build(deps): bump the production-dependencies group with 7 updates

[dependabot]

Bumps the production-dependencies group with 7 updates:

Package	From	To
bandit	1.8.6	1.9.2
falcon	4.0.2	4.2.0
google-cloud-storage	3.4.1	3.6.0
pytest	8.4.2	9.0.1
ruff	0.14.3	0.14.7
sentry-sdk	2.43.0	2.46.0
werkzeug	3.1.3	3.1.4

Updates bandit from 1.8.6 to 1.9.2

Release notes

Sourced from bandit's releases.

1.9.2

What's Changed

• Argparse Python 3.14 enhancements by @​ericwb in PyCQA/bandit#1331
• Check whether Constant value is str by @​ericwb in PyCQA/bandit#1333

Full Changelog: PyCQA/bandit@1.9.1...1.9.2

1.9.1

What's Changed

• More Python version related fixes by @​ericwb in PyCQA/bandit#1327

Full Changelog: PyCQA/bandit@1.9.0...1.9.1

1.9.0

What's Changed

• Add instructions for Maintainers to create/publish a release by @​ericwb in PyCQA/bandit#1275
• Bump sigstore/cosign-installer from 3.9.1 to 3.9.2 by @​dependabot[bot] in PyCQA/bandit#1289
• Bump docker/login-action from 3.4.0 to 3.5.0 by @​dependabot[bot] in PyCQA/bandit#1290
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in PyCQA/bandit#1291
• Bump actions/checkout from 4 to 5 by @​dependabot[bot] in PyCQA/bandit#1292
• Replace deprecated datetime.datetime.utcnow() by @​purplezimmermann in PyCQA/bandit#1295
• Bump actions/setup-python from 5 to 6 by @​dependabot[bot] in PyCQA/bandit#1296
• Bump sigstore/cosign-installer from 3.9.2 to 3.10.0 by @​dependabot[bot] in PyCQA/bandit#1298
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in PyCQA/bandit#1303
• Fix typos by @​Shortfinga in PyCQA/bandit#1305
• Bump docker/login-action from 3.5.0 to 3.6.0 by @​dependabot[bot] in PyCQA/bandit#1306
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in PyCQA/bandit#1315
• Bump sigstore/cosign-installer from 3.10.0 to 4.0.0 by @​dependabot[bot] in PyCQA/bandit#1317
• Support of Python 3.14 by @​ericwb in PyCQA/bandit#1323
• Drop support of end-of-life Python 3.9 by @​ericwb in PyCQA/bandit#1325
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in PyCQA/bandit#1324

New Contributors

• @​purplezimmermann made their first contribution in PyCQA/bandit#1295
• @​Shortfinga made their first contribution in PyCQA/bandit#1305

Full Changelog: PyCQA/bandit@1.8.6...1.9.0

Commits

• ea0d187 Check whether Constant value is str (#1333)
• 8bf7594 Argparse Python 3.14 enhancements (#1331)
• a255dfa More Python version related fixes (#1327)
• 3f07bb0 [pre-commit.ci] pre-commit autoupdate (#1324)
• c8c3fb8 Drop support of end-of-life Python 3.9 (#1325)
• 5c30350 Support of Python 3.14 (#1323)
• e1ffdf6 Bump sigstore/cosign-installer from 3.10.0 to 4.0.0 (#1317)
• 176d4ca [pre-commit.ci] pre-commit autoupdate (#1315)
• 2fc3e9c Bump docker/login-action from 3.5.0 to 3.6.0 (#1306)
• 6a68546 Fix typos (#1305)
• Additional commits viewable in compare view

Updates falcon from 4.0.2 to 4.2.0

Release notes

Sourced from falcon's releases.

4.2.0

Falcon 4.2.0 primarily contains typing enhancements and performance optimizations. This release also marks the debut of pre-compiled wheels for the free-threaded CPython 3.14 build. Let us know if you are experimenting with scaling Falcon applications using free-threading!

🐍 Falcon 4.2.0 on PyPI 📚 Changelog on RtD

The typing improvements focus on making the WSGI and ASGI App types generic (parametrized by the request and response types). This should make it significantly easier to properly annotate applications that leverage custom request and/or response types.

Additionally, we have fixed a reproducibility issue (thanks to @​bmwiedemann from openSUSE for reporting!) in our documentation build process. Regarding packaging Falcon for distributions in general, we would like to remind you of the Packaging Guide that was published with the previous Falcon release (4.1.0). We hope this guide proves useful.

This release also incorporates a number of pull requests submitted by our community. Sincere thanks to all 8 contributors who made this release possible!

• @​AyanAhmedKhan
• @​CaselIT
• @​kemingy
• @​MannXo
• @​sonephyo
• @​TudorGR
• @​vytas7
• @​x612skm

4.2.0rc1

This is the first release candidate of Falcon 4.2.0.

We would greatly appreciate it if you could help us with testing on your apps! If you use type checking, please also check how the new generic App types (and other typing improvements) work for you. Let us know if you run into any issues!

🐍 4.2.0rc1 on PyPI 📚 Changelog on RtD

As always, you can grab this pre-release from PyPI:

pip install falcon==4.2.0rc1

Thank You!

4.1.0

This release contains enhancements to media handling, serving static files, and a fix for the WebSockets-sink interaction, alongside performance optimizations and full support for CPython 3.14.

🐍 Falcon 4.1.0 on PyPI 📚 Changelog on RtD

During this release cycle, we have migrated to publishing to PyPI with a Trusted Publisher (thanks to @​webknjaz for helping to iron out the workflow details).

For those relying on other package distribution channels than PyPI, we have prepared a brand new Packaging Guide for Falcon. Please check it out and let us know what you think! Additionally, we have formalized our security maintenance policy as well as the status of stable releases: Releases and Versioning.

This release also incorporates many pull requests submitted by our community. We would like to extend our heartfelt thanks to all 17 contributors who made this release possible!

• @​aarcex3
• @​AbduazizZiyodov

... (truncated)

Commits

• 5544589 chore: prepare 4.2.0 stable (#2575)
• 684adbb fix(cibw): use the correct arch/os for ARM cp314t wheels (#2573)
• d31d9ac chore(release): prepare 4.2.0rc1 (#2571)
• a75d864 feat(platform): provide selected cp314t (free-threading) wheels (#2555)
• 4dcd4fe docs: polish documentation before 4.2.0 release (#2570)
• 2702ae6 fix: ensure reproducible documentation builds wrt SOURCE_DATE_EPOCH (#2568)
• 9971742 chore: update devcontainer to Python 3.13 with improved setup (#2566)
• 73b7637 Fixes Raises section of some request method docstrings (#2557)
• d7d203d chore: add a new Gold Patron LambdaTest (#2554)
• 6bee1aa feat(routing): add support for QUERY HTTP method (#2541)
• Additional commits viewable in compare view

Updates google-cloud-storage from 3.4.1 to 3.6.0

Release notes

Sourced from google-cloud-storage's releases.

v3.6.0

3.6.0 (2025-11-17)

Features

• Add support for partial list buckets (#1606) (92fc2b0)
• Make return_partial_success and unreachable fields public for list Bucket (#1601) (323cddd)
• zb-experimental: Add async write object stream (5ab8103)
• zb-experimental: Add async write object stream (#1612) (5ab8103)

Bug Fixes

• Dont pass credentials to StorageClient (#1608) (195d644)

v3.5.0

3.5.0 (2025-11-05)

Features

• Ensure that Python in FIPS mode can fetch MD5 implementation (#1522) (961536c)
• Provide option to update user_agent (#1596) (02f1451)

Bug Fixes

• Deprecate credentials_file argument (74415a2)
• Flaky system tests for resumable_media (#1592) (7fee3dd)
• Make download_ranges compatible with asyncio.create_task(..) (#1591) (faf8b83)
• Make download_ranges compatible with asyncio.create_task(..) (#1591) (faf8b83)
• Redact sensitive data from OTEL traces and fix env var parsing (#1553) (a38ca19)
• Redact sensitive data from OTEL traces and fix env var parsing (#1553) (a38ca19)
• Use separate header object for each upload in Transfer Manager MPU (#1595) (0d867bd)

Changelog

Sourced from google-cloud-storage's changelog.

3.6.0 (2025-11-17)

Features

• Add support for partial list buckets (#1606) (92fc2b0)
• Make return_partial_success and unreachable fields public for list Bucket (#1601) (323cddd)
• zb-experimental: Add async write object stream (5ab8103)
• zb-experimental: Add async write object stream (#1612) (5ab8103)

Bug Fixes

• Dont pass credentials to StorageClient (#1608) (195d644)

3.5.0 (2025-11-05)

Features

• experimental: Add base resumption strategy for bidi streams (#1594) (5fb85ea)
• experimental: Add checksum for bidi reads operation (#1566) (93ce515)
• experimental: Add read resumption strategy (#1599) (5d5e895)
• experimental: Handle BidiReadObjectRedirectedError for bidi reads (#1600) (71b0f8a)
• Indicate that md5 is used as a CRC (#1522) (961536c)
• Provide option to update user_agent (#1596) (02f1451)

Bug Fixes

• Deprecate credentials_file argument (74415a2)
• Flaky system tests for resumable_media (#1592) (7fee3dd)
• Make download_ranges compatible with asyncio.create_task(..) (#1591) (faf8b83)
• Make download_ranges compatible with asyncio.create_task(..) (#1591) (faf8b83)
• Redact sensitive data from OTEL traces and fix env var parsing (#1553) (a38ca19)
• Redact sensitive data from OTEL traces and fix env var parsing (#1553) (a38ca19)
• Use separate header object for each upload in Transfer Manager MPU (#1595) (0d867bd)

Commits

• 0b70a28 chore(main): release 3.6.0 (#1603)
• 5ab8103 feat(zb-experimental): add async write object stream (#1612)
• 92fc2b0 feat: add support for partial list buckets (#1606)
• 195d644 fix: dont pass credentials to StorageClient (#1608)
• 323cddd feat: make return_partial_success and unreachable fields public for list Buck...
• c2cd474 chore(main): release 3.5.0 (#1568)
• 71b0f8a feat(experimental): Handle BidiReadObjectRedirectedError for bidi reads (#1600)
• 5d5e895 feat(experimental): Add read resumption strategy (#1599)
• 5fb85ea feat(experimental): Add base resumption strategy for bidi streams (#1594)
• 0d867bd fix: Use separate header object for each upload in Transfer Manager MPU (#1595)
• Additional commits viewable in compare view

Updates pytest from 8.4.2 to 9.0.1

Release notes

Sourced from pytest's releases.

9.0.1

pytest 9.0.1 (2025-11-12)

Bug fixes

• #13895: Restore support for skipping tests via raise unittest.SkipTest.
• #13896: The terminal progress plugin added in pytest 9.0 is now automatically disabled when iTerm2 is detected, it generated desktop notifications instead of the desired functionality.
• #13904: Fixed the TOML type of the verbosity settings in the API reference from number to string.
• #13910: Fixed UserWarning: Do not expect file_or_dir on some earlier Python 3.12 and 3.13 point versions.

Packaging updates and notes for downstreams

• #13933: The tox configuration has been adjusted to make sure the desired version string can be passed into its package_env through the SETUPTOOLS_SCM_PRETEND_VERSION_FOR_PYTEST environment variable as a part of the release process -- by webknjaz.

Contributor-facing changes

• #13891, #13942: The CI/CD part of the release automation is now capable of creating GitHub Releases without having a Git checkout on disk -- by bluetech and webknjaz.
• #13933: The tox configuration has been adjusted to make sure the desired version string can be passed into its package_env through the SETUPTOOLS_SCM_PRETEND_VERSION_FOR_PYTEST environment variable as a part of the release process -- by webknjaz.

9.0.0

pytest 9.0.0 (2025-11-05)

New features

• #1367: Support for subtests has been added.

  subtests <subtests> are an alternative to parametrization, useful in situations where the parametrization values are not all known at collection time.

  Example:

  def contains_docstring(p: Path) -> bool:
      """Return True if the given Python file contains a top-level docstring."""
      ...
  def test_py_files_contain_docstring(subtests: pytest.Subtests) -> None:
  for path in Path.cwd().glob("*.py"):
  with subtests.test(path=str(path)):
  assert contains_docstring(path)

... (truncated)

Commits

• d1b64aa Prepare release version 9.0.1
• 0a497c7 regendoc: remove CI environment variables (#13950) (#13951)
• a9f7e6e 🧪 Run gh release w/o Git in CI/CD (#13942) (#13947)
• 2682a66 Merge pull request #13944 from pytest-dev/patchback/backports/9.0.x/bef7d34f1...
• a999997 Merge pull request #13941 from nicoddemus/min-pre-commit-version
• 4bd63a0 Merge pull request #13935 from pytest-dev/patchback/backports/9.0.x/ce8b8a7b4...
• 15f93b3 Merge pull request #13933 from webknjaz/maintenance/tox-pep517-env-setuptools...
• 0fa11ae Merge pull request #13927 from pytest-dev/patchback/backports/9.0.x/3d8075743...
• fa45470 Merge pull request #13926 from pytest-dev/patchback/backports/9.0.x/d587e0cf8...
• b4e3973 Merge pull request #13922 from bluetech/fix-argparse-userwarning
• Additional commits viewable in compare view

Updates ruff from 0.14.3 to 0.14.7

Release notes

Sourced from ruff's releases.

0.14.7

Release Notes

Released on 2025-11-28.

Preview features

• [flake8-bandit] Handle string literal bindings in suspicious-url-open-usage (S310) (#21469)
• [pylint] Fix PLR1708 false positives on nested functions (#21177)
• [pylint] Fix suppression for empty dict without tuple key annotation (PLE1141) (#21290)
• [ruff] Add rule RUF066 to detect unnecessary class properties (#21535)
• [ruff] Catch more dummy variable uses (RUF052) (#19799)

Bug fixes

• [server] Set severity for non-rule diagnostics (#21559)
• [flake8-implicit-str-concat] Avoid invalid fix in (ISC003) (#21517)
• [parser] Fix panic when parsing IPython escape command expressions (#21480)

CLI

• Show partial fixability indicator in statistics output (#21513)

Contributors

• @​mikeleppane
• @​senekor
• @​ShaharNaveh
• @​JumboBear
• @​prakhar1144
• @​tsvikas
• @​danparizher
• @​chirizxc
• @​AlexWaygood
• @​MichaReiser

Install ruff 0.14.7

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/ruff/releases/download/0.14.7/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/astral-sh/ruff/releases/download/0.14.7/ruff-installer.ps1 | iex"

... (truncated)

Changelog

Sourced from ruff's changelog.

0.14.7

Released on 2025-11-28.

Preview features

• [flake8-bandit] Handle string literal bindings in suspicious-url-open-usage (S310) (#21469)
• [pylint] Fix PLR1708 false positives on nested functions (#21177)
• [pylint] Fix suppression for empty dict without tuple key annotation (PLE1141) (#21290)
• [ruff] Add rule RUF066 to detect unnecessary class properties (#21535)
• [ruff] Catch more dummy variable uses (RUF052) (#19799)

Bug fixes

• [server] Set severity for non-rule diagnostics (#21559)
• [flake8-implicit-str-concat] Avoid invalid fix in (ISC003) (#21517)
• [parser] Fix panic when parsing IPython escape command expressions (#21480)

CLI

• Show partial fixability indicator in statistics output (#21513)

Contributors

• @​mikeleppane
• @​senekor
• @​ShaharNaveh
• @​JumboBear
• @​prakhar1144
• @​tsvikas
• @​danparizher
• @​chirizxc
• @​AlexWaygood
• @​MichaReiser

0.14.6

Released on 2025-11-21.

Preview features

• [flake8-bandit] Support new PySNMP API paths (S508, S509) (#21374)

Bug fixes

• Adjust own-line comment placement between branches (#21185)
• Avoid syntax error when formatting attribute expressions with outer parentheses, parenthesized value, and trailing comment on value (#20418)
• Fix panic when formatting comments in unary expressions (#21501)
• Respect fmt: skip for compound statements on a single line (#20633)
• [refurb] Fix FURB103 autofix (#21454)

... (truncated)

Commits

• ecab623 Bump 0.14.7 (#21684)
• 42f1521 [ty] Generic types aliases (implicit and PEP 613) (#21553)
• 594b7b0 [ty] Preserve quoting style when autofixing TypedDict keys (#21682)
• b5b4917 [ty] Fix override of final method summary (#21681)
• 0084e94 [ty] Fix subtyping of type[Any] / type[T] and protocols (#21678)
• 566c959 [ty] Rename ReferenceRequestHandler file (#21680)
• 8bcfc19 [ty] Implement typing.final for methods (#21646)
• c534bfa [ty] Implement patterns and typevars in the LSP (#21671)
• 5e1b2ee [ty] implement rendering of .. code:: lang in docstrings (#21665)
• 98681b9 [ty] Add db parameter to Parameters::new method (#21674)
• Additional commits viewable in compare view

Updates sentry-sdk from 2.43.0 to 2.46.0

Release notes

Sourced from sentry-sdk's releases.

2.46.0

Various fixes & improvements

• Preserve metadata on wrapped coroutines (#5105) by @​alexander-alderman-webb
• Make imports defensive to avoid ModuleNotFoundError in Pydantic AI integration (#5135) by @​alexander-alderman-webb
• Fix OpenAI agents integration mistakenly enabling itself (#5132) by @​sentrivana
• Add instrumentation to embedding functions for various backends (#5120) by @​constantinius
• Improve embeddings support for OpenAI (#5121) by @​constantinius
• Enhance input handling for embeddings in LiteLLM integration (#5127) by @​constantinius
• Expect exceptions when re-raised (#5125) by @​alexander-alderman-webb
• Remove MagicMock from mocked ModelResponse (#5126) by @​alexander-alderman-webb

2.45.0

Various fixes & improvements

• OTLPIntegration (#4877) by @​sl0thentr0py

  Enable the new OTLP integration with the code snippet below, and your OpenTelemetry instrumentation will be automatically sent to Sentry's OTLP ingestion endpoint.

    import sentry_sdk
    from sentry_sdk.integrations.otlp import OTLPIntegration
  sentry_sdk.init(
  dsn="<your-dsn>",
  # Add data like inputs and responses;
  # see https://docs.sentry.io/platforms/python/data-management/data-collected/ for more info
  send_default_pii=True,
  integrations=[
  OTLPIntegration(),
  ],
  )

  Under the hood, this will setup:

  • A SpanExporter that will automatically set up the OTLP ingestion endpoint from your DSN
  • A Propagator that ensures Distributed Tracing works
  • Trace/Span linking for all other Sentry events such as Errors, Logs, Crons and Metrics

  If you were using the SentrySpanProcessor before, we recommend migrating over to OTLPIntegration since it's a much simpler setup.

• feat(integrations): implement context management for invoke_agent spans (#5089) by @​constantinius

• feat(loguru): Capture extra (#5096) by @​sentrivana

• feat: Attach server.address to metrics (#5113) by @​alexander-alderman-webb

• fix: Cast message and detail attributes before appending exception notes (#5114) by @​alexander-alderman-webb

• fix(integrations): ensure that GEN_AI_AGENT_NAME is properly set for GEN_AI spans under an invoke_agent span (#5030) by @​constantinius

• fix(logs): Update sentry.origin (#5112) by @​sentrivana

• chore: Deprecate description truncation option for Redis spans (#5073) by @​alexander-alderman-webb

• chore: Deprecate max_spans LangChain parameter (#5074) by @​alexander-alderman-webb

• chore(toxgen): Check availability of pip and add detail to exceptions (#5076) by @​alexander-alderman-webb

... (truncated)

Changelog

Sourced from sentry-sdk's changelog.

2.46.0

Various fixes & improvements

• Preserve metadata on wrapped coroutines (#5105) by @​alexander-alderman-webb
• Make imports defensive to avoid ModuleNotFoundError in Pydantic AI integration (#5135) by @​alexander-alderman-webb
• Fix OpenAI agents integration mistakenly enabling itself (#5132) by @​sentrivana
• Add instrumentation to embedding functions for various backends (#5120) by @​constantinius
• Improve embeddings support for OpenAI (#5121) by @​constantinius
• Enhance input handling for embeddings in LiteLLM integration (#5127) by @​constantinius
• Expect exceptions when re-raised (#5125) by @​alexander-alderman-webb
• Remove MagicMock from mocked ModelResponse (#5126) by @​alexander-alderman-webb

2.45.0

Various fixes & improvements

• OTLPIntegration (#4877) by @​sl0thentr0py

  Enable the new OTLP integration with the code snippet below, and your OpenTelemetry instrumentation will be automatically sent to Sentry's OTLP ingestion endpoint.

    import sentry_sdk
    from sentry_sdk.integrations.otlp import OTLPIntegration
  sentry_sdk.init(
  dsn="<your-dsn>",
  # Add data like inputs and responses;
  # see https://docs.sentry.io/platforms/python/data-management/data-collected/ for more info
  send_default_pii=True,
  integrations=[
  OTLPIntegration(),
  ],
  )

  Under the hood, this will setup:

  • A SpanExporter that will automatically set up the OTLP ingestion endpoint from your DSN
  • A Propagator that ensures Distributed Tracing works
  • Trace/Span linking for all other Sentry events such as Errors, Logs, Crons and Metrics

  If you were using the SentrySpanProcessor before, we recommend migrating over to OTLPIntegration since it's a much simpler setup.

• feat(integrations): implement context management for invoke_agent spans (#5089) by @​constantinius

• feat(loguru): Capture extra (#5096) by @​sentrivana

• feat: Attach server.address to metrics (#5113) by @​alexander-alderman-webb

• fix: Cast message and detail attributes before appending exception notes (#5114) by @​alexander-alderman-webb

• fix(integrations): ensure that GEN_AI_AGENT_NAME is properly set for GEN_AI spans under an invoke_agent span (#5030) by @​constantinius

• fix(logs): Update sentry.origin (#5112) by @​sentrivana

• chore: Deprecate description truncation option for Redis spans (#5073) by @​alexander-alderman-webb

... (truncated)

Commits

• d3375bc Update CHANGELOG.md
• 23abfe2 release: 2.46.0
• ca19d63 feat: Preserve metadata on wrapped coroutines (#5105)
• cf165e3 build(deps): bump actions/checkout from 5.0.0 to 6.0.0 (#5136)
• b8d6a57 build(deps): bump actions/create-github-app-token from 2.1.4 to 2.2.0 (#5137)
• c0c28b8 build(deps): bump supercharge/redis-github-action from 1.8.0 to 1.8.1 (#5138)
• fb18c21 fix(pydantic-ai): Make imports defensive to avoid ModuleNotFoundError (#5135)
• f945e38 Fix openai-agents import (#5132)
• 8596f89 fix(integrations): enhance input handling for embeddings in LiteLLM integrati...
• 0e6e808 test(openai-agents): Remove MagicMock from mocked ModelResponse (#5126)
• Additional commits viewable in compare view

Updates werkzeug from 3.1.3 to 3.1.4

Release notes

Sourced from werkzeug's releases.

3.1.4

This is the Werkzeug 3.1.4 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Werkzeug/3.1.4/ Changes: https://werkzeug.palletsprojects.com/page/changes/#version-3-1-4 Milestone: https://github.com/pallets/werkzeug/milestone/42?closed=1

• safe_join on Windows does not allow special device names. This prevents reading from these when using send_from_directory. secure_filename already prevented writing to these. ghsa-hgf8-39gv-g3f2
• The debugger pin fails after 10 attempts instead of 11. #3020
• The multipart form parser handles a \r\n sequence at a chunk boundary. #3065
• Improve CPU usage during Watchdog reloader. #3054
• Request.json annotation is more accurate. #3067
• Traceback rendering handles when the line number is beyond the available source lines. #3044
• HTTPException.get_response annotation and doc better conveys the distinction between WSGI and sans-IO responses. #3056

Changelog

Sourced from werkzeug's changelog.

Version 3.1.4

Released 2025-11-28

• safe_join on Windows does not allow special device names. This prevents reading from these when using send_from_directory. secure_filename already prevented writing to these. :ghsa:hgf8-39gv-g3f2
• The debugger pin fails after 10 attempts instead of 11. :pr:3020
• The multipart form parser handles a \r\n sequence at a chunk boundary. :issue:3065
• Improve CPU usage during Watchdog reloader. :issue:3054
• Request.json annotation is more accurate. :issue:3067
• Traceback rendering handles when the line number is beyond the available source lines. :issue:3044
• HTTPException.get_response annotation and doc better conveys the distinction between WSGI and sans-IO responses. :issue:3056

Commits

• 1c7beb6 release version 3.1.4
• 9c8b754 install less to run tox
• 474e22f update dev dependencies
• 4b83337 Merge commit from fork
• 9bdec46 safe_join prevents windows special device names
• b11713e better HTTPException.get_response annotation (#3072)
• 1131dbd distinguish wsgi and sansio response annotation
• 5d9a403 skip rendering missing source (#3071)
• 60ea32c skip rendering missing source
• c0e67e9 Request.json property is only Any (#3070)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  -...

Description has been truncated

[biancadanforth]

Same issue as mozilla-services/socorro#7099 (comment) that requires manually updating requirements.txt.

[biancadanforth]

I talked to @smarnach about the test changes, and we agree this is the right change, but he's gone for the day, so I'm going to self R+ to move things along.