build(deps): bump the python-deps group across 1 directory with 21 updates

[dependabot]

Bumps the python-deps group with 19 updates in the / directory:

Package	From	To
redis	7.4.0	8.0.1
tuf	6.0.0	7.0.0
dynaconf	3.2.13	3.3.0
sqlalchemy	2.0.49	2.0.51
psycopg2	2.9.11	2.9.12
alembic	1.18.4	1.18.5
pydantic	2.12.5	2.13.4
boto3	1.42.85	1.43.36
awswrangler	3.15.1	3.17.0
sigstore	4.2.0	4.3.0
pymysql	1.1.2	1.2.0
google-cloud-kms	3.12.0	3.14.0
tox	4.52.0	4.56.1
coverage	7.13.5	7.14.3
ruff	0.15.9	0.15.20
mypy	1.20.0	2.1.0
pytest	9.0.3	9.1.1
pre-commit	4.5.1	4.6.0
myst-parser	5.0.0	5.1.0

Updates redis from 7.4.0 to 8.0.1

Release notes

Sourced from redis's releases.

8.0.1

Changes

🐛 Bug Fixes

• Fix Unix socket maintenance notification handling and tests (#4097)
• Fix async cluster node connection release on write errors (#4111)
• Fixed async MultiDBClient with underlying RedisCluster (#4108)
• Fix hiredis readiness checks for high file descriptors (#4115)
• fix(search): parse RESP3 FT.SEARCH responses with bytes-typed keys (#4109)
• Fixing pubsub's listen method to be blocking. (#4119)
• fix(asyncio): release pooled connection when Pipeline.reset() is cancelled (#4123)
• Avoid per-check fd allocation in hiredis _socket_can_read() — use poll() instead of a per-call selector (#4118)

🧰 Maintenance

• Updating PyJWT dependency. (#4100)
• Update CI badge in README.md (#4099)
• Add missing url query argument parser for ssl_min_version (#4047)
• ci: least-privilege permissions on spellcheck (read) and stale-issues (job-level write for actions/stale) (#4080)
• Bumping github-versions actions (#4102)
• Updating lib version + supported Redis versions in README.md + updating the Redis versions in CI test matrix (#4092)

We'd like to thank all the contributors who worked on this release! @​violuke @​mokashang @​arpitjain099 @​coredumperror @​elena-kolevska @​vladvildanov @​petyaslavova

8.0.0

Changes

🚀 Highlights

Async Cluster PubSub

This release introduces full asyncio Cluster PubSub support, bringing shard-channel capabilities (SSUBSCRIBE, SUNSUBSCRIBE, SPUBLISH) to the async RedisCluster client. The new ClusterPubSub class in redis.asyncio.cluster automatically routes shard-channel subscriptions to the correct cluster node based on key-slot hashing, manages per-node PubSub connections, and supports round-robin message retrieval across nodes. Users can create a cluster pubsub instance via RedisCluster.pubsub() and use ssubscribe(), sunsubscribe(), and get_sharded_message() just as they would with the sync cluster client.

Keyspace and subkey notifications

Redis Keyspace Notifications are now supported for standalone and cluster deployments in both sync and async modes. New classes — KeyspaceNotifications, ClusterKeyspaceNotifications, AsyncKeyspaceNotifications, and AsyncClusterKeyspaceNotifications — provide a high-level API for keyspace/keyevent subscriptions and subkey notification families: subkeyspace, subkeyevent, subkeyspaceitem, and subkeyspaceevent. Convenience methods like subscribe_keyspace(), subscribe_keyevent(), subscribe_subkeyspace(), subscribe_subkeyevent(), subscribe_subkeyspaceitem(), and subscribe_subkeyspaceevent() simplify common patterns, with channel classes for both key and subkey channels.

In cluster mode, subscriptions are managed across primary nodes because each node emits notifications only for keys it owns, with built-in topology-change handling. Sync run_in_thread() and async listen() workflows are supported.

Redis Array commands(https://redis.io/docs/latest/develop/data-types/arrays/)

redis-py now supports Redis Arrays, a preview Redis data type for sparse, index-addressable sequences of strings. New AR* command helpers cover indexed reads/writes, range scans, deletion, cursor-based insertion, ring-buffer writes, metadata, text search, and aggregation, including ARGET, ARSET, ARMGET, ARMSET, ARSCAN, ARGREP, ARRING, and AROP.

Type Hints Improvements (breaking changes)

The @overload pattern has been applied systematically across core commands (core.py), VectorSet commands, and module commands (Search, JSON, TimeSeries, Bloom filters) to provide distinct return types for sync and async clients. Previously, methods returned a combined ResponseT (i.e., Union[Awaitable[Any], Any]), which caused static analysis tools like mypy and Pyright to flag false positives. Now, sync clients see concrete return types (e.g., int, bool, list[str]) while async clients see Awaitable[...] wrappers. This is a breaking change for type-checking only—runtime behavior is unchanged, but code relying on the old union return types in type annotations may need updates. Two new protocol types, SyncClientProtocol and AsyncClientProtocol, are used in overload signatures to enable this distinction.

RESP3 by default with opt-in unified responses

... (truncated)

Commits

• 7c0fd11 Updating lib version to 8.0.1
• b7a4d7d Avoid per-check fd allocation in hiredis _socket_can_read() — use poll() ...
• eec778e fix(asyncio): release pooled connection when Pipeline.reset() is cancelled (#...
• 08e01bb Fixing pubsub's listen method to be blocking. (#4119)
• 3d5257a fix(search): parse RESP3 FT.SEARCH responses with bytes-typed keys (#4109)
• cce28ff Fix hiredis readiness checks for high file descriptors (#4115)
• e20691c Fixed async MultiDBClient with underlying RedisCluster (#4108)
• ea37fcc Fix async cluster node connection release on write errors (#4111)
• f4146fa Updating lib version + supported Redis versions in README.md + updating the R...
• d47674e Bumping github-versions actions (#4102)
• Additional commits viewable in compare view

Updates tuf from 6.0.0 to 7.0.0

Release notes

Sourced from tuf's releases.

v7.0.0

This is a major release only because of a minor ngclient API tweak: there are no large functional changes.

Fixed

• Fix GHSA-qp9x-wp8f-qgjj: Incorrect delegation path matching on Windows
• Various documentation fixes (#2812, #2922, #2923)

Changed

• ngclient: Updater() now requires the named bootstrap argument to make it clearer that providing one is strongly recommended: previous default functionality can be reproduced with bootstrap=None (#2903)
• Prepare for removal of securesystemslib.hash (#2815)

Changelog

Sourced from tuf's changelog.

v7.0.0

This is a major release only because of a minor ngclient API tweak: there are no large functional changes.

Fixed

• Fix GHSA-qp9x-wp8f-qgjj: Incorrect delegation path matching on Windows
• Various documentation fixes (#2812, #2922, #2923)

Changed

• ngclient: Updater() now requires the named bootstrap argument to make it clearer that providing one is strongly recommended: previous default functionality can be reproduced with bootstrap=None (#2903)
• Prepare for removal of securesystemslib.hash (#2815)

Commits

• 353bdb7 Merge pull request #2942 from jku/release-prep
• 85ce3e8 Prepare 7.0 release
• 1a62020 Merge commit from fork
• 5c0c36d Merge pull request #2938 from theupdateframework/dependabot/pip/test-and-lint...
• 57cc1a7 Merge pull request #2937 from theupdateframework/dependabot/pip/build-and-rel...
• 9d7d1b9 Merge pull request #2939 from theupdateframework/dependabot/pip/dependencies-...
• be4f314 Merge pull request #2941 from theupdateframework/dependabot/github_actions/ac...
• 6348502 build(deps): bump the action-dependencies group across 1 directory with 2 upd...
• 4b6e35a build(deps): bump cryptography in the dependencies group
• 4883f02 build(deps): bump the test-and-lint-dependencies group with 2 updates
• Additional commits viewable in compare view

Updates dynaconf from 3.2.13 to 3.3.0

Release notes

Sourced from dynaconf's releases.

