Skip to content

Commit dea1e9c

Browse files
dependabot[bot]dependabot[bot]
authored
Bump the pip group across 5 directories with 5 updates (#2600)
Bumps the pip group with 5 updates in the /aws-cs-langserve directory: | Package | From | To | | --- | --- | --- | | [h11](https://github.com/python-hyper/h11) | `0.14.0` | `0.16.0` | | [orjson](https://github.com/ijl/orjson) | `3.10.14` | `3.11.6` | | [requests](https://github.com/psf/requests) | `2.32.3` | `2.32.4` | | [starlette](https://github.com/Kludex/starlette) | `0.41.3` | `0.49.1` | | [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.6.3` | Bumps the pip group with 5 updates in the /aws-go-langserve directory: | Package | From | To | | --- | --- | --- | | [h11](https://github.com/python-hyper/h11) | `0.14.0` | `0.16.0` | | [orjson](https://github.com/ijl/orjson) | `3.10.14` | `3.11.6` | | [requests](https://github.com/psf/requests) | `2.32.3` | `2.32.4` | | [starlette](https://github.com/Kludex/starlette) | `0.41.3` | `0.49.1` | | [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.6.3` | Bumps the pip group with 5 updates in the /aws-py-langserve directory: | Package | From | To | | --- | --- | --- | | [h11](https://github.com/python-hyper/h11) | `0.14.0` | `0.16.0` | | [orjson](https://github.com/ijl/orjson) | `3.10.14` | `3.11.6` | | [requests](https://github.com/psf/requests) | `2.32.3` | `2.32.4` | | [starlette](https://github.com/Kludex/starlette) | `0.41.3` | `0.49.1` | | [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.6.3` | Bumps the pip group with 5 updates in the /aws-ts-langserve directory: | Package | From | To | | --- | --- | --- | | [h11](https://github.com/python-hyper/h11) | `0.14.0` | `0.16.0` | | [orjson](https://github.com/ijl/orjson) | `3.10.14` | `3.11.6` | | [requests](https://github.com/psf/requests) | `2.32.3` | `2.32.4` | | [starlette](https://github.com/Kludex/starlette) | `0.41.3` | `0.49.1` | | [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.6.3` | Bumps the pip group with 5 updates in the /aws-yaml-langserve directory: | Package | From | To | | --- | --- | --- | | [h11](https://github.com/python-hyper/h11) | `0.14.0` | `0.16.0` | | [orjson](https://github.com/ijl/orjson) | `3.10.14` | `3.11.6` | | [requests](https://github.com/psf/requests) | `2.32.3` | `2.32.4` | | [starlette](https://github.com/Kludex/starlette) | `0.41.3` | `0.49.1` | | [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.6.3` | Updates `h11` from 0.14.0 to 0.16.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/python-hyper/h11/commit/1c5b07581f058886c8bdd87adababd7d959dc7ca"><code>1c5b075</code></a> this time for surer</li> <li><a href="https://github.com/python-hyper/h11/commit/d9c369935e853a7ee1aeb7e481f6dddf9b9c9b8a"><code>d9c3699</code></a> this time for sure...</li> <li><a href="https://github.com/python-hyper/h11/commit/d91b9dd2290a25c8c3f5ec15feb57de5873e6e39"><code>d91b9dd</code></a> blacken</li> <li><a href="https://github.com/python-hyper/h11/commit/5a4683ca466b59bbab9b19cfea20ee157b31cee0"><code>5a4683c</code></a> Soothe mypy</li> <li><a href="https://github.com/python-hyper/h11/commit/9c9567f0a92d13a83a8d8ebdbc757c8c2d384536"><code>9c9567f</code></a> Bump version to 0.16.0</li> <li><a href="https://github.com/python-hyper/h11/commit/114803a29ce50116dc47951c690ad4892b1a36ed"><code>114803a</code></a> Merge commit from fork</li> <li><a href="https://github.com/python-hyper/h11/commit/9462006f6ce4941661888228cbd4ac1ea80689b0"><code>9462006</code></a> Bump version to 0.15.0</li> <li><a href="https://github.com/python-hyper/h11/commit/70a96bea8e55403e5d92db14c111432c6d7a8685"><code>70a96be</code></a> Merge pull request <a href="https://redirect.github.com/python-hyper/h11/issues/181">#181</a> from Julien00859/Julien00859/get_int_max_str_digits</li> <li><a href="https://github.com/python-hyper/h11/commit/60782ad107e538b9312aac7e1c119c8358bf797c"><code>60782ad</code></a> Reject Content-Length longer 1 billion TB</li> <li><a href="https://github.com/python-hyper/h11/commit/dff7cc397a26ed4acdedd92d1bda6c8f18a6ed9f"><code>dff7cc3</code></a> Validate Chunked-Encoding chunk footer</li> <li>Additional commits viewable in <a href="https://github.com/python-hyper/h11/compare/v0.14.0...v0.16.0">compare view</a></li> </ul> </details> <br /> Updates `orjson` from 3.10.14 to 3.11.6 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ijl/orjson/releases">orjson's releases</a>.</em></p> <blockquote> <h2>3.11.6</h2> <h3>Changed</h3> <ul> <li>orjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).</li> <li>Drop support for Python 3.9.</li> <li>ABI compatibility with CPython 3.15 alpha 5.</li> <li>Build now depends on Rust 1.89 or later instead of 1.85.</li> </ul> <h3>Fixed</h3> <ul> <li>Fix sporadic crash serializing deeply nested <code>list</code> of <code>dict</code>.</li> </ul> <h2>3.11.5</h2> <h3>Changed</h3> <ul> <li>Show simple error message instead of traceback when attempting to build on unsupported Python versions.</li> </ul> <h2>3.11.4</h2> <h3>Changed</h3> <ul> <li>ABI compatibility with CPython 3.15 alpha 1.</li> <li>Publish PyPI wheels for 3.14 and manylinux i686, manylinux arm7, manylinux ppc64le, manylinux s390x.</li> <li>Build now requires a C compiler.</li> </ul> <h2>3.11.3</h2> <h3>Fixed</h3> <ul> <li>Fix PyPI project metadata when using maturin 1.9.2 or later.</li> </ul> <h2>3.11.2</h2> <h3>Fixed</h3> <ul> <li>Fix build using Rust 1.89 on amd64.</li> </ul> <h3>Changed</h3> <ul> <li>Build now depends on Rust 1.85 or later instead of 1.82.</li> </ul> <h2>3.11.1</h2> <h3>Changed</h3> <ul> <li>Publish PyPI wheels for CPython 3.14.</li> </ul> <h3>Fixed</h3> <ul> <li>Fix <code>str</code> on big-endian architectures.</li> </ul> <h2>3.11.0</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/ijl/orjson/blob/master/CHANGELOG.md">orjson's changelog</a>.</em></p> <blockquote> <h2>3.11.6 - 2026-01-29</h2> <h3>Changed</h3> <ul> <li>orjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).</li> <li>Drop support for Python 3.9.</li> <li>ABI compatibility with CPython 3.15 alpha 5.</li> <li>Build now depends on Rust 1.89 or later instead of 1.85.</li> </ul> <h3>Fixed</h3> <ul> <li>Fix sporadic crash serializing deeply nested <code>list</code> of <code>dict</code>.</li> </ul> <h2>3.11.5 - 2025-12-06</h2> <h3>Changed</h3> <ul> <li>Show simple error message instead of traceback when attempting to build on unsupported Python versions.</li> </ul> <h2>3.11.4 - 2025-10-24</h2> <h3>Changed</h3> <ul> <li>ABI compatibility with CPython 3.15 alpha 1.</li> <li>Publish PyPI wheels for 3.14 and manylinux i686, manylinux arm7, manylinux ppc64le, manylinux s390x.</li> <li>Build now requires a C compiler.</li> </ul> <h2>3.11.3 - 2025-08-26</h2> <h3>Fixed</h3> <ul> <li>Fix PyPI project metadata when using maturin 1.9.2 or later.</li> </ul> <h2>3.11.2 - 2025-08-12</h2> <h3>Fixed</h3> <ul> <li>Fix build using Rust 1.89 on amd64.