Skip to content

chore(deps): bump the uv group across 39 directories with 3 updates#1944

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/python/agents/adk-ae-oauth/uv-bb0db9c83b
Open

chore(deps): bump the uv group across 39 directories with 3 updates#1944
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/python/agents/adk-ae-oauth/uv-bb0db9c83b

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 17, 2026

Bumps the uv group with 2 updates in the /python/agents/adk-ae-oauth directory: authlib and urllib3.
Bumps the uv group with 2 updates in the /python/agents/ai-security-agent directory: authlib and urllib3.
Bumps the uv group with 2 updates in the /python/agents/airflow_version_upgrade_agent directory: authlib and urllib3.
Bumps the uv group with 2 updates in the /python/agents/ambient-expense-agent directory: authlib and urllib3.
Bumps the uv group with 2 updates in the /python/agents/antom-payment directory: authlib and urllib3.
Bumps the uv group with 2 updates in the /python/agents/auto-insurance-agent directory: authlib and urllib3.
Bumps the uv group with 2 updates in the /python/agents/brand-aligned-presentations directory: authlib and urllib3.
Bumps the uv group with 2 updates in the /python/agents/brand-aligner directory: authlib and urllib3.
Bumps the uv group with 2 updates in the /python/agents/camel directory: authlib and urllib3.
Bumps the uv group with 2 updates in the /python/agents/claim-adjudication-agent directory: authlib and urllib3.
Bumps the uv group with 2 updates in the /python/agents/currency-agent directory: authlib and urllib3.
Bumps the uv group with 1 update in the /python/agents/currency-agent/mcp-server directory: authlib.
Bumps the uv group with 2 updates in the /python/agents/cyber-guardian-agent directory: authlib and urllib3.
Bumps the uv group with 2 updates in the /python/agents/data-engineering directory: authlib and urllib3.
Bumps the uv group with 2 updates in the /python/agents/fun-facts directory: authlib and urllib3.
Bumps the uv group with 2 updates in the /python/agents/genmedia-for-commerce directory: authlib and urllib3.
Bumps the uv group with 2 updates in the /python/agents/global-kyc-agent directory: authlib and urllib3.
Bumps the uv group with 2 updates in the /python/agents/google-trends-agent directory: authlib and urllib3.
Bumps the uv group with 3 updates in the /python/agents/hierarchical-workflow-automation directory: authlib, urllib3 and langsmith.
Bumps the uv group with 2 updates in the /python/agents/high-volume-document-analyzer directory: authlib and urllib3.
Bumps the uv group with 2 updates in the /python/agents/incident-management directory: authlib and urllib3.
Bumps the uv group with 2 updates in the /python/agents/invoice-processing directory: authlib and urllib3.
Bumps the uv group with 2 updates in the /python/agents/llm-auditor directory: authlib and urllib3.
Bumps the uv group with 2 updates in the /python/agents/machine-learning-engineering directory: authlib and urllib3.
Bumps the uv group with 3 updates in the /python/agents/multiformat-hybrid-rag directory: authlib, urllib3 and langsmith.
Bumps the uv group with 2 updates in the /python/agents/multiformat-hybrid-rag/data_ingestion_pipeline directory: urllib3 and langsmith.
Bumps the uv group with 2 updates in the /python/agents/nexshift-agent directory: authlib and urllib3.
Bumps the uv group with 2 updates in the /python/agents/nurse-handover directory: authlib and urllib3.
Bumps the uv group with 2 updates in the /python/agents/on-brand-genmedia directory: authlib and urllib3.
Bumps the uv group with 2 updates in the /python/agents/order-processing directory: authlib and urllib3.
Bumps the uv group with 2 updates in the /python/agents/plumber-data-engineering-assistant directory: authlib and urllib3.
Bumps the uv group with 2 updates in the /python/agents/policy-as-code directory: authlib and urllib3.
Bumps the uv group with 3 updates in the /python/agents/product-catalog-ad-generation directory: authlib, urllib3 and langsmith.
Bumps the uv group with 2 updates in the /python/agents/retail-ai-location-strategy directory: authlib and urllib3.
Bumps the uv group with 2 updates in the /python/agents/safety-plugins directory: authlib and urllib3.
Bumps the uv group with 2 updates in the /python/agents/small-business-loan-agent directory: authlib and urllib3.
Bumps the uv group with 2 updates in the /python/agents/story_teller directory: authlib and urllib3.
Bumps the uv group with 1 update in the /python/agents/supply-chain directory: urllib3.
Bumps the uv group with 2 updates in the /python/agents/tau2-benchmark-agent directory: authlib and urllib3.

Updates authlib from 1.7.0 to 1.7.1

Release notes

Sourced from authlib's releases.

v1.7.1

What's Changed

  • Fix authlib.jose deprecation warning poping from _joserfc_helpers by @​azmeuk in authlib/authlib#881
  • Fix redirecting to unvalidated redirect_uri on InvalidScopeError in OpenIDImplicitGrant and OpenIDHybridGrant.

Full Changelog: authlib/authlib@v1.7.0...v1.7.1

Commits
  • 485016a chore: bump to 1.7.1
  • 7b4ecd7 fix: redirecting to unvalidated redirect_uri on InvalidScopeError in OIDC grants
  • c304a21 Merge pull request #881 from azmeuk/880-deprecation-warnings
  • 4165ada fix: authlib.jose deprecation warning poping from _joserfc_helpers
  • See full diff in compare view

Updates urllib3 from 2.6.3 to 2.7.0

Release notes

Sourced from urllib3's releases.

2.7.0

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Security

Addressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.

  • Decompression-bomb safeguards of the streaming API were bypassed:

    1. When HTTPResponse.drain_conn() was called after the response had been read and decompressed partially. (Reported by @​Cycloctane)
    2. During the second HTTPResponse.read(amt=N) or HTTPResponse.stream(amt=N) call when the response was decompressed using the official Brotli library. (Reported by @​kimkou2024)

    See GHSA-mf9v-mfxr-j63j for details.

  • HTTP pools created using ProxyManager.connection_from_url did not strip sensitive headers specified in Retry.remove_headers_on_redirect when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by @​christos-spearbit)

Deprecations and Removals

  • Used FutureWarning instead of DeprecationWarning for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (urllib3/urllib3#3763)
  • Removed support for end-of-life Python 3.9. (urllib3/urllib3#3720)
  • Removed support for end-of-life PyPy3.10. (urllib3/urllib3#4979)
  • Bumped the minimum supported pyOpenSSL version to 19.0.0. (urllib3/urllib3#3777)

Bugfixes

  • Fixed a bug where HTTPResponse.read(amt=None) was ignoring decompressed data buffered from previous partial reads. (urllib3/urllib3#3636)
  • Fixed a bug where HTTPResponse.read() could cache only part of the response after a partial read when cache_content=True. (urllib3/urllib3#4967)
  • Fixed HTTPResponse.stream() and HTTPResponse.read_chunked() to handle amt=0. (urllib3/urllib3#3793)
  • Updated _TYPE_BODY type alias to include missing Iterable[str], matching the documented and runtime behavior of chunked request bodies. (urllib3/urllib3#3798)
  • Fixed LocationParseError when paths resembling schemeless URIs were passed to HTTPConnectionPool.urlopen(). (urllib3/urllib3#3352)
  • Fixed BaseHTTPResponse.readinto() type annotation to accept memoryview in addition to bytearray, matching the io.RawIOBase.readinto contract and enabling use with io.BufferedReader without type errors. (urllib3/urllib3#3764)
Changelog

Sourced from urllib3's changelog.