3.3.0

3.3.0 - 2026-06-24

Bug Fixes

• Fix index merge padding scalar lists with empty lists instead of None (#1380). By Sarath Francis.
• raise FileNotFoundError from load_file on missing path when silent=False. By Sai Asish Y.
• support Redis URL scheme for TLS connections (#1343). By Varun Chawla.
• support async contexts. By Bruno Rocha.
• codacy suggestions. By Bruno Rocha.
• more improvements on edge cases of converters. By Bruno Rocha.
• Extra improvements on converters. By Bruno Rocha.
• Replace regex on read_file converter. By Bruno Rocha.
• replace regex with simple if on get converter. By Bruno Rocha.
• 1307 run fix_absolute_urls eagerly for Django. By Bruno Rocha.
• make DataDict.dir compatible with Box. By Pedro Brochado.
• get method to return Any type. (#1315). By Bruno Cesar Rocha.
• remove unnecessary recursive evaluation call on Settings.get. By Pedro Brochado.
• -k must exit code 1 when key do not exist (#1293). By Bruno Rocha.
• use sys.argv instead of click.get_os_args (#1292). By Bruno Rocha.
• make raw variables private (#1287). By Fabricio Aguiar.
• Better way for CLI to find the Django Settings. By Bruno Rocha.
• handle empty hooks and boolean environments.. By Bruno Rocha.
• Hotfix hook collector to avoid eager evaluation. (#1255) (#1256). By Bruno Rocha.
• Ensure an error is raised when loading files with syntax errors (#1243). By Pedro Brochado.
• using merge with comma separated values will infer type [port of #1240]. By Bruno Rocha.
• Handle @insert with -1. By Bruno Rocha.
• Redis loader must handle an empty prefix. By Bruno Rocha.
• Ensure CLI can load settings from a base DJANGO_SETTINGS_MODULE. By Bruno Rocha.
• When --json is used in CLI list, does not print django app detected. By Bruno Rocha.
• when using load_file method, inspect will save module:linenumber from the caller.. By Bruno Rocha.
• Implement repr for combined validators (#1200). By Bruno Rocha.
• lazy validator's default value would evalute early (#1197). By Pedro Brochado.
• Fixed an error that would raise when using get_history() with lazy values (#1184). By Pedro Brochado.
• del attr wouldnt work with lowercase (#1168). By Pedro Brochado.
• Improve performance of Access Hooks (#1164). By Bruno Rocha.
• Ignore if file doesn't exist (#1159). By Bruno Rocha.
• Enable merge on settings.populate_obj (#1118). By Bruno Rocha.
• Add Django 5 transformation of STATIC_URL (#1117). By Bruno Rocha.
• Allow disabling transformation of dict to Dynabox (#1115). By Bruno Rocha.
• Support Nested Subtypes and Enclosed types (#1109). By Bruno Rocha.
• #1088 fresh vars definition case insensitive (#1091). By Bruno Rocha.
• Allow multiple validators with cast for the same field (#1080). By Bruno Rocha.
• Stop converting default when is_type_of is set to str (#1066). By Bruno Rocha.

Features

• add Settings-level caching mechanism. By Pedro Brochado.
• Add @read_file converter (#1291). By Bruno Rocha.
• envless load file (#1295). By Bruno Rocha.

... (truncated)

Changelog

Sourced from dynaconf's changelog.

3.3.0 - 2026-06-24

Bug Fixes

• Fix index merge padding scalar lists with empty lists instead of None (#1380). By Sarath Francis.
• raise FileNotFoundError from load_file on missing path when silent=False. By Sai Asish Y.
• support Redis URL scheme for TLS connections (#1343). By Varun Chawla.
• support async contexts. By Bruno Rocha.
• codacy suggestions. By Bruno Rocha.
• more improvements on edge cases of converters. By Bruno Rocha.
• Extra improvements on converters. By Bruno Rocha.
• Replace regex on read_file converter. By Bruno Rocha.
• replace regex with simple if on get converter. By Bruno Rocha.
• 1307 run fix_absolute_urls eagerly for Django. By Bruno Rocha.
• make DataDict.dir compatible with Box. By Pedro Brochado.
• get method to return Any type. (#1315). By Bruno Cesar Rocha.
• remove unnecessary recursive evaluation call on Settings.get. By Pedro Brochado.
• -k must exit code 1 when key do not exist (#1293). By Bruno Rocha.
• use sys.argv instead of click.get_os_args (#1292). By Bruno Rocha.
• make raw variables private (#1287). By Fabricio Aguiar.
• Better way for CLI to find the Django Settings. By Bruno Rocha.
• handle empty hooks and boolean environments.. By Bruno Rocha.
• Hotfix hook collector to avoid eager evaluation. (#1255) (#1256). By Bruno Rocha.
• Ensure an error is raised when loading files with syntax errors (#1243). By Pedro Brochado.
• using merge with comma separated values will infer type [port of #1240]. By Bruno Rocha.
• Handle @insert with -1. By Bruno Rocha.
• Redis loader must handle an empty prefix. By Bruno Rocha.
• Ensure CLI can load settings from a base DJANGO_SETTINGS_MODULE. By Bruno Rocha.
• When --json is used in CLI list, does not print django app detected. By Bruno Rocha.
• when using load_file method, inspect will save module:linenumber from the caller.. By Bruno Rocha.
• Implement repr for combined validators (#1200). By Bruno Rocha.
• lazy validator's default value would evalute early (#1197). By Pedro Brochado.
• Fixed an error that would raise when using get_history() with lazy values (#1184). By Pedro Brochado.
• del attr wouldnt work with lowercase (#1168). By Pedro Brochado.
• Improve performance of Access Hooks (#1164). By Bruno Rocha.
• Ignore if file doesn't exist (#1159). By Bruno Rocha.
• Enable merge on settings.populate_obj (#1118). By Bruno Rocha.
• Add Django 5 transformation of STATIC_URL (#1117). By Bruno Rocha.
• Allow disabling transformation of dict to Dynabox (#1115). By Bruno Rocha.
• Support Nested Subtypes and Enclosed types (#1109). By Bruno Rocha.
• #1088 fresh vars definition case insensitive (#1091). By Bruno Rocha.
• Allow multiple validators with cast for the same field (#1080). By Bruno Rocha.
• Stop converting default when is_type_of is set to str (#1066). By Bruno Rocha.

Features

• add Settings-level caching mechanism. By Pedro Brochado.
• Add @read_file converter (#1291). By Bruno Rocha.
• envless load file (#1295). By Bruno Rocha.
• Run CLI as module with python -m dynaconf (#1290). By Bruno Rocha.

... (truncated)

Commits

• f425fdb Release version 3.3.0
• 10d090b chore(ci): disable backport creation for 3.3.0 release only
• 0b7aaa4 chore(ci): go back to using uv sync + uv run
• ec6119f chore(ci): update to use uv tool install
• 2068632 chore(ci): add missing venv creation to uv install
• a6393f1 chore(ci): remove unnecessary uv install from workflows
• a49ba70 chore(ci): don't generate uv.lock for release/publish workflows
• 8d8e061 chore(ci): add new release 'framework' to the CI
• 2edaa2c refactor(cache): scope value cache to instance and remove global id counter
• 70164ce docs: Fix broken links and wrong merge behavior
• Additional commits viewable in compare view

Updates securesystemslib from 1.3.1 to 1.4.0

Release notes

Sourced from securesystemslib's releases.

v1.4.0

See CHANGELOG.md for details.

Changelog

Sourced from securesystemslib's changelog.

securesystemslib v1.4.0

Fixed

• HSMSigner: Fix usage with multi-byte keyids (#1107)

Changed

• SigstoreSigner: Update to current sigstore-python API (#1035)
• Deprecate Python 3.9 support (#1069)
• Various testing changes -- note that AWS is currently not tested in CI (see #1104)

Commits

• 47b0f45 Merge pull request #1130 from jku/prep-1.4.0
• e4f4bda Prepare 1.4.0
• 3e130e8 Merge pull request #1107 from Spinbazz/fix/cka_id_size_limit
• a690d88 Merge pull request #1127 from secure-systems-lab/dependabot/pip/test-and-lint...
• c03c919 build(deps): bump the test-and-lint-dependencies group with 2 updates
• 6363b26 lint fixes
• e4d0d33 Fix issue with odd hex length keyids
• 442d842 Merge pull request #1121 from secure-systems-lab/dependabot/pip/build-and-rel...
• 5cfe19e Merge pull request #1083 from jku/enable-hsm-tests-on-mac
• 2303329 tests: Enable HSM tests on Mac
• Additional commits viewable in compare view

Updates sqlalchemy from 2.0.49 to 2.0.51

Release notes

Sourced from sqlalchemy's releases.

2.0.51

Released: June 15, 2026

orm

• [orm] [bug] Fixed issue where _orm.subqueryload() combined with PropComparator.of_type() and PropComparator.and_() would silently drop the additional filter criteria, causing all related objects to be loaded instead of only those matching the filter. The LoaderCriteriaOption was being constructed against the base entity rather than the effective entity indicated by PropComparator.of_type(). Pull request courtesy Arya Rizky.

  References: #13207

• [orm] [bug] Fixed bug where a failure during tpc_prepare() within _orm.Session.commit() for a two-phase session would raise IllegalStateChangeError instead of the original database exception. The internal _prepare_impl() method's error handler was unable to invoke _orm.SessionTransaction.rollback() due to a state-change guard, preventing proper cleanup and masking the underlying error.

  References: #13356

engine

• [engine] [bug] Fixed issue where Result.freeze() would lose track of ambiguous column names present in the original CursorResult, causing key-based access on the thawed result to silently return a value instead of raising InvalidRequestError. The SimpleResultMetaData now accepts and propagates ambiguous key information so that frozen, thawed, and pickled results raise consistently for duplicate column names. Pull request courtesy Saurabh Kohli.

  References: #9427

sql

• [sql] [bug] Fixed issue where _sql.StatementLambdaElement would proxy attribute access through the cached "expected" expression rather than the resolved expression, causing stale closure-bound parameter values to be used when a lambda statement was extended with non-lambda criteria such as an additional .where() clause. Courtesy cjc0013.

  References: #10827

... (truncated)

Commits

• See full diff in compare view

Updates psycopg2 from 2.9.11 to 2.9.12

Changelog

Sourced from psycopg2's changelog.

Current release

What's new in psycopg 2.9.12 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Fix infinite loop with malformed interval (:ticket:1835).

What's new in psycopg 2.9.11 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Add support for Python 3.14.
• Avoid a segfault passing more arguments than placeholders if Python is built with assertions enabled (:ticket:[#1791](https://github.com/psycopg/psycopg2/issues/1791)).
• Add riscv64 platform binary packages (:ticket:[#1813](https://github.com/psycopg/psycopg2/issues/1813)).
• ~psycopg2.errorcodes map and ~psycopg2.errors classes updated to PostgreSQL 18.
• Drop support for Python 3.8.

What's new in psycopg 2.9.10 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Add support for Python 3.13.
• Receive notifications on commit (:ticket:[#1728](https://github.com/psycopg/psycopg2/issues/1728)).
• ~psycopg2.errorcodes map and ~psycopg2.errors classes updated to PostgreSQL 17.
• Drop support for Python 3.7.

What's new in psycopg 2.9.9 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Add support for Python 3.12.
• Drop support for Python 3.6.

What's new in psycopg 2.9.8 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Wheel package bundled with PostgreSQL 16 libpq in order to add support for recent features, such as sslcertmode.

What's new in psycopg 2.9.7 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Fix propagation of exceptions raised during module initialization (:ticket:[#1598](https://github.com/psycopg/psycopg2/issues/1598)).

... (truncated)

Commits

• 3a6d9d6 ci: include almalinux in whieel building
• ebca6bf chore: bump to version 3.9.12
• 0196f02 build(deps): bump pypa/cibuildwheel from 3.3.1 to 3.4.0
• d157bdc build(deps): bump docker/setup-qemu-action from 3 to 4
• 7fccc0f build(deps): bump actions/upload-artifact from 6 to 7
• d52a61e chore: bump dependency libraries
• b231d72 chore: fix building binary images
• 6d76e84 Merge pull request #1836 from psycopg/fix-1835
• f7e314c fix: overflow in malformed interval
• eb905c1 docs: replace bare except clause with except Exception
• Additional commits viewable in compare view

Updates alembic from 1.18.4 to 1.18.5

Release notes

Sourced from alembic's releases.

1.18.5

Released: June 25, 2026

usecase

• [usecase] [commands] Added --splice support to the merge() command. Previously, the merge command would suggest using --splice when attempting to merge non-head revisions, but the flag was not actually accepted by the command. The splice parameter is now available in both the command-line interface and the command.merge() function, matching the existing support in command.revision(). Pull request courtesy Kadir Can Ozden.

  References: #1712

• [usecase] [environment] Added ScriptDirectory.get_heads.consider_depends_on parameter to ScriptDirectory.get_heads(). When set to True, head revisions that are also a dependency of another revision via depends_on are excluded from the result, matching the effective heads that would be present in the alembic_version table after running all upgrades.

  References: #1806

bug

• [bug] [autogenerate] Fixed rendering of dialect keyword arguments containing ~sqlalchemy.schema.Column objects within sequences, such as postgresql_include. These were previously rendered using repr(), producing invalid Python in the generated migration scripts. Column objects within list or tuple values are now correctly rendered as their string column names. Pull request courtesy Ajay Singh.

  References: #1258

• [bug] [mysql] Implemented type comparison for ENUM datatypes on MySQL, which checks that the individual enum values are equivalent. If additional entries are on either side, this generates a diff. Changes of order do not generate a diff. Pull request courtesy Furkan Köykıran.

  References: #1745, #779

• [bug] [operations] Fixed bug where the inline_references parameter of Operations.add_column() did not include foreign key referential actions such as ON DELETE, ON UPDATE, DEFERRABLE, INITIALLY, and MATCH when rendering the inline REFERENCES clause.

... (truncated)

Commits

• See full diff in compare view

Updates pydantic from 2.12.5 to 2.13.4

Release notes

Sourced from pydantic's releases.

v2.13.4 2026-05-06

v2.13.4 (2026-05-06)

What's Changed

Packaging

• Bump libc from 0.2.155 to 0.2.185 by @​Viicos in #13109
• Adapt pydantic-core linker flags on macOS by @​washingtoneg and @​Viicos in #13147

Fixes

• Preserve RootModel core metadata by @​Viicos in #13129

Full Changelog: pydantic/pydantic@v2.13.3...v2.13.4

v2.13.3 2026-04-20

v2.13.3 (2026-04-20)

What's Changed

Fixes

• Handle AttributeError subclasses with from_attributes by @​Viicos in #13096

Full Changelog: pydantic/pydantic@v2.13.2...v2.13.3

v2.13.2 2026-04-17

v2.13.2 (2026-04-17)

What's Changed

Fixes

• Fix ValidationInfo.field_name missing with model_validate_json() by @​Viicos in #13084

Full Changelog: pydantic/pydantic@v2.13.1...v2.13.2

v2.13.1 2026-04-15

v2.13.1 (2026-04-15)

What's Changed

Fixes

• Fix ValidationInfo.data missing with model_validate_json() by @​davidhewitt in #13079

Full Changelog: pydantic/pydantic@v2.13.0...v2.13.1

v2.13.0 2026-04-13

... (truncated)

Changelog

Sourced from pydantic's changelog.

v2.13.4 (2026-05-06)

GitHub release

What's Changed

Packaging

• Bump libc from 0.2.155 to 0.2.185 by @​Viicos in #13109
• Adapt pydantic-core linker flags on macOS by @​washingtoneg and @​Viicos in #13147

Fixes

• Preserve RootModel core metadata by @​Viicos in #13129

v2.13.3 (2026-04-20)

GitHub release

What's Changed

Fixes

• Handle AttributeError subclasses with from_attributes by @​Viicos in #13096

v2.13.2 (2026-04-17)

GitHub release

What's Changed

Fixes

• Fix ValidationInfo.field_name missing with model_validate_json() by @​Viicos in #13084

v2.13.1 (2026-04-15)

GitHub release

What's Changed

Fixes

• Fix ValidationInfo.data missing with model_validate_json() by @​davidhewitt in #13079

v2.13.0 (2026-04-13)

GitHub release

The highlights of the v2.13 release are available in the blog post.

... (truncated)

Commits

• cf67d4b Fix linting
• f0d8a21 Prepare release v2.13.4
• 5e3fe1d Check for pydantic tag pattern in CI
• 7f9edcc Document tagging conventions
• b46a0c9 Adapt pydantic-core linker flags on macOS
• 50629c8 Update to PyPy 7.3.22
• 8522ebb Preserve RootModel core metadata
• a37f3af Adapt MISSING sentinel test to work with unreleased typing_extensions ver...
• 909259a Remove Logfire example in documentation
• 2c4174c Bump libc from 0.2.155 to 0.2.185
• Additional commits viewable in compare view

Updates boto3 from 1.42.85 to 1.43.36

Commits

• 1d26f21 Merge branch 'release-1.43.36'
• 111333b Bumping version to 1.43.36
• 9d1fa23 Add changelog entries from botocore
• 6d7f3c2 Update security docs to use newer versions of openssl and python (#4796)
• c5b26ca Merge branch 'release-1.43.35'
• c3750ac Merge branch 'release-1.43.35' into develop
• 46e77cd Bumping version to 1.43.35
• 9919ede Add changelog entries from botocore
• 1820b7d Merge branch 'release-1.43.34'
• 0065dbe Merge branch 'release-1.43.34' into develop
• Additional commits viewable in compare view

Updates awswrangler from 3.15.1 to 3.17.0

Release notes

Sourced from awswrangler's releases.

AWS SDK for pandas 3.17.0

Notable Changes ⚠️

• chore(lambda-layer): bump pyarrow to 24.0.0 by @​PatrickBunker in aws/aws-sdk-pandas#3375

Features / Enhancements 🚀

• feat: Support S3 Vectors by @​kukushking in aws/aws-sdk-pandas#3330
• feat(data-types): Support PyArrow ExtensionTypes in pyarrow2athena by @​richacode007-byte in aws/aws-sdk-pandas#3351
• feat(dynamodb): add key_schema parameter to read_items to bypass Desc… by @​jagannalla in aws/aws-sdk-pandas#3352

Bugfixes 🐛

• fix: preserve column names with spaces in wr.redshift.copy() by @​hirenkumar-n-dholariya in aws/aws-sdk-pandas#3298
• fix: reduce Lambda layer size by building Arrow without ICU by @​bujjibabukatta in aws/aws-sdk-pandas#3336
• fix(neptune): validate IRI cell values in to_rdf_graph by @​kukushking in aws/aws-sdk-pandas#3369
• fix(athena): escape single quotes in iceberg DDL splices by @​kukushking in aws/aws-sdk-pandas#3372

Security / Dependency Updates 🛡️

• chore(deps): bump redshift-connector from 2.1.13 to 2.1.14 by @​dependabot[bot] in aws/aws-sdk-pandas#3349
• chore(deps): bump the production-dependencies group across 1 directory with 11 updates by @​dependabot[bot] in aws/aws-sdk-pandas#3339
• chore(deps): bump aiohttp from 3.13.5 to 3.14.0 by @​dependabot[bot] in aws/aws-sdk-pandas#3353
• chore(deps): bump urllib3 from 2.6.3 to 2.7.0 by @​dependabot[bot] in aws/aws-sdk-pandas#3332
• chore(deps): bump mistune from 3.2.0 to 3.2.1 by @​dependabot[bot] in aws/aws-sdk-pandas#3327
• chore(deps): bump idna from 3.11 to 3.15 by @​dependabot[bot] in aws/aws-sdk-pandas#3337
• chore(deps): bump uv from 0.11.6 to 0.11.15 by @​dependabot[bot] in aws/aws-sdk-pandas#3348
• chore(deps): bump jupyter-server from 2.17.0 to 2.18.0 by @​dependabot[bot] in aws/aws-sdk-pandas#3354
• chore(deps): bump async-timeout from 4.0.3 to 5.0.1 in the production-dependencies group by @​dependabot[bot] in aws/aws-sdk-pandas#3356
• chore(deps-dev): bump the development-dependencies group across 1 directory with 15 updates by @​dependabot[bot] in aws/aws-sdk-pandas#3355
• chore(deps): bump tornado from 6.5.5 to 6.5.6 by @​dependabot[bot] in aws/aws-sdk-pandas#3365
• chore(deps-dev): bump the development-dependencies group across 1 directory with 4 updates by @​dependabot[bot] in aws/aws-sdk-pandas#3368
• chore(deps): bump gremlinpython to 3.8 by @​kukushking in aws/aws-sdk-pandas#3370
• chore(deps): bump aiohttp from 3.14.0 to 3.14.1 by @​dependabot[bot] in aws/aws-sdk-pandas#3373
• chore(deps): bump cryptography from 46.0.7 to 48.0.1 by @​dependabot[bot] in aws/aws-sdk-pandas#3378
• chore(deps): bump bleach from 6.3.0 to 6.4.0 by @​dependabot[bot] in aws/aws-sdk-pandas#3377
• chore(deps): bump the production-dependencies group across 1 directory with 3 updates by @​dependabot[bot] in aws/aws-sdk-pandas#3379
• chore(deps): bump tornado from 6.5.6 to 6.5.7 by @​dependabot[bot] in aws/aws-sdk-pandas#3376
• chore(deps): bump jupyter-server from 2.18.0 to 2.20.0 by @​dependabot[bot] in aws/aws-sdk-pandas#3384
• chore(deps): bump actions/checkout from 6 to 7 in the github-actions group by @​dependabot[bot] in aws/aws-sdk-pandas#3381
• chore(deps): bump the production-dependencies group across 1 directory with 2 updates by @​dependabot[bot] in aws/aws-sdk-pandas#3382
• chore(deps-dev): bump the development-dependencies group with 6 updates by @​dependabot[bot] in aws/aws-sdk-pandas#3383
• chore(deps-dev): bump msgpack from 1.2.0 to 1.2.1 by @​dependabot[bot] in aws/aws-sdk-pandas#3385
• chore(deps): bump pydantic-settings from 2.13.1 to 2.14.2 by @​dependabot[bot] in aws/aws-sdk-pandas#3386

Housekeeping 🧹

• chore: Release 3.17.0 by @​kukushking in aws/aws-sdk-pandas#3371

New Contributors

• @​richacode007-byte made their first contribution in aws/aws-sdk-pandas#3351
• @​bujjibabukatta made their first contribution in aws/aws-sdk-pandas#3336
• @​jagannalla made their first contribution in aws/aws-sdk-pandas#3352
• @​hirenkumar-n-dholariya made their first contribution in aws/aws-sdk-pandas#3298
• @​PatrickBunker made their first contribution in aws/aws-sdk-pandas#3375

... (truncated)

Commits

• 60a6ffb [skip ci] chore: Update layers.rst
• ca8f64d [skip ci] chore: Update layers.rst
• 07c8a25 fix(lambda-layer): drop unused libicu DT_NEEDED via --as-needed linker flag
• 434fbda chore: Release 3.17.0 (#3371)
• 917601f chore(lambda-layer): bump pyarrow to 24.0.0 (#3375)
• 639e488 chore(deps): bump pydantic-settings from 2.13.1 to 2.14.2 (#3386)
• 783e7e9 chore(deps-dev): bump msgpack from 1.2.0 to 1.2.1 (#3385)
• 75d0dfa chore(deps-dev): bump the development-dependencies group with 6 updates (#3383)