</li> </ul> <h3>Changed</h3> <ul> <li>Build now depends on Rust 1.85 or later instead of 1.82.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ijl/orjson/commit/ec02024c3837255064f248c0d2d331319b75e9ad"><code>ec02024</code></a> 3.11.6</li> <li><a href="https://github.com/ijl/orjson/commit/d58168733189f82b3fd0c058dff73e05d09202e6"><code>d581687</code></a> build, clippy misc</li> <li><a href="https://github.com/ijl/orjson/commit/4105b29b2275f200f6fae01349bef02ccf1bc2e2"><code>4105b29</code></a> writer::num</li> <li><a href="https://github.com/ijl/orjson/commit/62bb185b70785ded49c79c26f8c9781f1e6fe370"><code>62bb185</code></a> Fix sporadic crash on serializing object close</li> <li><a href="https://github.com/ijl/orjson/commit/d860078a973f44401265c5c4ad12a7dbe4f839ad"><code>d860078</code></a> PyRef idiom refactors</li> <li><a href="https://github.com/ijl/orjson/commit/343ae2f148197918aba9f8562db42c364620e4b8"><code>343ae2f</code></a> Deserializer, Utf8Buffer</li> <li><a href="https://github.com/ijl/orjson/commit/7835f58d1c56947d1cf7a18acdfc07a2bca9b0f2"><code>7835f58</code></a> PyBytesRef and other input refactor</li> <li><a href="https://github.com/ijl/orjson/commit/71e0516424ce1e11613eb1780f18e8cde83989fd"><code>71e0516</code></a> PyStrRef</li> <li><a href="https://github.com/ijl/orjson/commit/1096df42dc585fde837ed0c930a346f5ef7dbb94"><code>1096df4</code></a> MSRV 1.89</li> <li><a href="https://github.com/ijl/orjson/commit/b718e75b8ba18a707c2b44b6de14d52547573771"><code>b718e75</code></a> Drop support for python3.9</li> <li>Additional commits viewable in <a href="https://github.com/ijl/orjson/compare/3.10.14...3.11.6">compare view</a></li> </ul> </details> <br /> Updates `requests` from 2.32.3 to 2.32.4 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/releases">requests's releases</a>.</em></p> <blockquote> <h2>v2.32.4</h2> <h2>2.32.4 (2025-06-10)</h2> <p><strong>Security</strong></p> <ul> <li>CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file. (<a href="https://redirect.github.com/psf/requests/issues/6965">#6965</a>)</li> </ul> <p><strong>Improvements</strong></p> <ul> <li>Numerous documentation improvements</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Added support for pypy 3.11 for Linux and macOS. (<a href="https://redirect.github.com/psf/requests/issues/6926">#6926</a>)</li> <li>Dropped support for pypy 3.9 following its end of support. (<a href="https://redirect.github.com/psf/requests/issues/6926">#6926</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/blob/main/HISTORY.md">requests's changelog</a>.</em></p> <blockquote> <h2>2.32.4 (2025-06-10)</h2> <p><strong>Security</strong></p> <ul> <li>CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.</li> </ul> <p><strong>Improvements</strong></p> <ul> <li>Numerous documentation improvements</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Added support for pypy 3.11 for Linux and macOS.</li> <li>Dropped support for pypy 3.9 following its end of support.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/psf/requests/commit/021dc729f0b71a3030cefdbec7fb57a0e80a6cfd"><code>021dc72</code></a> Polish up release tooling for last manual release</li> <li><a href="https://github.com/psf/requests/commit/821770e822a20a21b207b3907ea83878bda1d396"><code>821770e</code></a> Bump version and add release notes for v2.32.4</li> <li><a href="https://github.com/psf/requests/commit/59f8aa2adf1d3d06bcbf7ce6b13743a1639a5401"><code>59f8aa2</code></a> Add netrc file search information to authentication documentation (<a href="https://redirect.github.com/psf/requests/issues/6876">#6876</a>)</li> <li><a href="https://github.com/psf/requests/commit/5b4b64c3467fd7a3c03f91ee641aaa348b6bed3b"><code>5b4b64c</code></a> Add more tests to prevent regression of CVE 2024 47081</li> <li><a href="https://github.com/psf/requests/commit/7bc45877a86192af77645e156eb3744f95b47dae"><code>7bc4587</code></a> Add new test to check netrc auth leak (<a href="https://redirect.github.com/psf/requests/issues/6962">#6962</a>)</li> <li><a href="https://github.com/psf/requests/commit/96ba401c1296ab1dda74a2365ef36d88f7d144ef"><code>96ba401</code></a> Only use hostname to do netrc lookup instead of netloc</li> <li><a href="https://github.com/psf/requests/commit/7341690e842a23cf18ded0abd9229765fa88c4e2"><code>7341690</code></a> Merge pull request <a href="https://redirect.github.com/psf/requests/issues/6951">#6951</a> from tswast/patch-1</li> <li><a href="https://github.com/psf/requests/commit/6716d7c9f29df636643fa2489f98890216525cb0"><code>6716d7c</code></a> remove links</li> <li><a href="https://github.com/psf/requests/commit/a7e1c745dc23c18e836febd672416ed0c5d8d8ae"><code>a7e1c74</code></a> Update docs/conf.py</li> <li><a href="https://github.com/psf/requests/commit/c799b8167a13416833ad3b4f3298261a477e826f"><code>c799b81</code></a> docs: fix dead links to kenreitz.org</li> <li>Additional commits viewable in <a href="https://github.com/psf/requests/compare/v2.32.3...v2.32.4">compare view</a></li> </ul> </details> <br /> Updates `starlette` from 0.41.3 to 0.49.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/Kludex/starlette/releases">starlette's releases</a>.</em></p> <blockquote> <h2>Version 0.49.1</h2> <p>This release fixes a security vulnerability in the parsing logic of the <code>Range</code> header in <code>FileResponse</code>.</p> <p>You can view the full security advisory: <a href="https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8">GHSA-7f5h-v6xp-fcq8</a></p> <h2>Fixed</h2> <ul> <li>Optimize the HTTP ranges parsing logic <a href="https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5">4ea6e22b489ec388d6004cfbca52dd5b147127c5</a></li> </ul> <hr /> <p><strong>Full Changelog</strong>: <a href="https://github.com/Kludex/starlette/compare/0.49.0...0.49.1">https://github.com/Kludex/starlette/compare/0.49.0...0.49.1</a></p> <h2>Version 0.49.0</h2> <h2>Added</h2> <ul> <li>Add <code>encoding</code> parameter to <code>Config</code> class <a href="https://redirect.github.com/Kludex/starlette/pull/2996">#2996</a>.</li> <li>Support multiple cookie headers in <code>Request.cookies</code> <a href="https://redirect.github.com/Kludex/starlette/pull/3029">#3029</a>.</li> <li>Use <code>Literal</code> type for <code>WebSocketEndpoint</code> encoding values <a href="https://redirect.github.com/Kludex/starlette/pull/3027">#3027</a>.</li> </ul> <h2>Changed</h2> <ul> <li>Do not pollute exception context in <code>Middleware</code> when using <code>BaseHTTPMiddleware</code> <a href="https://redirect.github.com/Kludex/starlette/pull/2976">#2976</a>.</li> </ul> <hr /> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/TheWesDias"><code>@​TheWesDias</code></a> made their first contribution in <a href="https://redirect.github.com/Kludex/starlette/pull/3017">Kludex/starlette#3017</a></li> <li><a href="https://github.com/gmos2104"><code>@​gmos2104</code></a> made their first contribution in <a href="https://redirect.github.com/Kludex/starlette/pull/3027">Kludex/starlette#3027</a></li> <li><a href="https://github.com/secrett2633"><code>@​secrett2633</code></a> made their first contribution in <a href="https://redirect.github.com/Kludex/starlette/pull/2996">Kludex/starlette#2996</a></li> <li><a href="https://github.com/adam-sikora"><code>@​adam-sikora</code></a> made their first contribution in <a href="https://redirect.github.com/Kludex/starlette/pull/2976">Kludex/starlette#2976</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/Kludex/starlette/compare/0.48.0...0.49.0">https://github.com/Kludex/starlette/compare/0.48.0...0.49.0</a></p> <h2>Version 0.48.0</h2> <h2>Added</h2> <ul> <li>Add official Python 3.14 support <a href="https://redirect.github.com/Kludex/starlette/pull/3013">#3013</a>.</li> </ul> <h2>Changed</h2> <ul> <li>Implement <a href="https://www.rfc-editor.org/rfc/rfc9110">RFC9110</a> http status names <a href="https://redirect.github.com/Kludex/starlette/pull/2939">#2939</a>.</li> </ul> <hr /> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/yakimka"><code>@​yakimka</code></a> made their first contribution in <a href="https://redirect.github.com/Kludex/starlette/pull/2943">Kludex/starlette#2943</a></li> <li><a href="https://github.com/mbeijen"><code>@​mbeijen</code></a> made their first contribution in <a href="https://redirect.github.com/Kludex/starlette/pull/2939">Kludex/starlette#2939</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/Kludex/starlette/compare/0.47.3...0.48.0">https://github.com/Kludex/starlette/compare/0.47.3...0.48.0</a></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/Kludex/starlette/blob/main/docs/release-notes.md">starlette's changelog</a>.</em></p> <blockquote> <h2>0.49.1 (October 28, 2025)</h2> <p>This release fixes a security vulnerability in the parsing logic of the <code>Range</code> header in <code>FileResponse</code>.</p> <p>You can view the full security advisory: <a href="https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8">GHSA-7f5h-v6xp-fcq8</a></p> <h4>Fixed</h4> <ul> <li>Optimize the HTTP ranges parsing logic <a href="https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5">4ea6e22b489ec388d6004cfbca52dd5b147127c5</a></li> </ul> <h2>0.49.0 (October 28, 2025)</h2> <h4>Added</h4> <ul> <li>Add <code>encoding</code> parameter to <code>Config</code> class <a href="https://redirect.github.com/Kludex/starlette/pull/2996">#2996</a>.</li> <li>Support multiple cookie headers in <code>Request.cookies</code> <a href="https://redirect.github.com/Kludex/starlette/pull/3029">#3029</a>.</li> <li>Use <code>Literal</code> type for <code>WebSocketEndpoint</code> encoding values <a href="https://redirect.github.com/Kludex/starlette/pull/3027">#3027</a>.</li> </ul> <h4>Changed</h4> <ul> <li>Do not pollute exception context in <code>Middleware</code> when using <code>BaseHTTPMiddleware</code> <a href="https://redirect.github.com/Kludex/starlette/pull/2976">#2976</a>.</li> </ul> <h2>0.48.0 (September 13, 2025)</h2> <h4>Added</h4> <ul> <li>Add official Python 3.14 support <a href="https://redirect.github.com/Kludex/starlette/pull/3013">#3013</a>.</li> </ul> <h4>Changed</h4> <ul> <li>Implement <a href="https://www.rfc-editor.org/rfc/rfc9110">RFC9110</a> http status names <a href="https://redirect.github.com/Kludex/starlette/pull/2939">#2939</a>.</li> </ul> <h2>0.47.3 (August 24, 2025)</h2> <h4>Fixed</h4> <ul> <li>Use <code>asyncio.iscoroutinefunction</code> for Python 3.12 and older <a href="https://redirect.github.com/Kludex/starlette/pull/2984">#2984</a>.</li> </ul> <h2>0.47.2 (July 20, 2025)</h2> <h4>Fixed</h4> <ul> <li>Make <code>UploadFile</code> check for future rollover <a href="https://redirect.github.com/Kludex/starlette/pull/2962">#2962</a>.</li> </ul> <h2>0.47.1 (June 21, 2025)</h2> <h4>Fixed</h4> <ul> <li>Use <code>Self</code> in <code>TestClient.__enter__</code> <a href="https://redirect.github.com/Kludex/starlette/pull/2951">#2951</a>.</li> <li>Allow async exception handlers to type-check <a href="https://redirect.github.com/Kludex/starlette/pull/2949">#2949</a>.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/Kludex/starlette/commit/7e4b7428f273dbdc875dcd036d20804bcfc7b2ee"><code>7e4b742</code></a> Version 0.49.1 (<a href="https://redirect.github.com/Kludex/starlette/issues/3047">#3047</a>)</li> <li><a href="https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5"><code>4ea6e22</code></a> Merge commit from fork</li> <li><a href="https://github.com/Kludex/starlette/commit/7d88ea6f8ec8aa99cdb5fc7a10b88db5aadfdfee"><code>7d88ea6</code></a> Version 0.49.0 (<a href="https://redirect.github.com/Kludex/starlette/issues/3046">#3046</a>)</li> <li><a href="https://github.com/Kludex/starlette/commit/26d66bbfb05c7bbecbbb57106c65f33682f8174e"><code>26d66bb</code></a> Do not pollute exception context in Middleware (<a href="https://redirect.github.com/Kludex/starlette/issues/2976">#2976</a>)</li> <li><a href="https://github.com/Kludex/starlette/commit/a59397db889e3a96c4f34b1406957a3b92e1e8b5"><code>a59397d</code></a> Set encodings when reading config files (<a href="https://redirect.github.com/Kludex/starlette/issues/2996">#2996</a>)</li> <li><a href="https://github.com/Kludex/starlette/commit/3b7f0cbf598be305528a498a35089ce723060372"><code>3b7f0cb</code></a> test: add test for unknown status (<a href="https://redirect.github.com/Kludex/starlette/issues/3035">#3035</a>)</li> <li><a href="https://github.com/Kludex/starlette/commit/b09ce1a99d352ee6f5b896597f03a1a57507afcd"><code>b09ce1a</code></a> docs: fix legibility issues on sponsorship page (<a href="https://redirect.github.com/Kludex/starlette/issues/3039">#3039</a>)</li> <li><a href="https://github.com/Kludex/starlette/commit/0f0edcf8007412d9536bf8714c5815ce8f5dba4b"><code>0f0edcf</code></a> Revert &quot;Add Marcelo Trylesinski to the license (<a href="https://redirect.github.com/Kludex/starlette/issues/3025">#3025</a>)&quot; (<a href="https://redirect.github.com/Kludex/starlette/issues/3044">#3044</a>)</li> <li><a href="https://github.com/Kludex/starlette/commit/3912d6313730cc6004dfb4436e37dbc1a81db7c8"><code>3912d63</code></a> docs: add social icons (<a href="https://redirect.github.com/Kludex/starlette/issues/3038">#3038</a>)</li> <li><a href="https://github.com/Kludex/starlette/commit/4915a9309fcad58ac08b9fa550563d3287b531ad"><code>4915a93</code></a> Add discord to README/docs (<a href="https://redirect.github.com/Kludex/starlette/issues/3034">#3034</a>)</li> <li>Additional commits viewable in <a href="https://github.com/Kludex/starlette/compare/0.41.3...0.49.1">compare view</a></li> </ul> </details> <br /> Updates `urllib3` from 2.3.0 to 2.6.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/releases">urllib3's releases</a>.</em></p> <blockquote> <h2>2.6.3</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h2>Changes</h2> <ul> <li>Fixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by <a href="https://github.com/D47A"><code>@​D47A</code></a>, 8.9 High, GHSA-38jv-5279-wg99)</li> <li>Started treating <code>Retry-After</code> times greater than 6 hours as 6 hours by default. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3743">urllib3/urllib3#3743</a>)</li> <li>Fixed <code>urllib3.connection.VerifiedHTTPSConnection</code> on Emscripten. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3752">urllib3/urllib3#3752</a>)</li> </ul> <h2>2.6.2</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h2>Changes</h2> <ul> <li>Fixed <code>HTTPResponse.read_chunked()</code> to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3734">urllib3/urllib3#3734</a>)</li> </ul> <h2>2.6.1</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h2>Changes</h2> <ul> <li>Restore previously removed <code>HTTPResponse.getheaders()</code> and <code>HTTPResponse.getheader()</code> methods. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3731">#3731</a>)</li> </ul> <h2>2.6.0</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h2>Security</h2> <ul> <li>Fixed a security issue where streaming API could improperly handle highly compressed HTTP content (&quot;decompression bombs&quot;) leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (CVE-2025-66471 reported by <a href="https://github.com/Cycloctane"><code>@​Cycloctane</code></a>, 8.9 High, GHSA-2xpw-w6gg-jr37)</li> <li>Fixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the <code>Content-Encoding</code> header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (CVE-2025-66418 reported by <a href="https://github.com/illia-v"><code>@​illia-v</code></a>, 8.9 High, GHSA-gm62-xv2j-4w53)</li> </ul> <blockquote> <p>[!IMPORTANT]</p> <ul> <li>If urllib3 is not installed with the optional <code>urllib3[brotli]</code> extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to benefit from the security fixes and avoid warnings. Prefer using <code>urllib3[brotli]</code> to install a compatible Brotli package automatically.</li> </ul> </blockquote> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's changelog</a>.</em></p> <blockquote> <h1>2.6.3 (2026-01-07)</h1> <ul> <li>Fixed a high-severity security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (<code>GHSA-38jv-5279-wg99 &lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99&gt;</code>__)</li> <li>Started treating <code>Retry-After</code> times greater than 6 hours as 6 hours by default. (<code>[#3743](https://github.com/urllib3/urllib3/issues/3743) &lt;https://github.com/urllib3/urllib3/issues/3743&gt;</code>__)</li> <li>Fixed <code>urllib3.connection.VerifiedHTTPSConnection</code> on Emscripten. (<code>[#3752](https://github.com/urllib3/urllib3/issues/3752) &lt;https://github.com/urllib3/urllib3/issues/3752&gt;</code>__)</li> </ul> <h1>2.6.2 (2025-12-11)</h1> <ul> <li>Fixed <code>HTTPResponse.read_chunked()</code> to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (<code>[#3734](https://github.com/urllib3/urllib3/issues/3734) &lt;https://github.com/urllib3/urllib3/issues/3734&gt;</code>__)</li> </ul> <h1>2.6.1 (2025-12-08)</h1> <ul> <li>Restore previously removed <code>HTTPResponse.getheaders()</code> and <code>HTTPResponse.getheader()</code> methods. (<code>[#3731](https://github.com/urllib3/urllib3/issues/3731) &lt;https://github.com/urllib3/urllib3/issues/3731&gt;</code>__)</li> </ul> <h1>2.6.0 (2025-12-05)</h1> <h2>Security</h2> <ul> <li>Fixed a security issue where streaming API could improperly handle highly compressed HTTP content (&quot;decompression bombs&quot;) leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (<code>GHSA-2xpw-w6gg-jr37 &lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37&gt;</code>__)</li> <li>Fixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the <code>Content-Encoding</code> header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (<code>GHSA-gm62-xv2j-4w53 &lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53&gt;</code>__)</li> </ul> <p>.. caution::</p> <ul> <li>If urllib3 is not installed with the optional <code>urllib3[brotli]</code> extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to benefit from the security fixes and avoid warnings. Prefer using</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/urllib3/urllib3/commit/0248277dd7ac0239204889ca991353ad3e3a1ddc"><code>0248277</code></a> Release 2.6.3</li> <li><a href="https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b"><code>8864ac4</code></a> Merge commit from fork</li> <li><a href="https://github.com/urllib3/urllib3/commit/70cecb27ca99d56aaaeb63ac27ee270ef2b24c5c"><code>70cecb2</code></a> Fix Scorecard issues related to vulnerable dev dependencies (<a href="https://redirect.github.com/urllib3/urllib3/issues/3755">#3755</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/41f249abe1ef3e20768588969c4035aba060a359"><code>41f249a</code></a> Move &quot;v2.0 Migration Guide&quot; to the end of the table of contents (<a href="https://redirect.github.com/urllib3/urllib3/issues/3747">#3747</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/fd4dffd2fc544166b76151a2fa3d7b7c0eab540c"><code>fd4dffd</code></a> Patch <code>VerifiedHTTPSConnection</code> for Emscripten (<a href="https://redirect.github.com/urllib3/urllib3/issues/3752">#3752</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/13f0bfd55e4468fe1ea9c6f809d3a87b0f93ebab"><code>13f0bfd</code></a> Handle massive values in Retry-After when calculating time to sleep for (<a href="https://redirect.github.com/urllib3/urllib3/issues/3743">#3743</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/8c480bf87bcefd321b3a1ae47f04e908b6b2ed7b"><code>8c480bf</code></a> Bump actions/upload-artifact from 5.0.0 to 6.0.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3748">#3748</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/4b40616e959c0a2c466e8075f2a785a9f99bb0c1"><code>4b40616</code></a> Bump actions/cache from 4.3.0 to 5.0.1 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3750">#3750</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/82b8479663d037d220c883f1584dd01a43bb273b"><code>82b8479</code></a> Bump actions/download-artifact from 6.0.0 to 7.0.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3749">#3749</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/34284cb01700bb7d4fdd472f909e22393e9174e2"><code>34284cb</code></a> Mention experimental features in the security policy (<a href="https://redirect.github.com/urllib3/urllib3/issues/3746">#3746</a>)</li> <li>Additional commits viewable in <a href="https://github.com/urllib3/urllib3/compare/2.3.0...2.6.3">compare view</a></li> </ul> </details> <br /> Updates `h11` from 0.14.0 to 0.16.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/python-hyper/h11/commit/1c5b07581f058886c8bdd87adababd7d959dc7ca"><code>1c5b075</code></a> this time for surer</li> <li><a href="https://github.com/python-hyper/h11/commit/d9c369935e853a7ee1aeb7e481f6dddf9b9c9b8a"><code>d9c3699</code></a> this time for sure...</li> <li><a href="https://github.com/python-hyper/h11/commit/d91b9dd2290a25c8c3f5ec15feb57de5873e6e39"><code>d91b9dd</code></a> blacken</li> <li><a href="https://github.com/python-hyper/h11/commit/5a4683ca466b59bbab9b19cfea20ee157b31cee0"><code>5a4683c</code></a> Soothe mypy</li> <li><a href="https://github.com/python-hyper/h11/commit/9c9567f0a92d13a83a8d8ebdbc757c8c2d384536"><code>9c9567f</code></a> Bump version to 0.16.0</li> <li><a href="https://github.com/python-hyper/h11/commit/114803a29ce50116dc47951c690ad4892b1a36ed"><code>114803a</code></a> Merge commit from fork</li> <li><a href="https://github.com/python-hyper/h11/commit/9462006f6ce4941661888228cbd4ac1ea80689b0"><code>9462006</code></a> Bump version to 0.15.0</li> <li><a href="https://github.com/python-hyper/h11/commit/70a96bea8e55403e5d92db14c111432c6d7a8685"><code>70a96be</code></a> Merge pull request <a href="https://redirect.github.com/python-hyper/h11/issues/181">#181</a> from Julien00859/Julien00859/get_int_max_str_digits</li> <li><a href="https://github.com/python-hyper/h11/commit/60782ad107e538b9312aac7e1c119c8358bf797c"><code>60782ad</code></a> Reject Content-Length longer 1 billion TB</li> <li><a href="https://github.com/python-hyper/h11/commit/dff7cc397a26ed4acdedd92d1bda6c8f18a6ed9f"><code>dff7cc3</code></a> Validate Chunked-Encoding chunk footer</li> <li>Additional commits viewable in <a href="https://github.com/python-hyper/h11/compare/v0.14.0...v0.16.0">compare view</a></li> </ul> </details> <br /> Updates `orjson` from 3.10.14 to 3.11.6 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ijl/orjson/releases">orjson's releases</a>.</em></p> <blockquote> <h2>3.11.6</h2> <h3>Changed</h3> <ul> <li>orjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).</li> <li>Drop support for Python 3.9.</li> <li>ABI compatibility with CPython 3.15 alpha 5.</li> <li>Build now depends on Rust 1.89 or later instead of 1.85.</li> </ul> <h3>Fixed</h3> <ul> <li>Fix sporadic crash serializing deeply nested <code>list</code> of <code>dict</code>.</li> </ul> <h2>3.11.5</h2> <h3>Changed</h3> <ul> <li>Show simple error message instead of traceback when attempting to build on unsupported Python versions.</li> </ul> <h2>3.11.4</h2> <h3>Changed</h3> <ul> <li>ABI compatibility with CPython 3.15 alpha 1.</li> <li>Publish PyPI wheels for 3.14 and manylinux i686, manylinux arm7, manylinux ppc64le, manylinux s390x.</li> <li>Build now requires a C compiler.</li> </ul> <h2>3.11.3</h2> <h3>Fixed</h3> <ul> <li>Fix PyPI project metadata when using maturin 1.9.2 or later.</li> </ul> <h2>3.11.2</h2> <h3>Fixed</h3> <ul> <li>Fix build using Rust 1.89 on amd64.</li> </ul> <h3>Changed</h3> <ul> <li>Build now depends on Rust 1.85 or later instead of 1.82.</li> </ul> <h2>3.11.1</h2> <h3>Changed</h3> <ul> <li>Publish PyPI wheels for CPython 3.14.</li> </ul> <h3>Fixed</h3> <ul> <li>Fix <code>str</code> on big-endian architectures.</li> </ul> <h2>3.11.0</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/ijl/orjson/blob/master/CHANGELOG.md">orjson's changelog</a>.</em></p> <blockquote> <h2>3.11.6 - 2026-01-29</h2> <h3>Changed</h3> <ul> <li>orjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).</li> <li>Drop support for Python 3.9.</li> <li>ABI compatibility with CPython 3.15 alpha 5.</li> <li>Build now depends on Rust 1.89 or later instead of 1.85.</li> </ul> <h3>Fixed</h3> <ul> <li>Fix sporadic crash serializing deeply nested <code>list</code> of <code>dict</code>.</li> </ul> <h2>3.11.5 - 2025-12-06</h2> <h3>Changed</h3> <ul> <li>Show simple error message instead of traceback when attempting to build on unsupported Python versions.</li> </ul> <h2>3.11.4 - 2025-10-24</h2> <h3>Changed</h3> <ul> <li>ABI compatibility with CPython 3.15 alpha 1.</li> <li>Publish PyPI wheels for 3.14 and manylinux i686, manylinux arm7, manylinux ppc64le, manylinux s390x.</li> <li>Build now requires a C compiler.</li> </ul> <h2>3.11.3 - 2025-08-26</h2> <h3>Fixed</h3> <ul> <li>Fix PyPI project metadata when using maturin 1.9.2 or later.</li> </ul> <h2>3.11.2 - 2025-08-12</h2> <h3>Fixed</h3> <ul> <li>Fix build using Rust 1.89 on amd64.</li> </ul> <h3>Changed</h3> <ul> <li>Build now depends on Rust 1.85 or later instead of 1.82.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ijl/orjson/commit/ec02024c3837255064f248c0d2d331319b75e9ad"><code>ec02024</code></a> 3.11.6</li> <li><a href="https://github.com/ijl/orjson/commit/d58168733189f82b3fd0c058dff73e05d09202e6"><code>d581687</code></a> build, clippy misc</li> <li><a href="https://github.com/ijl/orjson/commit/4105b29b2275f200f6fae01349bef02ccf1bc2e2"><code>4105b29</code></a> writer::num</li> <li><a href="https://github.com/ijl/orjson/commit/62bb185b70785ded49c79c26f8c9781f1e6fe370"><code>62bb185</code></a> Fix sporadic crash on serializing object close</li> <li><a href="https://github.com/ijl/orjson/commit/d860078a973f44401265c5c4ad12a7dbe4f839ad"><code>d860078</code></a> PyRef idiom refactors</li> <li><a href="https://github.com/ijl/orjson/commit/343ae2f148197918aba9f8562db42c364620e4b8"><code>343ae2f</code></a> Deserializer, Utf8Buffer</li> <li><a href="https://github.com/ijl/orjson/commit/7835f58d1c56947d1cf7a18acdfc07a2bca9b0f2"><code>7835f58</code></a> PyBytesRef and other input refactor</li> <li><a href="https://github.com/ijl/orjson/commit/71e0516424ce1e11613eb1780f18e8cde83989fd"><code>71e0516</code></a> PyStrRef</li> <li><a href="https://github.com/ijl/orjson/commit/1096df42dc585fde837ed0c930a346f5ef7dbb94"><code>1096df4</code></a> MSRV 1.89</li> <li><a href="https://github.com/ijl/orjson/commit/b718e75b8ba18a707c2b44b6de14d52547573771"><code>b718e75</code></a> Drop support for python3.9</li> <li>Additional commits viewable in <a href="https://github.com/ijl/orjson/compare/3.10.14...3.11.6">compare view</a></li> </ul> </details> <br /> Updates `requests` from 2.32.3 to 2.32.4 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/releases">requests's releases</a>.</em></p> <blockquote> <h2>v2.32.4</h2> <h2>2.32.4 (2025-06-10)</h2> <p><strong>Security</strong></p> <ul> <li>CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file. (<a href="https://redirect.github.com/psf/requests/issues/6965">#6965</a>)</li> </ul> <p><strong>Improvements</strong></p> <ul> <li>Numerous documentation improvements</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Added support for pypy 3.11 for Linux and macOS. (<a href="https://redirect.github.com/psf/requests/issues/6926">#6926</a>)</li> <li>Dropped support for pypy 3.9 following its end of support. (<a href="https://redirect.github.com/psf/requests/issues/6926">#6926</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/blob/main/HISTORY.md">requests's changelog</a>.</em></p> <blockquote> <h2>2.32.4 (2025-06-10)</h2> <p><strong>Security</strong></p> <ul> <li>CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.</li> </ul> <p><strong>Improvements</strong></p> <ul> <li>Numerous documentation improvements</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Added support for pypy 3.11 for Linux and macOS.</li> <li>Dropped support for pypy 3.9 following its end of support.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/psf/requests/commit/021dc729f0b71a3030cefdbec7fb57a0e80a6cfd"><code>021dc72</code></a> Polish up release tooling for last manual release</li> <li><a href="https://github.com/psf/requests/commit/821770e822a20a21b207b3907ea83878bda1d396"><code>821770e</code></a> Bump version and add release notes for v2.32.4</li> <li><a href="https://github.com/psf/requests/commit/59f8aa2adf1d3d06bcbf7ce6b13743a1639a5401"><code>59f8aa2</code></a> Add netrc file search information to authentication documentation (<a href="https://redirect.github.com/psf/requests/issues/6876">#6876</a>)</li> <li><a href="https://github.com/psf/requests/commit/5b4b64c3467fd7a3c03f91ee641aaa348b6bed3b"><code>5b4b64c</code></a> Add more tests to prevent regression of CVE 2024 47081</li> <li><a href="https://github.com/psf/requests/commit/7bc45877a86192af77645e156eb3744f95b47dae"><code>7bc4587</code></a> Add new test to check netrc auth leak (<a href="https://redirect.github.com/psf/requests/issues/6962">#6962</a>)</li> <li><a href="https://github.com/psf/requests/commit/96ba401c1296ab1dda74a2365ef36d88f7d144ef"><code>96ba401</code></a> Only use hostname to do netrc lookup instead of netloc</li> <li><a href="https://github.com/psf/requests/commit/7341690e842a23cf18ded0abd9229765fa88c4e2"><code>7341690</code></a> Merge pull request <a href="https://redirect.github.com/psf/requests/issues/6951">#6951</a> from tswast/patch-1</li> <li><a href="https://github.com/psf/requests/commit/6716d7c9f29df636643fa2489f98890216525cb0"><code>6716d7c</code></a> remove links</li> <li><a href="https://github.com/psf/requests/commit/a7e1c745dc23c18e836febd672416ed0c5d8d8ae"><code>a7e1c74</code></a> Update docs/conf.py</li> <li><a href="https://github.com/psf/requests/commit/c799b8167a13416833ad3b4f3298261a477e826f"><code>c799b81</code></a> docs: fix dead links to kenreitz.org</li> <li>Additional commits viewable in <a href="https://github.com/psf/requests/compare/v2.32.3...v2.32.4">compare view</a></li> </ul> </details> <br /> Updates `starlette` from 0.41.3 to 0.49.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/Kludex/starlette/releases">starlette's releases</a>.</em></p> <blockquote> <h2>Version 0.49.1</h2> <p>This release fixes a security vulnerability in the parsing logic of the <code>Range</code> header in <code>FileResponse</code>.</p> <p>You can view the full security advisory: <a href="https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8">GHSA-7f5h-v6xp-fcq8</a></p> <h2>Fixed</h2> <ul> <li>Optimize the HTTP ranges parsing logic <a href="https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5">4ea6e22b489ec388d6004cfbca52dd5b147127c5</a></li> </ul> <hr /> <p><strong>Full Changelog</strong>: <a href="https://github.com/Kludex/starlette/compare/0.49.0...0.49.1">https://github.com/Kludex/starlette/compare/0.49.0...0.49.1</a></p> <h2>Version 0.49.0</h2> <h2>Added</h2> <ul> <li>Add <code>encoding</code> parameter to <code>Config</code> class <a href="https://redirect.github.com/Kludex/starlette/pull/2996">#2996</a>.</li> <li>Support multiple cookie headers in <code>Request.cookies</code> <a href="https://redirect.github.com/Kludex/starlette/pull/3029">#3029</a>.</li> <li>Use <code>Literal</code> type for <code>WebSocketEndpoint</code> encoding values <a href="https://redirect.github.com/Kludex/starlette/pull/3027">#3027</a>.</li> </ul> <h2>Changed</h2> <ul> <li>Do not pollute exception context in <code>Middleware</code> when using <code>BaseHTTPMiddleware</code> <a href="https://redirect.github.com/Kludex/starlette/pull/2976">#2976</a>.</li> </ul> <hr /> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/TheWesDias"><code>@​TheWesDias</code></a> made their first contribution in <a href="https://redirect.github.com/Kludex/starlette/pull/3017">Kludex/starlette#3017</a></li> <li><a href="https://github.com/gmos2104"><code>@​gmos2104</code></a> made their first contribution in <a href="https://redirect.github.com/Kludex/starlette/pull/3027">Kludex/starlette#3027</a></li> <li><a href="https://github.com/secrett2633"><code>@​secrett2633</code></a> made their first contribution in <a href="https://redirect.github.com/Kludex/starlette/pull/2996">Kludex/starlette#2996</a></li> <li><a href="https://github.com/adam-sikora"><code>@​adam-sikora</code></a> made their first contribution in <a href="https://redirect.github.com/Kludex/starlette/pull/2976">Kludex/starlette#2976</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/Kludex/starlette/compare/0.48.0...0.49.0">https://github.com/Kludex/starlette/compare/0.48.0...0.49.0</a></p> <h2>Version 0.48.0</h2> <h2>Added</h2> <ul> <li>Add official Python 3.14 support <a href="https://redirect.github.com/Kludex/starlette/pull/3013">#3013</a>.</li> </ul> <h2>Changed</h2> <ul> <li>Implement <a href="https://www.rfc-editor.org/rfc/rfc9110">RFC9110</a> http status names <a href="https://redirect.github.com/Kludex/starlette/pull/2939">#2939</a>.</li> </ul> <hr /> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/yakimka"><code>@​yakimka</code></a> made their first contribution in <a href="https://redirect.github.com/Kludex/starlette/pull/2943">Kludex/starlette#2943</a></li> <li><a href="https://github.com/mbeijen"><code>@​mbeijen</code></a> made their first contribution in <a href="https://redirect.github.com/Kludex/starlette/pull/2939">Kludex/starlette#2939</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/Kludex/starlette/compare/0.47.3...0.48.0">https://github.com/Kludex/starlette/compare/0.47.3...0.48.0</a></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/Kludex/starlette/blob/main/docs/release-notes.md">starlette's changelog</a>.</em></p> <blockquote> <h2>0.49.1 (October 28, 2025)</h2> <p>This release fixes a security vulnerability in the parsing logic of the <code>Range</code> header in <code>FileResponse</code>.</p> <p>You can view the full security advisory: <a href="https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8">GHSA-7f5h-v6xp-fcq8</a></p> <h4>Fixed</h4> <ul> <li>Optimize the HTTP ranges parsing logic <a href="https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5">4ea6e22b489ec388d6004cfbca52dd5b147127c5</a></li> </ul> <h2>0.49.0 (October 28, 2025)</h2> <h4>Added</h4> <ul> <li>Add <code>encoding</code> parameter to <code>Config</code> class <a href="https://redirect.github.com/Kludex/starlette/pull/2996">#2996</a>.</li> <li>Support multiple cookie headers in <code>Request.cookies</code> <a href="https://redirect.github.com/Kludex/starlette/pull/3029">#3029</a>.</li> <li>Use <code>Literal</code> type for <code>WebSocketEndpoint</code> encoding values <a href="https://redirect.github.com/Kludex/starlette/pull/3027">#3027</a>.</li> </ul> <h4>Changed</h4> <ul> <li>Do not pollute exception context in <code>Middleware</code> when using <code>BaseHTTPMiddleware</code> <a href="https://redirect.github.com/Kludex/starlette/pull/2976">#2976</a>.</li> </ul> <h2>0.48.0 (September 13, 2025)</h2> <h4>Added</h4> <ul> <li>Add official Python 3.14 support <a href="https://redirect.github.com/Kludex/starlette/pull/3013">#3013</a>.</li> </ul> <h4>Changed</h4> <ul> <li>Implement <a href="https://www.rfc-editor.org/rfc/rfc9110">RFC9110</a> http status names <a href="https://redirect.github.com/Kludex/starlette/pull/2939">#2939</a>.</li> </ul> <h2>0.47.3 (August 24, 2025)</h2> <h4>Fixed</h4> <ul> <li>Use <code>asyncio.iscoroutinefunction</code> for Python 3.12 and older <a href="https://redirect.github.com/Kludex/starlette/pull/2984">#2984</a>.</li> </ul> <h2>0.47.2 (July 20, 2025)</h2> <h4>Fixed</h4> <ul> <li>Make <code>UploadFile</code> check for future rollover <a href="https://redirect.github.com/Kludex/starlette/pull/2962">#2962</a>.</li> </ul> <h2>0.47.1 (June 21, 2025)</h2> <h4>Fixed</h4> <ul> <li>Use <code>Self</code> in <code>TestClient.__enter__</code> <a href="https://redirect.github.com/Kludex/starlette/pull/2951">#2951</a>.</li> <li>Allow async exception handlers to type-check <a href="https://redirect.github.com/Kludex/starlette/pull/2949">#2949</a>.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/Kludex/starlette/commit/7e4b7428f273dbdc875dcd036d20804bcfc7b2ee"><code>7e4b742</code></a> Version 0.49.1 (<a href="https://redirect.github.com/Kludex/starlette/issues/3047">#3047</a>)</li> <li><a href="https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5"><code>4ea6e22</code></a> Merge commit from fork</li> <li><a href="https://github.com/Kludex/starlette/commit/7d88ea6f8ec8aa99cdb5fc7a10b88db5aadfdfee"><code>7d88ea6</code></a> Version 0.49.0 (<a href="https://redirect.github.com/Kludex/starlette/issues/3046">#3046</a>)</li> <li><a href="https://github.com/Kludex/starlette/commit/26d66bbfb05c7bbecbbb57106c65f33682f8174e"><code>26d66bb</code></a> Do not pollute exception context in Middleware (<a href="https://redirect.github.com/Kludex/starlette/issues/2976">#2976</a>)</li> <li><a href="https://github.com/Kludex/starlette/commit/a59397db889e3a96c4f34b1406957a3b92e1e8b5"><code>a59397d</code></a> Set encodings when reading config files (<a href="https://redirect.github.com/Kludex/starlette/issues/2996">#2996</a>)</li> <li><a href="https://github.com/Kludex/starlette/commit/3b7f0cbf598be305528a498a35089ce723060372"><code>3b7f0cb</code></a> test: add test for unknown status (<a href="https://redirect.github.com/Kludex/starlette/issues/3035">#3035</a>)</li> <li><a href="https://github.com/Kludex/starlette/commit/b09ce1a99d352ee6f5b896597f03a1a57507afcd"><code>b09ce1a</code></a> docs: fix legibility issues on sponsorship page (<a href="https://redirect.github.com/Kludex/starlette/issues/3039">#3039</a>)</li> <li><a href="https://github.com/Kludex/starlette/commit/0f0edcf8007412d9536bf8714c5815ce8f5dba4b"><code>0f0edcf</code></a> Revert &quot;Add Marcelo Trylesinski to the license (<a href="https://redirect.github.com/Kludex/starlette/issues/3025">#3025</a>)&quot; (<a href="https://redirect.github.com/Kludex/starlette/issues/3044">#3044</a>)</li> <li><a href="https://github.com/Kludex/starlette/commit/3912d6313730cc6004dfb4436e37dbc1a81db7c8"><code>3912d63</code></a> docs: add social icons (<a href="https://redirect.github.com/Kludex/starlette/issues/3038">#3038</a>)</li> <li><a href="https://github.com/Kludex/starlette/commit/4915a9309fcad58ac08b9fa550563d3287b531ad"><code>4915a93</code></a> Add discord to README/docs (<a href="https://redirect.github.com/Kludex/starlette/issues/3034">#3034</a>)</li> <li>Additional commits viewable in <a href="https://github.com/Kludex/starlette/compare/0.41.3...0.49.1">compare view</a></li> </ul> </details> <br /> Updates `urllib3` from 2.3.0 to 2.6.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/releases">urllib3's releases</a>.</em></p> <blockquote> <h2>2.6.3</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h2>Changes</h2> <ul> <li>Fixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by <a href="https://github.com/D47A"><code>@​D47A</code></a>, 8.9 High, GHSA-38jv-5279-wg99)</li> <li>Started treating <code>Retry-After</code> times greater than 6 hours as 6 hours by default. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3743">urllib3/urllib3#3743</a>)</li> <li>Fixed <code>urllib3.connection.VerifiedHTTPSConnection</code> on Emscripten. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3752">urllib3/urllib3#3752</a>)</li> </ul> <h2>2.6.2</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h2>Changes</h2> <ul> <li>Fixed <code>HTTPResponse.read_chunked()</code> to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3734">urllib3/urllib3#3734</a>)</li> </ul> <h2>2.6.1</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h2>Changes</h2> <ul> <li>Restore previously removed <code>HTTPResponse.getheaders()</code> and <code>HTTPResponse.getheader()</code> methods. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3731">#3731</a>)</li> </ul> <h2>2.6.0</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h2>Security</h2> <ul> <li>Fixed a security issue where streaming API could improperly handle highly compressed HTTP content (&quot;decompression bombs&quot;) leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (CVE-2025-66471 reported by <a href="https://github.com/Cycloctane"><code>@​Cycloctane</code></a>, 8.9 High, GHSA-2xpw-w6gg-jr37)</li> <li>Fixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the <code>Content-Encoding</code> header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (CVE-2025-66418 reported by <a href="https://github.com/illia-v"><code>@​illia-v</code></a>, 8.9 High, GHSA-gm62-xv2j-4w53)</li> </ul> <blockquote> <p>[!IMPORTANT]</p> <ul> <li>If urllib3 is not installed with the optional <code>urllib3[brotli]</code> extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to benefit from the security fixes and avoid warnings. Prefer using <code>urllib3[brotli]</code> to install a compatible Brotli package automatically.</li> </ul> </blockquote> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's changelog</a>.</em></p> <blockquote> <h1>2.6.3 (2026-01-07)</h1> <ul> <li>Fixed a high-severity security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (<code>GHSA-38jv-5279-wg99 &lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99&gt;</code>__)</li> <li>Started treating <code>Retry-After</code> times greater than 6 hours as 6 hours by default. (<code>[#3743](https://github.com/urllib3/urllib3/issues/3743) &lt;https://github.com/urllib3/urllib3/issues/3743&gt;</code>__)</li> <li>Fixed <code>urllib3.connection.VerifiedHTTPSConnection</code> on Emscripten. (<code>[#3752](https://github.com/urllib3/urllib3/issues/3752) &lt;https://github.com/urllib3/urllib3/issues/3752&gt;</code>__)</li> </ul> <h1>2.6.2 (2025-12-11)</h1> <ul> <li>Fixed <code>HTTPResponse.read_chunked()</code> to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (<code>[#3734](https://github.com/urllib3/urllib3/issues/3734) &lt;https://github.com/urllib3/urllib3/issues/3734&gt;</code>__)</li> </ul> <h1>2.6.1 (2025-12-08)</h1> <ul> <li>Restore previously removed <code>HTTPResponse.getheaders()</code> and <code>HTTPResponse.getheader()</code> methods. (<code>[#3731](https://github.com/urllib3/urllib3/issues/3731) &lt;https://github.com/urllib3/urllib3/issues/3731&gt;</code>__)</li> </ul> <h1>2.6.0 (2025-12-05)</h1> <h2>Security</h2> <ul> <li>Fixed a security issue where streaming API could improperly handle highly compressed HTTP content (&quot;decompression bombs&quot;) leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (<code>GHSA-2xpw-w6gg-jr37 &lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37&gt;</code>__)</li> <li>Fixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the <code>Content-Encoding</code> header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (<code>GHSA-gm62-xv2j-4w53 &lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53&gt;</code>__)</li> </ul> <p>.. caution::</p> <ul> <li>If urllib3 is not installed with the optional <code>urllib3[brotli]</code> extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to benefit from the security fixes and avoid warnings. Prefer using</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/urllib3/urllib3/commit/0248277dd7ac0239204889ca991353ad3e3a1ddc"><code>0248277</code></a> Release 2.6.3</li> <li><a href="https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b"><code>8864ac4</code></a> Merge commit from fork</li> <li><a href="https://github.com/urllib3/urllib3/commit/70cecb27ca99d56aaaeb63ac27ee270ef2b24c5c"><code>70cecb2</code></a> Fix Scorecard issues related to vulnerable dev dependencies (<a href="https://redirect.github.com/urllib3/urllib3/issues/3755">#3755</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/41f249abe1ef3e20768588969c4035aba060a359"><code>41f249a</code></a> Move &quot;v2.0 Migration Guide&quot; to the end of the table of contents (<a href="https://redirect.github.com/urllib3/urllib3/issues/3747">#3747</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/fd4dffd2fc544166b76151a2fa3d7b7c0eab540c"><code>fd4dffd</code></a> Patch <code>VerifiedHTTPSConnection</code> for Emscripten (<a href="https://redirect.github.com/urllib3/urllib3/issues/3752">#3752</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/13f0bfd55e4468fe1ea9c6f809d3a87b0f93ebab"><code>13f0bfd</code></a> Handle massive values in Retry-After when calculating time to sleep for (<a href="https://redirect.github.com/urllib3/urllib3/issues/3743">#3743</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/8c480bf87bcefd321b3a1ae47f04e908b6b2ed7b"><code>8c480bf</code></a> Bump actions/upload-artifact from 5.0.0 to 6.0.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3748">#3748</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/4b40616e959c0a2c466e8075f2a785a9f99bb0c1"><code>4b40616</code></a> Bump actions/cache from 4.3.0 to 5.0.1 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3750">#3750</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/82b8479663d037d220c883f1584dd01a43bb273b"><code>82b8479</code></a> Bump actions/download-artifact from 6.0.0 to 7.0.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3749">#3749</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/34284cb01700bb7d4fdd472f909e22393e9174e2"><code>34284cb</code></a> Mention experimental features in the security policy (<a href="https://redirect.github.com/urllib3/urllib3/issues/3746">#3746</a>)</li> <li>Additional commits viewable in <a href="https://github.com/urllib3/urllib3/compare/2.3.0...2.6.3">compare view</a></li> </ul> </details> <br /> Updates `h11` from 0.14.0 to 0.16.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/python-hyper/h11/commit/1c5b07581f058886c8bdd87adababd7d959dc7ca"><code>1c5b075</code></a> this time for surer</li> <li><a href="https://github.com/python-hyper/h11/commit/d9c369935e853a7ee1aeb7e481f6dddf9b9c9b8a"><code>d9c3699</code></a> this time for sure...</li> <li><a href="https://github.com/python-hyper/h11/commit/d91b9dd2290a25c8c3f5ec15feb57de5873e6e39"><code>d91b9dd</code></a> blacken</li> <li><a href="https://github.com/python-hyper/h11/commit/5a4683ca466b59bbab9b19cfea20ee157b31cee0"><code>5a4683c</code></a> Soothe mypy</li> <li><a href="https://github.com/python-hyper/h11/commit/9c9567f0a92d13a83a8d8ebdbc757c8c2d384536"><code>9c9567f</code></a> Bump version to 0.16.0</li> <li><a href="https://github.com/python-hyper/h11/commit/114803a29ce50116dc47951c690ad4892b1a36ed"><code>114803a</code></a> Merge commit from fork</li> <li><a href="https://github.com/python-hyper/h11/commit/9462006f6ce4941661888228cbd4ac1ea80689b0"><code>9462006</code></a> Bump version to 0.15.0</li> <li><a href="https://github.com/python-hyper/h11/commit/70a96bea8e55403e5d92db14c111432c6d7a8685"><code>70a96be</code></a> Merge pull request <a href="https://redirect.github.com/python-hyper/h11/issues/181">#181</a> from Julien00859/Julien00859/get_int_max_str_digits</li> <li><a href="https://github.com/python-hyper/h11/commit/60782ad107e538b9312aac7e1c119c8358bf797c"><code>60782ad</code></a> Reject Content-Length longer 1 billion TB</li> <li><a href="https://github.com/python-hyper/h11/commit/dff7cc397a26ed4acdedd92d1bda6c8f18a6ed9f"><code>dff7cc3</code></a> Validate Chunked-Encoding chunk footer</li> <li>Additional commits viewable in <a href="https://github.com/python-hyper/h11/compare/v0.14.0...v0.16.0">compare view</a></li> </ul> </details> <br /> Updates `orjson` from 3.10.14 to 3.11.6 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ijl/orjson/releases">orjson's releases</a>.</em></p> <blockquote> <h2>3.11.6</h2> <h3>Changed</h3> <ul> <li>orjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).</li> <li>Drop support for Python 3.9.</li> <li>ABI compatibility with CPython 3.15 alpha 5.</li> <li>Build now depends on Rust 1.89 or later instead of 1.85.</li> </ul> <h3>Fixed</h3> <ul> <li>Fix sporadic crash serializing deeply nested <code>list</code> of <code>dict</code>.</li> </ul> <h2>3.11.5</h2> <h3>Changed</h3> <ul> <li>Show simple error message instead of traceback when attempting to build on unsupported Python versions.</li> </ul> <h2>3.11.4</h2> <h3>Changed</h3> <ul> <li>ABI compa…
1 parent fb80d32 commit dea1e9c

File tree

5 files changed

+975
-575
lines changed

5 files changed

+975
-575
lines changed

0 commit comments

Comments
 (0)