2.7.0 (2026-05-07)

Security

Addressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.

  • Decompression-bomb safeguards of the streaming API were bypassed:

    1. When HTTPResponse.drain_conn() was called after the response had been read and decompressed partially.
    2. During the second HTTPResponse.read(amt=N) or HTTPResponse.stream(amt=N) call when the response was decompressed using the official Brotli <https://pypi.org/project/brotli/>__ library.

    See GHSA-mf9v-mfxr-j63j <https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j>__ for details.

  • HTTP pools created using ProxyManager.connection_from_url did not strip sensitive headers specified in Retry.remove_headers_on_redirect when redirecting to a different host. (GHSA-qccp-gfcp-xxvc <https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc>__)

Deprecations and Removals

  • Used FutureWarning instead of DeprecationWarning for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. ([#3763](https://github.com/urllib3/urllib3/issues/3763) <https://github.com/urllib3/urllib3/issues/3763>__)
  • Removed support for end-of-life Python 3.9. ([#3720](https://github.com/urllib3/urllib3/issues/3720) <https://github.com/urllib3/urllib3/issues/3720>__)
  • Removed support for end-of-life PyPy3.10. ([#4979](https://github.com/urllib3/urllib3/issues/4979) <https://github.com/urllib3/urllib3/issues/4979>__)
  • Bumped the minimum supported pyOpenSSL version to 19.0.0. ([#3777](https://github.com/urllib3/urllib3/issues/3777) <https://github.com/urllib3/urllib3/issues/3777>__)

Bugfixes

  • Fixed a bug where HTTPResponse.read(amt=None) was ignoring decompressed data buffered from previous partial reads. ([#3636](https://github.com/urllib3/urllib3/issues/3636) <https://github.com/urllib3/urllib3/issues/3636>__)
  • Fixed a bug where HTTPResponse.read() could cache only part of the response after a partial read when cache_content=True.

... (truncated)

Commits

Updates authlib from 1.7.0 to 1.7.1

Release notes

Sourced from authlib's releases.

v1.7.1

What's Changed

  • Fix authlib.jose deprecation warning poping from _joserfc_helpers by @​azmeuk in authlib/authlib#881
  • Fix redirecting to unvalidated redirect_uri on InvalidScopeError in OpenIDImplicitGrant and OpenIDHybridGrant.

Full Changelog: authlib/authlib@v1.7.0...v1.7.1

Commits
  • 485016a chore: bump to 1.7.1
  • 7b4ecd7 fix: redirecting to unvalidated redirect_uri on InvalidScopeError in OIDC grants
  • c304a21 Merge pull request #881 from azmeuk/880-deprecation-warnings
  • 4165ada fix: authlib.jose deprecation warning poping from _joserfc_helpers
  • See full diff in compare view

Updates urllib3 from 2.6.3 to 2.7.0

Release notes

Sourced from urllib3's releases.

2.7.0

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Security

Addressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.

  • Decompression-bomb safeguards of the streaming API were bypassed:

    1. When HTTPResponse.drain_conn() was called after the response had been read and decompressed partially. (Reported by @​Cycloctane)
    2. During the second HTTPResponse.read(amt=N) or HTTPResponse.stream(amt=N) call when the response was decompressed using the official Brotli library. (Reported by @​kimkou2024)

    See GHSA-mf9v-mfxr-j63j for details.

  • HTTP pools created using ProxyManager.connection_from_url did not strip sensitive headers specified in Retry.remove_headers_on_redirect when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by @​christos-spearbit)

Deprecations and Removals

  • Used FutureWarning instead of DeprecationWarning for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (urllib3/urllib3#3763)
  • Removed support for end-of-life Python 3.9. (urllib3/urllib3#3720)
  • Removed support for end-of-life PyPy3.10. (urllib3/urllib3#4979)
  • Bumped the minimum supported pyOpenSSL version to 19.0.0. (urllib3/urllib3#3777)

Bugfixes

  • Fixed a bug where HTTPResponse.read(amt=None) was ignoring decompressed data buffered from previous partial reads. (urllib3/urllib3#3636)
  • Fixed a bug where HTTPResponse.read() could cache only part of the response after a partial read when cache_content=True. (urllib3/urllib3#4967)
  • Fixed HTTPResponse.stream() and HTTPResponse.read_chunked() to handle amt=0. (urllib3/urllib3#3793)
  • Updated _TYPE_BODY type alias to include missing Iterable[str], matching the documented and runtime behavior of chunked request bodies. (urllib3/urllib3#3798)
  • Fixed LocationParseError when paths resembling schemeless URIs were passed to HTTPConnectionPool.urlopen(). (urllib3/urllib3#3352)
  • Fixed BaseHTTPResponse.readinto() type annotation to accept memoryview in addition to bytearray, matching the io.RawIOBase.readinto contract and enabling use with io.BufferedReader without type errors. (urllib3/urllib3#3764)
Changelog

Sourced from urllib3's changelog.

2.7.0 (2026-05-07)

Security

Addressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.

  • Decompression-bomb safeguards of the streaming API were bypassed:

    1. When HTTPResponse.drain_conn() was called after the response had been read and decompressed partially.
    2. During the second HTTPResponse.read(amt=N) or HTTPResponse.stream(amt=N) call when the response was decompressed using the official Brotli <https://pypi.org/project/brotli/>__ library.

    See GHSA-mf9v-mfxr-j63j <https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j>__ for details.

  • HTTP pools created using ProxyManager.connection_from_url did not strip sensitive headers specified in Retry.remove_headers_on_redirect when redirecting to a different host. (GHSA-qccp-gfcp-xxvc <https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc>__)

Deprecations and Removals

  • Used FutureWarning instead of DeprecationWarning for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. ([#3763](https://github.com/urllib3/urllib3/issues/3763) <https://github.com/urllib3/urllib3/issues/3763>__)
  • Removed support for end-of-life Python 3.9. ([#3720](https://github.com/urllib3/urllib3/issues/3720) <https://github.com/urllib3/urllib3/issues/3720>__)
  • Removed support for end-of-life PyPy3.10. ([#4979](https://github.com/urllib3/urllib3/issues/4979) <https://github.com/urllib3/urllib3/issues/4979>__)
  • Bumped the minimum supported pyOpenSSL version to 19.0.0. ([#3777](https://github.com/urllib3/urllib3/issues/3777) <https://github.com/urllib3/urllib3/issues/3777>__)

Bugfixes

  • Fixed a bug where HTTPResponse.read(amt=None) was ignoring decompressed data buffered from previous partial reads. ([#3636](https://github.com/urllib3/urllib3/issues/3636) <https://github.com/urllib3/urllib3/issues/3636>__)
  • Fixed a bug where HTTPResponse.read() could cache only part of the response after a partial read when cache_content=True.

... (truncated)

Commits

Updates authlib from 1.6.10 to 1.6.12

Release notes

Sourced from authlib's releases.

v1.7.1

What's Changed

  • Fix authlib.jose deprecation warning poping from _joserfc_helpers by @​azmeuk in authlib/authlib#881
  • Fix redirecting to unvalidated redirect_uri on InvalidScopeError in OpenIDImplicitGrant and OpenIDHybridGrant.

Full Changelog: authlib/authlib@v1.7.0...v1.7.1

Commits
  • 485016a chore: bump to 1.7.1
  • 7b4ecd7 fix: redirecting to unvalidated redirect_uri on InvalidScopeError in OIDC grants
  • c304a21 Merge pull request #881 from azmeuk/880-deprecation-warnings
  • 4165ada fix: authlib.jose deprecation warning poping from _joserfc_helpers
  • See full diff in compare view

Updates urllib3 from 2.6.3 to 2.7.0

Release notes

Sourced from urllib3's releases.

2.7.0

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Security

Addressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.

  • Decompression-bomb safeguards of the streaming API were bypassed:

    1. When HTTPResponse.drain_conn() was called after the response had been read and decompressed partially. (Reported by @​Cycloctane)
    2. During the second HTTPResponse.read(amt=N) or HTTPResponse.stream(amt=N) call when the response was decompressed using the official Brotli library. (Reported by @​kimkou2024)

    See GHSA-mf9v-mfxr-j63j for details.

  • HTTP pools created using ProxyManager.connection_from_url did not strip sensitive headers specified in Retry.remove_headers_on_redirect when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by @​christos-spearbit)

Deprecations and Removals

  • Used FutureWarning instead of DeprecationWarning for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (urllib3/urllib3#3763)
  • Removed support for end-of-life Python 3.9. (urllib3/urllib3#3720)
  • Removed support for end-of-life PyPy3.10. (urllib3/urllib3#4979)
  • Bumped the minimum supported pyOpenSSL version to 19.0.0. (urllib3/urllib3#3777)

Bugfixes

  • Fixed a bug where HTTPResponse.read(amt=None) was ignoring decompressed data buffered from previous partial reads. (urllib3/urllib3#3636)
  • Fixed a bug where HTTPResponse.read() could cache only part of the response after a partial read when cache_content=True. (urllib3/urllib3#4967)
  • Fixed HTTPResponse.stream() and HTTPResponse.read_chunked() to handle amt=0. (urllib3/urllib3#3793)
  • Updated _TYPE_BODY type alias to include missing Iterable[str], matching the documented and runtime behavior of chunked request bodies. (urllib3/urllib3#3798)
  • Fixed LocationParseError when paths resembling schemeless URIs were passed to HTTPConnectionPool.urlopen(). (urllib3/urllib3#3352)
  • Fixed BaseHTTPResponse.readinto() type annotation to accept memoryview in addition to bytearray, matching the io.RawIOBase.readinto contract and enabling use with io.BufferedReader without type errors. (urllib3/urllib3#3764)
Changelog

Sourced from urllib3's changelog.

2.7.0 (2026-05-07)

Security

Addressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.

  • Decompression-bomb safeguards of the streaming API were bypassed:

    1. When HTTPResponse.drain_conn() was called after the response had been read and decompressed partially.
    2. During the second HTTPResponse.read(amt=N) or HTTPResponse.stream(amt=N) call when the response was decompressed using the official Brotli <https://pypi.org/project/brotli/>__ library.

    See GHSA-mf9v-mfxr-j63j <https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j>__ for details.

  • HTTP pools created using ProxyManager.connection_from_url did not strip sensitive headers specified in Retry.remove_headers_on_redirect when redirecting to a different host. (GHSA-qccp-gfcp-xxvc <https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc>__)

Deprecations and Removals

  • Used FutureWarning instead of DeprecationWarning for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. ([#3763](https://github.com/urllib3/urllib3/issues/3763) <https://github.com/urllib3/urllib3/issues/3763>__)
  • Removed support for end-of-life Python 3.9. ([#3720](https://github.com/urllib3/urllib3/issues/3720) <https://github.com/urllib3/urllib3/issues/3720>__)
  • Removed support for end-of-life PyPy3.10. ([#4979](https://github.com/urllib3/urllib3/issues/4979) <https://github.com/urllib3/urllib3/issues/4979>__)
  • Bumped the minimum supported pyOpenSSL version to 19.0.0. ([#3777](https://github.com/urllib3/urllib3/issues/3777) <https://github.com/urllib3/urllib3/issues/3777>__)

Bugfixes

  • Fixed a bug where HTTPResponse.read(amt=None) was ignoring decompressed data buffered from previous partial reads. ([#3636](https://github.com/urllib3/urllib3/issues/3636) <https://github.com/urllib3/urllib3/issues/3636>__)
  • Fixed a bug where HTTPResponse.read() could cache only part of the response after a partial read when cache_content=True.

... (truncated)

Commits

Updates authlib from 1.6.9 to 1.6.12

Release notes

Sourced from authlib's releases.

v1.7.1

What's Changed

  • Fix authlib.jose deprecation warning poping from _joserfc_helpers by @​azmeuk in authlib/authlib#881
  • Fix redirecting to unvalidated redirect_uri on InvalidScopeError in OpenIDImplicitGrant and OpenIDHybridGrant.

Full Changelog: authlib/authlib@v1.7.0...v1.7.1

Commits
  • 485016a chore: bump to 1.7.1
  • 7b4ecd7 fix: redirecting to unvalidated redirect_uri on InvalidScopeError in OIDC grants
  • c304a21 Merge pull request #881 from azmeuk/880-deprecation-warnings
  • 4165ada fix: authlib.jose deprecation warning poping from _joserfc_helpers
  • See full diff in compare view

Updates urllib3 from 2.6.3 to 2.7.0

Release notes

Sourced from urllib3's releases.

2.7.0

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Security

Addressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.

  • Decompression-bomb safeguards of the streaming API were bypassed:

    1. When HTTPResponse.drain_conn() was called after the response had been read and decompressed partially. (Reported by @​Cycloctane)
    2. During the second HTTPResponse.read(amt=N) or HTTPResponse.stream(amt=N) call when the response was decompressed using the official Brotli library. (Reported by @​kimkou2024)

    See GHSA-mf9v-mfxr-j63j for details.

  • HTTP pools created using ProxyManager.connection_from_url did not strip sensitive headers specified in Retry.remove_headers_on_redirect when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by @​christos-spearbit)

Deprecations and Removals

  • Used FutureWarning instead of DeprecationWarning for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (urllib3/urllib3#3763)
  • Removed support for end-of-life Python 3.9. (urllib3/urllib3#3720)
  • Removed support for end-of-life PyPy3.10. (urllib3/urllib3#4979)
  • Bumped the minimum supported pyOpenSSL version to 19.0.0. (urllib3/urllib3#3777)

Bugfixes

  • Fixed a bug where HTTPResponse.read(amt=None) was ignoring decompressed data buffered from previous partial reads. (urllib3/urllib3#3636)
  • Fixed a bug where HTTPResponse.read() could cache only part of the response after a partial read when cache_content=True. (urllib3/urllib3#4967)
  • Fixed HTTPResponse.stream() and HTTPResponse.read_chunked() to handle amt=0. (urllib3/urllib3#3793)
  • Updated _TYPE_BODY type alias to include missing Iterable[str], matching the documented and runtime behavior of chunked request bodies. (urllib3/urllib3#3798)
  • Fixed LocationParseError when paths resembling schemeless URIs were passed to HTTPConnectionPool.urlopen(). (urllib3/urllib3#3352)
  • Fixed BaseHTTPResponse.readinto() type annotation to accept memoryview in addition to bytearray, matching the io.RawIOBase.readinto contract and enabling use with io.BufferedReader without type errors. (urllib3/urllib3#3764)
Changelog

Sourced from urllib3's changelog.

2.7.0 (2026-05-07)

Security

Addressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.

  • Decompression-bomb safeguards of the streaming API were bypassed:

    1. When HTTPResponse.drain_conn() was called after the response had been read and decompressed partially.
    2. During the second HTTPResponse.read(amt=N) or HTTPResponse.stream(amt=N) call when the response was decompressed using the official Brotli <https://pypi.org/project/brotli/>__ library.

    See GHSA-mf9v-mfxr-j63j <https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j>__ for details.

  • HTTP pools created using ProxyManager.connection_from_url did not strip sensitive headers specified in Retry.remove_headers_on_redirect when redirecting to a different host. (GHSA-qccp-gfcp-xxvc <https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc>__)

Deprecations and Removals

  • Used FutureWarning instead of DeprecationWarning for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. ([#3763](https://github.com/urllib3/urllib3/issues/3763) <https://github.com/urllib3/urllib3/issues/3763>__)
  • Removed support for end-of-life Python 3.9. ([#3720](https://github.com/urllib3/urllib3/issues/3720) <https://github.com/urllib3/urllib3/issues/3720>__)
  • Removed support for end-of-life PyPy3.10. ([#4979](https://github.com/urllib3/urllib3/issues/4979) <https://github.com/urllib3/urllib3/issues/4979>__)
  • Bumped the minimum supported pyOpenSSL version to 19.0.0. ([#3777](https://github.com/urllib3/urllib3/issues/3777) <https://github.com/urllib3/urllib3/issues/3777>__)

Bugfixes

  • Fixed a bug where HTTPResponse.read(amt=None) was ignoring decompressed data buffered from previous partial reads. ([#3636](https://github.com/urllib3/urllib3/issues/3636) <https://github.com/urllib3/urllib3/issues/3636>__)
  • Fixed a bug where HTTPResponse.read() could cache only part of the response after a partial read when cache_content=True.

... (truncated)

Commits

Updates authlib from 1.6.9 to 1.6.12

Release notes

Sourced from authlib's releases.

v1.7.1

What's Changed

  • Fix authlib.jose deprecation warning poping from _joserfc_helpers by @​azmeuk in authlib/authlib#881
  • Fix redirecting to unvalidated redirect_uri on InvalidScopeError in OpenIDImplicitGrant and OpenIDHybridGrant.

Full Changelog: authlib/authlib@v1.7.0...v1.7.1

Commits
  • 485016a chore: bump to 1.7.1
  • 7b4ecd7 fix: redirecting to unvalidated redirect_uri on InvalidScopeError in OIDC grants
  • c304a21 Merge pull request #881 from azmeuk/880-deprecation-warnings
  • 4165ada fix: authlib.jose deprecation warning poping from _joserfc_helpers
  • See full diff in compare view

Updates urllib3 from 2.6.3 to 2.7.0

Release notes

Sourced from urllib3's releases.

2.7.0

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Security

Addressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.

  • Decompression-bomb safeguards of the streaming API were bypassed:

    1. When HTTPResponse.drain_conn() was called after the response had been read and decompressed partially. (Reported by @​Cycloctane)
    2. During the second HTTPResponse.read(amt=N) or HTTPResponse.stream(amt=N) call when the response was decompressed using the official Brotli library. (Reported by @​kimkou2024)

    See GHSA-mf9v-mfxr-j63j for details.

  • HTTP pools created using ProxyManager.connection_from_url did not strip sensitive headers specified in Retry.remove_headers_on_redirect when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by @​christos-spearbit)

Deprecations and Removals

  • Used FutureWarning instead of DeprecationWarning for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (urllib3/urllib3#3763)
  • Removed support for end-of-life Python 3.9. (urllib3/urllib3#3720)
  • Removed support for end-of-life PyPy3.10. (urllib3/urllib3#4979)
  • Bumped the minimum supported pyOpenSSL version to 19.0.0. (urllib3/urllib3#3777)

Bugfixes

  • Fixed a bug where HTTPResponse.read(amt=None) was ignoring decompressed data buffered from previous partial reads. (urllib3/urllib3#3636)
  • Fixed a bug where HTTPResponse.read() could cache only part of the response after a partial read when cache_content=True. (urllib3/urllib3#4967)
  • Fixed HTTPResponse.stream() and HTTPResponse.read_chunked() to handle amt=0. (urllib3/urllib3#3793)
  • Updated _TYPE_BODY type alias to include missing Iterable[str], matching the documented and runtime behavior of chunked request bodies. (urllib3/urllib3#3798)
  • Fixed LocationParseError when paths resembling schemeless URIs were passed to HTTPConnectionPool.urlopen(). (urllib3/urllib3#3352)
  • Fixed BaseHTTPResponse.readinto() type annotation to accept memoryview in addition to bytearray, matching the io.RawIOBase.readinto contract and enabling use with io.BufferedReader without type errors. (urllib3/urllib3#3764)
Changelog

Sourced from urllib3's changelog.

2.7.0 (2026-05-07)

Security

Addressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.

  • Decompression-bomb safeguards of the streaming API were bypassed:

    1. When HTTPResponse.drain_conn() was called after the response had been read and decompressed partially.
    2. During the second HTTPResponse.read(amt=N) or HTTPResponse.stream(amt=N) call when the response was decompressed using the official Brotli <https://pypi.org/project/brotli/>__ library.

