chore(deps): bump the python group across 1 directory with 7 updates

[dependabot]

Bumps the python group with 7 updates in the / directory:

Package	From	To
boto3	1.43.4	1.43.21
google-auth	2.50.0	2.53.0
requests	2.33.1	2.34.2
hcloud	2.19.0	2.20.0
linode-api4	5.43.0	5.44.0
openstacksdk	4.12.0	4.14.0
cs	3.4.0	3.4.1

Updates boto3 from 1.43.4 to 1.43.21

Commits

• 0df64b3 Merge branch 'release-1.43.21'
• f080698 Bumping version to 1.43.21
• 7f6569b Add changelog entries from botocore
• 9b7b7e6 Merge branch 'release-1.43.20'
• 4d43f36 Merge branch 'release-1.43.20' into develop
• 26e55fe Bumping version to 1.43.20
• eab000e Add changelog entries from botocore
• 3ae731c Merge branch 'release-1.43.19'
• 4528046 Merge branch 'release-1.43.19' into develop
• 6b66612 Bumping version to 1.43.19
• Additional commits viewable in compare view

Updates google-auth from 2.50.0 to 2.53.0

Commits

• See full diff in compare view

Updates requests from 2.33.1 to 2.34.2

Release notes

Sourced from requests's releases.

v2.34.2

2.34.2 (2026-05-14)

• Moved headers input type back to Mapping to avoid invariance issues with MutableMapping and inferred dict types. Users calling Request.headers.update() may need to narrow typing in their code. (#7441)

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14

v2.34.1

2.34.1 (2026-05-13)

Bugfixes

• Widened json input type from dict and list to Mapping and Sequence. (#7436)
• Changed headers input type to MutableMapping and removed None from Request.headers typing to improve handling for users. (#7431)
• Response.reason moved from str | None to str to improve handling for users. (#7437)
• Fixed a bug where some bodies with custom __getattr__ implementations weren't being properly detected as Iterables. (#7433)

New Contributors

• @​k223kim made their first contribution in psf/requests#7433

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13

v2.34.0

2.34.0 (2026-05-11)

Announcements

• