Bump the pip group across 3 directories with 12 updates by dependabot[bot] · Pull Request #989 · eidolon-ai/eidolon

dependabot · 2026-03-30T18:25:46Z

Bumps the pip group with 1 update in the /browser-service directory: python-multipart.
Bumps the pip group with 8 updates in the /scripts directory:

Package	From	To
authlib	`1.3.1`	`1.6.9`
cryptography	`43.0.0`	`46.0.6`
ecdsa	`0.19.0`	`0.19.2`
nltk	`3.9.1`	`3.9.4`
orjson	`3.10.6`	`3.11.6`
protobuf	`4.25.3`	`5.29.6`
pyasn1	`0.6.0`	`0.6.3`
requests	`2.32.3`	`2.33.0`

Bumps the pip group with 12 updates in the /sdk directory:

Package	From	To
python-multipart	`0.0.7`	`0.0.22`
authlib	`1.3.2`	`1.6.9`
cryptography	`43.0.0`	`46.0.6`
deepdiff	`8.0.1`	`8.6.2`
ecdsa	`0.19.0`	`0.19.2`
nltk	`3.9.1`	`3.9.4`
orjson	`3.10.7`	`3.11.6`
pillow	`10.4.0`	`12.1.1`
protobuf	`4.25.4`	`5.29.6`
pyasn1	`0.6.0`	`0.6.3`
requests	`2.32.3`	`2.33.0`
unstructured	`0.14.10`	`0.18.18`

Updates python-multipart from 0.0.19 to 0.0.22

Release notes

Sourced from python-multipart's releases.

Version 0.0.22

What's Changed

Drop directory path from filename in File 9433f4b.

Full Changelog: Kludex/python-multipart@0.0.21...0.0.22

Version 0.0.21

What's Changed

Add support for Python 3.14 and drop EOL 3.8 and 3.9 by @hugovk in Kludex/python-multipart#216

New Contributors

@waketzheng made their first contribution in Kludex/python-multipart#203

Full Changelog: Kludex/python-multipart@0.0.20...0.0.21

Version 0.0.20

What's Changed

Handle messages containing only end boundary, fixes #38 by @jhnstrk in Kludex/python-multipart#142

New Contributors

@Mr-Sunglasses made their first contribution in Kludex/python-multipart#185

Full Changelog: Kludex/python-multipart@0.0.19...0.0.20

Changelog

Sourced from python-multipart's changelog.

0.0.22 (2026-01-25)

Drop directory path from filename in File 9433f4b.

0.0.21 (2025-12-17)

Add support for Python 3.14 and drop EOL 3.8 and 3.9 #216.

0.0.20 (2024-12-16)

Handle messages containing only end boundary #142.

Commits

bea7bbb Version 0.0.22 (#222)
0fb59a9 chore: add return type on test (#221)
9433f4b Merge commit from fork
d5c91ec Bump the github-actions group with 2 updates (#219)
5a90631 bump uv (#218)
1f72955 Version 0.0.21 (#217)
47ecfed Add support for Python 3.14 and drop EOL 3.8 and 3.9 (#216)
f18b709 Bump the github-actions group across 1 directory with 4 updates (#214)
b388e9a chore: use depedency-groups in pyproject.toml (#212)
6113e75 Bump the github-actions group across 1 directory with 3 updates (#210)
Additional commits viewable in compare view

Updates authlib from 1.3.1 to 1.6.9

Release notes

Sourced from authlib's releases.

v1.6.9

Full Changelog: authlib/authlib@v1.6.8...v1.6.9

Changes in jose module

Not using header's jwk automatically

Add ES256K into default jwt algorithms

Remove deprecated algorithm from default registry

Generate random cek when cek length doesn't match

v1.6.8

Full Changelog: authlib/authlib@v1.6.7...v1.6.8

Add EdDSA to default jwt instance.

v1.6.7

Full Changelog: authlib/authlib@v1.6.6...v1.6.7

Set supported algorithms for the default jwt instance.

v1.6.6

What's Changed

fix(ClientAuth): fix incorrect signature when Content-Type is x-www-form-urlencoded by @shc261392 in authlib/authlib#778

Fix: Use expires_in when expires_at is unparsable by @bendavis78 in authlib/authlib#842

get_jwt_config takes a client parameter. by @azmeuk in authlib/authlib#844

New Contributors

@shc261392 made their first contribution in authlib/authlib#778

@bendavis78 made their first contribution in authlib/authlib#842

Full Changelog: authlib/authlib@v1.6.5...v1.6.6

v1.6.5

What's Changed

Add a request param to RFC7591 generate_client_info and generate_client_secret methods by @azmeuk in authlib/authlib#825

feat: support list params in prepare_grant_uri by @lisongmin in authlib/authlib#827

chore(deps): bump SonarSource/sonarqube-scan-action from 5 to 6 in /.github/workflows by @dependabot[bot] in authlib/authlib#828

fix(jose): add max size for JWE zip=DEF decompression by @lepture in authlib/authlib#830

New Contributors

@lisongmin made their first contribution in authlib/authlib#827

@dependabot[bot] made their first contribution in authlib/authlib#828

Full Changelog: authlib/authlib@v1.6.4...v1.6.5

v1.6.4

What's Changed

fix(jose): prevent public/unprotected header overwriting protected header by @lepture in authlib/authlib#809

Fix InsecureTransportError raising by @azmeuk in authlib/authlib#810

Add conventional-commits pre-commit hook by @azmeuk in authlib/authlib#811

... (truncated)

Commits

9266eaa chore: release 1.6.9
b9bb2b2 fix(oidc): fail close at validating c_hash and at_hash
1b0a1d9 fix(jose): generate random cek when cek length doesn't match
5be3c51 fix(jose): add ES256K into default jwt algorithms
48b345f fix(jose): remove deprecated algorithm from default registry
a5d4b2d fix(jose): do not use header's jwk automatically
a769f34 chore: release 1.6.8
84f3fa2 fix: add EdDSA to default jwt algorithms
38e872a chore: release 1.6.7
b87c32e fix: remove "none" algorithm from default jwt instance
Additional commits viewable in compare view

Updates cryptography from 43.0.0 to 46.0.6

Changelog

Sourced from cryptography's changelog.

46.0.6 - 2026-03-25
* **SECURITY ISSUE**: Fixed a bug where name constraints were not applied
  to peer names during verification when the leaf certificate contains a
  wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,
  including those used by the Web PKI. Credit to **Oleh Konko (1seal)** for
  reporting the issue. **CVE-2026-34073**
.. _v46-0-5:
46.0.5 - 2026-02-10
An attacker could create a malicious public key that reveals portions of your private key when using certain uncommon elliptic curves (binary curves). This version now includes additional security checks to prevent this attack. This issue only affects binary elliptic curves, which are rarely used in real-world applications. Credit to XlabAI Team of Tencent Xuanwu Lab and Atuin Automated Vulnerability Discovery Engine for reporting the issue. CVE-2026-26007

Support for SECT* binary elliptic curves is deprecated and will be removed in the next release.

.. v46-0-4:

46.0.4 - 2026-01-27
* `Dropped support for win_arm64 wheels`_.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.
.. _v46-0-3:
46.0.3 - 2025-10-15
Fixed compilation when using LibreSSL 4.2.0.

.. _v46-0-2:

46.0.2 - 2025-09-30
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.4.
.. _v46-0-1:
46.0.1 - 2025-09-16

... (truncated)

Commits

91d7288 Cherry-pick #14542 (#14543)
06e120e bump version for 46.0.5 release (#14289)
0eebb9d EC check key on cofactor > 1 (#14287)
bedf6e1 fix openssl version on 46 branch (#14220)
e6f44fc bump for 46.0.4 and drop win arm64 due to CI issues (#14217)
c0af4dd release 46.0.3 (#13681)
99efe5a bump version for 46.0.2 (#13531)
e735cfc release 46.0.1 (#13450)
4e457ff Explicitly specify python in mac uv build invocation (#13447)
2726efd Depend on CFFI 2.0.0 or newer on Python > 3.8 (#13448)
Additional commits viewable in compare view

Updates ecdsa from 0.19.0 to 0.19.2

Release notes

Sourced from ecdsa's releases.

0.19.2

Bug fixes:

Fix CVE-2026-33936, a DER parsing issue in remove_octet_string(), remove_constructed(), and remove_implitic() where a truncated buffer wasn't detected. This can lead to high level functions, like SigningKey.from_der() to raise unexpected exceptions. (Mohamed Abdelaal (0xmrma))

Maintenance:

Update CI to use newer version of Ubuntu.

ecdsa 0.19.1

New API:

der.remove_implicit and der.encode_implicit for decoding and encoding DER IMPLICIT values with custom tag values and arbitrary classes

Bug fixes:

Minor fixes around arithmetic with curves that have non-prime order (useful for experimentation, not practical deployments)

Fix arithmetic to work with curves that have (0, 0) on the curve

Fix canonicalization of signatures when s is just slightly above half of curve order

Maintenance:

Dropped official support for Python 3.5 (again, issues with CI, support for Python 2.6 and Python 2.7 is unchanged)

Officially support Python 3.12 and 3.13 (add them to CI)

Removal of few more unnecessary six.b literals (Alexandre Detiste)

Fix typos in warning messages

Changelog

Sourced from ecdsa's changelog.

Release 0.19.2 (26 Mar 2026)

Bug fixes:

Fix CVE-2026-33936, a DER parsing issue in remove_octet_string(), remove_constructed(), and remove_implitic() where a truncated buffer wasn't detected. This can lead to high level functions, like SigningKey.from_der() to raise unexpected exceptions. (Mohamed Abdelaal (0xmrma))

Maintenance:

Update CI to use newer version of Ubuntu.

Release 0.19.1 (13 Mar 2025)

New API:

der.remove_implitic and der.encode_implicit for decoding and encoding DER IMPLICIT values with custom tag values and arbitrary classes

Bug fixes:

Minor fixes around arithmetic with curves that have non-prime order (useful for experimentation, not practical deployments)

Fix arithmetic to work with curves that have (0, 0) on the curve

Fix canonicalization of signatures when s is just slightly above half of curve order

Maintenance:

Dropped official support for Python 3.5 (again, issues with CI, support for Python 2.6 and Python 2.7 is unchanged)

Officialy support Python 3.12 and 3.13 (add them to CI)

Removal of few more unnecessary six.b literals (Alexandre Detiste)

Fix typos in warning messages

Release 0.19.0 (08 Apr 2024)

New API:

to_ssh in VerifyingKey and SigningKey, supports Ed25519 keys only (Pablo Mazzini)

New features:

Support for twisted Brainpool curves

Doc fix:

Fix curve equation in glossary

Documentation for signature encoding and signature decoding functions

Maintenance:

Dropped official support for 3.3 and 3.4 (because of problems running them in CI, not because it's actually incompatible; support for 2.6 and 2.7 is

... (truncated)

Commits

bd66899 Merge commit from fork
9c046ee tests: reject truncated DER lengths
acc40fd der: reject truncated lengths in octet/implicit/constructed
55aca78 Merge pull request #363 from gstarovo/ubuntu20-deprecation
c4f0df1 chore: change to ubuntu-22 since u-20 is deprecated
2a6593d Merge pull request #359 from tlsfuzzer/release-0.19.1
658ddc8 add release notes for 0.19.1 release
3c5df06 Merge pull request #358 from tlsfuzzer/high-s-values
b6d43c6 use integer division for canonicalization of signatures
aa81ba3 Merge pull request #357 from tlsfuzzer/new-badge
Additional commits viewable in compare view

Updates nltk from 3.9.1 to 3.9.4

Changelog

Sourced from nltk's changelog.

Version 3.9.4 2026-03-24

Support Python 3.14

Fix bug in Levenshtein distance when substitution_cost > 2

Fix bug in Treebank detokeniser re quote ordering

Fix bug in Jaro similarity for empty strings

Several security enhancements

Fix GHSA-rf74-v2fm-23pw: unbounded recursion in JSONTaggedDecoder

Implement TextTiling vocabulary introduction method (Hearst 1997)

Fix ALINE feature matrix errors and add comprehensive tests

Support multiple VerbNet versions, fix longid/shortid regex for VerbNet ids

Let downloader fallback to md5 when sha256 is unavailable

Several other minor bugfixes and code cleanups

Thanks to the following contributors to 3.9.4: Min-Yen Kan, Eric Kafe, Emily Voss, bowiechen, Hrudhai01, jancallewaert, Mr-Neutr0n, pollak.peter89, ylwango613,

Version 3.9.3 2026-02-21

Fix CVE-2025-14009: secure ZIP extraction in nltk.downloader (#3468)

Block path traversal/arbitrary reads in nltk.data for protocol-less refs (#3467)

Block path traversal/abs paths in corpus readers and FS pointers (#3479, #3480)

Validate external StanfordSegmenter JARs using SHA256 (#3477)

Add optional sandbox enforcement for filestring() (#3485)

Maintenance: downloader/zipped models, CI/tooling updates

Thanks to the following contributors to 3.9.3: Chris Clauss, Eric Kafe, HyperPS, purificant, Shivansh-Game, Christopher Smith

Version 3.9.2 2025-10-01

Update download checksums to use SHA256 in built index

Fix percentage escape in new-style string formatting

replace shortened URLs using goo.gl

Make Wordnet interoperable with various taggers and tagged corpora

Fix saving PerceptronTagger

Document how to reproduce old Wordnet studies

properly initialize Portuguese corpus reader

support for mixed rules conversion into Chomsky Normal Form

only import tkinter if a GUI is needed

issue #2112 with Corenlp

new environment variable NLTK_DOWNLOADER_FORCE_INTERACTIVE_SHELL

Lesk defaults to most frequent sense in case of ties

Thanks to the following contributors to 3.9.2: Jose Cols, Peter de Blanc, GeneralPoxter, Eric Kafe, William LaCroix, Jason Liu, Samer Masterson, Mike014, purificant, Andrew Ernest Ritz, samertm, Ikram Ul Haq, Christopher Smith, Ryan Mannion

Version 3.9.1 2024-08-19

... (truncated)

Commits

ad9c96b Update copyright year
7edcddf Updates for 3.9.4 release
67a2736 Merge pull request #3180 from yzhaoinuw/bug-on-edit_distance_align
2b17ac5 Fix edit_distance_align backtrace for high substitution costs
4b72976 Merge pull request #3018 from JuanIMartinezB/bug/shortid-longid
8a5619f Merge pull request #3222 from Syzygy2048/feature/texttiling-vocabulary-introd...
c6574d7 Merge pull request #3289 from ihitamandal/codeflash/optimize-windowdiff-2024-...
98ff5d9 Merge pull request #3435 from Hrudhai01/fix-3260-detokenize-quotes
aec4fce Merge pull request #3522 from ekaf/pathsec
eec4ee3 Merge pull request #3526 from nltk/update-contributing
Additional commits viewable in compare view

Updates orjson from 3.10.6 to 3.11.6

Release notes

Sourced from orjson's releases.

3.11.6

Changed

orjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).

Drop support for Python 3.9.

ABI compatibility with CPython 3.15 alpha 5.

Build now depends on Rust 1.89 or later instead of 1.85.

Fixed

Fix sporadic crash serializing deeply nested list of dict.

3.11.5

Changed

Show simple error message instead of traceback when attempting to build on unsupported Python versions.

3.11.4

Changed

ABI compatibility with CPython 3.15 alpha 1.

Publish PyPI wheels for 3.14 and manylinux i686, manylinux arm7, manylinux ppc64le, manylinux s390x.

Build now requires a C compiler.

3.11.3

Fixed

Fix PyPI project metadata when using maturin 1.9.2 or later.

3.11.2

Fixed

Fix build using Rust 1.89 on amd64.

Changed

Build now depends on Rust 1.85 or later instead of 1.82.

3.11.1

Changed

Publish PyPI wheels for CPython 3.14.

Fixed

Fix str on big-endian architectures.

3.11.0

... (truncated)

Changelog

Sourced from orjson's changelog.

3.11.6 - 2026-01-29

Changed

orjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).

Drop support for Python 3.9.

ABI compatibility with CPython 3.15 alpha 5.

Build now depends on Rust 1.89 or later instead of 1.85.

Fixed

Fix sporadic crash serializing deeply nested list of dict.

3.11.5 - 2025-12-06

Changed

Show simple error message instead of traceback when attempting to build on unsupported Python versions.

3.11.4 - 2025-10-24

Changed

ABI compatibility with CPython 3.15 alpha 1.

Publish PyPI wheels for 3.14 and manylinux i686, manylinux arm7, manylinux ppc64le, manylinux s390x.

Build now requires a C compiler.

3.11.3 - 2025-08-26

Fixed

Fix PyPI project metadata when using maturin 1.9.2 or later.

3.11.2 - 2025-08-12

Fixed

Fix build using Rust 1.89 on amd64.

Changed

Build now depends on Rust 1.85 or later instead of 1.82.

... (truncated)

Commits

ec02024 3.11.6
d581687 build, clippy misc
4105b29 writer::num
62bb185 Fix sporadic crash on serializing object close
d860078 PyRef idiom refactors
343ae2f Deserializer, Utf8Buffer
7835f58 PyBytesRef and other input refactor
71e0516 PyStrRef
1096df4 MSRV 1.89
b718e75 Drop support for python3.9
Additional commits viewable in compare view

Updates protobuf from 4.25.3 to 5.29.6

Release notes

Sourced from protobuf's releases.

Protocol Buffers v34.0-rc1

Announcements

This version includes breaking changes to: C++, Objective-C, PHP, Python.

[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (protocolbuffers/protobuf@0a5c2f6)

[C++] Make generator headers private (protocolbuffers/protobuf@3a2af35)

[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (protocolbuffers/protobuf@7a75898)

[C++] Add [[nodiscard]] to many APIs. (protocolbuffers/protobuf@a70115f)

[C++] Make the arena-enabled constructors of RepeatedField, RepeatedPtrField, and Map private. (protocolbuffers/protobuf@ef890c3)

[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (protocolbuffers/protobuf@b76faa9)

[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (protocolbuffers/protobuf@b115358)

[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (protocolbuffers/protobuf@68346ec)

[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (protocolbuffers/protobuf@837a2cd)

[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() && !is_repeated()) instead (protocolbuffers/protobuf@9dbc5d4)

[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (protocolbuffers/protobuf@c301c2c)

[C++] All entity names have length limit (2afb0dc)

[ObjC] Remove generate_minimal_imports generation option warning (protocolbuffers/protobuf@45b1297)

[ObjC] Fix nullability annotations on some GPB*Dictionary types. (protocolbuffers/protobuf@ea67d6d)

[ObjC] Remove -[GPBFieldDescriptor optional] (protocolbuffers/protobuf@3414dc1)

[Other] Remove deprecated flag for enabling MSVC support (protocolbuffers/protobuf@97c979b)

[PHP] Remove deprecated PHP APIs (protocolbuffers/protobuf@9c45014)

[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (protocolbuffers/protobuf@4208121, protocolbuffers/protobuf@cd76e67, protocolbuffers/protobuf@4208121)

[PHP] Add PHP typehints for setters and remove redundant GPBUtil checks (protocolbuffers/protobuf#25296) (protocolbuffers/protobuf@aee03b7)

[PHP] support default values for editions/proto2 (protocolbuffers/protobuf#25161) (protocolbuffers/protobuf@b01099d)

[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (protocolbuffers/protobuf@5b116fe)

[Python] Remove float_format/double_format from python proto text_format (protocolbuffers/protobuf@e4854a1)

[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (protocolbuffers/protobuf@00aaca1)

[Python] Remove float_precision from python proto json_format (protocolbuffers/protobuf@f027f1f)

[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (protocolbuffers/protobuf@b76faa9)

[Python] Remove deprecated FieldDescriptor.label (protocolbuffers/protobuf@0a8ff55)

[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (protocolbuffers/protobuf@c301c2c)

Protobuf News may include additional announcements or pre-announcements for upcoming changes.

Migration Guide may include additional guidance for breaking changes.

Bazel

Fix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (#25168) (protocolbuffers/protobuf@8c857c3)

Breaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (protocolbuffers/protobuf@0a5c2f6)

Feat(bazel): wire up prebuilt protoc toolchain (#24115) (protocolbuffers/protobuf@cc23698)

Migrate proto_descriptor_set (#23369) (protocolbuffers/protobuf@8d4dfdd)

Compiler

Ruby codegen: support generation of rbs files (#15633) (protocolbuffers/protobuf@6ebdf85)

Avoid collision name problems between a message named Xyz and a direct sibling enum named XyzView (protocolbuffers/protobuf@eba53e8)

Generalizing and implementing ValidateFeatureSupport for both Options and Features during proto parsing (protocolbuffers/protobuf@ed3c571)

Fix a bug with custom features outside of the pb package. (protocolbuffers/protobuf@872d3ce)

Fix import option handling when include_imports isn't set. (protocolbuffers/protobuf@9ef9e80)

Fix a bug in STRICT check of namespaced enums to properly check for 'reserved 1 to max' (protocolbuffers/protobuf@1229d4a)

Prevent accidental stripping of debug_redact options via import option. (protocolbuffers/protobuf@f58b098)

C++

Add EnumerateEnumValues function. (protocolbuffers/protobuf@397d5d9)

... (truncated)

Commits

See full diff in compare view

Updates pyasn1 from 0.6.0 to 0.6.3

Release notes

Sourced from pyasn1's releases.

Release 0.6.3

It's a minor release.

Added nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (CVE-2026-30922).

Fixed OverflowError from oversized BER length field.

Fixed DeprecationWarning stacklevel for deprecated attributes.

Fixed asDateTime incorrect fractional seconds parsing.

All changes are noted in the CHANGELOG.

Release 0.6.2

It's a minor release.

Fixed continuation octet limits in OID/RELATIVE-OID decoder (CVE-2026-23490).

Added support for Python 3.14.

Added SECURITY.md policy.

Migrated to pyproject.toml packaging.

All changes are noted in the CHANGELOG.

Release 0.6.1

It's a minor release.

Added support for Python 3.13.

Cleaned Python 2-related code.

Removed bdist_wheel universal flag from setup.cfg.

All changes are noted in the CHANGELOG.

Changelog

Sourced from pyasn1's changelog.

Revision 0.6.3, released 16-03-2026

CVE-2026-30922 (GHSA-jr27-m4p2-rc6r): Added nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (thanks for reporting, romanticpragmatism)

Fixed OverflowError from oversized BER length field [issue #54](pyasn1/pyasn1#54) [pr #100](pyasn1/pyasn1#100)

Fixed DeprecationWarning stacklevel for deprecated attributes [issue #86](pyasn1/pyasn1#86) [pr #101](pyasn1/pyasn1#101)

Fixed asDateTime incorrect fractional seconds parsing [issue #81](pyasn1/pyasn1#81) [pr #102](pyasn1/pyasn1#102)

Revision 0.6.2, released 16-01-2026

CVE-2026-23490 (GHSA-63vm-454h-vhhq): Fixed continuation octet limits in OID/RELATIVE-OID decoder (thanks to tsigouris007)

Added support for Python 3.14 [pr #97](pyasn1/pyasn1#97)

Added SECURITY.md policy

Fixed unit tests failing due to missing code [issue #91](pyasn1/pyasn1#91) [pr #92](pyasn1/pyasn1#92)

Migrated to pyproject.toml packaging [pr #90](pyasn1/pyasn1#90)

Revision 0.6.1, released 10-09-2024

Added support for Python 3.13 and updated GitHub Actions [pr #73](pyasn1/pyasn1#73)

Removed Python 2 support and related code [pr #62](pyasn1/pyasn1#62) [pr #61](pyasn1/pyasn1#61) [pr #60](pyasn1/pyasn1#60)

Improved error handling and consistency [pr #71](pyasn1/pyasn1#71) [pr #70](pyasn1/pyasn1#70)

Runtime deprecation of tagMap and typeMap aliases [pr #72](pyasn1/pyasn1#72)

Fixed duplicated and missing declarations [pr #64](pyasn1/pyasn1#64)

Cleaned documentation and comments [pr #63](pyasn1/pyasn1#63)

Removed bdist_wheel universal flag from setup.cfg [pr #69](pyasn1/pyasn1#69)

Commits

af65c3b Prepare release 0.6.3
5a49bd1 Merge commit from fork
5494ba4 Fix asDateTime incorrect fractional seconds parsing (#102)
71f486e Fix DeprecationWarning stacklevel for deprecated attributes (#101)
d7cb42d Fix OverflowError from oversized BER length field (#100)
e7356f8 Prepare release 0.6.2
3908f14 Merge commit from fork
0a7e067 Add support for Python 3.14 (#97)
33656e9 Create Security Policy
fa62307 fix for issue #91: unit tests failing due to missing code (#92)
Additional commits viewable in compare view

Updates requests from 2.32.3 to 2.33.0

Release notes

Sourced from requests's releases.

v2.33.0

2.33.0 (2026-03-25)

Announcements

📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

Various typo fixes and doc improvements.

New Contributors

@M0d3v1 made their first contribution in psf/requests#6865

@aminvakil made their first contribution in psf/requests#7220

@E8Price made their first contribution in psf/requests#6960

@mitre88 made their first contribution in psf/requests#7244

@magsen made their first contribution in psf/requests#6553

@Rohan5commit made their first contribution in psf/requests#7227

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25

v2.32.5

2.32.5 (2025-08-18)

Bugfixes

The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

Added support for Python 3.14.

Dropped support for Python 3.8 following its end of support.

v2.32.4

2.32.4 (2025-06-10)

... (truncated)

Changelog

Sourced from requests's changelog.

2.33.0 (2026-03-25)

Announcements

📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

Various typo fixes and doc improvements.

2.32.5 (2025-08-18)

Bugfixes

The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

Added support for Python 3.14.

Dropped support for Python 3.8 following its end of support.

2.32.4 (2025-06-10)

Security

CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.

... (truncated)

Commits

bc04dfd v2.33.0
66d21cb Merge commit from fork
8b9bc8f Move badges to top of README (#7293)
e331a28 Remove unused extraction call (#7292)
753fd08 docs: fix FAQ grammar in httplib2 example
774a0b8 docs(socks): same block as other sections
9c72a41 Bump github/codeql-action from 4.33.0 to 4.34.1
ebf7190 Bump github/codeql-action from 4.32.0 to 4.33.0
0e4ae38 docs: exclude Response.is_permanent_redirect from API docs (#7244)
d568f47 docs: clarify Quickstart POST example (#6960)
Additional commits viewable in compare view

Updates python-multipart from 0.0.7 to 0.0.22

Release notes

Sourced from python-multipart's releases.

Description has been truncated

Bumps the pip group with 1 update in the /browser-service directory: [python-multipart](https://github.com/Kludex/python-multipart). Bumps the pip group with 8 updates in the /scripts directory: | Package | From | To | | --- | --- | --- | | [authlib](https://github.com/authlib/authlib) | `1.3.1` | `1.6.9` | | [cryptography](https://github.com/pyca/cryptography) | `43.0.0` | `46.0.6` | | [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) | `0.19.0` | `0.19.2` | | [nltk](https://github.com/nltk/nltk) | `3.9.1` | `3.9.4` | | [orjson](https://github.com/ijl/orjson) | `3.10.6` | `3.11.6` | | [protobuf](https://github.com/protocolbuffers/protobuf) | `4.25.3` | `5.29.6` | | [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.0` | `0.6.3` | | [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` | Bumps the pip group with 12 updates in the /sdk directory: | Package | From | To | | --- | --- | --- | | [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.7` | `0.0.22` | | [authlib](https://github.com/authlib/authlib) | `1.3.2` | `1.6.9` | | [cryptography](https://github.com/pyca/cryptography) | `43.0.0` | `46.0.6` | | [deepdiff](https://github.com/qlustered/deepdiff) | `8.0.1` | `8.6.2` | | [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) | `0.19.0` | `0.19.2` | | [nltk](https://github.com/nltk/nltk) | `3.9.1` | `3.9.4` | | [orjson](https://github.com/ijl/orjson) | `3.10.7` | `3.11.6` | | [pillow](https://github.com/python-pillow/Pillow) | `10.4.0` | `12.1.1` | | [protobuf](https://github.com/protocolbuffers/protobuf) | `4.25.4` | `5.29.6` | | [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.0` | `0.6.3` | | [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` | | [unstructured](https://github.com/Unstructured-IO/unstructured) | `0.14.10` | `0.18.18` | Updates `python-multipart` from 0.0.19 to 0.0.22 - [Release notes](https://github.com/Kludex/python-multipart/releases) - [Changelog](https://github.com/Kludex/python-multipart/blob/master/CHANGELOG.md) - [Commits](Kludex/python-multipart@0.0.19...0.0.22) Updates `authlib` from 1.3.1 to 1.6.9 - [Release notes](https://github.com/authlib/authlib/releases) - [Commits](authlib/authlib@v1.3.1...v1.6.9) Updates `cryptography` from 43.0.0 to 46.0.6 - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@43.0.0...46.0.6) Updates `ecdsa` from 0.19.0 to 0.19.2 - [Release notes](https://github.com/tlsfuzzer/python-ecdsa/releases) - [Changelog](https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS) - [Commits](tlsfuzzer/python-ecdsa@python-ecdsa-0.19.0...python-ecdsa-0.19.2) Updates `nltk` from 3.9.1 to 3.9.4 - [Changelog](https://github.com/nltk/nltk/blob/develop/ChangeLog) - [Commits](nltk/nltk@3.9.1...3.9.4) Updates `orjson` from 3.10.6 to 3.11.6 - [Release notes](https://github.com/ijl/orjson/releases) - [Changelog](https://github.com/ijl/orjson/blob/master/CHANGELOG.md) - [Commits](ijl/orjson@3.10.6...3.11.6) Updates `protobuf` from 4.25.3 to 5.29.6 - [Release notes](https://github.com/protocolbuffers/protobuf/releases) - [Commits](https://github.com/protocolbuffers/protobuf/commits) Updates `pyasn1` from 0.6.0 to 0.6.3 - [Release notes](https://github.com/pyasn1/pyasn1/releases) - [Changelog](https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst) - [Commits](pyasn1/pyasn1@v0.6.0...v0.6.3) Updates `requests` from 2.32.3 to 2.33.0 - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v2.32.3...v2.33.0) Updates `python-multipart` from 0.0.7 to 0.0.22 - [Release notes](https://github.com/Kludex/python-multipart/releases) - [Changelog](https://github.com/Kludex/python-multipart/blob/master/CHANGELOG.md) - [Commits](Kludex/python-multipart@0.0.19...0.0.22) Updates `authlib` from 1.3.2 to 1.6.9 - [Release notes](https://github.com/authlib/authlib/releases) - [Commits](authlib/authlib@v1.3.1...v1.6.9) Updates `cryptography` from 43.0.0 to 46.0.6 - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@43.0.0...46.0.6) Updates `deepdiff` from 8.0.1 to 8.6.2 - [Release notes](https://github.com/qlustered/deepdiff/releases) - [Changelog](https://github.com/qlustered/deepdiff/blob/master/CHANGELOG.md) - [Commits](qlustered/deepdiff@8.0.1...8.6.2) Updates `ecdsa` from 0.19.0 to 0.19.2 - [Release notes](https://github.com/tlsfuzzer/python-ecdsa/releases) - [Changelog](https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS) - [Commits](tlsfuzzer/python-ecdsa@python-ecdsa-0.19.0...python-ecdsa-0.19.2) Updates `nltk` from 3.9.1 to 3.9.4 - [Changelog](https://github.com/nltk/nltk/blob/develop/ChangeLog) - [Commits](nltk/nltk@3.9.1...3.9.4) Updates `orjson` from 3.10.7 to 3.11.6 - [Release notes](https://github.com/ijl/orjson/releases) - [Changelog](https://github.com/ijl/orjson/blob/master/CHANGELOG.md) - [Commits](ijl/orjson@3.10.6...3.11.6) Updates `pillow` from 10.4.0 to 12.1.1 - [Release notes](https://github.com/python-pillow/Pillow/releases) - [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst) - [Commits](python-pillow/Pillow@10.4.0...12.1.1) Updates `protobuf` from 4.25.4 to 5.29.6 - [Release notes](https://github.com/protocolbuffers/protobuf/releases) - [Commits](https://github.com/protocolbuffers/protobuf/commits) Updates `pyasn1` from 0.6.0 to 0.6.3 - [Release notes](https://github.com/pyasn1/pyasn1/releases) - [Changelog](https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst) - [Commits](pyasn1/pyasn1@v0.6.0...v0.6.3) Updates `requests` from 2.32.3 to 2.33.0 - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v2.32.3...v2.33.0) Updates `unstructured` from 0.14.10 to 0.18.18 - [Release notes](https://github.com/Unstructured-IO/unstructured/releases) - [Changelog](https://github.com/Unstructured-IO/unstructured/blob/main/CHANGELOG.md) - [Commits](Unstructured-IO/unstructured@0.14.10...0.18.18) --- updated-dependencies: - dependency-name: python-multipart dependency-version: 0.0.22 dependency-type: indirect dependency-group: pip - dependency-name: authlib dependency-version: 1.6.9 dependency-type: indirect dependency-group: pip - dependency-name: cryptography dependency-version: 46.0.6 dependency-type: indirect dependency-group: pip - dependency-name: ecdsa dependency-version: 0.19.2 dependency-type: indirect dependency-group: pip - dependency-name: nltk dependency-version: 3.9.4 dependency-type: indirect dependency-group: pip - dependency-name: orjson dependency-version: 3.11.6 dependency-type: indirect dependency-group: pip - dependency-name: protobuf dependency-version: 5.29.6 dependency-type: indirect dependency-group: pip - dependency-name: pyasn1 dependency-version: 0.6.3 dependency-type: indirect dependency-group: pip - dependency-name: requests dependency-version: 2.33.0 dependency-type: direct:production dependency-group: pip - dependency-name: python-multipart dependency-version: 0.0.22 dependency-type: direct:production dependency-group: pip - dependency-name: authlib dependency-version: 1.6.9 dependency-type: direct:production dependency-group: pip - dependency-name: cryptography dependency-version: 46.0.6 dependency-type: indirect dependency-group: pip - dependency-name: deepdiff dependency-version: 8.6.2 dependency-type: indirect dependency-group: pip - dependency-name: ecdsa dependency-version: 0.19.2 dependency-type: indirect dependency-group: pip - dependency-name: nltk dependency-version: 3.9.4 dependency-type: indirect dependency-group: pip - dependency-name: orjson dependency-version: 3.11.6 dependency-type: indirect dependency-group: pip - dependency-name: pillow dependency-version: 12.1.1 dependency-type: direct:production dependency-group: pip - dependency-name: protobuf dependency-version: 5.29.6 dependency-type: indirect dependency-group: pip - dependency-name: pyasn1 dependency-version: 0.6.3 dependency-type: indirect dependency-group: pip - dependency-name: requests dependency-version: 2.33.0 dependency-type: indirect dependency-group: pip - dependency-name: unstructured dependency-version: 0.18.18 dependency-type: direct:production dependency-group: pip ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Mar 30, 2026

dependabot Bot mentioned this pull request Mar 30, 2026

Bump the pip group across 2 directories with 11 updates #988

Closed

vercel Bot deployed to Preview March 30, 2026 18:27 View deployment

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the pip group across 3 directories with 12 updates#989

Bump the pip group across 3 directories with 12 updates#989
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/browser-service/pip-5dc75b891f

dependabot Bot commented on behalf of github Mar 30, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Mar 30, 2026

Version 0.0.22

What's Changed

Version 0.0.21

What's Changed

New Contributors

Version 0.0.20

What's Changed

New Contributors

0.0.22 (2026-01-25)

0.0.21 (2025-12-17)

0.0.20 (2024-12-16)

v1.6.9

Changes in jose module

v1.6.8

v1.6.7

v1.6.6

What's Changed

New Contributors

v1.6.5

What's Changed

New Contributors

v1.6.4

What's Changed

0.19.2

ecdsa 0.19.1

3.11.6

Changed

Fixed

3.11.5

Changed

3.11.4

Changed

3.11.3

Fixed

3.11.2

Fixed

Changed

3.11.1

Changed

Fixed

3.11.0

3.11.6 - 2026-01-29

Changed

Fixed

3.11.5 - 2025-12-06

Changed

3.11.4 - 2025-10-24

Changed

3.11.3 - 2025-08-26

Fixed

3.11.2 - 2025-08-12

Fixed

Changed

Protocol Buffers v34.0-rc1

Announcements

Bazel

Compiler

C++

Release 0.6.3

Release 0.6.2

Release 0.6.1

Revision 0.6.3, released 16-03-2026

Revision 0.6.2, released 16-01-2026

Revision 0.6.1, released 10-09-2024

v2.33.0

2.33.0 (2026-03-25)

New Contributors

v2.32.5

2.32.5 (2025-08-18)

v2.32.4

2.32.4 (2025-06-10)

2.33.0 (2026-03-25)

2.32.5 (2025-08-18)

2.32.4 (2025-06-10)

Uh oh!

Reviewers

Assignees

Labels

Changes in `jose` module