    See GHSA-mf9v-mfxr-j63j <https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j>__ for details.

  • HTTP pools created using ProxyManager.connection_from_url did not strip sensitive headers specified in Retry.remove_headers_on_redirect when redirecting to a different host. (GHSA-qccp-gfcp-xxvc <https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc>__)

Deprecations and Removals

  • Used FutureWarning instead of DeprecationWarning for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. ([#3763](https://github.com/urllib3/urllib3/issues/3763) <https://github.com/urllib3/urllib3/issues/3763>__)
  • Removed support for end-of-life Python 3.9. ([#3720](https://github.com/urllib3/urllib3/issues/3720) <https://github.com/urllib3/urllib3/issues/3720>__)
  • Removed support for end-of-life PyPy3.10. ([#4979](https://github.com/urllib3/urllib3/issues/4979) <https://github.com/urllib3/urllib3/issues/4979>__)
  • Bumped the minimum supported pyOpenSSL version to 19.0.0. ([#3777](https://github.com/urllib3/urllib3/issues/3777) <https://github.com/urllib3/urllib3/issues/3777>__)

Bugfixes

  • Fixed a bug where HTTPResponse.read(amt=None) was ignoring decompressed data buffered from previous partial reads. ([#3636](https://github.com/urllib3/urllib3/issues/3636) <https://github.com/urllib3/urllib3/issues/3636>__)
  • Fixed a bug where HTTPResponse.read() could cache only part of the response after a partial read when cache_content=True.

... (truncated)

Commits

Updates authlib from 1.6.9 to 1.6.12

Release notes

Sourced from authlib's releases.

v1.7.1

What's Changed

@dependabot
chore(deps): bump the uv group across 39 directories with 3 updates
735b5ac 
Bumps the uv group with 2 updates in the /python/agents/adk-ae-oauth directory: [authlib](https://github.com/authlib/authlib) and [urllib3](https://github.com/urllib3/urllib3).
Bumps the uv group with 2 updates in the /python/agents/ai-security-agent directory: [authlib](https://github.com/authlib/authlib) and [urllib3](https://github.com/urllib3/urllib3).
Bumps the uv group with 2 updates in the /python/agents/airflow_version_upgrade_agent directory: [authlib](https://github.com/authlib/authlib) and [urllib3](https://github.com/urllib3/urllib3).
Bumps the uv group with 2 updates in the /python/agents/ambient-expense-agent directory: [authlib](https://github.com/authlib/authlib) and [urllib3](https://github.com/urllib3/urllib3).
Bumps the uv group with 2 updates in the /python/agents/antom-payment directory: [authlib](https://github.com/authlib/authlib) and [urllib3](https://github.com/urllib3/urllib3).
Bumps the uv group with 2 updates in the /python/agents/auto-insurance-agent directory: [authlib](https://github.com/authlib/authlib) and [urllib3](https://github.com/urllib3/urllib3).
Bumps the uv group with 2 updates in the /python/agents/brand-aligned-presentations directory: [authlib](https://github.com/authlib/authlib) and [urllib3](https://github.com/urllib3/urllib3).
Bumps the uv group with 2 updates in the /python/agents/brand-aligner directory: [authlib](https://github.com/authlib/authlib) and [urllib3](https://github.com/urllib3/urllib3).
Bumps the uv group with 2 updates in the /python/agents/camel directory: [authlib](https://github.com/authlib/authlib) and [urllib3](https://github.com/urllib3/urllib3).
Bumps the uv group with 2 updates in the /python/agents/claim-adjudication-agent directory: [authlib](https://github.com/authlib/authlib) and [urllib3](https://github.com/urllib3/urllib3).
Bumps the uv group with 2 updates in the /python/agents/currency-agent directory: [authlib](https://github.com/authlib/authlib) and [urllib3](https://github.com/urllib3/urllib3).
Bumps the uv group with 1 update in the /python/agents/currency-agent/mcp-server directory: [authlib](https://github.com/authlib/authlib).
Bumps the uv group with 2 updates in the /python/agents/cyber-guardian-agent directory: [authlib](https://github.com/authlib/authlib) and [urllib3](https://github.com/urllib3/urllib3).
Bumps the uv group with 2 updates in the /python/agents/data-engineering directory: [authlib](https://github.com/authlib/authlib) and [urllib3](https://github.com/urllib3/urllib3).
Bumps the uv group with 2 updates in the /python/agents/fun-facts directory: [authlib](https://github.com/authlib/authlib) and [urllib3](https://github.com/urllib3/urllib3).
Bumps the uv group with 2 updates in the /python/agents/genmedia-for-commerce directory: [authlib](https://github.com/authlib/authlib) and [urllib3](https://github.com/urllib3/urllib3).
Bumps the uv group with 2 updates in the /python/agents/global-kyc-agent directory: [authlib](https://github.com/authlib/authlib) and [urllib3](https://github.com/urllib3/urllib3).
Bumps the uv group with 2 updates in the /python/agents/google-trends-agent directory: [authlib](https://github.com/authlib/authlib) and [urllib3](https://github.com/urllib3/urllib3).
Bumps the uv group with 3 updates in the /python/agents/hierarchical-workflow-automation directory: [authlib](https://github.com/authlib/authlib), [urllib3](https://github.com/urllib3/urllib3) and [langsmith](https://github.com/langchain-ai/langsmith-sdk).
Bumps the uv group with 2 updates in the /python/agents/high-volume-document-analyzer directory: [authlib](https://github.com/authlib/authlib) and [urllib3](https://github.com/urllib3/urllib3).
Bumps the uv group with 2 updates in the /python/agents/incident-management directory: [authlib](https://github.com/authlib/authlib) and [urllib3](https://github.com/urllib3/urllib3).
Bumps the uv group with 2 updates in the /python/agents/invoice-processing directory: [authlib](https://github.com/authlib/authlib) and [urllib3](https://github.com/urllib3/urllib3).
Bumps the uv group with 2 updates in the /python/agents/llm-auditor directory: [authlib](https://github.com/authlib/authlib) and [urllib3](https://github.com/urllib3/urllib3).
Bumps the uv group with 2 updates in the /python/agents/machine-learning-engineering directory: [authlib](https://github.com/authlib/authlib) and [urllib3](https://github.com/urllib3/urllib3).
Bumps the uv group with 3 updates in the /python/agents/multiformat-hybrid-rag directory: [authlib](https://github.com/authlib/authlib), [urllib3](https://github.com/urllib3/urllib3) and [langsmith](https://github.com/langchain-ai/langsmith-sdk).
Bumps the uv group with 2 updates in the /python/agents/multiformat-hybrid-rag/data_ingestion_pipeline directory: [urllib3](https://github.com/urllib3/urllib3) and [langsmith](https://github.com/langchain-ai/langsmith-sdk).
Bumps the uv group with 2 updates in the /python/agents/nexshift-agent directory: [authlib](https://github.com/authlib/authlib) and [urllib3](https://github.com/urllib3/urllib3).
Bumps the uv group with 2 updates in the /python/agents/nurse-handover directory: [authlib](https://github.com/authlib/authlib) and [urllib3](https://github.com/urllib3/urllib3).
Bumps the uv group with 2 updates in the /python/agents/on-brand-genmedia directory: [authlib](https://github.com/authlib/authlib) and [urllib3](https://github.com/urllib3/urllib3).
Bumps the uv group with 2 updates in the /python/agents/order-processing directory: [authlib](https://github.com/authlib/authlib) and [urllib3](https://github.com/urllib3/urllib3).
Bumps the uv group with 2 updates in the /python/agents/plumber-data-engineering-assistant directory: [authlib](https://github.com/authlib/authlib) and [urllib3](https://github.com/urllib3/urllib3).
Bumps the uv group with 2 updates in the /python/agents/policy-as-code directory: [authlib](https://github.com/authlib/authlib) and [urllib3](https://github.com/urllib3/urllib3).
Bumps the uv group with 3 updates in the /python/agents/product-catalog-ad-generation directory: [authlib](https://github.com/authlib/authlib), [urllib3](https://github.com/urllib3/urllib3) and [langsmith](https://github.com/langchain-ai/langsmith-sdk).
Bumps the uv group with 2 updates in the /python/agents/retail-ai-location-strategy directory: [authlib](https://github.com/authlib/authlib) and [urllib3](https://github.com/urllib3/urllib3).
Bumps the uv group with 2 updates in the /python/agents/safety-plugins directory: [authlib](https://github.com/authlib/authlib) and [urllib3](https://github.com/urllib3/urllib3).
Bumps the uv group with 2 updates in the /python/agents/small-business-loan-agent directory: [authlib](https://github.com/authlib/authlib) and [urllib3](https://github.com/urllib3/urllib3).
Bumps the uv group with 2 updates in the /python/agents/story_teller directory: [authlib](https://github.com/authlib/authlib) and [urllib3](https://github.com/urllib3/urllib3).
Bumps the uv group with 1 update in the /python/agents/supply-chain directory: [urllib3](https://github.com/urllib3/urllib3).
Bumps the uv group with 2 updates in the /python/agents/tau2-benchmark-agent directory: [authlib](https://github.com/authlib/authlib) and [urllib3](https://github.com/urllib3/urllib3).


Updates `authlib` from 1.7.0 to 1.7.1
- [Release notes](https://github.com/authlib/authlib/releases)
- [Commits](authlib/authlib@v1.7.0...1.7.1)

Updates `urllib3` from 2.6.3 to 2.7.0
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.6.3...2.7.0)

Updates `authlib` from 1.7.0 to 1.7.1
- [Release notes](https://github.com/authlib/authlib/releases)
- [Commits](authlib/authlib@v1.7.0...1.7.1)

Updates `urllib3` from 2.6.3 to 2.7.0
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.6.3...2.7.0)

Updates `authlib` from 1.6.10 to 1.6.12
- [Release notes](https://github.com/authlib/authlib/releases)
- [Commits](authlib/authlib@v1.7.0...1.7.1)

Updates `urllib3` from 2.6.3 to 2.7.0
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.6.3...2.7.0)

Updates `authlib` from 1.6.9 to 1.6.12
- [Release notes](https://github.com/authlib/authlib/releases)
- [Commits](authlib/authlib@v1.7.0...1.7.1)

Updates `urllib3` from 2.6.3 to 2.7.0
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.6.3...2.7.0)

Updates `authlib` from 1.6.9 to 1.6.12
- [Release notes](https://github.com/authlib/authlib/releases)
- [Commits](authlib/authlib@v1.7.0...1.7.1)

Updates `urllib3` from 2.6.3 to 2.7.0
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.6.3...2.7.0)

Updates `authlib` from 1.6.9 to 1.6.12
- [Release notes](https://github.com/authlib/authlib/releases)
- [Commits](authlib/authlib@v1.7.0...1.7.1)

Updates `urllib3` from 2.6.3 to 2.7.0
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.6.3...2.7.0)

Updates `authlib` from 1.7.0 to 1.7.1
- [Release notes](https://github.com/authlib/authlib/releases)
- [Commits](authlib/authlib@v1.7.0...1.7.1)

Updates `urllib3` from 2.6.3 to 2.7.0
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.6.3...2.7.0)

Updates `authlib` from 1.7.0 to 1.7.1
- [Release notes](https://github.com/authlib/authlib/releases)
- [Commits](authlib/authlib@v1.7.0...1.7.1)

Updates `urllib3` from 2.6.3 to 2.7.0
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.6.3...2.7.0)

Updates `authlib` from 1.6.9 to 1.6.12
- [Release notes](https://github.com/authlib/authlib/releases)
- [Commits](authlib/authlib@v1.7.0...1.7.1)

Updates `urllib3` from 2.6.3 to 2.7.0
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.6.3...2.7.0)

Updates `authlib` from 1.7.0 to 1.7.1
- [Release notes](https://github.com/authlib/authlib/releases)
- [Commits](authlib/authlib@v1.7.0...1.7.1)

Updates `urllib3` from 2.6.3 to 2.7.0
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.6.3...2.7.0)

Updates `authlib` from 1.6.9 to 1.6.12
- [Release notes](https://github.com/authlib/authlib/releases)
- [Commits](authlib/authlib@v1.7.0...1.7.1)

Updates `urllib3` from 2.6.3 to 2.7.0
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.6.3...2.7.0)

Updates `authlib` from 1.6.9 to 1.6.12
- [Release notes](https://github.com/authlib/authlib/releases)
- [Commits](authlib/authlib@v1.7.0...1.7.1)

Updates `authlib` from 1.7.0 to 1.7.1
- [Release notes](https://github.com/authlib/authlib/releases)
- [Commits](authlib/authlib@v1.7.0...1.7.1)

Updates `urllib3` from 2.6.3 to 2.7.0
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.6.3...2.7.0)

Updates `authlib` from 1.6.9 to 1.6.12
- [Release notes](https://github.com/authlib/authlib/releases)
- [Commits](authlib/authlib@v1.7.0...1.7.1)

Updates `urllib3` from 2.6.3 to 2.7.0
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.6.3...2.7.0)

Updates `authlib` from 1.7.0 to 1.7.1
- [Release notes](https://github.com/authlib/authlib/releases)
- [Commits](authlib/authlib@v1.7.0...1.7.1)

Updates `urllib3` from 2.6.3 to 2.7.0
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.6.3...2.7.0)

Updates `authlib` from 1.6.11 to 1.6.12
- [Release notes](https://github.com/authlib/authlib/releases)
- [Commits](authlib/authlib@v1.7.0...1.7.1)

Updates `urllib3` from 2.6.3 to 2.7.0
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.6.3...2.7.0)

Updates `authlib` from 1.6.9 to 1.6.12
- [Release notes](https://github.com/authlib/authlib/releases)
- [Commits](authlib/authlib@v1.7.0...1.7.1)

Updates `urllib3` from 2.6.3 to 2.7.0
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.6.3...2.7.0)

Updates `authlib` from 1.7.0 to 1.7.1
- [Release notes](https://github.com/authlib/authlib/releases)
- [Commits](authlib/authlib@v1.7.0...1.7.1)

Updates `urllib3` from 2.6.3 to 2.7.0
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.6.3...2.7.0)

Updates `authlib` from 1.6.3 to 1.6.12
- [Release notes](https://github.com/authlib/authlib/releases)
- [Commits](authlib/authlib@v1.7.0...1.7.1)

Updates `urllib3` from 2.5.0 to 2.7.0
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.6.3...2.7.0)

Updates `langsmith` from 0.4.28 to 0.8.0
- [Release notes](https://github.com/langchain-ai/langsmith-sdk/releases)
- [Commits](langchain-ai/langsmith-sdk@v0.4.28...v0.8.0)

Updates `authlib` from 1.6.11 to 1.6.12
- [Release notes](https://github.com/authlib/authlib/releases)
- [Commits](authlib/authlib@v1.7.0...1.7.1)

Updates `urllib3` from 2.6.3 to 2.7.0
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.6.3...2.7.0)

Updates `authlib` from 1.6.9 to 1.6.12
- [Release notes](https://github.com/authlib/authlib/releases)
- [Commits](authlib/authlib@v1.7.0...1.7.1)

Updates `urllib3` from 2.6.3 to 2.7.0
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.6.3...2.7.0)

Updates `authlib` from 1.6.10 to 1.6.12
- [Release notes](https://github.com/authlib/authlib/releases)
- [Commits](authlib/authlib@v1.7.0...1.7.1)

Updates `urllib3` from 2.6.3 to 2.7.0
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.6.3...2.7.0)

Updates `authlib` from 1.7.0 to 1.7.1
- [Release notes](https://github.com/authlib/authlib/releases)
- [Commits](authlib/authlib@v1.7.0...1.7.1)

Updates `urllib3` from 2.6.3 to 2.7.0
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.6.3...2.7.0)

Updates `authlib` from 1.6.11 to 1.6.12
- [Release notes](https://github.com/authlib/authlib/releases)
- [Commits](authlib/authlib@v1.7.0...1.7.1)

Updates `urllib3` from 2.6.3 to 2.7.0
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.6.3...2.7.0)

Updates `authlib` from 1.6.11 to 1.6.12
- [Release notes](https://github.com/authlib/authlib/releases)
- [Commits](authlib/authlib@v1.7.0...1.7.1)

Updates `urllib3` from 2.6.3 to 2.7.0
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.6.3...2.7.0)

Updates `langsmith` from 0.7.31 to 0.8.0
- [Release notes](https://github.com/langchain-ai/langsmith-sdk/releases)
- [Commits](langchain-ai/langsmith-sdk@v0.4.28...v0.8.0)

Updates `urllib3` from 2.6.3 to 2.7.0
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.6.3...2.7.0)

Updates `langsmith` from 0.7.3 to 0.8.0
- [Release notes](https://github.com/langchain-ai/langsmith-sdk/releases)
- [Commits](langchain-ai/langsmith-sdk@v0.4.28...v0.8.0)

Updates `authlib` from 1.6.9 to 1.6.12
- [Release notes](https://github.com/authlib/authlib/releases)
- [Commits](authlib/authlib@v1.7.0...1.7.1)

Updates `urllib3` from 2.6.3 to 2.7.0
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.6.3...2.7.0)

Updates `authlib` from 1.6.9 to 1.6.12
- [Release notes](https://github.com/authlib/authlib/releases)
- [Commits](authlib/authlib@v1.7.0...1.7.1)

Updates `urllib3` from 2.6.3 to 2.7.0
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.6.3...2.7.0)

Updates `authlib` from 1.7.0 to 1.7.1
- [Release notes](https://github.com/authlib/authlib/releases)
- [Commits](authlib/authlib@v1.7.0...1.7.1)

Updates `urllib3` from 2.6.3 to 2.7.0
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.6.3...2.7.0)

Updates `authlib` from 1.6.9 to 1.6.12
- [Release notes](https://github.com/authlib/authlib/releases)
- [Commits](authlib/authlib@v1.7.0...1.7.1)

Updates `urllib3` from 2.6.3 to 2.7.0
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.6.3...2.7.0)

Updates `authlib` from 1.7.0 to 1.7.1
- [Release notes](https://github.com/authlib/authlib/releases)
- [Commits](authlib/authlib@v1.7.0...1.7.1)

Updates `urllib3` from 2.6.3 to 2.7.0
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.6.3...2.7.0)

Updates `authlib` from 1.6.9 to 1.6.12
- [Release notes](https://github.com/authlib/authlib/releases)
- [Commits](authlib/authlib@v1.7.0...1.7.1)

Updates `urllib3` from 2.6.3 to 2.7.0
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.6.3...2.7.0)

Updates `authlib` from 1.7.0 to 1.7.1
- [Release notes](https://github.com/authlib/authlib/releases)
- [Commits](authlib/authlib@v1.7.0...1.7.1)

Updates `urllib3` from 2.6.3 to 2.7.0
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.6.3...2.7.0)

Updates `langsmith` from 0.7.38 to 0.8.0
- [Release notes](https://github.com/langchain-ai/langsmith-sdk/releases)
- [Commits](langchain-ai/langsmith-sdk@v0.4.28...v0.8.0)

Updates `authlib` from 1.6.9 to 1.6.12
- [Release notes](https://github.com/authlib/authlib/releases)
- [Commits](authlib/authlib@v1.7.0...1.7.1)

Updates `urllib3` from 2.6.3 to 2.7.0
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.6.3...2.7.0)

Updates `authlib` from 1.6.9 to 1.6.12
- [Release notes](https://github.com/authlib/authlib/releases)
- [Commits](authlib/authlib@v1.7.0...1.7.1)

Updates `urllib3` from 2.6.3 to 2.7.0
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.6.3...2.7.0)

Updates `authlib` from 1.7.0 to 1.7.1
- [Release notes](https://github.com/authlib/authlib/releases)
- [Commits](authlib/authlib@v1.7.0...1.7.1)

Updates `urllib3` from 2.6.3 to 2.7.0
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.6.3...2.7.0)

Updates `authlib` from 1.6.9 to 1.6.12
- [Release notes](https://github.com/authlib/authlib/releases)
- [Commits](authlib/authlib@v1.7.0...1.7.1)

Updates `urllib3` from 2.6.3 to 2.7.0
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.6.3...2.7.0)

