chore: bump the python group across 2 directories with 28 updates

[dependabot]

Bumps the python group with 27 updates in the / directory:

Package	From	To
python-gitlab	4.5.0	6.0.0
flask	3.0.3	3.1.1
kubernetes	30.1.0	33.1.0
gunicorn	22.0.0	23.0.0
requests	2.32.3	2.32.4
pyyaml	6.0.1	6.0.2
urllib3	2.2.2	2.4.0
sentry-sdk	2.5.1	2.30.0
gevent	24.2.1	25.5.1
apispec-webframeworks	1.1.0	1.2.0
webargs	8.4.0	8.7.0
pyjwt	2.8.0	2.10.1
marshmallow	3.21.3	4.0.0
apispec	6.6.1	6.8.2
importlib-metadata	7.1.0	8.7.0
dataconf	3.2.0	3.4.0
python-ulid	2.7.0	3.0.0
cryptography	42.0.8	45.0.4
chartpress	2.2.0	2.3.0
pytest	8.2.2	8.4.0
pre-commit	3.7.1	4.2.0
pytest-cov	5.0.0	6.2.1
pytest-mock	3.14.0	3.14.1
typing-extensions	4.12.2	4.14.0
semver	3.0.2	3.0.4
ruff	0.4.9	0.11.13
responses	0.25.3	0.25.7

Bumps the python group with 11 updates in the /git_services directory:

Package	From	To
gunicorn	22.0.0	23.0.0
pyyaml	6.0.1	6.0.2
urllib3	1.26.19	1.26.20
sentry-sdk	2.5.1	2.30.0
gevent	24.2.1	25.5.1
marshmallow	3.21.3	3.26.1
importlib-metadata	7.1.0	8.7.0
pytest-mock	3.14.0	3.14.1
typing-extensions	4.12.2	4.14.0
ruff	0.4.9	0.11.13
renku	2.9.2	2.9.4

Updates python-gitlab from 4.5.0 to 6.0.0

Release notes

Sourced from python-gitlab's releases.

v6.0.0 (2025-06-04)

This release is published under the LGPL-3.0-or-later License.

Chores

• Add reformat code commit to .git-blame-ignore-revs (a6ac939)

• Reformat code with skip_magic_trailing_comma = true (2100aa4)

• Remove trivial get methods in preparation for generic Get mixin (edd01a5)

• Upgrade to sphinx 8.2.1 and resolve issues (d0b5ae3)

• ci: Replace docs artifact with readthedocs previews (193c5de)

• deps: Update all non-major dependencies (4fef9f6)

• deps: Update all non-major dependencies (78c0c03)

• deps: Update all non-major dependencies (ee6cba1)

• deps: Update all non-major dependencies (e54516f)

• deps: Update all non-major dependencies (159b958)

• deps: Update all non-major dependencies (af137ca)

• deps: Update all non-major dependencies (1a2a68c)

• deps: Update all non-major dependencies (6ad4ce6)

• deps: Update all non-major dependencies (f166928)

• deps: Update all non-major dependencies (1a95981)

• deps: Update all non-major dependencies (451d951)

• deps: Update all non-major dependencies (41eb95d)

• deps: Update all non-major dependencies (37ff25b)

• deps: Update dependency black to v25 (e61157b)

• deps: Update dependency isort to v6 (46dfc50)

• deps: Update dependency jinja2 to v3.1.6 [security] (52bc585)

• deps: Update dependency types-setuptools to v76 (1299440)

... (truncated)

Changelog

Sourced from python-gitlab's changelog.

CHANGELOG

v5.6.0 (2025-01-28)

Features

• group: Add support for group level MR approval rules (304bdd0)

v5.5.0 (2025-01-28)

Chores

• Add deprecation warning for mirror_pull functions (7f6fd5c)

• Relax typing constraints for response action (f430078)

• tests: Catch deprecation warnings (0c1af08)

Documentation

• Add usage of pull mirror (9b374b2)

• Remove old pull mirror implementation (9e18672)

Features

• functional: Add pull mirror test (3b31ade)

• projects: Add pull mirror class (2411bff)

• unit: Add pull mirror tests (5c11203)

v5.4.0 (2025-01-28)

Bug Fixes

• api: Make type ignores more specific where possible (e3cb806)

... (truncated)

Commits

• 8bae3b5 chore: release v6.0.0
• f49d54e chore(deps): update python-semantic-release/python-semantic-release action to...
• 4fef9f6 chore(deps): update all non-major dependencies
• 5a4acab chore(deps): update pre-commit hook maxbrunet/pre-commit-renovate to v40
• 78c0c03 chore(deps): update all non-major dependencies
• da40e09 feat(api): add support for token self-rotation
• 938b0d9 feat(api): add iteration_id as boards create attribute (#3191)
• 203bd92 docs(job_token_scope): fix typo/inconsistency
• a9163a9 feat(settings): implement support for 'silent_mode_enabled'
• ee6cba1 chore(deps): update all non-major dependencies
• Additional commits viewable in compare view

Updates flask from 3.0.3 to 3.1.1

Release notes

Sourced from flask's releases.

3.1.1

This is the Flask 3.1.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Flask/3.1.1/ Changes: https://flask.palletsprojects.com/en/stable/changes/#version-3-1-1 Milestone https://github.com/pallets/flask/milestone/36?closed=1

• Fix signing key selection order when key rotation is enabled via SECRET_KEY_FALLBACKS. GHSA-4grg-w6v8-c28g
• Fix type hint for cli_runner.invoke. #5645
• flask --help loads the app and plugins first to make sure all commands are shown. #5673
• Mark sans-io base class as being able to handle views that return AsyncIterable. This is not accurate for Flask, but makes typing easier for Quart. #5659

3.1.0

This is the Flask 3.1.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.

PyPI: https://pypi.org/project/Flask/3.1.0/ Changes: https://flask.palletsprojects.com/en/stable/changes/#version-3-1-0 Milestone: https://github.com/pallets/flask/milestone/33?closed=1

• Drop support for Python 3.8. #5623
• Update minimum dependency versions to latest feature releases. Werkzeug >= 3.1, ItsDangerous >= 2.2, Blinker >= 1.9. #5624, #5633
• Provide a configuration option to control automatic option responses. #5496
• Flask.open_resource/open_instance_resource and Blueprint.open_resource take an encoding parameter to use when opening in text mode. It defaults to utf-8. #5504
• Request.max_content_length can be customized per-request instead of only through the MAX_CONTENT_LENGTH config. Added MAX_FORM_MEMORY_SIZE and MAX_FORM_PARTS config. Added documentation about resource limits to the security page. #5625
• Add support for the Partitioned cookie attribute (CHIPS), with the SESSION_COOKIE_PARTITIONED config. #5472
• -e path takes precedence over default .env and .flaskenv files. load_dotenv loads default files in addition to a path unless load_defaults=False is passed. #5628
• Support key rotation with the SECRET_KEY_FALLBACKS config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. #5621
• Fix how setting host_matching=True or subdomain_matching=False interacts with SERVER_NAME. Setting SERVER_NAME no longer restricts requests to only that domain. #5553
• Request.trusted_hosts is checked during routing, and can be set through the TRUSTED_HOSTS config. #5636

Changelog

Sourced from flask's changelog.

Version 3.1.1

Released 2025-05-13

• Fix signing key selection order when key rotation is enabled via SECRET_KEY_FALLBACKS. :ghsa:4grg-w6v8-c28g
• Fix type hint for cli_runner.invoke. :issue:5645
• flask --help loads the app and plugins first to make sure all commands are shown. :issue:5673
• Mark sans-io base class as being able to handle views that return AsyncIterable. This is not accurate for Flask, but makes typing easier for Quart. :pr:5659

Version 3.1.0

Released 2024-11-13

• Drop support for Python 3.8. :pr:5623
• Update minimum dependency versions to latest feature releases. Werkzeug >= 3.1, ItsDangerous >= 2.2, Blinker >= 1.9. :pr:5624,5633
• Provide a configuration option to control automatic option responses. :pr:5496
• Flask.open_resource/open_instance_resource and Blueprint.open_resource take an encoding parameter to use when opening in text mode. It defaults to utf-8. :issue:5504
• Request.max_content_length can be customized per-request instead of only through the MAX_CONTENT_LENGTH config. Added MAX_FORM_MEMORY_SIZE and MAX_FORM_PARTS config. Added documentation about resource limits to the security page. :issue:5625
• Add support for the Partitioned cookie attribute (CHIPS), with the SESSION_COOKIE_PARTITIONED config. :issue:5472
• -e path takes precedence over default .env and .flaskenv files. load_dotenv loads default files in addition to a path unless load_defaults=False is passed. :issue:5628
• Support key rotation with the SECRET_KEY_FALLBACKS config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. :issue:5621
• Fix how setting host_matching=True or subdomain_matching=False interacts with SERVER_NAME. Setting SERVER_NAME no longer restricts requests to only that domain. :issue:5553
• Request.trusted_hosts is checked during routing, and can be set through the TRUSTED_HOSTS config. :issue:5636

Commits

• 7fff56f release version 3.1.1
• 73d6504 Merge commit from fork
• cbb6c36 update docs about fallback order
• fb54159 secret key rotation: fix key list ordering
• 941efd4 use uv (#5727)
• 0109e49 use uv
• e785166 Async Iterable Response (#5659)
• 410e5ab Accept AsyncIterable for responses
• bfffe87 add ghsa links
• 73ce26c remove tests about deprecated pkgutil.get_loader (#5702)
• Additional commits viewable in compare view

Updates kubernetes from 30.1.0 to 33.1.0

Release notes

Sourced from kubernetes's releases.

Kubernetes Python Client v33.1.0 Stable Release

Getting started:

pip install --pre --upgrade kubernetes

Or from source, download attached zip file, then

unzip client-python-v33.1.0.zip
cd client-python-v33.1.0
python setup.py install

Then follow examples in https://github.com/kubernetes-client/python/tree/release-33.0/examples

Changelog: https://github.com/kubernetes-client/python/blob/release-33.0/CHANGELOG.md

Kubernetes Python Client v33.1.0 Beta 1 Release

Getting started:

pip install --pre --upgrade kubernetes

Or from source, download attached zip file, then

unzip client-python-v33.1.0b1.zip
cd client-python-v33.1.0b1
python setup.py install

Then follow examples in https://github.com/kubernetes-client/python/tree/release-33.0/examples

Changelog: https://github.com/kubernetes-client/python/blob/release-33.0/CHANGELOG.md

Kubernetes Python Client v33.1.0 Alpha 1 Release

Getting started:

pip install --pre --upgrade kubernetes

Or from source, download attached zip file, then

unzip client-python-v33.1.0a1.zip
cd client-python-v33.1.0a1
</tr></table> 

... (truncated)

Changelog

Sourced from kubernetes's changelog.

v33.1.0

Kubernetes API Version: v1.33.1

v33.1.0b1

Kubernetes API Version: v1.33.1

v33.1.0a1

Kubernetes API Version: v1.33.1

API Change

• A new alpha feature gate, MutableCSINodeAllocatableCount, has been introduced.

  When this feature gate is enabled, the CSINode.Spec.Drivers[*].Allocatable.Count field becomes mutable, and a new field, NodeAllocatableUpdatePeriodSeconds, is available in the CSIDriver object. This allows periodic updates to a node's reported allocatable volume capacity, preventing stateful pods from becoming stuck due to outdated information that kube-scheduler relies on. (kubernetes/kubernetes#130007, @​torredil) [SIG Apps, Node, Scheduling and Storage]

• Added feature gate DRAPartitionableDevices, when enabled, Dynamic Resource Allocation support partitionable devices allocation. (kubernetes/kubernetes#130764, @​cici37) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Scheduling, Storage and Testing]

• Added DRA support for a "one-of" prioritized list of selection criteria to satisfy a device request in a resource claim. (kubernetes/kubernetes#128586, @​mortent) [SIG API Machinery, Apps, Etcd, Node, Scheduling and Testing]

• Added a /flagz endpoint for kubelet endpoint (kubernetes/kubernetes#128857, @​zhifei92) [SIG Architecture, Instrumentation and Node]

• Added a new tolerance field to HorizontalPodAutoscaler, overriding the cluster-wide default. Enabled via the HPAConfigurableTolerance alpha feature gate. (kubernetes/kubernetes#130797, @​jm-franc) [SIG API Machinery, Apps, Autoscaling, Etcd, Node, Scheduling and Testing]

• Added support for configuring custom stop signals with a new StopSignal container lifecycle (kubernetes/kubernetes#130556, @​sreeram-venkitesh) [SIG API Machinery, Apps, Node and Testing]

• Added support for in-place vertical scaling of Pods with sidecars (containers defined within initContainers where the restartPolicy is set to Always). (kubernetes/kubernetes#128367, @​vivzbansal) [SIG API Machinery, Apps, CLI, Node, Scheduling and Testing]

• CPUManager Policy Options support is GA (kubernetes/kubernetes#130535, @​ffromani) [SIG API Machinery, Node and Testing]

• Changed the Pod API to support hugepage resources at spec level for pod-level resources. (kubernetes/kubernetes#130577, @​KevinTMtz) [SIG Apps, CLI, Node, Scheduling, Storage and Testing]

• DRA API: The maximum number of pods that can use the same ResourceClaim is now 256 instead of 32. Downgrading a cluster where this relaxed limit is in use to Kubernetes 1.32.0 is not supported, as version 1.32.0 would refuse to update ResourceClaims with more than 32 entries in the status.reservedFor field. (kubernetes/kubernetes#129543, @​pohly) [SIG API Machinery, Node and Testing]

• DRA: CEL expressions using attribute strings exceeded the cost limit because their cost estimation was incomplete. (kubernetes/kubernetes#129661, @​pohly) [SIG Node]

• DRA: Device taints enable DRA drivers or admins to mark device as unusable, which prevents allocating them. Pods may also get evicted at runtime if a device becomes unusable, depending on the severity of the taint and whether the claim tolerates the taint. (kubernetes/kubernetes#130447, @​pohly) [SIG API Machinery, Apps, Architecture, Auth, Etcd, Instrumentation, Node, Scheduling and Testing]

• DRA: Starting Kubernetes 1.33, only users with access to an admin namespace with the kubernetes.io/dra-admin-access label are authorized to create ResourceClaim or ResourceClaimTemplate objects with the adminAccess field in this admin namespace if they want to and only they can reference these ResourceClaims or ResourceClaimTemplates in their pod or deployment specs. (kubernetes/kubernetes#130225, @​ritazh) [SIG API Machinery, Apps, Auth, Node and Testing]

• DRA: when asking for "All" devices on a node, Kubernetes <= 1.32 proceeded to schedule pods onto nodes with no devices by not allocating any devices for those pods. Kubernetes 1.33 changes that to only picking nodes which have at least one device. Users who want the "proceed with scheduling also without devices" semantic can use the upcoming prioritized list feature with one sub-request for "all" devices and a second alternative with "count: 0". (kubernetes/kubernetes#129560, @​bart0sh) [SIG API Machinery and Node]

• Expanded the on-disk kubelet credential provider configuration to allow an optional tokenAttribute field to be configured. When it is set, the kubelet will provision a token with the given audience bound to the current pod and its service account. This KSA token along with required annotations on the KSA defined in configuration will be sent to the credential provider plugin via its standard input (along with the image information that is already sent today). The KSA annotations to be sent are configurable in the kubelet credential provider configuration. (kubernetes/kubernetes#128372, @​aramase) [SIG API Machinery, Auth, Node and Testing]

• Fixed the example validation rule in godoc:

  When configuring a JWT authenticator:

  If username.expression uses 'claims.email', then 'claims.email_verified' must be used in username.expression or extra[].valueExpression or claimValidationRules[].expression. An example claim validation rule expression that matches the validation automatically applied when username.claim is set to 'email' is 'claims.?email_verified.orValue(true) == true'. By explicitly comparing the value to true, we let type-checking see the result will be a boolean, and to make sure a non-boolean email_verified claim will be caught at runtime. (kubernetes/kubernetes#130875, @​aramase) [SIG Auth and Release]

• For the InPlacePodVerticalScaling feature, the API server will no longer set the resize status to Proposed upon receiving a resize request. (kubernetes/kubernetes#130574, @​natasha41575) [SIG Apps, Node and Testing]

• Graduate the MatchLabelKeys (MismatchLabelKeys) feature in PodAffinity (PodAntiAffinity) to GA (kubernetes/kubernetes#130463, @​sanposhiho) [SIG API Machinery, Apps, Node, Scheduling and Testing]

• Graduated image volume sources to beta:

  • Allowed subPath/subPathExpr for image volumes
  • Added kubelet metrics kubelet_image_volume_requested_total, kubelet_image_volume_mounted_succeed_total and kubelet_image_volume_mounted_errors_total (kubernetes/kubernetes#130135, @​saschagrunert) [SIG API Machinery, Apps, Node and Testing]

• Implemented a new status field, .status.terminatingReplicas, for Deployments and ReplicaSets to track terminating pods. The new field is present when the DeploymentPodReplacementPolicy feature gate is enabled. (kubernetes/kubernetes#128546, @​atiratree) [SIG API Machinery, Apps and Testing]

• Implemented validation for NodeSelectorRequirement values in Kubernetes when creating pods. (kubernetes/kubernetes#128212, @​AxeZhan) [SIG Apps and Scheduling]

• Improved how the API server responds to list requests where the response format negotiates to Protobuf. List responses in Protobuf are marshalled one element at the time, drastically reducing memory needed to serve large collections. Streaming list responses can be disabled via the StreamingCollectionEncodingToProtobuf feature gate. (kubernetes/kubernetes#129407, @​serathius) [SIG API Machinery, Apps, Architecture, Auth, CLI, Cloud Provider, Network, Node, Release, Scheduling, Storage and Testing]

... (truncated)

Commits

• 8f5578e Merge pull request #2412 from yliaog/automated-release-of-33.1.0-upstream-rel...
• 5a367e9 updated compatibility matrix and maintenance status
• f00d2b7 generated client change
• 9d712b4 update changelog
• 45eb341 update version constants for 33.1.0 release
• 58551e4 Merge pull request #2408 from yliaog/automated-release-of-33.1.0b1-upstream-r...
• bd6c752 updated compatibility matrix
• de8ee89 generated client change
• fec5585 update changelog
• 78aee45 update version constants for 33.1.0b1 release
• Additional commits viewable in compare view

Updates gunicorn from 22.0.0 to 23.0.0

Release notes

Sourced from gunicorn's releases.

23.0.0

Gunicorn 23.0.0 has been released. This version improve HTTP 1.1. support and which improve safety

You're invited to upgrade asap your own installation.

23.0.0 - 2024-08-10

• minor docs fixes (:pr:3217, :pr:3089, :pr:3167)
• worker_class parameter accepts a class (:pr:3079)
• fix deadlock if request terminated during chunked parsing (:pr:2688)
• permit receiving Transfer-Encodings: compress, deflate, gzip (:pr:3261)
• permit Transfer-Encoding headers specifying multiple encodings. note: no parameters, still (:pr:3261)
• sdist generation now explicitly excludes sphinx build folder (:pr:3257)
• decode bytes-typed status (as can be passed by gevent) as utf-8 instead of raising TypeError (:pr:2336)
• raise correct Exception when encounting invalid chunked requests (:pr:3258)
• the SCRIPT_NAME and PATH_INFO headers, when received from allowed forwarders, are no longer restricted for containing an underscore (:pr:3192)
• include IPv6 loopback address [::1] in default for :ref:forwarded-allow-ips and :ref:proxy-allow-ips (:pr:3192)

** NOTE **

• The SCRIPT_NAME change mitigates a regression that appeared first in the 22.0.0 release
• Review your :ref:forwarded-allow-ips setting if you are still not seeing the SCRIPT_NAME transmitted
• Review your :ref:forwarder-headers setting if you are missing headers after upgrading from a version prior to 22.0.0

** Breaking changes **

• refuse requests where the uri field is empty (:pr:3255)
• refuse requests with invalid CR/LR/NUL in heade field values (:pr:3253)
• remove temporary --tolerate-dangerous-framing switch from 22.0 (:pr:3260)
• If any of the breaking changes affect you, be aware that now refused requests can post a security problem, especially so in setups involving request pipe-lining and/or proxies.

Fix CVE-2024-1135

Commits

• 411986d fix doc
• 334392e Merge pull request #2559 from laggardkernel/bugfix/reexec-env
• e75c353 Merge pull request #3189 from pajod/patch-py36
• 9357b28 keep document user in access_log_format setting
• 79fdef0 bump to 23.0.0
• 3acd9fb Merge pull request #2620 from talkerbox/improve-access-log-format-docs
• 3f56d76 Merge pull request #3192 from pajod/patch-allowed-script-name
• 256d474 docs: revert duped directive
• ffa48b5 test: default change was intentional
• 52538ca docs: recommend SCRIPT_NAME=/subfolder
• Additional commits viewable in compare view

Updates requests from 2.32.3 to 2.32.4

Release notes

Sourced from requests's releases.

v2.32.4

2.32.4 (2025-06-10)

Security

• CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file. (#6965)

Improvements

• Numerous documentation improvements

Deprecations

• Added support for pypy 3.11 for Linux and macOS. (#6926)
• Dropped support for pypy 3.9 following its end of support. (#6926)

Changelog

Sourced from requests's changelog.

2.32.4 (2025-06-10)

Security

• CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.

Improvements

• Numerous documentation improvements

Deprecations

• Added support for pypy 3.11 for Linux and macOS.
• Dropped support for pypy 3.9 following its end of support.

Commits

• 021dc72 Polish up release tooling for last manual release
• 821770e Bump version and add release notes for v2.32.4
• 59f8aa2 Add netrc file search information to authentication documentation (#6876)
• 5b4b64c Add more tests to prevent regression of CVE 2024 47081
• 7bc4587 Add new test to check netrc auth leak (#6962)
• 96ba401 Only use hostname to do netrc lookup instead of netloc
• 7341690 Merge pull request #6951 from tswast/patch-1
• 6716d7c remove links
• a7e1c74 Update docs/conf.py
• c799b81 docs: fix dead links to kenreitz.org
• Additional commits viewable in compare view

Updates pyyaml from 6.0.1 to 6.0.2

Release notes

Sourced from pyyaml's releases.

6.0.2

What's Changed

• Support for Cython 3.x and Python 3.13.

Full Changelog: yaml/pyyaml@6.0.1...6.0.2

6.0.2rc1

• Support for extension build with Cython 3.x
• Support for Python 3.13
• Added PyPI wheels for musllinux on aarch64

Changelog

Sourced from pyyaml's changelog.

6.0.2 (2024-08-06)

• yaml/pyyaml#808 -- Support for Cython 3.x and Python 3.13

Commits

• 41309b0 Release 6.0.2 (#819)
• dd9f0e1 6.0.2rc1 (#809)
• f5527a2 disable CI trigger on PR edits
• b4d80a7 Python 3.12 + musllinux_1_1_x86_64 wheel support
• See full diff in compare view

Updates urllib3 from 2.2.2 to 2.4.0

Release notes

Sourced from urllib3's releases.

2.4.0

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Features

• Applied PEP 639 by specifying the license fields in pyproject.toml. (#3522)
• Updated exceptions to save and restore more properties during the pickle/serialization process. (#3567)
• Added verify_flags option to create_urllib3_context with a default of VERIFY_X509_PARTIAL_CHAIN and VERIFY_X509_STRICT for Python 3.13+. (#3571)

Bugfixes

• Fixed a bug with partial reads of streaming data in Emscripten. (#3555)

Misc

• Switched to uv for installing development dependecies. (#3550)
• Removed the multiple.intoto.jsonl asset from GitHub releases. Attestation of release files since v2.3.0 can be found on PyPI. (#3566)

2.3.0

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Features

• Added HTTPResponse.shutdown() to stop any ongoing or future reads for a specific response. It calls shutdown(SHUT_RD) on the underlying socket. This feature was sponsored by LaunchDarkly. (urllib3/urllib3#2868)
• Added support for JavaScript Promise Integration on Emscripten. This enables more efficient WebAssembly requests and streaming, and makes it possible to use in Node.js if you launch it as node --experimental-wasm-stack-switching. (urllib3/urllib3#3400)
• Added the proxy_is_tunneling property to HTTPConnection and HTTPSConnection. (urllib3/urllib3#3285)
• Added pickling support to NewConnectionError and NameResolutionError. (urllib3/urllib3#3480)

Bugfixes

• Fixed an issue in debug logs where the HTTP version was rendering as "HTTP/11" instead of "HTTP/1.1". (urllib3/urllib3#3489)

Deprecations and Removals

• Removed support for Python 3.8. (urllib3/urllib3#3492)

Full Changelog: urllib3/urllib3@2.2.3...2.3.0

2.2.3

🚀 urllib3 is fundraising for HTTP/2 support

... (truncated)

Changelog

Sourced from urllib3's changelog.

2.4.0 (2025-04-10)

Features

• Applied PEP 639 by specifying the license fields in pyproject.toml. ([#3522](https://github.com/urllib3/urllib3/issues/3522) <https://github.com/urllib3/urllib3/issues/3522>__)
• Updated exceptions to save and restore more properties during the pickle/serialization process. ([#3567](https://github.com/urllib3/urllib3/issues/3567) <https://github.com/urllib3/urllib3/issues/3567>__)
• Added verify_flags option to create_urllib3_context with a default of VERIFY_X509_PARTIAL_CHAIN and VERIFY_X509_STRICT for Python 3.13+. ([#3571](https://github.com/urllib3/urllib3/issues/3571) <https://github.com/urllib3/urllib3/issues/3571>__)

Bugfixes

• Fixed a bug with partial reads of streaming data in Emscripten. ([#3555](https://github.com/urllib3/urllib3/issues/3555) <https://github.com/urllib3/urllib3/issues/3555>__)

Misc

• Switched to uv for installing development dependecies. ([#3550](https://github.com/urllib3/urllib3/issues/3550) <https://github.com/urllib3/urllib3/issues/3550>__)
• Removed the multiple.intoto.jsonl asset from GitHub releases. Attestation of release files since v2.3.0 can be found on PyPI. ([#3566](https://github.com/urllib3/urllib3/issues/3566) <https://github.com/urllib3/urllib3/issues/3566>__)

2.3.0 (2024-12-22)

Features

• Added HTTPResponse.shutdown() to stop any ongoing or future reads for a specific response. It calls shutdown(SHUT_RD) on the underlying socket. This feature was sponsored by LaunchDarkly <https://opencollective.com/urllib3/contributions/815307>. ([#2868](https://github.com/urllib3/urllib3/issues/2868) <https://github.com/urllib3/urllib3/issues/2868>)
• Added support for JavaScript Promise Integration on Emscripten. This enables more efficient WebAssembly requests and streaming, and makes it possible to use in Node.js if you launch it as node --experimental-wasm-stack-switching. ([#3400](https://github.com/urllib3/urllib3/issues/3400) <https://github.com/urllib3/urllib3/issues/3400>__)
• Added the proxy_is_tunneling property to HTTPConnection and HTTPSConnection. ([#3285](https://github.com/urllib3/urllib3/issues/3285) <https://github.com/urllib3/urllib3/issues/3285>__)
• Added pickling support to NewConnectionError and NameResolutionError. ([#3480](https://github.com/urllib3/urllib3/issues/3480) <https://github.com/urllib3/urllib3/issues/3480>__)

Bugfixes

• Fixed an issue in debug logs where the HTTP version was rendering as "HTTP/11" instead of "HTTP/1.1". ([#3489](https://github.com/urllib3/urllib3/issues/3489) <https://github.com/urllib3/urllib3/issues/3489>__)

Deprecations and Removals

• Removed support for Python 3.8. ([#3492](https://github.com/urllib3/urllib3/issues/3492) <https://github.com/urllib3/urllib3/issues/3492>__)

2.2.3 (2024-09-12)

... (truncated)

Commits

• a5ff7ac Release 2.4.0
• a135db2 Upgrade memray and coverage to fix macOS tests (#3589)
• 8f40e71 Upgrade the publishing action to get correct licensing info on PyPI (#3585)
• 3ff4e49 Add a link to the 2024 annual report (#3586)
• 75709c1 Set verify flags in create_urllib3_context (#3577)
• 5c8f82a Bump astral-sh/setup-uv from 5.3.0 to 5.4.1 (#3580)
• 42e90d8 Bump actions/setup-python from 5.4.0 to 5.5.0 (#3579)
• 3e8f2db Stop using Ubuntu 20.04 and 22.04 in CI (#3570)
• e29db82 Update exceptions to have more of their attributes pickled (#3572)
• f8a0c43 Add PyPy 3.11 to CI
• Additional commits viewable in compare view

Updates sentry-sdk from 2.5.1 to 2.30.0

Release notes

Sourced from sentry-sdk's releases.

2.30.0

Various fixes & improvements

• New beta feature: Sentry logs for Loguru (#4445) by @​sentrivana

  We can now capture Loguru logs and send them to Sentry.

import sentry_sdk
from sentry_sdk.integrations.loguru import LoguruIntegration
Setup Sentry SDK to send Loguru log messages with a level of "error" or higher to Sentry
sentry_sdk.init(
_experiments={
"enable_logs": True,
},
integrations=[
LoguruIntegration(sentry_logs_level=logging.ERROR),
]
)

• fix(logs): Don't gate user behind send_default_pii (#4453) by @​AbhiPrasad
• fix(logging): Strip log record.name for more robust matching (#4411) by @​romaingd-spi
• Migrate to modern threading interface (#4452) by @​emmanuel-ferdman
• ref: Remove _capture_experimental_log scope parameter (#4424) by @​szokeasaurusrex
• feat(logs): Add user attributes to logs (#4423) by @​szokeasaurusrex
• fix: fix ARQ integration error (#4427) (#4428) by @​ninoseki
• fix(grpc): Fix AttributeError when instrumenting with OTel (#4405) by @​sentrivana
• fix(redis): Use command_queue instead of command_stack if available (#4404) by @​sentrivana
• fix: Handle invalid SENTRY_DEBUG values properly (#4400) by @​szokeasaurusrex
• Increase test coverage (#4393) by @​mgaligniana
• tests(logs): avoid failures when running with integrations enabled (#4388) by @​rominf
• Fix CI, adapt to new redis-py release (#4431) by @​sentrivana
• tests: Regenerate toxgen (#4403) by @​sentrivana
• tests: Regenerate tox.ini & fix CI (#4435) by @​sentrivana
• build(deps): bump codecov/codecov-action from 5.4.2 to 5.4.3 (#4397) by @​dependabot

2.29.1

Various fixes & improvements

• fix(logs): send severity_text: warn instead of warning (#4396) by @​lcian

2.29.0

Various fixes & improvements

• fix(loguru): Move integration setup from __init__ to setup_once (#4399) by @​sentrivana
• feat: Allow configuring keep_alive via environment variable (#4366) by @​szokeasaurusrex
• fix(celery): Do not send extra check-in (#4395) by @​sentrivana
• fix(typing): Add before_send_log to Experiments (#4383) by @​sentrivana

... (truncated)

Changelog

Sourced from sentry-sdk's changelog.

2.30.0

Various fixes & improvements

• New beta feature: Sentry...

  Description has been truncated