mirror of
https://github.com/element-hq/synapse.git
synced 2026-03-30 21:35:53 +00:00
develop
793 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
dependabot[bot]
|
f490c49c85 |
Bump pyasn1 from 0.6.2 to 0.6.3 (#19584)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Quentin Gliech
|
6a63f0dcd7 |
Migrate dev dependencies to PEP 735 dependency groups (#19490)
This moves the dev dependencies to PEP 735 dependency groups, to help us move to standard project metadata, which will help us moving to `uv` (#19566) This requires poetry 2.2.0 |
||
|
dependabot[bot]
|
cdd261b1c6 |
Bump pyopenssl from 25.3.0 to 26.0.0 (#19574)
Bumps [pyopenssl](https://github.com/pyca/pyopenssl) from 25.3.0 to 26.0.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst">pyopenssl's changelog</a>.</em></p> <blockquote> <h2>26.0.0 (2026-03-15)</h2> <p>Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^</p> <ul> <li>Dropped support for Python 3.7.</li> <li>The minimum <code>cryptography</code> version is now 46.0.0.</li> </ul> <p>Deprecations: ^^^^^^^^^^^^^</p> <p>Changes: ^^^^^^^^</p> <ul> <li>Added support for using aws-lc instead of OpenSSL.</li> <li>Properly raise an error if a DTLS cookie callback returned a cookie longer than <code>DTLS1_COOKIE_LENGTH</code> bytes. Previously this would result in a buffer-overflow. Credit to <strong>dark_haxor</strong> for reporting the issue. <strong>CVE-2026-27459</strong></li> <li>Added <code>OpenSSL.SSL.Connection.get_group_name</code> to determine which group name was negotiated.</li> <li><code>Context.set_tlsext_servername_callback</code> now handles exceptions raised in the callback by calling <code>sys.excepthook</code> and returning a fatal TLS alert. Previously, exceptions were silently swallowed and the handshake would proceed as if the callback had succeeded. Credit to <strong>Leury Castillo</strong> for reporting this issue. <strong>CVE-2026-27448</strong></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
eedd4c8796 |
Bump pyjwt from 2.11.0 to 2.12.0 (#19560)
Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.11.0 to 2.12.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/jpadilla/pyjwt/releases">pyjwt's releases</a>.</em></p> <blockquote> <h2>2.12.0</h2> <h2>Security</h2> <ul> <li>Validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. by <a href="https://github.com/dmbs335"><code>@dmbs335</code></a> in <a href="https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f">GHSA-752w-5fwx-jx9f</a></li> </ul> <h2>What's Changed</h2> <ul> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a>[bot] in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1132">jpadilla/pyjwt#1132</a></li> <li>chore(docs): fix docs build by <a href="https://github.com/tamird"><code>@tamird</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1137">jpadilla/pyjwt#1137</a></li> <li>Annotate PyJWKSet.keys for pyright by <a href="https://github.com/tamird"><code>@tamird</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1134">jpadilla/pyjwt#1134</a></li> <li>fix: close HTTPError to prevent ResourceWarning on Python 3.14 by <a href="https://github.com/veeceey"><code>@veeceey</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1133">jpadilla/pyjwt#1133</a></li> <li>chore: remove superfluous constants by <a href="https://github.com/tamird"><code>@tamird</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1136">jpadilla/pyjwt#1136</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a>[bot] in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1135">jpadilla/pyjwt#1135</a></li> <li>chore(tests): enable mypy by <a href="https://github.com/tamird"><code>@tamird</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1138">jpadilla/pyjwt#1138</a></li> <li>Bump actions/download-artifact from 7 to 8 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1142">jpadilla/pyjwt#1142</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a>[bot] in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1141">jpadilla/pyjwt#1141</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a>[bot] in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1145">jpadilla/pyjwt#1145</a></li> <li>fix: do not store reference to algorithms dict on PyJWK by <a href="https://github.com/akx"><code>@akx</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1143">jpadilla/pyjwt#1143</a></li> <li>Use PyJWK algorithm when encoding without explicit algorithm by <a href="https://github.com/jpadilla"><code>@jpadilla</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1148">jpadilla/pyjwt#1148</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/tamird"><code>@tamird</code></a> made their first contribution in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1137">jpadilla/pyjwt#1137</a></li> <li><a href="https://github.com/veeceey"><code>@veeceey</code></a> made their first contribution in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1133">jpadilla/pyjwt#1133</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/jpadilla/pyjwt/compare/2.11.0...2.12.0">https://github.com/jpadilla/pyjwt/compare/2.11.0...2.12.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst">pyjwt's changelog</a>.</em></p> <blockquote> <h2><code>v2.12.0 <https://github.com/jpadilla/pyjwt/compare/2.11.0...2.12.0></code>__</h2> <p>Fixed</p> <pre><code> - Annotate PyJWKSet.keys for pyright by @tamird in `[#1134](https://github.com/jpadilla/pyjwt/issues/1134) <https://github.com/jpadilla/pyjwt/pull/1134>`__ - Close ``HTTPError`` response to prevent ``ResourceWarning`` on Python 3.14 by @veeceey in `[#1133](https://github.com/jpadilla/pyjwt/issues/1133) <https://github.com/jpadilla/pyjwt/pull/1133>`__ - Do not keep ``algorithms`` dict in PyJWK instances by @akx in `[#1143](https://github.com/jpadilla/pyjwt/issues/1143) <https://github.com/jpadilla/pyjwt/pull/1143>`__ - Validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. by @dmbs335 in `GHSA-752w-5fwx-jx9f <https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f>`__ - Use PyJWK algorithm when encoding without explicit algorithm in `[#1148](https://github.com/jpadilla/pyjwt/issues/1148) <https://github.com/jpadilla/pyjwt/pull/1148>`__ <p>Added </code></pre></p> <ul> <li>Docs: Add <code>PyJWKClient</code> API reference and document the two-tier caching system (JWK Set cache and signing key LRU cache).</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
18f717d717 |
Bump tornado from 6.5.4 to 6.5.5 (#19551)
Bumps [tornado](https://github.com/tornadoweb/tornado) from 6.5.4 to 6.5.5. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/tornadoweb/tornado/blob/master/docs/releases.rst">tornado's changelog</a>.</em></p> <blockquote> <h1>Release notes</h1> <p>.. toctree:: :maxdepth: 2</p> <p>releases/v6.5.5 releases/v6.5.4 releases/v6.5.3 releases/v6.5.2 releases/v6.5.1 releases/v6.5.0 releases/v6.4.2 releases/v6.4.1 releases/v6.4.0 releases/v6.3.3 releases/v6.3.2 releases/v6.3.1 releases/v6.3.0 releases/v6.2.0 releases/v6.1.0 releases/v6.0.4 releases/v6.0.3 releases/v6.0.2 releases/v6.0.1 releases/v6.0.0 releases/v5.1.1 releases/v5.1.0 releases/v5.0.2 releases/v5.0.1 releases/v5.0.0 releases/v4.5.3 releases/v4.5.2 releases/v4.5.1 releases/v4.5.0 releases/v4.4.3 releases/v4.4.2 releases/v4.4.1 releases/v4.4.0 releases/v4.3.0 releases/v4.2.1 releases/v4.2.0 releases/v4.1.0 releases/v4.0.2 releases/v4.0.1 releases/v4.0.0 releases/v3.2.2 releases/v3.2.1 releases/v3.2.0 releases/v3.1.1</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Quentin Gliech
|
59c9e92aed | Merge branch 'master' into develop | ||
|
Andrew Morgan
|
f37a30d7c5 |
Bump matrix-synapse-ldap3 to v0.4.0 in poetry.lock (#19543)
To address https://github.com/element-hq/synapse/issues/19541 ### Pull Request Checklist <!-- Please read https://element-hq.github.io/synapse/latest/development/contributing_guide.html before submitting your pull request --> * [x] Pull request is based on the develop branch * [x] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [x] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters)) |
||
|
Quentin Gliech
|
16125cecd2 |
Remove the optional systemd-python dependency (#19491)
Summary - drop the `systemd` extra from `pyproject.toml` and the `systemd-python` optional dependency - this means we don't ship the journald log handler, so it clarifies the docs how to install that in the venv - ensure the Debian virtualenv build keeps shipping `systemd-python>=231` in the venv, so the packaged log config can keep using `systemd.journal.JournalHandler` Context of this is the following: > Today in my 'how hard would it be to move to uv' journey: https://github.com/systemd/python-systemd/issues/167 > > The gist of it is that uv really wants to create a universal lock file, which means it needs to be able to resolve the package metadata, even for packages locked for other platforms. In the case of systemd-python, they use mesonpy as build backend, which doesn't implement prepare_metadata_for_build_wheel, which means it needs to run meson to be able to resolve the package metadata. And it will hard-fail if libsystemd dev headers aren't available 😭 > > [*message in #synapse-dev:matrix.org*](https://matrix.to/#/!i5D5LLct_DYG-4hQprLzrxdbZ580U9UB6AEgFnk6rZQ/$OKLB3TJVXAwq43sAZFJ-_PvMMzl4P_lWmSAtlmsoMuM?via=element.io&via=matrix.org&via=beeper.com) |
||
|
Quentin Gliech
|
094a48efb5 |
Bump all locked dependencies to their latest versions. (#19519)
This is a manual lock bump, as it looks like Dependabot is currently timing out updating dependencies. This should hopefully unlock it, as it will have fewer dependencies to update. Two outstanding exceptions: - pympler upgrade adds a pywin32 deps, which is missing sdist (so CI is complaining) - pysaml2 for some unknown reason pinned the MAX version of pyopenssl, which duplicates pyopenssl and cryptography, which obviously breaks stuff |
||
|
dependabot[bot]
|
0ac772f082 |
Bump pillow from 12.0.0 to 12.1.1 (#19454)
Bumps [pillow](https://github.com/python-pillow/Pillow) from 12.0.0 to 12.1.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/python-pillow/Pillow/releases">pillow's releases</a>.</em></p> <blockquote> <h2>12.1.1</h2> <p><a href="https://pillow.readthedocs.io/en/stable/releasenotes/12.1.1.html">https://pillow.readthedocs.io/en/stable/releasenotes/12.1.1.html</a></p> <h2>Dependencies</h2> <ul> <li>Patch libavif for svt-av1 4.0 compatibility <a href="https://redirect.github.com/python-pillow/Pillow/issues/9413">#9413</a> [<a href="https://github.com/hugovk"><code>@hugovk</code></a>]</li> </ul> <h2>Other changes</h2> <ul> <li>Fix OOB Write with invalid tile extents <a href="https://redirect.github.com/python-pillow/Pillow/issues/9427">#9427</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> </ul> <h2>12.1.0</h2> <p><a href="https://pillow.readthedocs.io/en/stable/releasenotes/12.1.0.html">https://pillow.readthedocs.io/en/stable/releasenotes/12.1.0.html</a></p> <h2>Deprecations</h2> <ul> <li>Deprecate getdata(), in favour of new get_flattened_data() <a href="https://redirect.github.com/python-pillow/Pillow/issues/9292">#9292</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> </ul> <h2>Documentation</h2> <ul> <li>Specify APNG duration type when opening <a href="https://redirect.github.com/python-pillow/Pillow/issues/9368">#9368</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Added release notes for <a href="https://redirect.github.com/python-pillow/Pillow/issues/9350">#9350</a> <a href="https://redirect.github.com/python-pillow/Pillow/issues/9366">#9366</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Update ImageMorph documentation <a href="https://redirect.github.com/python-pillow/Pillow/issues/9349">#9349</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Docs: update major bump cadence <a href="https://redirect.github.com/python-pillow/Pillow/issues/9334">#9334</a> [<a href="https://github.com/hugovk"><code>@hugovk</code></a>]</li> <li>Add release notes for <a href="https://redirect.github.com/python-pillow/Pillow/issues/9070">#9070</a> <a href="https://redirect.github.com/python-pillow/Pillow/issues/9320">#9320</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Updated Ubuntu version <a href="https://redirect.github.com/python-pillow/Pillow/issues/9306">#9306</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Update macOS tested Pillow versions <a href="https://redirect.github.com/python-pillow/Pillow/issues/9265">#9265</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> </ul> <h2>Dependencies</h2> <ul> <li>Update harfbuzz to 12.3.0 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9355">#9355</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Update xz to 5.8.2 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9343">#9343</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Updated libjpeg-turbo to 3.1.3 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9333">#9333</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Updated zlib-ng to 2.3.2 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9324">#9324</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Updated libpng to 1.6.53 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9325">#9325</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Update actions/checkout action to v6 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9323">#9323</a> [@<a href="https://github.com/apps/renovate">renovate[bot]</a>]</li> <li>Update dependency mypy to v1.19.0 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9322">#9322</a> [@<a href="https://github.com/apps/renovate">renovate[bot]</a>]</li> <li>Updated libpng to 1.6.51 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9305">#9305</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Updated brotli to 1.2.0 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9284">#9284</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Update libimagequant to 4.4.1 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9301">#9301</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Update zlib-ng to 2.3.1, except on manylinux2014 aarch64 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9312">#9312</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Updated harfbuzz to 12.2.0 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9289">#9289</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Update github-actions <a href="https://redirect.github.com/python-pillow/Pillow/issues/9277">#9277</a> [@<a href="https://github.com/apps/renovate">renovate[bot]</a>]</li> </ul> <h2>Testing</h2> <ul> <li>Replace pre-commit with prek <a href="https://redirect.github.com/python-pillow/Pillow/issues/9360">#9360</a> [<a href="https://github.com/hugovk"><code>@hugovk</code></a>]</li> <li>Test PyQt6 on Python 3.14 on Windows <a href="https://redirect.github.com/python-pillow/Pillow/issues/9353">#9353</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Test 32-bit Windows on Windows Server 2022 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9345">#9345</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Correct variable type <a href="https://redirect.github.com/python-pillow/Pillow/issues/9335">#9335</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
a52ffd67e0 |
Bump cryptography from 46.0.3 to 46.0.5 (#19450)
Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.3 to 46.0.5. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst">cryptography's changelog</a>.</em></p> <blockquote> <p>46.0.5 - 2026-02-10</p> <pre><code> * An attacker could create a malicious public key that reveals portions of your private key when using certain uncommon elliptic curves (binary curves). This version now includes additional security checks to prevent this attack. This issue only affects binary elliptic curves, which are rarely used in real-world applications. Credit to **XlabAI Team of Tencent Xuanwu Lab and Atuin Automated Vulnerability Discovery Engine** for reporting the issue. **CVE-2026-26007** * Support for ``SECT*`` binary elliptic curves is deprecated and will be removed in the next release. <p>.. v46-0-4:</p> <p>46.0.4 - 2026-01-27<br /> </code></pre></p> <ul> <li><code>Dropped support for win_arm64 wheels</code>_.</li> <li>Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.</li> </ul> <p>.. _v46-0-3:</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
ede0f4f56b |
Bump python-multipart from 0.0.20 to 0.0.22 (#19411)
Bumps [python-multipart](https://github.com/Kludex/python-multipart) from 0.0.20 to 0.0.22. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/Kludex/python-multipart/releases">python-multipart's releases</a>.</em></p> <blockquote> <h2>Version 0.0.22</h2> <h2>What's Changed</h2> <ul> <li>Drop directory path from filename in <code>File</code> <a href=" |
||
|
dependabot[bot]
|
cb376ee73b |
Bump pyasn1 from 0.6.1 to 0.6.2 (#19387)
Bumps [pyasn1](https://github.com/pyasn1/pyasn1) from 0.6.1 to 0.6.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pyasn1/pyasn1/releases">pyasn1's releases</a>.</em></p> <blockquote> <h2>Release 0.6.2</h2> <p>It's a minor release.</p> <ul> <li>Fixed continuation octet limits in OID/RELATIVE-OID decoder (CVE-2026-23490).</li> <li>Added support for Python 3.14.</li> <li>Added SECURITY.md policy.</li> <li>Migrated to pyproject.toml packaging.</li> </ul> <p>All changes are noted in the <a href="https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst">CHANGELOG</a>.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst">pyasn1's changelog</a>.</em></p> <blockquote> <h2>Revision 0.6.2, released 16-01-2026</h2> <ul> <li>CVE-2026-23490 (GHSA-63vm-454h-vhhq): Fixed continuation octet limits in OID/RELATIVE-OID decoder (thanks to tsigouris007)</li> <li>Added support for Python 3.14 [pr <a href="https://redirect.github.com/pyasn1/pyasn1/issues/97">#97</a>](<a href="https://redirect.github.com/pyasn1/pyasn1/pull/97">pyasn1/pyasn1#97</a>)</li> <li>Added SECURITY.md policy</li> <li>Fixed unit tests failing due to missing code [issue <a href="https://redirect.github.com/pyasn1/pyasn1/issues/91">#91</a>](<a href="https://redirect.github.com/pyasn1/pyasn1/issues/91">pyasn1/pyasn1#91</a>) [pr <a href="https://redirect.github.com/pyasn1/pyasn1/issues/92">#92</a>](<a href="https://redirect.github.com/pyasn1/pyasn1/pull/92">pyasn1/pyasn1#92</a>)</li> <li>Migrated to pyproject.toml packaging [pr <a href="https://redirect.github.com/pyasn1/pyasn1/issues/90">#90</a>](<a href="https://redirect.github.com/pyasn1/pyasn1/pull/90">pyasn1/pyasn1#90</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
5a3362c012 |
Bump authlib from 1.6.5 to 1.6.6 (#19363)
Bumps [authlib](https://github.com/authlib/authlib) from 1.6.5 to 1.6.6. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/authlib/authlib/blob/main/docs/changelog.rst">authlib's changelog</a>.</em></p> <blockquote> <h2>Version 1.6.6</h2> <p><strong>Released on Dec 12, 2025</strong></p> <ul> <li><code>get_jwt_config</code> takes a <code>client</code> parameter, :pr:<code>844</code>.</li> <li>Fix incorrect signature when <code>Content-Type</code> is x-www-form-urlencoded for OAuth 1.0 Client, :pr:<code>778</code>.</li> <li>Use <code>expires_in</code> in <code>OAuth2Token</code> when <code>expires_at</code> is unparsable, :pr:<code>842</code>.</li> <li>Always track <code>state</code> in session for OAuth client integrations.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
da7b32e8df |
Bump urllib3 from 2.6.0 to 2.6.3 (#19361)
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.6.0 to 2.6.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/releases">urllib3's releases</a>.</em></p> <blockquote> <h2>2.6.3</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h2>Changes</h2> <ul> <li>Fixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by <a href="https://github.com/D47A"><code>@D47A</code></a>, 8.9 High, GHSA-38jv-5279-wg99)</li> <li>Started treating <code>Retry-After</code> times greater than 6 hours as 6 hours by default. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3743">urllib3/urllib3#3743</a>)</li> <li>Fixed <code>urllib3.connection.VerifiedHTTPSConnection</code> on Emscripten. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3752">urllib3/urllib3#3752</a>)</li> </ul> <h2>2.6.2</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h2>Changes</h2> <ul> <li>Fixed <code>HTTPResponse.read_chunked()</code> to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3734">urllib3/urllib3#3734</a>)</li> </ul> <h2>2.6.1</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h2>Changes</h2> <ul> <li>Restore previously removed <code>HTTPResponse.getheaders()</code> and <code>HTTPResponse.getheader()</code> methods. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3731">#3731</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's changelog</a>.</em></p> <blockquote> <h1>2.6.3 (2026-01-07)</h1> <ul> <li>Fixed a high-severity security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (<code>GHSA-38jv-5279-wg99 <https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99></code>__)</li> <li>Started treating <code>Retry-After</code> times greater than 6 hours as 6 hours by default. (<code>[#3743](https://github.com/urllib3/urllib3/issues/3743) <https://github.com/urllib3/urllib3/issues/3743></code>__)</li> <li>Fixed <code>urllib3.connection.VerifiedHTTPSConnection</code> on Emscripten. (<code>[#3752](https://github.com/urllib3/urllib3/issues/3752) <https://github.com/urllib3/urllib3/issues/3752></code>__)</li> </ul> <h1>2.6.2 (2025-12-11)</h1> <ul> <li>Fixed <code>HTTPResponse.read_chunked()</code> to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (<code>[#3734](https://github.com/urllib3/urllib3/issues/3734) <https://github.com/urllib3/urllib3/issues/3734></code>__)</li> </ul> <h1>2.6.1 (2025-12-08)</h1> <ul> <li>Restore previously removed <code>HTTPResponse.getheaders()</code> and <code>HTTPResponse.getheader()</code> methods. (<code>[#3731](https://github.com/urllib3/urllib3/issues/3731) <https://github.com/urllib3/urllib3/issues/3731></code>__)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
18ef7f3085 |
Bump pynacl from 1.5.0 to 1.6.2 (#19350)
Bumps [pynacl](https://github.com/pyca/pynacl) from 1.5.0 to 1.6.2. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pyca/pynacl/blob/main/CHANGELOG.rst">pynacl's changelog</a>.</em></p> <blockquote> <h2>1.6.2 (2026-01-01)</h2> <ul> <li>Updated <code>libsodium</code> to 1.0.20-stable (2025-12-31 build) to resolve <code>CVE-2025-69277</code>.</li> </ul> <h2>1.6.1 (2025-11-10)</h2> <ul> <li>The <code>MAKE</code> environment variable can now be used to specify the <code>make</code> binary that should be used in the build process.</li> </ul> <h2>1.6.0 (2025-09-11)</h2> <ul> <li><strong>BACKWARDS INCOMPATIBLE:</strong> Removed support for Python 3.6 and 3.7.</li> <li>Added support for the low level AEAD AES bindings.</li> <li>Added support for <code>crypto_core_ed25519_from_uniform</code>.</li> <li>Update <code>libsodium</code> to 1.0.20-stable (2025-08-27 build).</li> <li>Added support for free-threaded Python 3.14.</li> <li>Added support for Windows on ARM wheels.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Devon Hudson
|
df24e0f302 |
Fix support for older versions of zope-interface (#19274)
Fixes #19269 Versions of zope-interface from RHEL, Ubuntu LTS 22 & 24 and OpenSuse don't support the new python union `X | Y` syntax for interfaces. This PR partially reverts the change over to fully use the new syntax, adds a minimum supported version of zope-interface to Synapse's dependency list, and removes the linter auto-upgrades which prefer the newer syntax. ### Pull Request Checklist <!-- Please read https://element-hq.github.io/synapse/latest/development/contributing_guide.html before submitting your pull request --> * [X] Pull request is based on the develop branch * [X] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [X] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters)) --------- Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> |
||
|
Devon Hudson
|
cdf286d405 |
Use uv to test full set of minimum deps in CI (#19289)
Stemming from #19274 this updates the `olddeps` CI to test against not just the minimum version of our explicit dependencies, but also the minimum version of all implicit (transitive) dependencies that are pulled in from the explicit dependencies themselves. ### Pull Request Checklist <!-- Please read https://element-hq.github.io/synapse/latest/development/contributing_guide.html before submitting your pull request --> * [X] Pull request is based on the develop branch * [X] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [X] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters)) |
||
|
dependabot[bot]
|
ba774e2311 |
Bump ruff from 0.14.5 to 0.14.6 in the minor-and-patches group across 1 directory (#19296)
Bumps the minor-and-patches group with 1 update in the / directory: [ruff](https://github.com/astral-sh/ruff). Updates `ruff` from 0.14.5 to 0.14.6 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/astral-sh/ruff/releases">ruff's releases</a>.</em></p> <blockquote> <h2>0.14.6</h2> <h2>Release Notes</h2> <p>Released on 2025-11-21.</p> <h3>Preview features</h3> <ul> <li>[<code>flake8-bandit</code>] Support new PySNMP API paths (<code>S508</code>, <code>S509</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/21374">#21374</a>)</li> </ul> <h3>Bug fixes</h3> <ul> <li>Adjust own-line comment placement between branches (<a href="https://redirect.github.com/astral-sh/ruff/pull/21185">#21185</a>)</li> <li>Avoid syntax error when formatting attribute expressions with outer parentheses, parenthesized value, and trailing comment on value (<a href="https://redirect.github.com/astral-sh/ruff/pull/20418">#20418</a>)</li> <li>Fix panic when formatting comments in unary expressions (<a href="https://redirect.github.com/astral-sh/ruff/pull/21501">#21501</a>)</li> <li>Respect <code>fmt: skip</code> for compound statements on a single line (<a href="https://redirect.github.com/astral-sh/ruff/pull/20633">#20633</a>)</li> <li>[<code>refurb</code>] Fix <code>FURB103</code> autofix (<a href="https://redirect.github.com/astral-sh/ruff/pull/21454">#21454</a>)</li> <li>[<code>ruff</code>] Fix false positive for complex conversion specifiers in <code>logging-eager-conversion</code> (<code>RUF065</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/21464">#21464</a>)</li> </ul> <h3>Rule changes</h3> <ul> <li>[<code>ruff</code>] Avoid false positive on <code>ClassVar</code> reassignment (<code>RUF012</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/21478">#21478</a>)</li> </ul> <h3>CLI</h3> <ul> <li>Render hyperlinks for lint errors (<a href="https://redirect.github.com/astral-sh/ruff/pull/21514">#21514</a>)</li> <li>Add a <code>ruff analyze</code> option to skip over imports in <code>TYPE_CHECKING</code> blocks (<a href="https://redirect.github.com/astral-sh/ruff/pull/21472">#21472</a>)</li> </ul> <h3>Documentation</h3> <ul> <li>Limit <code>eglot-format</code> hook to eglot-managed Python buffers (<a href="https://redirect.github.com/astral-sh/ruff/pull/21459">#21459</a>)</li> <li>Mention <code>force-exclude</code> in "Configuration > Python file discovery" (<a href="https://redirect.github.com/astral-sh/ruff/pull/21500">#21500</a>)</li> </ul> <h3>Contributors</h3> <ul> <li><a href="https://github.com/ntBre"><code>@ntBre</code></a></li> <li><a href="https://github.com/dylwil3"><code>@dylwil3</code></a></li> <li><a href="https://github.com/gauthsvenkat"><code>@gauthsvenkat</code></a></li> <li><a href="https://github.com/MichaReiser"><code>@MichaReiser</code></a></li> <li><a href="https://github.com/thamer"><code>@thamer</code></a></li> <li><a href="https://github.com/Ruchir28"><code>@Ruchir28</code></a></li> <li><a href="https://github.com/thejcannon"><code>@thejcannon</code></a></li> <li><a href="https://github.com/danparizher"><code>@danparizher</code></a></li> <li><a href="https://github.com/chirizxc"><code>@chirizxc</code></a></li> </ul> <h2>Install ruff 0.14.6</h2> <h3>Install prebuilt binaries via shell script</h3> <pre lang="sh"><code>curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/ruff/releases/download/0.14.6/ruff-installer.sh | sh </tr></table> </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md">ruff's changelog</a>.</em></p> <blockquote> <h2>0.14.6</h2> <p>Released on 2025-11-21.</p> <h3>Preview features</h3> <ul> <li>[<code>flake8-bandit</code>] Support new PySNMP API paths (<code>S508</code>, <code>S509</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/21374">#21374</a>)</li> </ul> <h3>Bug fixes</h3> <ul> <li>Adjust own-line comment placement between branches (<a href="https://redirect.github.com/astral-sh/ruff/pull/21185">#21185</a>)</li> <li>Avoid syntax error when formatting attribute expressions with outer parentheses, parenthesized value, and trailing comment on value (<a href="https://redirect.github.com/astral-sh/ruff/pull/20418">#20418</a>)</li> <li>Fix panic when formatting comments in unary expressions (<a href="https://redirect.github.com/astral-sh/ruff/pull/21501">#21501</a>)</li> <li>Respect <code>fmt: skip</code> for compound statements on a single line (<a href="https://redirect.github.com/astral-sh/ruff/pull/20633">#20633</a>)</li> <li>[<code>refurb</code>] Fix <code>FURB103</code> autofix (<a href="https://redirect.github.com/astral-sh/ruff/pull/21454">#21454</a>)</li> <li>[<code>ruff</code>] Fix false positive for complex conversion specifiers in <code>logging-eager-conversion</code> (<code>RUF065</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/21464">#21464</a>)</li> </ul> <h3>Rule changes</h3> <ul> <li>[<code>ruff</code>] Avoid false positive on <code>ClassVar</code> reassignment (<code>RUF012</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/21478">#21478</a>)</li> </ul> <h3>CLI</h3> <ul> <li>Render hyperlinks for lint errors (<a href="https://redirect.github.com/astral-sh/ruff/pull/21514">#21514</a>)</li> <li>Add a <code>ruff analyze</code> option to skip over imports in <code>TYPE_CHECKING</code> blocks (<a href="https://redirect.github.com/astral-sh/ruff/pull/21472">#21472</a>)</li> </ul> <h3>Documentation</h3> <ul> <li>Limit <code>eglot-format</code> hook to eglot-managed Python buffers (<a href="https://redirect.github.com/astral-sh/ruff/pull/21459">#21459</a>)</li> <li>Mention <code>force-exclude</code> in "Configuration > Python file discovery" (<a href="https://redirect.github.com/astral-sh/ruff/pull/21500">#21500</a>)</li> </ul> <h3>Contributors</h3> <ul> <li><a href="https://github.com/ntBre"><code>@ntBre</code></a></li> <li><a href="https://github.com/dylwil3"><code>@dylwil3</code></a></li> <li><a href="https://github.com/gauthsvenkat"><code>@gauthsvenkat</code></a></li> <li><a href="https://github.com/MichaReiser"><code>@MichaReiser</code></a></li> <li><a href="https://github.com/thamer"><code>@thamer</code></a></li> <li><a href="https://github.com/Ruchir28"><code>@Ruchir28</code></a></li> <li><a href="https://github.com/thejcannon"><code>@thejcannon</code></a></li> <li><a href="https://github.com/danparizher"><code>@danparizher</code></a></li> <li><a href="https://github.com/chirizxc"><code>@chirizxc</code></a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
09fd2645c2 |
Bump urllib3 from 2.5.0 to 2.6.0 (#19282)
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.5.0 to 2.6.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/releases">urllib3's releases</a>.</em></p> <blockquote> <h2>2.6.0</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h2>Security</h2> <ul> <li>Fixed a security issue where streaming API could improperly handle highly compressed HTTP content ("decompression bombs") leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (CVE-2025-66471 reported by <a href="https://github.com/Cycloctane"><code>@Cycloctane</code></a>, 8.9 High, GHSA-2xpw-w6gg-jr37)</li> <li>Fixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the <code>Content-Encoding</code> header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (CVE-2025-66418 reported by <a href="https://github.com/illia-v"><code>@illia-v</code></a>, 8.9 High, GHSA-gm62-xv2j-4w53)</li> </ul> <blockquote> <p>[!IMPORTANT]</p> <ul> <li>If urllib3 is not installed with the optional <code>urllib3[brotli]</code> extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to benefit from the security fixes and avoid warnings. Prefer using <code>urllib3[brotli]</code> to install a compatible Brotli package automatically.</li> <li>If you use custom decompressors, please make sure to update them to respect the changed API of <code>urllib3.response.ContentDecoder</code>.</li> </ul> </blockquote> <h2>Features</h2> <ul> <li>Enabled retrieval, deletion, and membership testing in <code>HTTPHeaderDict</code> using bytes keys. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3653">#3653</a>)</li> <li>Added host and port information to string representations of <code>HTTPConnection</code>. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3666">#3666</a>)</li> <li>Added support for Python 3.14 free-threading builds explicitly. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3696">#3696</a>)</li> </ul> <h2>Removals</h2> <ul> <li>Removed the <code>HTTPResponse.getheaders()</code> method in favor of <code>HTTPResponse.headers</code>. Removed the <code>HTTPResponse.getheader(name, default)</code> method in favor of <code>HTTPResponse.headers.get(name, default)</code>. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3622">#3622</a>)</li> </ul> <h2>Bugfixes</h2> <ul> <li>Fixed redirect handling in <code>urllib3.PoolManager</code> when an integer is passed for the retries parameter. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3649">#3649</a>)</li> <li>Fixed <code>HTTPConnectionPool</code> when used in Emscripten with no explicit port. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3664">#3664</a>)</li> <li>Fixed handling of <code>SSLKEYLOGFILE</code> with expandable variables. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3700">#3700</a>)</li> </ul> <h2>Misc</h2> <ul> <li>Changed the <code>zstd</code> extra to install <code>backports.zstd</code> instead of <code>zstandard</code> on Python 3.13 and before. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3693">#3693</a>)</li> <li>Improved the performance of content decoding by optimizing <code>BytesQueueBuffer</code> class. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3710">#3710</a>)</li> <li>Allowed building the urllib3 package with newer setuptools-scm v9.x. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3652">#3652</a>)</li> <li>Ensured successful urllib3 builds by setting Hatchling requirement to ≥ 1.27.0. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3638">#3638</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's changelog</a>.</em></p> <blockquote> <h1>2.6.0 (2025-12-05)</h1> <h2>Security</h2> <ul> <li>Fixed a security issue where streaming API could improperly handle highly compressed HTTP content ("decompression bombs") leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (<code>GHSA-2xpw-w6gg-jr37 <https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37></code>__)</li> <li>Fixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the <code>Content-Encoding</code> header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (<code>GHSA-gm62-xv2j-4w53 <https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53></code>__)</li> </ul> <p>.. caution::</p> <ul> <li> <p>If urllib3 is not installed with the optional <code>urllib3[brotli]</code> extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to benefit from the security fixes and avoid warnings. Prefer using <code>urllib3[brotli]</code> to install a compatible Brotli package automatically.</p> </li> <li> <p>If you use custom decompressors, please make sure to update them to respect the changed API of <code>urllib3.response.ContentDecoder</code>.</p> </li> </ul> <h2>Features</h2> <ul> <li>Enabled retrieval, deletion, and membership testing in <code>HTTPHeaderDict</code> using bytes keys. (<code>[#3653](https://github.com/urllib3/urllib3/issues/3653) <https://github.com/urllib3/urllib3/issues/3653></code>__)</li> <li>Added host and port information to string representations of <code>HTTPConnection</code>. (<code>[#3666](https://github.com/urllib3/urllib3/issues/3666) <https://github.com/urllib3/urllib3/issues/3666></code>__)</li> <li>Added support for Python 3.14 free-threading builds explicitly. (<code>[#3696](https://github.com/urllib3/urllib3/issues/3696) <https://github.com/urllib3/urllib3/issues/3696></code>__)</li> </ul> <h2>Removals</h2> <ul> <li>Removed the <code>HTTPResponse.getheaders()</code> method in favor of <code>HTTPResponse.headers</code>. Removed the <code>HTTPResponse.getheader(name, default)</code> method in favor of <code>HTTPResponse.headers.get(name, default)</code>. (<code>[#3622](https://github.com/urllib3/urllib3/issues/3622) <https://github.com/urllib3/urllib3/issues/3622></code>__)</li> </ul> <h2>Bugfixes</h2> <ul> <li>Fixed redirect handling in <code>urllib3.PoolManager</code> when an integer is passed for the retries parameter. (<code>[#3649](https://github.com/urllib3/urllib3/issues/3649) <https://github.com/urllib3/urllib3/issues/3649></code>__)</li> <li>Fixed <code>HTTPConnectionPool</code> when used in Emscripten with no explicit port. (<code>[#3664](https://github.com/urllib3/urllib3/issues/3664) <https://github.com/urllib3/urllib3/issues/3664></code>__)</li> <li>Fixed handling of <code>SSLKEYLOGFILE</code> with expandable variables. (<code>[#3700](https://github.com/urllib3/urllib3/issues/3700) <https://github.com/urllib3/urllib3/issues/3700></code>__)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
891983f3f4 |
Bump the minor-and-patches group with 3 updates (#19280)
Bumps the minor-and-patches group with 3 updates: [mypy](https://github.com/python/mypy), [mypy-zope](https://github.com/Shoobx/mypy-zope) and [phonenumbers](https://github.com/daviddrysdale/python-phonenumbers). Updates `mypy` from 1.17.1 to 1.18.2 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/python/mypy/blob/master/CHANGELOG.md">mypy's changelog</a>.</em></p> <blockquote> <h3>Mypy 1.18.2</h3> <ul> <li>Fix crash on recursive alias (Ivan Levkivskyi, PR <a href="https://redirect.github.com/python/mypy/pull/19845">19845</a>)</li> <li>Add additional guidance for stubtest errors when runtime is <code>object.__init__</code> (Stephen Morton, PR <a href="https://redirect.github.com/python/mypy/pull/19733">19733</a>)</li> <li>Fix handling of None values in f-string expressions in mypyc (BobTheBuidler, PR <a href="https://redirect.github.com/python/mypy/pull/19846">19846</a>)</li> </ul> <h3>Acknowledgements</h3> <p>Thanks to all mypy contributors who contributed to this release:</p> <ul> <li>Ali Hamdan</li> <li>Anthony Sottile</li> <li>BobTheBuidler</li> <li>Brian Schubert</li> <li>Chainfire</li> <li>Charlie Denton</li> <li>Christoph Tyralla</li> <li>CoolCat467</li> <li>Daniel Hnyk</li> <li>Emily</li> <li>Emma Smith</li> <li>Ethan Sarp</li> <li>Ivan Levkivskyi</li> <li>Jahongir Qurbonov</li> <li>Jelle Zijlstra</li> <li>Joren Hammudoglu</li> <li>Jukka Lehtosalo</li> <li>Marc Mueller</li> <li>Omer Hadari</li> <li>Piotr Sawicki</li> <li>PrinceNaroliya</li> <li>Randolf Scholz</li> <li>Robsdedude</li> <li>Saul Shanabrook</li> <li>Shantanu</li> <li>Stanislav Terliakov</li> <li>Stephen Morton</li> <li>wyattscarpenter</li> </ul> <p>I’d also like to thank my employer, Dropbox, for supporting mypy development.</p> <h2>Mypy 1.17</h2> <p>We’ve just uploaded mypy 1.17 to the Python Package Index (<a href="https://pypi.org/project/mypy/">PyPI</a>). Mypy is a static type checker for Python. This release includes new features and bug fixes. You can install it as follows:</p> <pre><code>python3 -m pip install -U mypy </code></pre> <p>You can read the full documentation for this release on <a href="http://mypy.readthedocs.io">Read the Docs</a>.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
93e658bd13 |
Bump cryptography from 45.0.7 to 46.0.3 (#19266)
Bumps [cryptography](https://github.com/pyca/cryptography) from 45.0.7 to 46.0.3. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst">cryptography's changelog</a>.</em></p> <blockquote> <p>46.0.3 - 2025-10-15</p> <pre><code> * Fixed compilation when using LibreSSL 4.2.0. <p>.. _v46-0-2:</p> <p>46.0.2 - 2025-09-30<br /> </code></pre></p> <ul> <li>Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.4.</li> </ul> <p>.. _v46-0-1:</p> <p>46.0.1 - 2025-09-16</p> <pre><code> * Fixed an issue where users installing via ``pip`` on Python 3.14 development versions would not properly install a dependency. * Fixed an issue building the free-threaded macOS 3.14 wheels. <p>.. _v46-0-0:</p> <p>46.0.0 - 2025-09-16<br /> </code></pre></p> <ul> <li><strong>BACKWARDS INCOMPATIBLE:</strong> Support for Python 3.7 has been removed.</li> <li>Support for OpenSSL < 3.0 is deprecated and will be removed in the next release.</li> <li>Support for <code>x86_64</code> macOS (including publishing wheels) is deprecated and will be removed in two releases. We will switch to publishing an <code>arm64</code> only wheel for macOS.</li> <li>Support for 32-bit Windows (including publishing wheels) is deprecated and will be removed in two releases. Users should move to a 64-bit Python installation.</li> <li>Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.3.</li> <li>We now build <code>ppc64le</code> <code>manylinux</code> wheels and publish them to PyPI.</li> <li>We now build <code>win_arm64</code> (Windows on Arm) wheels and publish them to PyPI.</li> <li>Added support for free-threaded Python 3.14.</li> <li>Removed the deprecated <code>get_attribute_for_oid</code> method on :class:<code>~cryptography.x509.CertificateSigningRequest</code>. Users should use :meth:<code>~cryptography.x509.Attributes.get_attribute_for_oid</code> instead.</li> <li>Removed the deprecated <code>CAST5</code>, <code>SEED</code>, <code>IDEA</code>, and <code>Blowfish</code> classes from the cipher module. These are still available in :doc:<code>/hazmat/decrepit/index</code>.</li> <li>In X.509, when performing a PSS signature with a SHA-3 hash, it is now encoded with the official NIST SHA3 OID.</li> </ul> <p>.. _v45-0-7:</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
aff90a5245 |
Bump bleach from 6.2.0 to 6.3.0 (#19265)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
afdf9af6b5 |
Bump types-jsonschema from 4.25.1.20250822 to 4.25.1.20251009 (#19252)
Bumps [types-jsonschema](https://github.com/typeshed-internal/stub_uploader) from 4.25.1.20250822 to 4.25.1.20251009. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/typeshed-internal/stub_uploader/commits">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
3cf21bc649 | Bump rpds-py from 0.29.0 to 0.30.0 (#19247) | ||
|
dependabot[bot]
|
e0e7a44fe9 | Bump pyopenssl from 25.1.0 to 25.3.0 (#19248) | ||
|
dependabot[bot]
|
c09298eeaf |
Bump pydantic from 2.12.4 to 2.12.5 (#19250)
Bumps [pydantic](https://github.com/pydantic/pydantic) from 2.12.4 to 2.12.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pydantic/pydantic/releases">pydantic's releases</a>.</em></p> <blockquote> <h2>v2.12.5 2025-11-26</h2> <h2>v2.12.5 (2025-11-26)</h2> <p>This is the fifth 2.12 patch release, addressing an issue with the <code>MISSING</code> sentinel and providing several documentation improvements.</p> <p>The next 2.13 minor release will be published in a couple weeks, and will include a new <em>polymorphic serialization</em> feature addressing the remaining unexpected changes to the <em>serialize as any</em> behavior.</p> <ul> <li>Fix pickle error when using <code>model_construct()</code> on a model with <code>MISSING</code> as a default value by <a href="https://github.com/ornariece"><code>@ornariece</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/12522">#12522</a>.</li> <li>Several updates to the documentation by <a href="https://github.com/Viicos"><code>@Viicos</code></a>.</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/pydantic/pydantic/compare/v2.12.4...v2.12.5">https://github.com/pydantic/pydantic/compare/v2.12.4...v2.12.5</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pydantic/pydantic/blob/main/HISTORY.md">pydantic's changelog</a>.</em></p> <blockquote> <h2>v2.12.5 (2025-11-26)</h2> <p><a href="https://github.com/pydantic/pydantic/releases/tag/v2.12.5">GitHub release</a></p> <p>This is the fifth 2.12 patch release, addressing an issue with the <code>MISSING</code> sentinel and providing several documentation improvements.</p> <p>The next 2.13 minor release will be published in a couple weeks, and will include a new <em>polymorphic serialization</em> feature addressing the remaining unexpected changes to the <em>serialize as any</em> behavior.</p> <ul> <li>Fix pickle error when using <code>model_construct()</code> on a model with <code>MISSING</code> as a default value by <a href="https://github.com/ornariece"><code>@ornariece</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/12522">#12522</a>.</li> <li>Several updates to the documentation by <a href="https://github.com/Viicos"><code>@Viicos</code></a>.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Erik Johnston
|
78ec3043d6 |
Use sqlglot to properly check SQL delta files (#19224)
Rather than using dodgy regexes which keep breaking. Also fixes a regression where it looks like we didn't fail CI if the delta was in the wrong place. |
||
|
dependabot[bot]
|
8b79583643 |
Bump sentry-sdk from 2.44.0 to 2.46.0 (#19218)
Bumps [sentry-sdk](https://github.com/getsentry/sentry-python) from 2.44.0 to 2.46.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/getsentry/sentry-python/releases">sentry-sdk's releases</a>.</em></p> <blockquote> <h2>2.46.0</h2> <h3>Various fixes & improvements</h3> <ul> <li>Preserve metadata on wrapped coroutines (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5105">#5105</a>) by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a></li> <li>Make imports defensive to avoid <code>ModuleNotFoundError</code> in Pydantic AI integration (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5135">#5135</a>) by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a></li> <li>Fix OpenAI agents integration mistakenly enabling itself (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5132">#5132</a>) by <a href="https://github.com/sentrivana"><code>@sentrivana</code></a></li> <li>Add instrumentation to embedding functions for various backends (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5120">#5120</a>) by <a href="https://github.com/constantinius"><code>@constantinius</code></a></li> <li>Improve embeddings support for OpenAI (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5121">#5121</a>) by <a href="https://github.com/constantinius"><code>@constantinius</code></a></li> <li>Enhance input handling for embeddings in LiteLLM integration (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5127">#5127</a>) by <a href="https://github.com/constantinius"><code>@constantinius</code></a></li> <li>Expect exceptions when re-raised (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5125">#5125</a>) by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a></li> <li>Remove <code>MagicMock</code> from mocked <code>ModelResponse</code> (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5126">#5126</a>) by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a></li> </ul> <h2>2.45.0</h2> <h3>Various fixes & improvements</h3> <ul> <li> <p>OTLPIntegration (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4877">#4877</a>) by <a href="https://github.com/sl0thentr0py"><code>@sl0thentr0py</code></a></p> <p>Enable the new OTLP integration with the code snippet below, and your OpenTelemetry instrumentation will be automatically sent to Sentry's OTLP ingestion endpoint.</p> <pre lang="python"><code> import sentry_sdk from sentry_sdk.integrations.otlp import OTLPIntegration <p>sentry_sdk.init(<br /> dsn="<your-dsn>",<br /> # Add data like inputs and responses;<br /> # see <a href="https://docs.sentry.io/platforms/python/data-management/data-collected/">https://docs.sentry.io/platforms/python/data-management/data-collected/</a> for more info<br /> send_default_pii=True,<br /> integrations=[<br /> OTLPIntegration(),<br /> ],<br /> )<br /> </code></pre></p> <p>Under the hood, this will setup:</p> <ul> <li>A <code>SpanExporter</code> that will automatically set up the OTLP ingestion endpoint from your DSN</li> <li>A <code>Propagator</code> that ensures Distributed Tracing works</li> <li>Trace/Span linking for all other Sentry events such as Errors, Logs, Crons and Metrics</li> </ul> <p>If you were using the <code>SentrySpanProcessor</code> before, we recommend migrating over to <code>OTLPIntegration</code> since it's a much simpler setup.</p> </li> <li> <p>feat(integrations): implement context management for invoke_agent spans (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5089">#5089</a>) by <a href="https://github.com/constantinius"><code>@constantinius</code></a></p> </li> <li> <p>feat(loguru): Capture extra (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5096">#5096</a>) by <a href="https://github.com/sentrivana"><code>@sentrivana</code></a></p> </li> <li> <p>feat: Attach <code>server.address</code> to metrics (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5113">#5113</a>) by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a></p> </li> <li> <p>fix: Cast message and detail attributes before appending exception notes (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5114">#5114</a>) by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a></p> </li> <li> <p>fix(integrations): ensure that GEN_AI_AGENT_NAME is properly set for GEN_AI spans under an invoke_agent span (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5030">#5030</a>) by <a href="https://github.com/constantinius"><code>@constantinius</code></a></p> </li> <li> <p>fix(logs): Update <code>sentry.origin</code> (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5112">#5112</a>) by <a href="https://github.com/sentrivana"><code>@sentrivana</code></a></p> </li> <li> <p>chore: Deprecate description truncation option for Redis spans (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5073">#5073</a>) by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a></p> </li> <li> <p>chore: Deprecate <code>max_spans</code> LangChain parameter (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5074">#5074</a>) by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a></p> </li> <li> <p>chore(toxgen): Check availability of pip and add detail to exceptions (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5076">#5076</a>) by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a></p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md">sentry-sdk's changelog</a>.</em></p> <blockquote> <h2>2.46.0</h2> <h3>Various fixes & improvements</h3> <ul> <li>Preserve metadata on wrapped coroutines (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5105">#5105</a>) by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a></li> <li>Make imports defensive to avoid <code>ModuleNotFoundError</code> in Pydantic AI integration (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5135">#5135</a>) by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a></li> <li>Fix OpenAI agents integration mistakenly enabling itself (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5132">#5132</a>) by <a href="https://github.com/sentrivana"><code>@sentrivana</code></a></li> <li>Add instrumentation to embedding functions for various backends (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5120">#5120</a>) by <a href="https://github.com/constantinius"><code>@constantinius</code></a></li> <li>Improve embeddings support for OpenAI (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5121">#5121</a>) by <a href="https://github.com/constantinius"><code>@constantinius</code></a></li> <li>Enhance input handling for embeddings in LiteLLM integration (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5127">#5127</a>) by <a href="https://github.com/constantinius"><code>@constantinius</code></a></li> <li>Expect exceptions when re-raised (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5125">#5125</a>) by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a></li> <li>Remove <code>MagicMock</code> from mocked <code>ModelResponse</code> (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5126">#5126</a>) by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a></li> </ul> <h2>2.45.0</h2> <h3>Various fixes & improvements</h3> <ul> <li> <p>OTLPIntegration (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4877">#4877</a>) by <a href="https://github.com/sl0thentr0py"><code>@sl0thentr0py</code></a></p> <p>Enable the new OTLP integration with the code snippet below, and your OpenTelemetry instrumentation will be automatically sent to Sentry's OTLP ingestion endpoint.</p> <pre lang="python"><code> import sentry_sdk from sentry_sdk.integrations.otlp import OTLPIntegration <p>sentry_sdk.init(<br /> dsn="<your-dsn>",<br /> # Add data like inputs and responses;<br /> # see <a href="https://docs.sentry.io/platforms/python/data-management/data-collected/">https://docs.sentry.io/platforms/python/data-management/data-collected/</a> for more info<br /> send_default_pii=True,<br /> integrations=[<br /> OTLPIntegration(),<br /> ],<br /> )<br /> </code></pre></p> <p>Under the hood, this will setup:</p> <ul> <li>A <code>SpanExporter</code> that will automatically set up the OTLP ingestion endpoint from your DSN</li> <li>A <code>Propagator</code> that ensures Distributed Tracing works</li> <li>Trace/Span linking for all other Sentry events such as Errors, Logs, Crons and Metrics</li> </ul> <p>If you were using the <code>SentrySpanProcessor</code> before, we recommend migrating over to <code>OTLPIntegration</code> since it's a much simpler setup.</p> </li> <li> <p>feat(integrations): implement context management for invoke_agent spans (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5089">#5089</a>) by <a href="https://github.com/constantinius"><code>@constantinius</code></a></p> </li> <li> <p>feat(loguru): Capture extra (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5096">#5096</a>) by <a href="https://github.com/sentrivana"><code>@sentrivana</code></a></p> </li> <li> <p>feat: Attach <code>server.address</code> to metrics (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5113">#5113</a>) by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a></p> </li> <li> <p>fix: Cast message and detail attributes before appending exception notes (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5114">#5114</a>) by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a></p> </li> <li> <p>fix(integrations): ensure that GEN_AI_AGENT_NAME is properly set for GEN_AI spans under an invoke_agent span (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5030">#5030</a>) by <a href="https://github.com/constantinius"><code>@constantinius</code></a></p> </li> <li> <p>fix(logs): Update <code>sentry.origin</code> (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5112">#5112</a>) by <a href="https://github.com/sentrivana"><code>@sentrivana</code></a></p> </li> <li> <p>chore: Deprecate description truncation option for Redis spans (<a href="https://redirect.github.com/getsentry/sentry-python/issues/5073">#5073</a>) by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a></p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
1b78f0318a |
Bump rpds-py from 0.28.0 to 0.29.0 (#19216)
Bumps [rpds-py](https://github.com/crate-py/rpds) from 0.28.0 to 0.29.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/crate-py/rpds/releases">rpds-py's releases</a>.</em></p> <blockquote> <h2>v0.29.0</h2> <!-- raw HTML omitted --> <h2>What's Changed</h2> <ul> <li>Bump actions/download-artifact from 5 to 6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/crate-py/rpds/pull/195">crate-py/rpds#195</a></li> <li>Bump github/codeql-action from 4.30.9 to 4.31.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/crate-py/rpds/pull/194">crate-py/rpds#194</a></li> <li>Bump actions/upload-artifact from 4 to 5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/crate-py/rpds/pull/192">crate-py/rpds#192</a></li> <li>Bump astral-sh/setup-uv from 7.1.1 to 7.1.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/crate-py/rpds/pull/193">crate-py/rpds#193</a></li> <li>Bump github/codeql-action from 4.31.0 to 4.31.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/crate-py/rpds/pull/196">crate-py/rpds#196</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a>[bot] in <a href="https://redirect.github.com/crate-py/rpds/pull/199">crate-py/rpds#199</a></li> <li>Bump softprops/action-gh-release from 2.4.1 to 2.4.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/crate-py/rpds/pull/198">crate-py/rpds#198</a></li> <li>Bump rpds from 1.1.2 to 1.2.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/crate-py/rpds/pull/197">crate-py/rpds#197</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/crate-py/rpds/compare/v0.28.0...v0.29.0">https://github.com/crate-py/rpds/compare/v0.28.0...v0.29.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
a5d946bfcb |
Bump types-bleach from 6.2.0.20250809 to 6.3.0.20251115 (#19217)
Bumps [types-bleach](https://github.com/typeshed-internal/stub_uploader) from 6.2.0.20250809 to 6.3.0.20251115. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/typeshed-internal/stub_uploader/commits">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
ea3e08c49c |
Bump attrs from 25.3.0 to 25.4.0 (#19215)
Bumps [attrs](https://github.com/sponsors/hynek) from 25.3.0 to 25.4.0. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/sponsors/hynek/commits">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
34d93c96ed |
Bump click from 8.1.8 to 8.3.1 (#19195)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
ce65b5c8ba |
Bump sentry-sdk from 2.43.0 to 2.44.0 (#19197)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
26ddedb753 |
Bump ruff from 0.14.3 to 0.14.5 (#19196)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
fca80e2eaa |
Bump tomli from 2.2.1 to 2.3.0 (#19194)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Andrew Ferrazzutti
|
97cc05d1d8 |
Bump lower bounds of unit test exclusive dependencies for Python 3.10 support (#19167)
Co-authored-by: Andrew Morgan <andrew@amorgan.xyz> Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> |
||
|
Andrew Morgan
|
9722e05479 |
Update pyproject.toml to be compatible with other standard Python packaging tools (#19137)
|
||
|
dependabot[bot]
|
03e873e77a |
Bump cryptography from 43.0.3 to 45.0.7 (#19159)
Bumps [cryptography](https://github.com/pyca/cryptography) from 43.0.3 to 45.0.7. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst">cryptography's changelog</a>.</em></p> <blockquote> <p>45.0.7 - 2025-09-01</p> <pre><code> * Added a function to support an upcoming ``pyOpenSSL`` release. <p>.. _v45-0-6:</p> <p>45.0.6 - 2025-08-05<br /> </code></pre></p> <ul> <li>Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.2.</li> </ul> <p>.. _v45-0-5:</p> <p>45.0.5 - 2025-07-02</p> <pre><code> * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.1. <p>.. _v45-0-4:</p> <p>45.0.4 - 2025-06-09<br /> </code></pre></p> <ul> <li>Fixed decrypting PKCS#8 files encrypted with SHA1-RC4. (This is not considered secure, and is supported only for backwards compatibility.)</li> </ul> <p>.. _v45-0-3:</p> <p>45.0.3 - 2025-05-25</p> <pre><code> * Fixed decrypting PKCS#8 files encrypted with long salts (this impacts keys encrypted by Bouncy Castle). * Fixed decrypting PKCS#8 files encrypted with DES-CBC-MD5. While wildly insecure, this remains prevalent. <p>.. _v45-0-2:</p> <p>45.0.2 - 2025-05-17<br /> </code></pre></p> <ul> <li>Fixed using <code>mypy</code> with <code>cryptography</code> on older versions of Python.</li> </ul> <p>.. _v45-0-1:</p> <p>45.0.1 - 2025-05-17</p> <pre><code> * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.0. </tr></table> </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
2e66cf10e8 |
Bump types-netaddr from 1.3.0.20240530 to 1.3.0.20251108 (#19160)
Bumps [types-netaddr](https://github.com/typeshed-internal/stub_uploader) from 1.3.0.20240530 to 1.3.0.20251108. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/typeshed-internal/stub_uploader/commits">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
91c2845180 |
Bump pydantic from 2.12.3 to 2.12.4 (#19158)
Bumps [pydantic](https://github.com/pydantic/pydantic) from 2.12.3 to 2.12.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pydantic/pydantic/releases">pydantic's releases</a>.</em></p> <blockquote> <h2>v2.12.4 2025-11-05</h2> <h2>v2.12.4 (2025-11-05)</h2> <p>This is the fourth 2.12 patch release, fixing more regressions, and reverting a change in the <code>build()</code> method of the <a href="https://docs.pydantic.dev/latest/api/networks/"><code>AnyUrl</code> and Dsn types</a>.</p> <p>This patch release also fixes an issue with the serialization of IP address types, when <code>serialize_as_any</code> is used. The next patch release will try to address the remaining issues with <em>serialize as any</em> behavior by introducing a new <em>polymorphic serialization</em> feature, that should be used in most cases in place of <em>serialize as any</em>.</p> <ul> <li> <p>Fix issue with forward references in parent <code>TypedDict</code> classes by <a href="https://github.com/Viicos"><code>@Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/12427">#12427</a>.</p> <p>This issue is only relevant on Python 3.14 and greater.</p> </li> <li> <p>Exclude fields with <code>exclude_if</code> from JSON Schema required fields by <a href="https://github.com/Viicos"><code>@Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/12430">#12430</a></p> </li> <li> <p>Revert URL percent-encoding of credentials in the <code>build()</code> method of the <a href="https://docs.pydantic.dev/latest/api/networks/"><code>AnyUrl</code> and Dsn types</a> by <a href="https://github.com/davidhewitt"><code>@davidhewitt</code></a> in <a href="https://redirect.github.com/pydantic/pydantic-core/pull/1833">pydantic-core#1833</a>.</p> <p>This was initially considered as a bugfix, but caused regressions and as such was fully reverted. The next release will include an opt-in option to percent-encode components of the URL.</p> </li> <li> <p>Add type inference for IP address types by <a href="https://github.com/davidhewitt"><code>@davidhewitt</code></a> in <a href="https://redirect.github.com/pydantic/pydantic-core/pull/1868">pydantic-core#1868</a>.</p> <p>The 2.12 changes to the <code>serialize_as_any</code> behavior made it so that IP address types could not properly serialize to JSON.</p> </li> <li> <p>Avoid getting default values from defaultdict by <a href="https://github.com/davidhewitt"><code>@davidhewitt</code></a> in <a href="https://redirect.github.com/pydantic/pydantic-core/pull/1853">pydantic-core#1853</a>.</p> <p>This fixes a subtle regression in the validation behavior of the <a href="https://docs.python.org/3/library/collections.html#collections.defaultdict"><code>collections.defaultdict</code></a> type.</p> </li> <li> <p>Fix issue with field serializers on nested typed dictionaries by <a href="https://github.com/davidhewitt"><code>@davidhewitt</code></a> in <a href="https://redirect.github.com/pydantic/pydantic-core/pull/1879">pydantic-core#1879</a>.</p> </li> <li> <p>Add more <code>pydantic-core</code> builds for the three-threaded version of Python 3.14 by <a href="https://github.com/davidhewitt"><code>@davidhewitt</code></a> in <a href="https://redirect.github.com/pydantic/pydantic-core/pull/1864">pydantic-core#1864</a>.</p> </li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/pydantic/pydantic/compare/v2.12.3...v2.12.4">https://github.com/pydantic/pydantic/compare/v2.12.3...v2.12.4</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pydantic/pydantic/blob/v2.12.4/HISTORY.md">pydantic's changelog</a>.</em></p> <blockquote> <h2>v2.12.4 (2025-11-05)</h2> <p><a href="https://github.com/pydantic/pydantic/releases/tag/v2.12.4">GitHub release</a></p> <p>This is the fourth 2.12 patch release, fixing more regressions, and reverting a change in the <code>build()</code> method of the <a href="https://docs.pydantic.dev/latest/api/networks/"><code>AnyUrl</code> and Dsn types</a>.</p> <p>This patch release also fixes an issue with the serialization of IP address types, when <code>serialize_as_any</code> is used. The next patch release will try to address the remaining issues with <em>serialize as any</em> behavior by introducing a new <em>polymorphic serialization</em> feature, that should be used in most cases in place of <em>serialize as any</em>.</p> <ul> <li> <p>Fix issue with forward references in parent <code>TypedDict</code> classes by <a href="https://github.com/Viicos"><code>@Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/12427">#12427</a>.</p> <p>This issue is only relevant on Python 3.14 and greater.</p> </li> <li> <p>Exclude fields with <code>exclude_if</code> from JSON Schema required fields by <a href="https://github.com/Viicos"><code>@Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/12430">#12430</a></p> </li> <li> <p>Revert URL percent-encoding of credentials in the <code>build()</code> method of the <a href="https://docs.pydantic.dev/latest/api/networks/"><code>AnyUrl</code> and Dsn types</a> by <a href="https://github.com/davidhewitt"><code>@davidhewitt</code></a> in <a href="https://redirect.github.com/pydantic/pydantic-core/pull/1833">pydantic-core#1833</a>.</p> <p>This was initially considered as a bugfix, but caused regressions and as such was fully reverted. The next release will include an opt-in option to percent-encode components of the URL.</p> </li> <li> <p>Add type inference for IP address types by <a href="https://github.com/davidhewitt"><code>@davidhewitt</code></a> in <a href="https://redirect.github.com/pydantic/pydantic-core/pull/1868">pydantic-core#1868</a>.</p> <p>The 2.12 changes to the <code>serialize_as_any</code> behavior made it so that IP address types could not properly serialize to JSON.</p> </li> <li> <p>Avoid getting default values from defaultdict by <a href="https://github.com/davidhewitt"><code>@davidhewitt</code></a> in <a href="https://redirect.github.com/pydantic/pydantic-core/pull/1853">pydantic-core#1853</a>.</p> <p>This fixes a subtle regression in the validation behavior of the <a href="https://docs.python.org/3/library/collections.html#collections.defaultdict"><code>collections.defaultdict</code></a> type.</p> </li> <li> <p>Fix issue with field serializers on nested typed dictionaries by <a href="https://github.com/davidhewitt"><code>@davidhewitt</code></a> in <a href="https://redirect.github.com/pydantic/pydantic-core/pull/1879">pydantic-core#1879</a>.</p> </li> <li> <p>Add more <code>pydantic-core</code> builds for the three-threaded version of Python 3.14 by <a href="https://github.com/davidhewitt"><code>@davidhewitt</code></a> in <a href="https://redirect.github.com/pydantic/pydantic-core/pull/1864">pydantic-core#1864</a>.</p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
674b932b33 |
Bump sentry-sdk from 2.34.1 to 2.43.0 (#19157)
Bumps [sentry-sdk](https://github.com/getsentry/sentry-python) from 2.34.1 to 2.43.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/getsentry/sentry-python/releases">sentry-sdk's releases</a>.</em></p> <blockquote> <h2>2.43.0</h2> <h3>Various fixes & improvements</h3> <ul> <li> <p>Pydantic AI integration (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4906">#4906</a>) by <a href="https://github.com/constantinius"><code>@constantinius</code></a></p> <p>Enable the new Pydantic AI integration with the code snippet below, and you can use the Sentry AI dashboards to observe your AI calls:</p> <pre lang="python"><code>import sentry_sdk from sentry_sdk.integrations.pydantic_ai import PydanticAIIntegration sentry_sdk.init( dsn="<your-dsn>", # Set traces_sample_rate to 1.0 to capture 100% # of transactions for tracing. traces_sample_rate=1.0, # Add data like inputs and responses; # see https://docs.sentry.io/platforms/python/data-management/data-collected/ for more info send_default_pii=True, integrations=[ PydanticAIIntegration(), ], ) </code></pre> </li> <li> <p>MCP Python SDK (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4964">#4964</a>) by <a href="https://github.com/constantinius"><code>@constantinius</code></a></p> <p>Enable the new Python MCP integration with the code snippet below:</p> <pre lang="python"><code>import sentry_sdk from sentry_sdk.integrations.mcp import MCPIntegration sentry_sdk.init( dsn="<your-dsn>", # Set traces_sample_rate to 1.0 to capture 100% # of transactions for tracing. traces_sample_rate=1.0, # Add data like inputs and responses; # see https://docs.sentry.io/platforms/python/data-management/data-collected/ for more info send_default_pii=True, integrations=[ MCPIntegration(), ], ) </code></pre> </li> <li> <p>fix(strawberry): Remove autodetection, always use sync extension (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4984">#4984</a>) by <a href="https://github.com/sentrivana"><code>@sentrivana</code></a></p> <p>Previously, <code>StrawberryIntegration</code> would try to guess whether it should install the sync or async version of itself. This auto-detection was very brittle and could lead to us auto-enabling async code in a sync context. With this change, <code>StrawberryIntegration</code> remains an auto-enabling integration, but it'll enable the sync version by default. If you want to enable the async version, pass the option explicitly:</p> <pre lang="python"><code>sentry_sdk.init( # ... </code></pre> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md">sentry-sdk's changelog</a>.</em></p> <blockquote> <h2>2.43.0</h2> <h3>Various fixes & improvements</h3> <ul> <li> <p>Pydantic AI integration (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4906">#4906</a>) by <a href="https://github.com/constantinius"><code>@constantinius</code></a></p> <p>Enable the new Pydantic AI integration with the code snippet below, and you can use the Sentry AI dashboards to observe your AI calls:</p> <pre lang="python"><code>import sentry_sdk from sentry_sdk.integrations.pydantic_ai import PydanticAIIntegration sentry_sdk.init( dsn="<your-dsn>", # Set traces_sample_rate to 1.0 to capture 100% # of transactions for tracing. traces_sample_rate=1.0, # Add data like inputs and responses; # see https://docs.sentry.io/platforms/python/data-management/data-collected/ for more info send_default_pii=True, integrations=[ PydanticAIIntegration(), ], ) </code></pre> </li> <li> <p>MCP Python SDK (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4964">#4964</a>) by <a href="https://github.com/constantinius"><code>@constantinius</code></a></p> <p>Enable the new Python MCP integration with the code snippet below:</p> <pre lang="python"><code>import sentry_sdk from sentry_sdk.integrations.mcp import MCPIntegration sentry_sdk.init( dsn="<your-dsn>", # Set traces_sample_rate to 1.0 to capture 100% # of transactions for tracing. traces_sample_rate=1.0, # Add data like inputs and responses; # see https://docs.sentry.io/platforms/python/data-management/data-collected/ for more info send_default_pii=True, integrations=[ MCPIntegration(), ], ) </code></pre> </li> <li> <p>fix(strawberry): Remove autodetection, always use sync extension (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4984">#4984</a>) by <a href="https://github.com/sentrivana"><code>@sentrivana</code></a></p> <p>Previously, <code>StrawberryIntegration</code> would try to guess whether it should install the sync or async version of itself. This auto-detection was very brittle and could lead to us auto-enabling async code in a sync context. With this change, <code>StrawberryIntegration</code> remains an auto-enabling integration, but it'll enable the sync version by default. If you want to enable the async version, pass the option explicitly:</p> <pre lang="python"><code>sentry_sdk.init( </code></pre> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
4f9dc3b613 |
Bump psycopg2 from 2.9.10 to 2.9.11 (#19125)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
f02ac5a4d5 |
Bump markdown-it-py from 3.0.0 to 4.0.0 (#19123)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
bc926bd99e |
Bump ruff from 0.12.10 to 0.14.3 (#19124)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Andrew Morgan
|
69bab78b44 |
Python 3.14 support (#19055)
Co-authored-by: Eric Eastwood <erice@element.io> |
||
|
V02460
|
3595ff921f |
Pydantic v2 (#19071)
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> Co-authored-by: Andrew Morgan <andrew@amorgan.xyz> |
||
|
Andrew Ferrazzutti
|
e0838c2567 |
Drop Python 3.9, bump tests/builds to Python 3.10 (#19099)
Python 3.9 EOL is on 2025-10-31 |
||
|
dependabot[bot]
|
1a78fc8a65 |
Bump pyyaml from 6.0.2 to 6.0.3 (#19105)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
66a42d4e54 |
Bump hiredis from 3.2.1 to 3.3.0 (#19103)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |