Skip to content

Bump the python-packages group with 4 updates#850

Merged
hramezani merged 1 commit into
mainfrom
dependabot/uv/python-packages-d4a02fcdbd
Apr 24, 2026
Merged

Bump the python-packages group with 4 updates#850
hramezani merged 1 commit into
mainfrom
dependabot/uv/python-packages-d4a02fcdbd

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 24, 2026

Copy link
Copy Markdown
Contributor

Bumps the python-packages group with 4 updates: pydantic, boto3, mypy and ruff.

Updates pydantic from 2.12.5 to 2.13.1

Release notes

Sourced from pydantic's releases.

v2.13.1 2026-04-15

v2.13.1 (2026-04-15)

What's Changed

Fixes

Full Changelog: pydantic/pydantic@v2.13.0...v2.13.1

v2.13.0 2026-04-13

v2.13.0 (2026-04-13)

The highlights of the v2.13 release are available in the blog post. Several minor changes (considered non-breaking changes according to our versioning policy) are also included in this release. Make sure to look into them before upgrading.

This release contains the updated pydantic.v1 namespace, matching version 1.10.26 which includes support for Python 3.14.

What's Changed

See the beta releases for all changes sinces 2.12.

Packaging

  • Add zizmor for GitHub Actions workflow linting by @​Viicos in #13039
  • Update jiter to v0.14.0 to fix a segmentation fault on musl Linux by @​Viicos in #13064

New Features

  • Allow default factories of private attributes to take validated model data by @​Viicos in #13013

Changes

Fixes

  • Change type of Any when synthesizing _build_sources for BaseSettings.__init__() signature in the mypy plugin by @​Viicos in #13049
  • Fix model equality when using runtime extra configuration by @​Viicos in #13062

New Contributors

Full Changelog: pydantic/pydantic@v2.12.0...v2.13.0

v2.13.0b3 2026-03-31

... (truncated)

Changelog

Sourced from pydantic's changelog.

v2.13.1 (2026-04-15)

GitHub release

What's Changed

Fixes

v2.13.0 (2026-04-13)

GitHub release

The highlights of the v2.13 release are available in the blog post. Several minor changes (considered non-breaking changes according to our versioning policy) are also included in this release. Make sure to look into them before upgrading.

This release contains the updated pydantic.v1 namespace, matching version 1.10.26 which includes support for Python 3.14.

What's Changed

See the beta releases for all changes sinces 2.12.

New Features

  • Allow default factories of private attributes to take validated model data by @​Viicos in #13013

Changes

Fixes

  • Change type of Any when synthesizing _build_sources for BaseSettings.__init__() signature in the mypy plugin by @​Viicos in #13049
  • Fix model equality when using runtime extra configuration by @​Viicos in #13062

Packaging

  • Add zizmor for GitHub Actions workflow linting by @​Viicos in #13039
  • Update jiter to v0.14.0 to fix a segmentation fault on musl Linux by @​Viicos in #13064

New Contributors

v2.13.0b3 (2026-03-31)

GitHub release

... (truncated)

Commits

Updates boto3 from 1.42.87 to 1.42.90

Commits
  • ac298d4 Merge branch 'release-1.42.90'
  • c16e41e Bumping version to 1.42.90
  • ec6d8b3 Add changelog entries from botocore
  • e73a6f9 Bump aws-actions/configure-aws-credentials from 6.0.0 to 6.1.0 (#4767)
  • 54a9dc1 Merge branch 'release-1.42.89'
  • 0cb8ca5 Merge branch 'release-1.42.89' into develop
  • 730d84c Bumping version to 1.42.89
  • 6b65768 Add changelog entries from botocore
  • f92a06c Merge branch 'release-1.42.88'
  • 5da0f6a Merge branch 'release-1.42.88' into develop
  • Additional commits viewable in compare view

Updates mypy from 1.20.0 to 1.20.1

Changelog

Sourced from mypy's changelog.

Mypy 1.20.1

  • Always disable sync in SQLite cache (Ivan Levkivskyi, PR 21184)
  • Temporarily skip few base64 tests (Ivan Levkivskyi, PR 21193)
  • Revert dict.__or__ typeshed change (Ivan Levkivskyi, PR 21186)
  • Fix narrowing for match case with variadic tuples (Shantanu, PR 21192)
  • Avoid narrowing type[T] in type calls (Shantanu, PR 21174)
  • Fix regression for catching empty tuple in except (Shantanu, PR 21153)
  • Fix reachability for frozenset and dict view narrowing (Shantanu, PR 21151)
  • Fix narrowing with chained comparison (Shantanu, PR 21150)
  • Avoid narrowing to unreachable at module level (Shantanu, PR 21144)
  • Allow dangerous identity comparisons to Any typed variables (Shantanu, PR 21142)
  • --warn-unused-config should not be a strict flag (Ivan Levkivskyi, PR 21139)

Mypy 1.20.2

  • Use WAL with SQLite cache and fix close (Shantanu, PR 21154)
  • Adjust SQLite journal mode (Ivan Levkivskyi, PR 21217)
  • Correctly aggregate narrowing information on parent expressions (Shantanu, PR 21206)
  • Fix regression related to generic callables (Shantanu, PR 21208)
  • Fix regression by avoiding widening types in some contexts (Shantanu, PR 21242)
  • Fix slicing in non-strict optional mode (Shantanu, PR 21282)
  • mypyc: Fix match statement semantics for "or" pattern (Shantanu, PR 21156)
  • mypyc: Fix issue with module dunder attributes (Piotr Sawicki, PR 21275)
  • Initial support for Python 3.15.0a8 (Marc Mueller, PR 21255)

Acknowledgements

Thanks to all mypy contributors who contributed to this release:

  • A5rocks
  • Aaron Wieczorek
  • Adam Turner
  • Ali Hamdan
  • asce
  • BobTheBuidler
  • Brent Westbrook
  • Brian Schubert
  • bzoracler
  • Chris Burroughs
  • Christoph Tyralla
  • Colin Watson
  • Donghoon Nam
  • E. M. Bray
  • Emma Smith
  • Ethan Sarp
  • George Ogden
  • getzze
  • grayjk
  • Gregor Riepl
  • Ivan Levkivskyi

... (truncated)

Commits

Updates ruff from 0.15.10 to 0.15.11

Release notes

Sourced from ruff's releases.

0.15.11

Release Notes

Released on 2026-04-16.

Preview features

  • [ruff] Ignore RUF029 when function is decorated with asynccontextmanager (#24642)
  • [airflow] Implement airflow-xcom-pull-in-template-string (AIR201) (#23583)
  • [flake8-bandit] Fix S103 false positives and negatives in mask analysis (#24424)

Bug fixes

  • [flake8-async] Omit overridden methods for ASYNC109 (#24648)

Documentation

  • [flake8-async] Add override mention to ASYNC109 docs (#24666)
  • Update Neovim config examples to use vim.lsp.config (#24577)

Contributors

Install ruff 0.15.11

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ruff/releases/download/0.15.11/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/ruff/releases/download/0.15.11/ruff-installer.ps1 | iex"

Download ruff 0.15.11

File Platform Checksum
ruff-aarch64-apple-darwin.tar.gz Apple Silicon macOS checksum
ruff-x86_64-apple-darwin.tar.gz Intel macOS checksum
ruff-aarch64-pc-windows-msvc.zip ARM64 Windows checksum
ruff-i686-pc-windows-msvc.zip x86 Windows checksum

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.11

Released on 2026-04-16.

Preview features

  • [ruff] Ignore RUF029 when function is decorated with asynccontextmanager (#24642)
  • [airflow] Implement airflow-xcom-pull-in-template-string (AIR201) (#23583)
  • [flake8-bandit] Fix S103 false positives and negatives in mask analysis (#24424)

Bug fixes

  • [flake8-async] Omit overridden methods for ASYNC109 (#24648)

Documentation

  • [flake8-async] Add override mention to ASYNC109 docs (#24666)
  • Update Neovim config examples to use vim.lsp.config (#24577)

Contributors

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the python-packages group with 4 updates: [pydantic](https://github.com/pydantic/pydantic), [boto3](https://github.com/boto/boto3), [mypy](https://github.com/python/mypy) and [ruff](https://github.com/astral-sh/ruff).


Updates `pydantic` from 2.12.5 to 2.13.1
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)
- [Commits](pydantic/pydantic@v2.12.5...v2.13.1)

Updates `boto3` from 1.42.87 to 1.42.90
- [Release notes](https://github.com/boto/boto3/releases)
- [Commits](boto/boto3@1.42.87...1.42.90)

Updates `mypy` from 1.20.0 to 1.20.1
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md)
- [Commits](python/mypy@v1.20.0...v1.20.1)

Updates `ruff` from 0.15.10 to 0.15.11
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.10...0.15.11)

---
updated-dependencies:
- dependency-name: pydantic
  dependency-version: 2.13.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: boto3
  dependency-version: 1.42.90
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-packages
- dependency-name: mypy
  dependency-version: 1.20.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: python-packages
- dependency-name: ruff
  dependency-version: 0.15.11
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: python-packages
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Apr 24, 2026
@hramezani hramezani merged commit 9f95615 into main Apr 24, 2026
19 checks passed
@hramezani hramezani deleted the dependabot/uv/python-packages-d4a02fcdbd branch April 24, 2026 12:34
736-c41-2c1-e464fc974 added a commit to Swiss-Armed-Forces/Loom that referenced this pull request Jun 29, 2026
This MR contains the following updates:

| Package | Type | Update | Change | OpenSSF |
|---|---|---|---|---|
| [debugpy](https://aka.ms/debugpy) ([source](https://github.com/microsoft/debugpy)) | dev | patch | `1.8.20` → `1.8.21` | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/microsoft/debugpy/badge)](https://securityscorecards.dev/viewer/?uri=github.com/microsoft/debugpy) |
| [numpy](https://github.com/numpy/numpy) ([changelog](https://numpy.org/doc/stable/release)) | dependencies | patch | `2.4.4` → `2.4.6` | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/numpy/numpy/badge)](https://securityscorecards.dev/viewer/?uri=github.com/numpy/numpy) |
| [pydantic-settings](https://github.com/pydantic/pydantic-settings) ([changelog](https://github.com/pydantic/pydantic-settings/releases)) | dependencies | patch | `2.14.0` → `2.14.2` | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/pydantic/pydantic-settings/badge)](https://securityscorecards.dev/viewer/?uri=github.com/pydantic/pydantic-settings) |
| [python-multipart](https://github.com/Kludex/python-multipart) ([changelog](https://github.com/Kludex/python-multipart/blob/master/CHANGELOG.md)) | dependencies | patch | `^0.0.22` → `^0.0.32` | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/Kludex/python-multipart/badge)](https://securityscorecards.dev/viewer/?uri=github.com/Kludex/python-multipart) |
| [types-requests](https://github.com/python/typeshed) ([changelog](https://github.com/typeshed-internal/stub_uploader/blob/main/data/changelogs/requests.md)) | dependencies | patch | `2.32.0.20240523` → `2.32.4.20260324` | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/python/typeshed/badge)](https://securityscorecards.dev/viewer/?uri=github.com/python/typeshed) |

---

### Release Notes

<details>
<summary>microsoft/debugpy (debugpy)</summary>

### [`v1.8.21`](https://github.com/microsoft/debugpy/releases/tag/v1.8.21): debugpy v1.8.21

[Compare Source](microsoft/debugpy@v1.8.20...v1.8.21)

Fixes for:

- Return evaluate result in DAP response body instead of writing to stdout: [#&#8203;2027](microsoft/debugpy#2027)
- Prevent invalid `scopes` request from crashing debug session: [#&#8203;2026](microsoft/debugpy#2026)
- Skip uninitialized `__slots__` in variable resolver: [#&#8203;2024](microsoft/debugpy#2024)
- Handle `-c` arguments that are `bytes` instead of `str`: [#&#8203;2021](microsoft/debugpy#2021)
- Fix evaluation of variables from chained exception frames: [#&#8203;2018](microsoft/debugpy#2018)
- `ContinueRequest` with a specific `threadId` no longer resumes all threads (in-process adapter): [#&#8203;2012](microsoft/debugpy#2012)
- Avoid strong reference to exceptions during unwind: [#&#8203;2008](microsoft/debugpy#2008)
- Show error message on evaluate failures in the hover context: [#&#8203;2006](microsoft/debugpy#2006)
- Display `dlerror` output when `dlopen` fails: [#&#8203;2000](microsoft/debugpy#2000)
- Replace removed `pkgutil.get_loader` with `importlib.util.find_spec` in `get_fullname`: [#&#8203;1998](microsoft/debugpy#1998)

Enhancements:

- Add option to ignore all system exit codes: [#&#8203;2017](microsoft/debugpy#2017)
- Pull changes from pydevd up to March 2026: [#&#8203;2010](microsoft/debugpy#2010)

Infrastructure work:

- Suppress Flawfinder false positives on Cython memcpy / read-loop iterators (TSA [#&#8203;2816216](https://github.com/microsoft/debugpy/issues/2816216), [#&#8203;2816217](https://github.com/microsoft/debugpy/issues/2816217), [#&#8203;2816218](https://github.com/microsoft/debugpy/issues/2816218), [#&#8203;2816219](https://github.com/microsoft/debugpy/issues/2816219), [#&#8203;2816220](https://github.com/microsoft/debugpy/issues/2816220)): [#&#8203;2028](microsoft/debugpy#2028), [#&#8203;2029](microsoft/debugpy#2029), [#&#8203;2030](microsoft/debugpy#2030), [#&#8203;2031](microsoft/debugpy#2031), [#&#8203;2032](microsoft/debugpy#2032)

Thanks to [@&#8203;maxbachmann](https://github.com/maxbachmann), [@&#8203;mfussenegger](https://github.com/mfussenegger), and [@&#8203;sambrightman](https://github.com/sambrightman) for the commits.

</details>

<details>
<summary>numpy/numpy (numpy)</summary>

### [`v2.4.6`](https://github.com/numpy/numpy/releases/tag/v2.4.6): (May 18, 2026)

[Compare Source](numpy/numpy@v2.4.5...v2.4.6)

### NumPy 2.4.6 Release Notes

NumPy 2.4.6 is a quick release that fixes a regression discovered in the 2.4.5
release.

This release supports Python versions 3.11-3.14

#### Contributors

A total of 4 people contributed to this release. People with a "+" by their
names contributed a patch for the first time.

- !EarlMilktea
- Charles Harris
- Sebastian Berg
- Warren Weckesser

#### Pull requests merged

A total of 4 pull requests were merged for this release.

- [#&#8203;31444](numpy/numpy#31444): MAINT: Prepare 2.4.x for further development
- [#&#8203;31453](numpy/numpy#31453): BUG: Fix regression in `arr.conj()`
- [#&#8203;31459](numpy/numpy#31459): BUG: `np.linalg.svd(..., hermitian=True)` returns non-unitary...
- [#&#8203;31460](numpy/numpy#31460): BUG: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator...

### [`v2.4.5`](https://github.com/numpy/numpy/releases/tag/v2.4.5): (May 15, 2026)

[Compare Source](numpy/numpy@v2.4.4...v2.4.5)

### NumPy 2.4.5 Release Notes

NumPy 2.4.5 is a patch release that fixes bugs discovered after the 2.4.4
release, has some typing improvements, and maintains infrastructure.

This release supports Python versions 3.11-3.14

#### Contributors

A total of 17 people contributed to this release. People with a "+" by their
names contributed a patch for the first time.

- Aleksei Nikiforov
- Anarion Zuo +
- Ankit Ahlawat
- Breno Favaretto +
- Charles Harris
- Igor Krivenko +
- Ijtihed Kilani +
- Joren Hammudoglu
- Maarten Baert +
- Matti Picus
- Nathan Goldbaum
- Praneeth Kodumagulla +
- Ralf Gommers
- RoomWithOutRoof +
- Sebastian Berg
- Warren Weckesser
- div +

#### Pull requests merged

A total of 28 pull requests were merged for this release.

- [#&#8203;31093](numpy/numpy#31093): MAINT: Prepare 2.4.x for further development
- [#&#8203;31182](numpy/numpy#31182): TYP: fix `np.shape` assignability issue for python lists ([#&#8203;31171](numpy/numpy#31171))
- [#&#8203;31197](numpy/numpy#31197): ENH: Return rank 0 for empty matrices in matrix\_rank ([#&#8203;30422](numpy/numpy#30422))
- [#&#8203;31198](numpy/numpy#31198): CI/BUG: add native jobs for s390x, fix bug in `pack_inner`...
- [#&#8203;31199](numpy/numpy#31199): BUG: f2py map complex\_long\_double to NPY\_CLONGDOUBLE
- [#&#8203;31205](numpy/numpy#31205): MAINT: f2py: Stop setting re.\_MAXCACHE to 50.
- [#&#8203;31206](numpy/numpy#31206): BUG: fix heap buffer overflow in timedelta to string casts
- [#&#8203;31207](numpy/numpy#31207): MAINT: Rename ppc64le and s390x workflow ([#&#8203;31121](numpy/numpy#31121))
- [#&#8203;31208](numpy/numpy#31208): BUG: Fix matvec/vecmat in-place aliasing (out=input produces...
- [#&#8203;31209](numpy/numpy#31209): TYP: `tile`: accept numpy scalars and arrays as second argument...
- [#&#8203;31211](numpy/numpy#31211): DEP: Undo deprecation for np.dtype() signature used by old pickles...
- [#&#8203;31212](numpy/numpy#31212): REV: Manual revert of float16 svml use ([#&#8203;31178](numpy/numpy#31178))
- [#&#8203;31222](numpy/numpy#31222): TYP: `ix_` fix for boolean and non-1d input ([#&#8203;31218](numpy/numpy#31218))
- [#&#8203;31329](numpy/numpy#31329): BUG: incorrect temp elision for new-style (NEP 43) user-defined...
- [#&#8203;31330](numpy/numpy#31330): TYP: fix sliding\_window\_view axis parameter typing
- [#&#8203;31335](numpy/numpy#31335): BUG: Prevent deadlock due to downstream importing NumPy in dlopen...
- [#&#8203;31336](numpy/numpy#31336): BUG: Fix segfault in nditer.multi\_index when \_\_getitem\_\_ raises...
- [#&#8203;31338](numpy/numpy#31338): TYP: Fix ruff lint error
- [#&#8203;31357](numpy/numpy#31357): BUG: fix memory leak in np.zeros when fill-zero loop raises ([#&#8203;31320](numpy/numpy#31320))
- [#&#8203;31358](numpy/numpy#31358): BUG: np.einsum() fails with a 0-dimensional out argument and...
- [#&#8203;31379](numpy/numpy#31379): BUG: Fix signed overflow issue in npy\_gcd for INT\_MIN on s390x...
- [#&#8203;31383](numpy/numpy#31383): CI: remove Cirrus CI FreeBSD job ([#&#8203;31380](numpy/numpy#31380))
- [#&#8203;31390](numpy/numpy#31390): BUILD: newer MKL uses so.3
- [#&#8203;31391](numpy/numpy#31391): BLD/MAINT: improve support for Intel LLVM compilers
- [#&#8203;31401](numpy/numpy#31401): BUG: Avoid UB in [safe]()\[add,sub,mul] helpers ([#&#8203;31396](numpy/numpy#31396))
- [#&#8203;31402](numpy/numpy#31402): BUG: exclude \_\_pycache\_\_ directories from wheels ([#&#8203;31397](numpy/numpy#31397))
- [#&#8203;31404](numpy/numpy#31404): TYP: `_NestedSequence` type parameter default to work around...
- [#&#8203;31426](numpy/numpy#31426): TYP: Fix `DTypeLike` runtime type-checker support ([#&#8203;31425](numpy/numpy#31425))

</details>

<details>
<summary>pydantic/pydantic-settings (pydantic-settings)</summary>

### [`v2.14.2`](https://github.com/pydantic/pydantic-settings/releases/tag/v2.14.2)

[Compare Source](pydantic/pydantic-settings@v2.14.1...v2.14.2)

#### What's Changed

This is a security patch release.

- Prevent `NestedSecretsSettingsSource` from following symlinks outside `secrets_dir` by [@&#8203;hramezani](https://github.com/hramezani) in [#&#8203;889](pydantic/pydantic-settings#889)
- Prepare release 2.14.2 by [@&#8203;hramezani](https://github.com/hramezani) in [#&#8203;890](pydantic/pydantic-settings#890)

##### Security

Fixes [GHSA-4xgf-cpjx-pc3j](GHSA-4xgf-cpjx-pc3j): `NestedSecretsSettingsSource` with `secrets_nested_subdir=True` could follow a symbolic link inside `secrets_dir` pointing outside it, reading out-of-tree files into settings values and bypassing the `secrets_dir_max_size` cap. Affected versions: `>= 2.12.0, < 2.14.2`.

**Full Changelog**: <pydantic/pydantic-settings@v2.14.1...v2.14.2>

### [`v2.14.1`](https://github.com/pydantic/pydantic-settings/releases/tag/v2.14.1)

[Compare Source](pydantic/pydantic-settings@v2.14.0...v2.14.1)

#### What's Changed

- Bump the python-packages group with 4 updates by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;850](pydantic/pydantic-settings#850)
- Bump the python-packages group with 5 updates by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;854](pydantic/pydantic-settings#854)
- Bump the github-actions group with 3 updates by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;853](pydantic/pydantic-settings#853)
- Bump the python-packages group with 2 updates by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;856](pydantic/pydantic-settings#856)
- Fix field named `cls` conflicting with classmethod parameter by [@&#8203;hramezani](https://github.com/hramezani) in [#&#8203;858](pydantic/pydantic-settings#858)
- Prepare release 2.14.1 by [@&#8203;hramezani](https://github.com/hramezani) in [#&#8203;859](pydantic/pydantic-settings#859)

**Full Changelog**: <pydantic/pydantic-settings@v2.14.0...v2.14.1>

</details>

<details>
<summary>Kludex/python-multipart (python-multipart)</summary>

### [`v0.0.32`](https://github.com/Kludex/python-multipart/blob/HEAD/CHANGELOG.md#0032-2026-06-04)

[Compare Source](Kludex/python-multipart@0.0.31...0.0.32)

- Speed up partial-boundary scanning for CR/LF-dense part data [#&#8203;300](Kludex/python-multipart#300).

### [`v0.0.31`](https://github.com/Kludex/python-multipart/blob/HEAD/CHANGELOG.md#0031-2026-06-04)

[Compare Source](Kludex/python-multipart@0.0.30...0.0.31)

- Speed up multipart header parsing and callback dispatch [#&#8203;295](Kludex/python-multipart#295).
- Bound header field name size before validating [#&#8203;296](Kludex/python-multipart#296).
- Validate `Content-Length` is non-negative in `parse_form` [#&#8203;297](Kludex/python-multipart#297).

### [`v0.0.30`](https://github.com/Kludex/python-multipart/blob/HEAD/CHANGELOG.md#0030-2026-05-31)

[Compare Source](Kludex/python-multipart@0.0.29...0.0.30)

- Parse `application/x-www-form-urlencoded` bodies per the WHATWG URL standard, treating only `&` as a field separator [#&#8203;290](Kludex/python-multipart#290).
- Ignore RFC 2231/5987 extended parameters (`name*`, `filename*`) in `parse_options_header`, keeping the plain parameter authoritative per [RFC 7578 §4.2](https://datatracker.ietf.org/doc/html/rfc7578#section-4.2) [#&#8203;291](Kludex/python-multipart#291).

