chore(wren-ai-service): bump the all group across 1 directory with 39 updates

[dependabot]

Bumps the all group with 39 updates in the /wren-ai-service directory:

Package	From	To
fastapi	0.121.1	0.135.1
uvicorn	0.29.0	0.41.0
python-dotenv	1.2.1	1.2.2
haystack-ai	2.7.0	2.25.2
openai	1.109.1	2.26.0
qdrant-haystack	7.0.0	10.2.1
tqdm	4.67.1	4.67.3
numpy	1.26.4	2.4.3
sqlparse	0.5.3	0.5.5
orjson	3.11.5	3.11.7
ollama-haystack	0.0.6	1.1.0
langfuse	2.60.10	3.14.5
ollama	0.2.1	0.6.1
cachetools	5.5.2	6.2.6
pydantic-settings	2.12.0	2.13.1
google-auth	2.43.0	2.49.0
tiktoken	0.8.0	0.12.0
jsonschema	4.25.1	4.26.0
litellm	1.79.3	1.82.0
boto3	1.40.72	1.42.63
filelock	3.20.3	3.25.0
werkzeug	3.1.5	3.1.6
marshmallow	3.26.2	4.2.2
pre-commit	3.8.0	4.5.1
streamlit	1.51.0	1.55.0
watchdog	4.0.2	6.0.0
matplotlib	3.10.7	3.10.8
sseclient-py	1.8.0	1.9.0
dspy-ai	2.6.27	3.1.3
deepeval	3.8.8	3.8.9
tomlkit	0.13.3	0.14.0
gitpython	3.1.45	3.1.46
plotly	5.24.1	6.6.0
ipykernel	6.31.0	7.2.0
itables	2.5.2	2.7.1
gdown	5.2.0	5.2.1
locust	2.41.6	2.43.3
pytest-cov	6.3.0	7.0.0
pytest-asyncio	0.24.0	1.3.0

Updates fastapi from 0.121.1 to 0.135.1

Release notes

Sourced from fastapi's releases.

0.135.1

Fixes

• 🐛 Fix, avoid yield from a TaskGroup, only as an async context manager, closed in the request async exit stack. PR #15038 by @​tiangolo.

Docs

• ✏️ Fix typo in docs/en/docs/_llm-test.md. PR #15007 by @​adityagiri3600.
• 📝 Update Skill, optimize context, trim and refactor into references. PR #15031 by @​tiangolo.

Internal

• 👥 Update FastAPI People - Experts. PR #15037 by @​tiangolo.
• 👥 Update FastAPI People - Contributors and Translators. PR #15029 by @​tiangolo.
• 👥 Update FastAPI GitHub topic repositories. PR #15036 by @​tiangolo.

0.135.0

Features

• ✨ Add support for Server Sent Events. PR #15030 by @​tiangolo.
  • New docs: Server-Sent Events (SSE).

0.134.0

Features

• ✨ Add support for streaming JSON Lines and binary data with yield. PR #15022 by @​tiangolo.
  • This also upgrades Starlette from >=0.40.0 to >=0.46.0, as it's needed to properly unrwap and re-raise exceptions from exception groups.
  • New docs: Stream JSON Lines.
  • And new docs: Stream Data.

Docs

• 📝 Update Library Agent Skill with streaming responses. PR #15024 by @​tiangolo.
• 📝 Update docs for responses and new stream with yield. PR #15023 by @​tiangolo.
• 📝 Add await in StreamingResponse code example to allow cancellation. PR #14681 by @​casperdcl.
• 📝 Rename docs_src/websockets to docs_src/websockets_ to avoid import errors. PR #14979 by @​YuriiMotov.

Internal

• 🔨 Run tests with pytest-xdist and pytest-cov. PR #14992 by @​YuriiMotov.

0.133.1

Features

• 🔧 Add FastAPI Agent Skill. PR #14982 by @​tiangolo.
  • Read more about it in Library Agent Skills.

Internal

• ✅ Fix all tests are skipped on Windows. PR #14994 by @​YuriiMotov.

... (truncated)

Commits

• ca5f60e 🔖 Release version 0.135.1
• 87f75aa 📝 Update release notes
• 8a9258b 🐛 Fix, avoid yield from a TaskGroup, only as an async context manager, closed...
• 6038507 📝 Update release notes
• c796ba4 👥 Update FastAPI People - Experts (#15037)
• b24aa03 📝 Update release notes
• 2c61047 ✏️ Fix typo in docs/en/docs/_llm-test.md (#15007)
• e3bbeef 📝 Update release notes
• d726c8c 📝 Update release notes
• cf514e6 👥 Update FastAPI People - Contributors and Translators (#15029)
• Additional commits viewable in compare view

Updates uvicorn from 0.29.0 to 0.41.0

Release notes

Sourced from uvicorn's releases.

Version 0.41.0

Added

• Add --limit-max-requests-jitter to stagger worker restarts (#2707)
• Add socket path to scope["server"] (#2561)

Changed

• Rename LifespanOn.error_occured to error_occurred (#2776)

Fixed

• Ignore permission denied errors in watchfiles reloader (#2817)
• Ensure lifespan shutdown runs when should_exit is set during startup (#2812)
• Reduce the log level of 'request limit exceeded' messages (#2788)

---

New Contributors

• @​t-kawasumi made their first contribution in Kludex/uvicorn#2776
• @​fardyn made their first contribution in Kludex/uvicorn#2800
• @​ewie made their first contribution in Kludex/uvicorn#2807
• @​shevron made their first contribution in Kludex/uvicorn#2788
• @​jonashaag made their first contribution in Kludex/uvicorn#2707

---

Full Changelog: Kludex/uvicorn@0.40.0...0.41.0

Version 0.40.0

What's Changed

• Drop Python 3.9 by @​Kludex in Kludex/uvicorn#2772

Full Changelog: Kludex/uvicorn@0.39.0...0.40.0

Version 0.39.0

What's Changed

• explicitly start ASGI run with empty context by @​pmeier in Kludex/uvicorn#2742
• fix(websockets): Send close frame on ASGI return by @​Kludex in Kludex/uvicorn#2769

New Contributors

• @​pmeier made their first contribution in Kludex/uvicorn#2742

Full Changelog: Kludex/uvicorn@0.38.0...0.39.0

Version 0.38.0

What's Changed

• Support Python 3.14 by @​Kludex in Kludex/uvicorn#2723

... (truncated)

Changelog

Sourced from uvicorn's changelog.

0.41.0 (February 16, 2026)

Added

• Add --limit-max-requests-jitter to stagger worker restarts (#2707)
• Add socket path to scope["server"] (#2561)

Changed

• Rename LifespanOn.error_occured to error_occurred (#2776)

Fixed

• Ignore permission denied errors in watchfiles reloader (#2817)
• Ensure lifespan shutdown runs when should_exit is set during startup (#2812)
• Reduce the log level of 'request limit exceeded' messages (#2788)

0.40.0 (December 21, 2025)

Remove

• Drop support for Python 3.9 (#2772)

0.39.0 (December 21, 2025)

Fixed

• Send close frame on ASGI return for WebSockets (#2769)
• Explicitly start ASGI run with empty context (#2742)

0.38.0 (October 18, 2025)

Added

• Support Python 3.14 (#2723)

0.37.0 (September 23, 2025)

Added

• Add --timeout-worker-healthcheck option (#2711)
• Add os.PathLike[str] type to ssl_ca_certs (#2676)

0.36.1 (September 23, 2025)

Fixed

• Raise an exception when calling removed Config.setup_event_loop() (#2709)

0.36.0 (September 20, 2025)

... (truncated)

Commits

• 9283c0f Version 0.41.0 (#2821)
• a01a33e Add --limit-max-requests-jitter to stagger worker restarts (#2707)
• 2ce65bd Ignore permission denied errors in watchfiles reloader (#2817)
• 654f2ed Ensure lifespan shutdown runs when should_exit is set during startup (#2812)
• a03d9f6 Reduce the log level of 'request limit exceeded' messages (#2788)
• e377de4 Add socket path to scope["server"] (#2561)
• 0779f7f Poll for readiness in test_multiprocess_health_check and run_server (#2816)
• 7e9ce2c Poll for PID changes in test_multiprocess_sighup instead of fixed sleep (#2...
• 99f0d87 Fix grep warning in scripts/sync-version (#2807)
• 7ae2e63 chore(deps): bump the python-packages group with 18 updates (#2801)
• Additional commits viewable in compare view

Updates python-dotenv from 1.2.1 to 1.2.2

Release notes

Sourced from python-dotenv's releases.

v1.2.2

Added

• Support for Python 3.14, including the free-threaded (3.14t) build. (#)

Changed

• The dotenv run command now forwards flags directly to the specified command by @​bbc2 in theskumar/python-dotenv#607
• Improved documentation clarity regarding override behavior and the reference page.
• Updated PyPy support to version 3.11.
• Documentation for FIFO file support.
• Support for Python 3.9.

Fixed

• Improved set_key and unset_key behavior when interacting with symlinks by @​bbc2 in #790c5
• Corrected the license specifier and added missing Python 3.14 classifiers in package metadata by @​JYOuyang in theskumar/python-dotenv#590

Breaking Changes

• dotenv.set_key and dotenv.unset_key used to follow symlinks in some situations. This is no longer the case. For that behavior to be restored in all cases, follow_symlinks=True should be used.

• In the CLI, set and unset used to follow symlinks in some situations. This is no longer the case.

• dotenv.set_key, dotenv.unset_key and the CLI commands set and unset used to reset the file mode of the modified .env file to 0o600 in some situations. This is no longer the case: The original mode of the file is now preserved. Is the file needed to be created or wasn't a regular file, mode 0o600 is used.

Misc

• skip 000 permission tests for root user by @​burnout-projects in theskumar/python-dotenv#561
• Bump actions/checkout from 5 to 6 in the github-actions group by @​dependabot[bot] in theskumar/python-dotenv#593
• Add Windows testing to CI by @​bbc2 in theskumar/python-dotenv#604
• Improve workflow efficiency with best practices by @​theskumar in theskumar/python-dotenv#609
• Remove the use of sh in tests by @​bbc2 in theskumar/python-dotenv#612

New Contributors

• @​JYOuyang made their first contribution in theskumar/python-dotenv#590
• @​burnout-projects made their first contribution in theskumar/python-dotenv#561
• @​cpackham-atlnz made their first contribution in theskumar/python-dotenv#597

Full Changelog: theskumar/python-dotenv@v1.2.1...v1.2.2

Changelog

Sourced from python-dotenv's changelog.

[1.2.2] - 2026-03-01

Added

• Support for Python 3.14, including the free-threaded (3.14t) build. (#588)

Changed

• The dotenv run command now forwards flags directly to the specified command by [@​bbc2] in #607
• Improved documentation clarity regarding override behavior and the reference page.
• Updated PyPy support to version 3.11.
• Documentation for FIFO file support.
• Dropped Support for Python 3.9.

Fixed

• Improved set_key and unset_key behavior when interacting with symlinks by [@​bbc2] in [790c5c0]
• Corrected the license specifier and added missing Python 3.14 classifiers in package metadata by [@​JYOuyang] in #590

Breaking Changes

• dotenv.set_key and dotenv.unset_key used to follow symlinks in some situations. This is no longer the case. For that behavior to be restored in all cases, follow_symlinks=True should be used.

• In the CLI, set and unset used to follow symlinks in some situations. This is no longer the case.

• dotenv.set_key, dotenv.unset_key and the CLI commands set and unset used to reset the file mode of the modified .env file to 0o600 in some situations. This is no longer the case: The original mode of the file is now preserved. Is the file needed to be created or wasn't a regular file, mode 0o600 is used.

Commits

• 36004e0 Bump version: 1.2.1 → 1.2.2
• eb20252 docs: update changelog for v1.2.2
• 790c5c0 Merge commit from fork
• 43340da Remove the use of sh in tests (#612)
• 09d7cee docs: clarify override behavior and document FIFO support (#610)
• c8de288 ci: improve workflow efficiency with best practices (#609)
• 7bd9e3d Add Windows testing to CI (#604)
• 1baaf04 Drop Python 3.9 support and update to PyPy 3.11 (#608)
• 4a22cf8 ci: enable testing on Python 3.14t (free-threaded) (#588)
• e2e8e77 Fix license specifier (#597)
• Additional commits viewable in compare view

Updates haystack-ai from 2.7.0 to 2.25.2

Release notes

Sourced from haystack-ai's releases.

v2.25.2

🐛 Bug Fixes

• Reverts the change that made Agent messages optional as it caused issues with pipeline execution. As a consequence, the LLM component now defaults to an empty messages list unless provided at runtime.

v2.25.2-rc1

No release notes provided.

v2.25.1

⚡️ Enhancement Notes

• Auto variadic sockets now also support Optional[list[...]] input types, in addition to plain list[...].

🐛 Bug Fixes

• Fixed smart connection logic to support connecting multiple outputs to a socket whose type is Optional[list[...]] (e.g. list[ChatMessage] | None). Previously, connecting two list[ChatMessage] outputs to Agent.messages would fail after its type was updated from list[ChatMessage] to list[ChatMessage] | None.

v2.25.1-rc1

No release notes provided.

v2.25.0

⭐️ Highlights

🛠️ Dynamic Tool Discovery with SearchableToolset

For applications with large tool catalogs, we’ve added the SearchableToolset. Instead of exposing all tools upfront, agents start with a single search_tools function and dynamically discover relevant tools using BM25-based keyword search.

This is particularly useful when connecting MCP servers via MCPToolset, where many tools may be available. By combining the two, agents can load only the tools they actually need at runtime, reducing context usage and improving tool selection.

from haystack.components.agents import Agent
from haystack.components.generators.chat import OpenAIChatGenerator
from haystack.dataclasses import ChatMessage
from haystack.tools import Tool, SearchableToolset
Create a catalog of tools
catalog = [
Tool(name="get_weather", description="Get weather for a city", ...),
Tool(name="search_web", description="Search the web", ...),
# ... 100s more tools
]
toolset = SearchableToolset(catalog=catalog)
agent = Agent(chat_generator=OpenAIChatGenerator(), tools=toolset)
The agent is initially provided only with the search_tools tool and will use it to find relevant tools.
result = agent.run(messages=[ChatMessage.from_user("What's the weather in Milan?")])

📝 Reusable Prompt Templates for Agents

Agents now natively support Jinja2-templated user prompts. By defining a user_prompt and required_variables during initialization or at runtime, you can easily invoke the Agent with dynamic variables without having to manually build ChatMessage objects for every invocation. Plus, you can seamlessly append rendered prompts directly to prior conversation messages.

... (truncated)

Commits

• c389195 bump version to 2.25.2
• 8f31223 bump version to 2.25.2-rc1
• 0034789 fix: require messages input parameter in Agent component (#10734)
• 9be588e bump version to 2.25.1
• 1833473 bump version to 2.25.1-rc1
• d9b1625 fix: Fix auto-variadic assignment (#10688)
• df89c7e Add manual trigger (#10684)
• 841f02f ci: use Hatch action (#10679)
• d74fd40 bump version to 2.25.0
• 69af72e bump version to 2.25.0-rc1
• Additional commits viewable in compare view

Updates openai from 1.109.1 to 2.26.0

Release notes

Sourced from openai's releases.

v2.26.0

2.26.0 (2026-03-05)

Full Changelog: v2.25.0...v2.26.0

Features

• api: The GA ComputerTool now uses the CompuerTool class. The 'computer_use_preview' tool is moved to ComputerUsePreview (78f5b3c)

v2.25.0

2.25.0 (2026-03-05)

Full Changelog: v2.24.0...v2.25.0

Features

• api: gpt-5.4, tool search tool, and new computer tool (6b2043f)
• api: remove prompt_cache_key param from responses, phase field from message types (44fb382)

Bug Fixes

• api: internal schema fixes (0c0f970)
• api: manual updates (9fc323f)
• api: readd phase (1b27b5a)

Chores

• internal: codegen related update (bdb837d)
• internal: codegen related update (b1de941)
• internal: reduce warnings (7cdbd06)

v2.24.0

2.24.0 (2026-02-24)

Full Changelog: v2.23.0...v2.24.0

Features

• api: add phase (391deb9)

Bug Fixes

• api: fix phase enum (42ebf7c)
• api: phase docs (7ddc61c)

Chores

... (truncated)

Changelog

Sourced from openai's changelog.

2.26.0 (2026-03-05)

Full Changelog: v2.25.0...v2.26.0

Features

• api: The GA ComputerTool now uses the CompuerTool class. The 'computer_use_preview' tool is moved to ComputerUsePreview (78f5b3c)

2.25.0 (2026-03-05)

Full Changelog: v2.24.0...v2.25.0

Features

• api: gpt-5.4, tool search tool, and new computer tool (6b2043f)
• api: remove prompt_cache_key param from responses, phase field from message types (44fb382)

Bug Fixes

• api: internal schema fixes (0c0f970)
• api: manual updates (9fc323f)
• api: readd phase (1b27b5a)

Chores

• internal: codegen related update (bdb837d)
• internal: codegen related update (b1de941)
• internal: reduce warnings (7cdbd06)

2.24.0 (2026-02-24)

Full Changelog: v2.23.0...v2.24.0

Features

• api: add phase (391deb9)

Bug Fixes

• api: fix phase enum (42ebf7c)
• api: phase docs (7ddc61c)

Chores

• internal: make test_proxy_environment_variables more resilient to env (65af8fd)
• internal: refactor sse event parsing (2344600)

... (truncated)

Commits

• 15afa21 release: 2.26.0 (#2932)
• 9b1bb6e release: 2.25.0 (#2891)
• 656e3ca release: 2.24.0 (#2890)
• 921c330 release: 2.23.0
• 650ccd9 codegen metadata
• 9e9a4f1 feat(api): add gpt-realtime-1.5 and gpt-audio-1.5 model options to realtime c...
• 588d239 chore(internal): make test_proxy_environment_variables more resilient
• 481ff6e release: 2.22.0
• e273d62 feat(api): websockets for responses api
• c612cfb chore(internal): add request options to SSE classes
• Additional commits viewable in compare view

Updates qdrant-haystack from 7.0.0 to 10.2.1

Commits

• cda7e68 doc: fixing QdrantDocumentStore docstring parsing error (#2806)
• e1bec8f Update the changelog
• f706c17 count number of docs between deleted operation and return the difference afte...
• d87afdc Update the changelog
• 18e6d1e feat: adding count with filtering operations toQdrantDocumentStore (#2803)
• fe2dd54 Update the changelog
• 718165d feat: add SQLRetriever to ElasticsearchDocumentStore (#2801)
• 051ccb8 chore: exposing PineconeDocumentStore show_progress bar parameter and dis...
• 312e463 chore: disabling progress bar in QdrantDocumentStore tests (#2797)
• 66b8109 Update the changelog
• Additional commits viewable in compare view

Updates tqdm from 4.67.1 to 4.67.3

Release notes

Sourced from tqdm's releases.

tqdm v4.67.3 stable

• fix py3.7 dependencies (#1706 <- #1705)

tqdm v4.67.2 stable

• support pandas>=3 (#1703 <- #1701, #1650, #1700)
• fix format_interval for negative numbers (#1703)
• misc linting
• framework updates (#1704)
  • bump CI workflow & pre-commit dependencies
  • add pyupgrade
  • add py3.13 support
  • fix py3.7 tests
  • update setuptools-scm usage
  • support auto-dedented docstrings when building docs in py3.13
• tests: relax flaky benchmarks

Commits

• 75bdb6c fix py3.7 compat
• 09a863b bump version, merge pull request #1704 from tqdm/devel
• 33d24cd update pyproject syntax
• 70b9124 add py3.13 support
• a74d8f8 drop _dist_ver
• 14d72e2 Merge pull request #1703 from wingding12/fix-pandas-3.0-and-negative-interval
• a69dac8 fix dedented docstrings
• a986d22 tests: fix pandas deprecation warnings
• bb7aa4d tests: fix pandas deprecated applymap
• 0647db1 misc tidy
• Additional commits viewable in compare view

Updates numpy from 1.26.4 to 2.4.3

Release notes

Sourced from numpy's releases.

2.4.2 (Feb 1, 2026)

NumPy 2.4.2 Release Notes

The NumPy 2.4.2 is a patch release that fixes bugs discovered after the 2.4.1 release. Highlights are:

• Fixes memory leaks
• Updates OpenBLAS to fix hangs

This release supports Python versions 3.11-3.14

Contributors

A total of 9 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

• Charles Harris
• Daniel Tang +
• Joren Hammudoglu
• Kumar Aditya
• Matti Picus
• Nathan Goldbaum
• Ralf Gommers
• Sebastian Berg
• Vikram Kumar +

Pull requests merged

A total of 12 pull requests were merged for this release.

• #30629: MAINT: Prepare 2.4.x for further development
• #30636: TYP: arange: accept datetime strings
• #30657: MAINT: avoid possible race condition by not touching os.environ...
• #30700: BUG: validate contraction axes in tensordot (#30521)
• #30701: DOC: __array_namespace__info__: set_module not __module__ (#30679)
• #30702: BUG: fix free-threaded PyObject layout in replace_scalar_type_names...
• #30703: TST: fix limited API example in tests for latest Cython
• #30709: BUG: Fix some bugs found via valgrind (#30680)
• #30712: MAINT: replace ob_type access with Py_TYPE in PyArray_CheckExact
• #30713: BUG: Fixup the quantile promotion fixup
• #30736: BUG: fix thread safety of array_getbuffer (#30667)
• #30737: backport scipy-openblas version change

2.4.1 (Jan 10, 2026)

NumPy 2.4.1 Release Notes

The NumPy 2.4.1 is a patch release that fixes bugs discoved after the 2.4.0 release. In particular, the typo SeedlessSequence is preserved to enable wheels using the random Cython API and built against NumPy < 2.4.0 to run without errors.

... (truncated)

Changelog

Sourced from numpy's changelog.

This is a walkthrough of the NumPy 2.4.0 release on Linux, which will be the first feature release using the numpy/numpy-release <https://github.com/numpy/numpy-release>__ repository.

The commands can be copied into the command line, but be sure to replace 2.4.0 with the correct version. This should be read together with the :ref:general release guide <prepare_release>.

Facility preparation

Before beginning to make a release, use the requirements/*_requirements.txt files to ensure that you have the needed software. Most software can be installed with pip, but some will require apt-get, dnf, or whatever your system uses for software. You will also need a GitHub personal access token (PAT) to push the documentation. There are a few ways to streamline things:

• Git can be set up to use a keyring to store your GitHub personal access token. Search online for the details.

Prior to release

Add/drop Python versions

When adding or dropping Python versions, multiple config and CI files need to be edited in addition to changing the minimum version in pyproject.toml. Make these changes in an ordinary PR against main and backport if necessary. We currently release wheels for new Python versions after the first Python RC once manylinux and cibuildwheel support that new Python version.

Backport pull requests

Changes that have been marked for this release must be backported to the maintenance/2.4.x branch.

Update 2.4.0 milestones

Look at the issues/prs with 2.4.0 milestones and either push them off to a later version, or maybe remove the milestone. You may need to add a milestone.

Check the numpy-release repo

... (truncated)

Commits

• 8bcb2e7 Merge pull request #30974 from charris/prepare-2.4.3
• 9a2b5ee REL: Prepare for the NumPy 2.4.3 release
• a822ac2 Merge pull request #30973 from charris/backport-30961
• 039bf54 MAINT: update openblas (#30961)
• 254bafa Merge pull request #30955 from charris/backport-30879
• 0cc7d38 ENH: Test .kind not .char in np.testing.assert_equal (#30879)
• 9ee571d Merge pull request #30957 from charris/backport-30918
• f302a16 Merge pull request #30958 from charris/backport-30938
• d240a09 MAINT: Don't use vulture 2.15, it has false positives
• 4fc08e9 MAINT: Don't use vulture 2.15, it has false positives
• Additional commits viewable in compare view

Updates sqlparse from 0.5.3 to 0.5.5

Changelog

Sourced from sqlparse's changelog.

Release 0.5.5 (Dec 19, 2025)

Bug Fixes

• Fix DoS protection to raise SQLParseError instead of silently returning None when grouping limits are exceeded (issue827).
• Fix splitting of BEGIN TRANSACTION statements (issue826).

Release 0.5.4 (Nov 28, 2025)

Enhancements

• Add support for Python 3.14.
• Add type annotations to top-level API functions and include py.typed marker for PEP 561 compliance, enabling type checking with mypy and other tools (issue756).
• Add pre-commit hook support. sqlparse can now be used as a pre-commit hook to automatically format SQL files. The CLI now supports multiple files and an --in-place flag for in-place editing (issue537).
• Add ATTACH and DETACH to PostgreSQL keywords (pr808).
• Add INTERSECT to close keywords in WHERE clause (pr820).
• Support REGEXP BINARY comparison operator (pr817).

Bug Fixes

• Add additional protection against denial of service attacks when parsing very large lists of tuples. This enhances the existing recursion protections with configurable limits for token processing to prevent DoS through algorithmic complexity attacks. The new limits (MAX_GROUPING_DEPTH=100, MAX_GROUPING_TOKENS=10000) can be adjusted or disabled (by setting to None) if needed for legitimate large SQL statements.
• Remove shebang from cli.py and remove executable flag (pr818).
• Fix strip_comments not removing all comments when input contains only comments (issue801, pr803 by stropysh).
• Fix splitting statements with IF EXISTS/IF NOT EXISTS inside BEGIN...END blocks (issue812).
• Fix splitting on semicolons inside BEGIN...END blocks (issue809).

Commits

• 0d24023 Bump version to 0.5.5
• da67ac1 Enhance DoS protection by raising SQLParseError for exceeded grouping limits ...
• 5ca50a2 Fix splitting of BEGIN TRANSACTION statements (fixes #826).
• acd8e58 Back to development version.
• 14e300b Bump version.
• 96a67e2 Code cleanup.
• 1a3bfbd Fix handling of semicolons inside BEGIN...END blocks (fixes #809).
• e92a032 Fix handling of IF EXISTS statements in BEGIN...END blocks (fixes #812).
• 149bebf Update Changelog.
• 561a67e Update AUTHORS.
• Additional commits viewable in compare view

Updates orjson from 3.11.5 to 3.11.7

Release notes

Sourced from orjson's releases.

3.11.7

Changed

• Use a faster library to serialize float. Users with byte-exact regression tests should note positive exponents are now written using a +, e.g., 1.2e+30 instead of 1.2e30. Both formats are spec-compliant.
• ABI compatibility with CPython 3.15 alpha 5 free-threading.

3.11.6

Changed

• orjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).
• Drop support for Python 3.9.
• ABI compatibility with CPython 3.15 alpha 5.
• Build now depends on Rust 1.89 or later instead of 1.85.

Fixed

• Fix sporadic crash serializing deeply nested list of dict.

Changelog

Sourced from orjson's changelog.

3.11.7 - 2026-02-02

Changed

• Use a faster library to serialize float. Users with byte-exact regression tests should note positive exponents are now written using a +, e.g., 1.2e+30 instead of 1.2e30. Both formats are spec-compliant.
• ABI compatibility with CPython 3.15 alpha 5 free-threading.

3.11.6 - 2026-01-29

Changed

• orjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).
• Drop support for Python 3.9.
• ABI compatibility with CPython 3.15 alpha 5.
• Build now depends on Rust 1.89 or later instead of 1.85.

Fixed

• Fix sporadic crash serializing deeply nested list of dict.

Commits

• ec2b066 3.11.7
• 1ca01f7 zmij
• 1716a22 cargo update
• ec02024 3.11.6
• d581687 build, clippy misc
• 4105b29 writer::num
• 62bb185 Fix sporadic crash on serializing object close
• d860078 PyRef idiom refactors
• 343ae2f Deserializer, Utf8Buffer
• 7835f58 PyBytesRef and other input refactor
• Additional commits viewable in compare view

Updates ollama-haystack from 0.0.6 to 1.1.0

Commits

• bb949ef feat: Add Agent state-mapping parameters to MCPTool (#2501)
• dee4f0a docs: update changelog for integrations/anthropic (#2511)
• 28c8038 docs: update changelog for integrations/astra (#2512)
• 3b7497a docs: update changelog for integrations/azure_ai_search (#2513)
• 373b818 docs: update changelog for integrations/chroma (