Fix strip_comments not removing all comments when input contains only comments (issue801, pr803 by stropysh).
• Fix splitting statements with IF EXISTS/IF NOT EXISTS inside BEGIN...END blocks (issue812).
• Fix splitting on semicolons inside BEGIN...END blocks (issue809).

Commits

• 0d24023 Bump version to 0.5.5
• da67ac1 Enhance DoS protection by raising SQLParseError for exceeded grouping limits ...
• 5ca50a2 Fix splitting of BEGIN TRANSACTION statements (fixes #826).
• acd8e58 Back to development version.
• 14e300b Bump version.
• 96a67e2 Code cleanup.
• 1a3bfbd Fix handling of semicolons inside BEGIN...END blocks (fixes #809).
• e92a032 Fix handling of IF EXISTS statements in BEGIN...END blocks (fixes #812).
• 149bebf Update Changelog.
• 561a67e Update AUTHORS.
• Additional commits viewable in compare view

Updates orjson from 3.11.5 to 3.11.7

Release notes

Sourced from orjson's releases.

3.11.7

Changed

• Use a faster library to serialize float. Users with byte-exact regression tests should note positive exponents are now written using a +, e.g., 1.2e+30 instead of 1.2e30. Both formats are spec-compliant.
• ABI compatibility with CPython 3.15 alpha 5 free-threading.

3.11.6

Changed

• orjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).
• Drop support for Python 3.9.
• ABI compatibility with CPython 3.15 alpha 5.
• Build now depends on Rust 1.89 or later instead of 1.85.

Fixed

• Fix sporadic crash serializing deeply nested list of dict.

Changelog

Sourced from orjson's changelog.

3.11.7 - 2026-02-02

Changed

• Use a faster library to serialize float. Users with byte-exact regression tests should note positive exponents are now written using a +, e.g., 1.2e+30 instead of 1.2e30. Both formats are spec-compliant.
• ABI compatibility with CPython 3.15 alpha 5 free-threading.

3.11.6 - 2026-01-29

Changed

• orjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).
• Drop support for Python 3.9.
• ABI compatibility with CPython 3.15 alpha 5.
• Build now depends on Rust 1.89 or later instead of 1.85.

Fixed

• Fix sporadic crash serializing deeply nested list of dict.

Commits

• ec2b066 3.11.7
• 1ca01f7 zmij
• 1716a22 cargo update
• ec02024 3.11.6
• d581687 build, clippy misc
• 4105b29 writer::num
• 62bb185 Fix sporadic crash on serializing object close
• d860078 PyRef idiom refactors
• 343ae2f Deserializer, Utf8Buffer
• 7835f58 PyBytesRef and other input refactor
• Additional commits viewable in compare view

Updates ollama-haystack from 0.0.6 to 1.1.0

Commits

• bb949ef feat: Add Agent state-mapping parameters to MCPTool (#2501)
• dee4f0a docs: update changelog for integrations/anthropic (#2511)
• 28c8038 docs: update changelog for integrations/astra (#2512)
• 3b7497a docs: update changelog for integrations/azure_ai_search (#2513)
• 373b818 docs: update changelog for integrations/chroma (#2514)
• b8a7dba Add missing GA workflow for aimlapi integration (

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.