Updates `urllib3` from 2.6.3 to 2.7.0
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.6.3...2.7.0)

Updates `authlib` from 1.6.6 to 1.6.12
- [Release notes](https://github.com/authlib/authlib/releases)
- [Commits](authlib/authlib@v1.7.0...1.7.1)

Updates `urllib3` from 2.6.3 to 2.7.0
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.6.3...2.7.0)

---
updated-dependencies:
- dependency-name: authlib
  dependency-version: 1.7.1
  dependency-type: indirect
  dependency-group: uv
- dependency-name: urllib3
  dependency-version: 2.7.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: authlib
  dependency-version: 1.7.1
  dependency-type: indirect
  dependency-group: uv
- dependency-name: urllib3
  dependency-version: 2.7.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: authlib
  dependency-version: 1.6.12
  dependency-type: indirect
  dependency-group: uv
- dependency-name: urllib3
  dependency-version: 2.7.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: authlib
  dependency-version: 1.6.12
  dependency-type: indirect
  dependency-group: uv
- dependency-name: urllib3
  dependency-version: 2.7.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: authlib
  dependency-version: 1.6.12
  dependency-type: indirect
  dependency-group: uv
- dependency-name: urllib3
  dependency-version: 2.7.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: authlib
  dependency-version: 1.6.12
  dependency-type: indirect
  dependency-group: uv
- dependency-name: urllib3
  dependency-version: 2.7.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: authlib
  dependency-version: 1.7.1
  dependency-type: indirect
  dependency-group: uv
- dependency-name: urllib3
  dependency-version: 2.7.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: authlib
  dependency-version: 1.7.1
  dependency-type: indirect
  dependency-group: uv
- dependency-name: urllib3
  dependency-version: 2.7.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: authlib
  dependency-version: 1.6.12
  dependency-type: indirect
  dependency-group: uv
- dependency-name: urllib3
  dependency-version: 2.7.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: authlib
  dependency-version: 1.7.1
  dependency-type: indirect
  dependency-group: uv
- dependency-name: urllib3
  dependency-version: 2.7.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: authlib
  dependency-version: 1.6.12
  dependency-type: indirect
  dependency-group: uv
- dependency-name: urllib3
  dependency-version: 2.7.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: authlib
  dependency-version: 1.6.12
  dependency-type: indirect
  dependency-group: uv
- dependency-name: authlib
  dependency-version: 1.7.1
  dependency-type: indirect
  dependency-group: uv
- dependency-name: urllib3
  dependency-version: 2.7.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: authlib
  dependency-version: 1.6.12
  dependency-type: indirect
  dependency-group: uv
- dependency-name: urllib3
  dependency-version: 2.7.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: authlib
  dependency-version: 1.7.1
  dependency-type: indirect
  dependency-group: uv
- dependency-name: urllib3
  dependency-version: 2.7.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: authlib
  dependency-version: 1.6.12
  dependency-type: indirect
  dependency-group: uv
- dependency-name: urllib3
  dependency-version: 2.7.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: authlib
  dependency-version: 1.6.12
  dependency-type: indirect
  dependency-group: uv
- dependency-name: urllib3
  dependency-version: 2.7.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: authlib
  dependency-version: 1.7.1
  dependency-type: indirect
  dependency-group: uv
- dependency-name: urllib3
  dependency-version: 2.7.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: authlib
  dependency-version: 1.6.12
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: urllib3
  dependency-version: 2.7.0
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: langsmith
  dependency-version: 0.8.0
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: authlib
  dependency-version: 1.6.12
  dependency-type: indirect
  dependency-group: uv
- dependency-name: urllib3
  dependency-version: 2.7.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: authlib
  dependency-version: 1.6.12
  dependency-type: indirect
  dependency-group: uv
- dependency-name: urllib3
  dependency-version: 2.7.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: authlib
  dependency-version: 1.6.12
  dependency-type: indirect
  dependency-group: uv
- dependency-name: urllib3
  dependency-version: 2.7.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: authlib
  dependency-version: 1.7.1
  dependency-type: indirect
  dependency-group: uv
- dependency-name: urllib3
  dependency-version: 2.7.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: authlib
  dependency-version: 1.6.12
  dependency-type: indirect
  dependency-group: uv
- dependency-name: urllib3
  dependency-version: 2.7.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: authlib
  dependency-version: 1.6.12
  dependency-type: indirect
  dependency-group: uv
- dependency-name: urllib3
  dependency-version: 2.7.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: langsmith
  dependency-version: 0.8.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: urllib3
  dependency-version: 2.7.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: langsmith
  dependency-version: 0.8.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: authlib
  dependency-version: 1.6.12
  dependency-type: indirect
  dependency-group: uv
- dependency-name: urllib3
  dependency-version: 2.7.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: authlib
  dependency-version: 1.6.12
  dependency-type: indirect
  dependency-group: uv
- dependency-name: urllib3
  dependency-version: 2.7.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: authlib
  dependency-version: 1.7.1
  dependency-type: indirect
  dependency-group: uv
- dependency-name: urllib3
  dependency-version: 2.7.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: authlib
  dependency-version: 1.6.12
  dependency-type: indirect
  dependency-group: uv
- dependency-name: urllib3
  dependency-version: 2.7.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: authlib
  dependency-version: 1.7.1
  dependency-type: indirect
  dependency-group: uv
- dependency-name: urllib3
  dependency-version: 2.7.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: authlib
  dependency-version: 1.6.12
  dependency-type: indirect
  dependency-group: uv
- dependency-name: urllib3
  dependency-version: 2.7.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: authlib
  dependency-version: 1.7.1
  dependency-type: indirect
  dependency-group: uv
- dependency-name: urllib3
  dependency-version: 2.7.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: langsmith
  dependency-version: 0.8.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: authlib
  dependency-version: 1.6.12
  dependency-type: indirect
  dependency-group: uv
- dependency-name: urllib3
  dependency-version: 2.7.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: authlib
  dependency-version: 1.6.12
  dependency-type: indirect
  dependency-group: uv
- dependency-name: urllib3
  dependency-version: 2.7.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: authlib
  dependency-version: 1.7.1
  dependency-type: indirect
  dependency-group: uv
- dependency-name: urllib3
  dependency-version: 2.7.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: authlib
  dependency-version: 1.6.12
  dependency-type: indirect
  dependency-group: uv
- dependency-name: urllib3
  dependency-version: 2.7.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: urllib3
  dependency-version: 2.7.0
  dependency-type: indirect
  dependency-group: uv
- dependency-name: authlib
  dependency-version: 1.6.12
  dependency-type: indirect
  dependency-group: uv
- dependency-name: urllib3
  dependency-version: 2.7.0
  dependency-type: indirect
  dependency-group: uv
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot requested a review from eliasecchig as a code owner May 17, 2026 01:21
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels May 17, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

@eliasecchig eliasecchig Awaiting requested review from eliasecchig eliasecchig is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants