MESH-2092 Bump the dependencies group across 1 directory with 28 updates

[dependabot]

Bumps the dependencies group with 27 updates in the / directory:

Package	From	To
types-python-dateutil	2.8.19.20240106	2.9.0.20250822
python-dateutil	2.8.2	2.9.0.post0
cryptography	44.0.3	46.0.2
fastapi	0.115.14	0.118.0
uvicorn	0.23.2	0.37.0
pytest	7.4.4	8.4.2
pytest-asyncio	0.23.8	1.2.0
mypy	1.17.1	1.18.2
coverage	7.10.5	7.10.7
httpx	0.27.2	0.28.1
types-requests	2.32.4.20250809	2.32.4.20250913
lxml	4.9.4	6.0.2
black	24.10.0	25.9.0
ipython	8.37.0	9.6.0
annotated-types	0.6.0	0.7.0
anyio	3.7.1	4.11.0
cffi	1.16.0	2.0.0
click	8.1.7	8.3.0
idna	3.6	3.10
markupsafe	3.0.2	3.0.3
packaging	23.2	25.0
pycparser	2.21	2.23
pydantic	2.5.3	2.11.9
pydantic-core	2.14.6	2.39.0
six	1.16.0	1.17.0
sniffio	1.3.0	1.3.1
starlette	0.47.2	0.48.0

Updates types-python-dateutil from 2.8.19.20240106 to 2.9.0.20250822

Commits

• See full diff in compare view

Updates python-dateutil from 2.8.2 to 2.9.0.post0

Release notes

Sourced from python-dateutil's releases.

2.9.0.post0

Version 2.9.0.post0 (2024-03-01)

Bugfixes

• Pinned setuptools_scm to <8, which should make the generated _version.py file compatible with all supported versions of Python.

2.9.0

Version 2.9.0 (2024-02-29)

Data updates

• Updated tzdata version to 2024a. (gh pr #1342)

Features

• Made all dateutil submodules lazily imported using PEP 562. On Python 3.7+, things like import dateutil; dateutil.tz.gettz("America/New_York") will now work without explicitly importing dateutil.tz, with the import occurring behind the scenes on first use. The old behavior remains on Python 3.6 and earlier. Fixed by Orson Adams. (gh issue #771, gh pr #1007)

Bugfixes

• Removed a call to datetime.utcfromtimestamp, which is deprecated as of Python 3.12. Reported by Hugo van Kemenade (gh pr #1284), fixed by Thomas Grainger (gh pr #1285).

Documentation changes

• Added note into docs and tests where relativedelta would return last day of the month only if the same day on a different month resolves to a date that doesn't exist. Reported by @​hawkEye-01 (gh issue #1167). Fixed by @​Mifrill (gh pr #1168)

Changelog

Sourced from python-dateutil's changelog.

Version 2.9.0.post0 (2024-03-01)

Bugfixes

• Pinned setuptools_scm to <8, which should make the generated _version.py file compatible with all supported versions of Python.

Version 2.9.0 (2024-02-29)

Data updates

• Updated tzdata version to 2024a. (gh pr #1342)

Features

• Made all dateutil submodules lazily imported using PEP 562 <https://www.python.org/dev/peps/pep-0562/>_. On Python 3.7+, things like import dateutil; dateutil.tz.gettz("America/New_York") will now work without explicitly importing dateutil.tz, with the import occurring behind the scenes on first use. The old behavior remains on Python 3.6 and earlier. Fixed by Orson Adams. (gh issue #771, gh pr #1007)

Bugfixes

• Removed a call to datetime.utcfromtimestamp, which is deprecated as of Python 3.12. Reported by Hugo van Kemenade (gh pr #1284), fixed by Thomas Grainger (gh pr #1285).

Documentation changes

• Added note into docs and tests where relativedelta would return last day of the month only if the same day on a different month resolves to a date that doesn't exist. Reported by @​hawkEye-01 (gh issue #1167). Fixed by @​Mifrill (gh pr #1168)

Commits

• 1ae8077 Merge pull request #1346 from pganssle/release_2.9.0.post0
• ee6de9d Update news to prepare for release
• 9780d32 Pin setuptools_scm to <8
• db9d018 Merge pull request #1343 from pganssle/release_2.9.0
• 423ca2f Run updatezinfo before build
• edd3fd4 Update NEWS file
• fe02d02 Run towncrier with Python 3.11
• 9c7524a Fix MANIFEST.in pattern
• 6de58f5 Update classifiers to include Python 3.12
• 8fe0cab Merge pull request #1342 from pganssle/update_zoneinfo
• Additional commits viewable in compare view

Updates cryptography from 44.0.3 to 46.0.2

Changelog

Sourced from cryptography's changelog.

46.0.2 - 2025-09-30

* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.4.
.. _v46-0-1:
46.0.1 - 2025-09-16

• Fixed an issue where users installing via pip on Python 3.14 development versions would not properly install a dependency.
• Fixed an issue building the free-threaded macOS 3.14 wheels.

.. _v46-0-0:

46.0.0 - 2025-09-16

* **BACKWARDS INCOMPATIBLE:** Support for Python 3.7 has been removed.
* Support for OpenSSL < 3.0 is deprecated and will be removed in the next
  release.
* Support for ``x86_64`` macOS (including publishing wheels) is deprecated
  and will be removed in two releases. We will switch to publishing an
  ``arm64`` only wheel for macOS.
* Support for 32-bit Windows (including publishing wheels) is deprecated
  and will be removed in two releases. Users should move to a 64-bit
  Python installation.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.3.
* We now build ``ppc64le`` ``manylinux`` wheels and publish them to PyPI.
* We now build ``win_arm64`` (Windows on Arm) wheels and publish them to PyPI.
* Added support for free-threaded Python 3.14.
* Removed the deprecated ``get_attribute_for_oid`` method on
  :class:`~cryptography.x509.CertificateSigningRequest`. Users should use
  :meth:`~cryptography.x509.Attributes.get_attribute_for_oid` instead.
* Removed the deprecated ``CAST5``, ``SEED``, ``IDEA``, and ``Blowfish``
  classes from the cipher module. These are still available in
  :doc:`/hazmat/decrepit/index`.
* In X.509, when performing a PSS signature with a SHA-3 hash, it is now
  encoded with the official NIST SHA3 OID.
.. _v45-0-7:
45.0.7 - 2025-09-01

• Added a function to support an upcoming pyOpenSSL release.

.. _v45-0-6:

... (truncated)

Commits

• 99efe5a bump version for 46.0.2 (#13531)
• e735cfc release 46.0.1 (#13450)
• 4e457ff Explicitly specify python in mac uv build invocation (#13447)
• 2726efd Depend on CFFI 2.0.0 or newer on Python > 3.8 (#13448)
• 6223062 release 46.0.0 (#13446)
• 563c491 Update comment for pyopenssl-release tag (#13445)
• d2f6f7f Bump downstream dependencies in CI (#13439)
• e7ab02b we'll ship this with 3.5.3 why not (#13442)
• 0b68a4b Another pair of bump dependencies fix (#13444)
• e076d08 Attempt to fix commit message for bump downstreams (#13440)
• Additional commits viewable in compare view

Updates fastapi from 0.115.14 to 0.118.0

Release notes

Sourced from fastapi's releases.

0.118.0

Fixes

• 🐛 Fix support for StreamingResponses with dependencies with yield or UploadFiles, close after the response is done. PR #14099 by @​tiangolo.

Before FastAPI 0.118.0, if you used a dependency with yield, it would run the exit code after the path operation function returned but right before sending the response.

This change also meant that if you returned a StreamingResponse, the exit code of the dependency with yield would have been already run.

For example, if you had a database session in a dependency with yield, the StreamingResponse would not be able to use that session while streaming data because the session would have already been closed in the exit code after yield.

This behavior was reverted in 0.118.0, to make the exit code after yield be executed after the response is sent.

You can read more about it in the docs for Advanced Dependencies - Dependencies with yield, HTTPException, except and Background Tasks. Including what you could do if you wanted to close a database session earlier, before returning the response to the client.

Docs

• 📝 Update tutorial/security/oauth2-jwt/ to use pwdlib with Argon2 instead of passlib. PR #13917 by @​Neizvestnyj.
• ✏️ Fix typos in OAuth2 password request forms. PR #14112 by @​alv2017.
• 📝 Update contributing guidelines for installing requirements. PR #14095 by @​alejsdev.

Translations

• 🌐 Sync German docs. PR #14098 by @​nilslindemann.

Internal

• ⬆ [pre-commit.ci] pre-commit autoupdate. PR #14103 by @​pre-commit-ci[bot].
• ♻️ Refactor sponsor image handling. PR #14102 by @​alejsdev.
• 🐛 Fix sponsor display issue by hiding element on image error. PR #14097 by @​alejsdev.
• 🐛 Hide sponsor badge when sponsor image is not displayed. PR #14096 by @​alejsdev.

0.117.1

Fixes

• 🐛 Fix validation error when File is declared after Form parameter. PR #11194 by @​thomasleveil.

0.117.0

Features

• ✨ Allow None as return type for bodiless responses. PR #9425 by @​hofrob.
• ✨ Allow array values for OpenAPI schema type field. PR #13639 by @​sammasak.
• ✨ Add OpenAPI external_docs parameter to FastAPI. PR #13713 by @​cmtoro.

Fixes

• ⚡️ Fix default_factory for response model field with Pydantic V1. PR #9704 by @​vvanglro.
• 🐛 Fix inconsistent processing of model docstring formfeed char with Pydantic V1. PR #6039 by @​MaxwellPayne.
• 🐛 Fix jsonable_encoder alters json_encoders of Pydantic v1 objects. PR #4972 by @​aboubacs.

... (truncated)

Commits

• 333f1ba 🔖 Release version 0.118.0
• 1d5168a 📝 Update release notes
• bfa54b4 📝 Update release notes
• e329d78 🐛 Fix support for StreamingResponses with dependencies with yield or `Upl...
• 861b22c 📝 Update release notes
• efdafa4 📝 Update tutorial/security/oauth2-jwt/ to use pwdlib with Argon2 instead ...
• 450a334 📝 Update release notes
• 3eb2ee7 ✏️ Fix typos in OAuth2 password request forms (#14112)
• 287eb31 📝 Update release notes
• cca3341 🌐 Sync German docs (#14098)
• Additional commits viewable in compare view

Updates uvicorn from 0.23.2 to 0.37.0

Release notes

Sourced from uvicorn's releases.

Version 0.37.0

What's Changed

• Add --timeout-worker-healthcheck setting by @​Kludex in Kludex/uvicorn#2711
• Add os.PathLike[str] type to ssl_ca_certs by @​rnv812 in Kludex/uvicorn#2676

New Contributors

• @​LincolnPuzey made their first contribution in Kludex/uvicorn#2669
• @​rnv812 made their first contribution in Kludex/uvicorn#2676

Full Changelog: Kludex/uvicorn@0.36.1...0.37.0

Version 0.36.1

What's Changed

• Raise an exception when calling removed Config.setup_event_loop() by @​Kludex in Kludex/uvicorn#2709

Full Changelog: Kludex/uvicorn@0.36.0...0.36.1

Version 0.36.0

Added

• Support custom IOLOOPs by @​gnir-work in Kludex/uvicorn#2435
• Allow to provide importable string in --http, --ws and --loop by @​Kludex in Kludex/uvicorn#2658

---

New Contributors

• @​gnir-work made their first contribution in Kludex/uvicorn#2435
• @​musicinmybrain made their first contribution in Kludex/uvicorn#2659
• @​secrett2633 made their first contribution in Kludex/uvicorn#2684

Full Changelog: Kludex/uvicorn@0.35.0...0.36.0

Version 0.35.0

Added

• Add WebSocketsSansIOProtocol by @​Kludex in encode/uvicorn#2540

Changed

• Refine help message for option --proxy-headers by @​zhangyoufu in encode/uvicorn#2653

New Contributors

• @​zhangyoufu made their first contribution in encode/uvicorn#2653

Full Changelog: Kludex/uvicorn@0.34.3...0.35.0

Version 0.34.3

What's Changed

• Don't include cwd() when non-empty --reload-dirs is passed by @​stinovlas in encode/uvicorn#2598

... (truncated)

Changelog

Sourced from uvicorn's changelog.

0.37.0 (September 23, 2025)

Added

• Add --timeout-worker-healthcheck option (#2711)
• Add os.PathLike[str] type to ssl_ca_certs (#2676)

0.36.1 (September 23, 2025)

Fixed

• Raise an exception when calling removed Config.setup_event_loop() (#2709)

0.36.0 (September 20, 2025)

Added

• Support custom IOLOOPs (#2435)
• Allow to provide importable string in --http, --ws and --loop (#2658)

0.35.0 (June 28, 2025)

Added

• Add WebSocketsSansIOProtocol (#2540)

Changed

• Refine help message for option --proxy-headers (#2653)

0.34.3 (June 1, 2025)

Fixed

• Don't include cwd() when non-empty --reload-dirs is passed (#2598)
• Apply get_client_addr formatting to WebSocket logging (#2636)

0.34.2 (April 19, 2025)

Fixed

• Flush stdout buffer on Windows to trigger reload (#2604)

0.34.1 (April 13, 2025)

Deprecated

• Deprecate ServerState in the main module (#2581)

0.34.0 (December 15, 2024)

... (truncated)

Commits

• 4098bca Version 0.37.0 (#2712)
• 8c057fa Add os.PathLike[str] type to ssl_ca_certs (#2676)
• bbe119e Add note about --timeout-keep-alive being measured in seconds (#2669)
• 2744f14 Add --timeout-worker-healthcheck setting (#2711)
• 1dfb0bd Version 0.36.1 (#2710)
• 3d0d46a Raise an exception when calling removed Config.setup_event_loop() (#2709)
• ad9e5b9 docs: redirect uvicorn.org to uvicorn.dev (#2705)
• 0e3b18c Version 0.36.0 (#2704)
• f84661d chore: drop mention to scripts/publish (#2696)
• dcd7e6c docs: replace uvicorn.org by uvicorn.dev (#2703)
• Additional commits viewable in compare view

Updates pytest from 7.4.4 to 8.4.2

Release notes

Sourced from pytest's releases.

8.4.2

pytest 8.4.2 (2025-09-03)

Bug fixes

• #13478: Fixed a crash when using console_output_style{.interpreted-text role="confval"} with times and a module is skipped.

• #13530: Fixed a crash when using pytest.approx{.interpreted-text role="func"} and decimal.Decimal{.interpreted-text role="class"} instances with the decimal.FloatOperation{.interpreted-text role="class"} trap set.

• #13549: No longer evaluate type annotations in Python 3.14 when inspecting function signatures.

  This prevents crashes during module collection when modules do not explicitly use from __future__ import annotations and import types for annotations within a if TYPE_CHECKING: block.

• #13559: Added missing [int]{.title-ref} and [float]{.title-ref} variants to the [Literal]{.title-ref} type annotation of the [type]{.title-ref} parameter in pytest.Parser.addini{.interpreted-text role="meth"}.

• #13563: pytest.approx{.interpreted-text role="func"} now only imports numpy if NumPy is already in sys.modules. This fixes unconditional import behavior introduced in [8.4.0]{.title-ref}.

Improved documentation

• #13577: Clarify that pytest_generate_tests is discovered in test modules/classes; other hooks must be in conftest.py or plugins.

Contributor-facing changes

• #13480: Self-testing: fixed a few test failures when run with -Wdefault or a similar override.
• #13547: Self-testing: corrected expected message for test_doctest_unexpected_exception in Python 3.14.
• #13684: Make pytest's own testsuite insensitive to the presence of the CI environment variable -- by ogrisel{.interpreted-text role="user"}.

8.4.1

pytest 8.4.1 (2025-06-17)

Bug fixes

• #13461: Corrected _pytest.terminal.TerminalReporter.isatty to support being called as a method. Before it was just a boolean which could break correct code when using -o log_cli=true).

• #13477: Reintroduced pytest.PytestReturnNotNoneWarning{.interpreted-text role="class"} which was removed by accident in pytest [8.4]{.title-ref}.

  This warning is raised when a test functions returns a value other than None, which is often a mistake made by beginners.

  See return-not-none{.interpreted-text role="ref"} for more information.

• #13497: Fixed compatibility with Twisted 25+.

Improved documentation

• #13492: Fixed outdated warning about faulthandler not working on Windows.

8.4.0

pytest 8.4.0 (2025-06-02)

... (truncated)

Commits

• bfae422 Prepare release version 8.4.2
• 8990538 Fix passenv CI in tox ini and make tests insensitive to the presence of the C...
• ca676bf Merge pull request #13687 from pytest-dev/patchback/backports/8.4.x/e63f6e51c...
• 975a60a Merge pull request #13686 from pytest-dev/patchback/backports/8.4.x/12bde8af6...
• 7723ce8 Merge pull request #13683 from even-even/fix_Exeption_to_Exception_in_errorMe...
• b7f0568 Merge pull request #13685 from CoretexShadow/fix/docs-pytest-generate-tests
• 2c94c4a add missing colon (#13640) (#13641)
• c3d7684 Merge pull request #13606 from pytest-dev/patchback/backports/8.4.x/5f9938563...
• dc6e3be Merge pull request #13605 from The-Compiler/training-update-2025-07
• f87289c Fix crash with times output style and skipped module (#13573) (#13579)
• Additional commits viewable in compare view

Updates pytest-asyncio from 0.23.8 to 1.2.0

Release notes

Sourced from pytest-asyncio's releases.

pytest-asyncio 1.2.0

1.2.0 - 2025-09-12

Added

• --asyncio-debug CLI option and asyncio_debug configuration option to enable asyncio debug mode for the default event loop. (#980)
• A pytest.UsageError for invalid configuration values of asyncio_default_fixture_loop_scope and asyncio_default_test_loop_scope. (#1189)
• Compatibility with the Pyright type checker (#731)

Fixed

• RuntimeError: There is no current event loop in thread 'MainThread' when any test unsets the event loop (such as when using asyncio.run and asyncio.Runner). (#1177)
• Deprecation warning when decorating an asynchronous fixture with @pytest.fixture in [strict]{.title-ref} mode. The warning message now refers to the correct package. (#1198)

Notes for Downstream Packagers

• Bump the minimum required version of tox to v4.28. This change is only relevant if you use the tox.ini file provided by pytest-asyncio to run tests.
• Extend dependency on typing-extensions>=4.12 from Python<3.10 to Python<3.13.

pytest-asyncio 1.1.1

v1.1.1 - 2025-09-12

Notes for Downstream Packagers

- Addresses a build problem with setuptoos-scm >= 9 caused by invalid setuptools-scm configuration in pytest-asyncio. (#1192)

pytest-asyncio 1.1.0

Added

• Propagation of ContextVars from async fixtures to other fixtures and tests on Python 3.10 and older (#127)
• Cancellation of tasks when the loop_scope ends (#200)
• Warning when the current event loop is closed by a test

Fixed

• Error about missing loop when calling functions requiring a loop in the finally clause of a task (#878)
• An error that could cause duplicate warnings to be issued

Notes for Downstream Packagers

• Added runtime dependency on backports.asyncio.runner for use with Python 3.10 and older

pytest-asyncio 1.1.0a1

1.1.0a1 - 2025-06-30

Added

• Propagation of ContextVars from async fixtures to other fixtures and tests on Python 3.10 and older (#127)
• Cancellation of tasks when the loop_scope ends (#200)
• Warning when the current event loop is closed by a test

... (truncated)

Commits

• 0d3988f ci: Create GitHub release before publishing to PyPI.
• 07c5a0b docs: Include orphaned news fragment in changelog.
• be24582 chore: Prepare release of v1.2.0.
• 7aeb296 docs: Streamline news fragments
• 7b8311c ci: Fixes a bug that prevented SSH signature from being stripped from release...
• 9d4c2bd docs: Add changelog entry for Pyright compatibility.
• 94f6106 test: Added tests which assert that the event loop is reinstated if unset by ...
• df61991 [pre-commit.ci] pre-commit autoupdate
• f1f7941 Build(deps): Bump pytest from 8.4.1 to 8.4.2
• c77d3d3 Build(deps): Bump twine from 6.1.0 to 6.2.0
• Additional commits viewable in compare view

Updates mypy from 1.17.1 to 1.18.2

Changelog

Sourced from mypy's changelog.

Mypy 1.18.2

• Fix crash on recursive alias (Ivan Levkivskyi, PR 19845)
• Add additional guidance for stubtest errors when runtime is object.__init__ (Stephen Morton, PR 19733)
• Fix handling of None values in f-string expressions in mypyc (BobTheBuidler, PR 19846)

Acknowledgements

Thanks to all mypy contributors who contributed to this release:

• Ali Hamdan
• Anthony Sottile
• BobTheBuidler
• Brian Schubert
• Chainfire
• Charlie Denton
• Christoph Tyralla
• CoolCat467
• Daniel Hnyk
• Emily
• Emma Smith
• Ethan Sarp
• Ivan Levkivskyi
• Jahongir Qurbonov
• Jelle Zijlstra
• Joren Hammudoglu
• Jukka Lehtosalo
• Marc Mueller
• Omer Hadari
• Piotr Sawicki
• PrinceNaroliya
• Randolf Scholz
• Robsdedude
• Saul Shanabrook
• Shantanu
• Stanislav Terliakov
• Stephen Morton
• wyattscarpenter

I’d also like to thank my employer, Dropbox, for supporting mypy development.

Mypy 1.17

We’ve just uploaded mypy 1.17 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

... (truncated)

Commits

• df05f05 remove +dev from version
• 01a7a12 Update changelog for 1.18.2 (#19873)
• ca5abf0 Typeshed cherry-pick: Make type of unitest.mock.Any a subclass of Any (#1...
• 9d794b5 [mypyc] fix: inappropriate Nones in f-strings (#19846)
• 2c0510c stubtest: additional guidance on errors when runtime is object.init (#19733)
• 2f3f03c Bump version to 1.18.2+dev for point release
• 7669841 Fix crash on recursive alias in indirection.py (#19845)
• 03fbaa9 bump version to 1.18.1 due to wheels failure
• b44a1fb removed +dev from version
• 7197a99 Removed Unreleased in the Changelog for Release 1.18 (#19827)
• Additional commits viewable in compare view

Updates coverage from 7.10.5 to 7.10.7

Changelog

Sourced from coverage's changelog.

Version 7.10.7 — 2025-09-21

• Performance: with branch coverage in large files, generating HTML, JSON, or LCOV reports could take far too long due to some quadratic behavior when creating the function and class index pages. This is now fixed, closing issue 2048_. Thanks to Daniel Diniz for help diagnosing the problem.

• Most warnings and a few errors now have links to a page in the docs explaining the specific message. Closes issue 1921_.

.. _issue 1921: nedbat/coveragepy#1921 .. _issue 2048: nedbat/coveragepy#2048

.. _changes_7-10-6:

Version 7.10.6 — 2025-08-29

• Fix: source directories were not properly communicated to subprocesses that ran in different directories, as reported in issue 1499_. This is now fixed.

• Performance: Alex Gaynor continues fine-tuning <pull 2038_>_ the speed of combination, especially with many contexts.

.. _issue 1499: nedbat/coveragepy#1499 .. _pull 2038: nedbat/coveragepy#2038

.. _changes_7-10-5:

Commits

• 92a2af5 docs: sample HTML for 7.10.7
• 952afda docs: prep for 7.10.7
• a301761 build: riscv64 wheels (#2055)
• 5daff8d docs: now source is formatted with ruff
• 04bbc3a docs: discuss cog in the contributing docs
• c181b93 build: use cog --check-fail-msg to instruct devs
• 33c4ba1 chore: make upgrade
• 0744b73 chore: bump the action-dependencies group across 1 directory with 2 updates (...
• 0d5a112 perf: bulk narrowing to avoid N**2. #2048
• a868ed9 docs: mention Python Discord on the index page
• Additional commits viewable in compare view

Updates httpx from 0.27.2 to 0.28.1

Release notes

Sourced from httpx's releases.

Version 0.28.1

0.28.1 (6th December, 2024)

• Fix SSL case where verify=False together with client side certificates.

Version 0.28.0

0.28.0 (28th November, 2024)

The 0.28 release includes a limited set of deprecations.

Deprecations:

We are working towards a simplified SSL configuration API.

For users of the standard verify=True or verify=False cases, or verify=<ssl_context> case this should require no changes. The following cases have been deprecated...

• The verify argument as a string argument is now deprecated and will raise warnings.
• The cert argument is now deprecated and will raise warnings.

Our revised SSL documentation covers how to implement the same behaviour with a more constrained API.

The following changes are also included:

• The deprecated proxies argument has now been removed.
• The deprecated app argument has now been removed.
• JSON request bodies use a compact representation. (#3363)
• Review URL percent escape sets, based on WHATWG spec. (#3371, #3373)
• Ensure certifi and httpcore are only imported if required. (#3377)
• Treat socks5h as a valid proxy scheme. (#3178)
• Cleanup Request() method signature in line with client.request() and httpx.request(). (#3378)
• Bugfix: When passing params={}, always strictly update rather than merge with an existing querystring. (#3364)

Changelog

Sourced from httpx's changelog.

0.28.1 (6th December, 2024)

• Fix SSL case where verify=False together with client side certificates.

0.28.0 (28th November, 2024)

Be aware that the default JSON request bodies now use a more compact representation. This is generally considered a prefered style, tho may require updates to test suites.

The 0.28 release includes a limited set of deprecations...

Deprecations:

We are working towards a simplified SSL configuration API.

For users of the standard verify=True or verify=False cases, or verify=<ssl_context> case this should require no changes. The following cases have been deprecated...

• The verify argument as a string argument is now deprecated and will raise warnings.
• The cert argument is now deprecated and will raise warnings.

Our revised SSL documentation covers how to implement the same behaviour with a more constrained API.

The following changes are also included:

• The deprecated proxies argument has now been removed.
• The deprecated app argument has now been removed.
• JSON request bodies use a compact representation. (#3363)
• Review URL percent escape sets, based on WHATWG spec. (#3371, #3373)
• Ensure certifi and httpcore are only imported if required. (#3377)
• Treat socks5h as a valid proxy scheme. (#3178)
• Cleanup Request() method signature in line with client.request() and httpx.request(). (#3378)
• Bugfix: When passing params={}, always strictly update rather than merge with an existing querystring. (#3364)

Commits

• 26d48e0 Version 0.28.1 (#3445)
• 89599a9 Fix verify=False, cert=... case. (#3442)
• 8ecb86f Add test for request params behavior changes (#3364) (#3440)
• 0cb7e5a Bump the python-packages group with 11 updates (#3434)
• 15e21e9 Updating deprecated docstring Client() class (#3426)
• 80960fa Version 0.28.0. (#3419)
• a33c878 Fix extensions type annotation. (#3380)
• ce7e14d Error on verify as str. (#3418)
• 47f4a96 Handle empty zstd responses (#3412)
• 189fc4b Update CHANGELOG.md, fix typo(s) (#3406)
• Additional commits viewable in compare view

Updates types-requests from 2.32.4.20250809 to 2.32.4.20250913

Commits

• See full diff in compare view

Updates pyopenssl from 24.3.0 to 25.3.0

Changelog

Sourced from pyopenssl's changelog.

25.3.0 (2025-09-16)

Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Deprecations: ^^^^^^^^^^^^^

Changes: ^^^^^^^^

• Maximum supported cryptography version is now 46.x.

25.2.0 (2025-09-14)

Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

• The minimum cryptography version is now 45.0.7.

Deprecations: ^^^^^^^^^^^^^

Changes: ^^^^^^^^

• pyOpenSSL now sets SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER on connections by default, matching CPython's behavior.
• Added OpenSSL.SSL.Context.clear_mode.
• Added OpenSSL.SSL.Context.set_tls13_ciphersuites to set the allowed TLS 1.3 ciphers.
• Added OpenSSL.SSL.Connection.set_info_callback

25.1.0 (2025-05-17)

Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Deprecations: ^^^^^^^^^^^^^

• Attempting using any methods that mutate an OpenSSL.SSL.Context after it has been used to create an OpenSSL.SSL.Connection will emit a warning. In a future release, this will raise an exception.

Changes: ^^^^^^^^

... (truncated)

Commits

• 41e7788 Prepare for a 25.3.0 release (#1448)
• 53b78f5 test on supported pypys (#1449)
• fb1ebc1 Update CI workflow to use 'ubuntu-latest' and 'windows-latest' (#1447)
• 6ccf90b Prepare for a release (#1446)
• 5f46403 Added OpenSSL.SSL.Connection.set_info_callback (#1438)
• 95cf8fa Update tests to not rely on mutating contexts (#1445)
• 946f87e Remove fallback path for old OpenSSL (#1443)
• 0213311 Fix for new mypy release (#1444)
• 7fd0ab8 Bump actions/setup-python from 5 to 6 (#1440)
• 8daf0d1 Bump pypa/gh-action-pypi-publish from 1.12.4 to 1.13.0 (#1439)
• Additional commits viewable in compare view

Updates lxml from 4.9.4 to 6.0.2

Release notes

Sourced from lxml's releases.

lxml-6.0.2

No release notes provided.

lxml-6.0.1

No release notes provided.

lxml-6.0.0

No release notes provided.

lxml-5.4.0

5.4.0 (2025-04-22)

Bugs fixed

• LP#2107279: Binary wheels use libxml2 2.13.8 and libxslt 1.1.43 to resolve several CVEs. (Binary wheels for Windows continue to use a patched libxml2 2.11.9 and libxslt 1.1.39.) Issue found by Anatoly Katyushin, see https://bugs.launchpad.net/lxml/+bug/2107279

lxml-5.3.2

No release notes provided.

lxml-5.3.1

No release notes provided.

lxml-5.3.0

No release notes provided.

lxml-5.2.2

5.2.2 (2024-05-12)

Bugs fixed

• GH#417: The...

  Description has been truncated

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.