### [`v0.0.29`](https://github.com/Kludex/python-multipart/blob/HEAD/CHANGELOG.md#0029-2026-05-17)

[Compare Source](Kludex/python-multipart@0.0.28...0.0.29)

- Handle malformed RFC 2231 continuations in `parse_options_header` [#&#8203;270](Kludex/python-multipart#270).

### [`v0.0.28`](https://github.com/Kludex/python-multipart/blob/HEAD/CHANGELOG.md#0028-2026-05-10)

[Compare Source](Kludex/python-multipart@0.0.27...0.0.28)

- Speed up partial-boundary tail scan via `bytes.find` [#&#8203;281](Kludex/python-multipart#281).
- Cap multipart boundary length at 256 bytes [#&#8203;282](Kludex/python-multipart#282).

### [`v0.0.27`](https://github.com/Kludex/python-multipart/blob/HEAD/CHANGELOG.md#0027-2026-04-27)

[Compare Source](Kludex/python-multipart@0.0.26...0.0.27)

- Add multipart header limits [#&#8203;267](Kludex/python-multipart#267).
- Pass parse offsets via constructors [#&#8203;268](Kludex/python-multipart#268).

### [`v0.0.26`](https://github.com/Kludex/python-multipart/blob/HEAD/CHANGELOG.md#0026-2026-04-10)

[Compare Source](Kludex/python-multipart@0.0.25...0.0.26)

- Skip preamble before the first multipart boundary more efficiently [#&#8203;262](Kludex/python-multipart#262).
- Silently discard epilogue data after the closing multipart boundary [#&#8203;259](Kludex/python-multipart#259).

### [`v0.0.25`](https://github.com/Kludex/python-multipart/blob/HEAD/CHANGELOG.md#0025-2026-04-10)

[Compare Source](Kludex/python-multipart@0.0.24...0.0.25)

- Add MIME content type info to `File` [#&#8203;143](Kludex/python-multipart#143).
- Handle CTE values case-insensitively [#&#8203;258](Kludex/python-multipart#258).
- Remove custom `FormParser` classes [#&#8203;257](Kludex/python-multipart#257).
- Add `UPLOAD_DELETE_TMP` to `FormParser` config [#&#8203;254](Kludex/python-multipart#254).
- Emit `field_end` for trailing bare field names on finalize [#&#8203;230](Kludex/python-multipart#230).
- Handle multipart headers case-insensitively [#&#8203;252](Kludex/python-multipart#252).
- Apply Apache-2.0 properly [#&#8203;247](Kludex/python-multipart#247).

### [`v0.0.24`](https://github.com/Kludex/python-multipart/blob/HEAD/CHANGELOG.md#0024-2026-04-05)

[Compare Source](Kludex/python-multipart@0.0.23...0.0.24)

- Validate `chunk_size` in `parse_form()` [#&#8203;244](Kludex/python-multipart#244).

### [`v0.0.23`](https://github.com/Kludex/python-multipart/blob/HEAD/CHANGELOG.md#0023-2026-04-05)

[Compare Source](Kludex/python-multipart@0.0.22...0.0.23)

- Remove unused `trust_x_headers` parameter and `X-File-Name` fallback [#&#8203;196](Kludex/python-multipart#196).
- Return processed length from `QuerystringParser._internal_write` [#&#8203;229](Kludex/python-multipart#229).
- Cleanup metadata dunders from `__init__.py` [#&#8203;227](Kludex/python-multipart#227).

</details>

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box

---

This MR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMTAuMTYiLCJ1cGRhdGVkSW5WZXIiOiI0My4yNDYuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIiwicmVub3ZhdGUiXX0=-->

See merge request swiss-armed-forces/cyber-command/cea/loom!460

Co-authored-by: Loom MR Pipeline Trigger <group_103951964_bot_9504bb8dead6d4e406ad817a607f24be@noreply.gitlab.com>
Co-authored-by: shrewd-laidback palace <shrewd-laidback-palace-736-c41-2c1-e464fc974@swiss-armed-forces-open-source.ch>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant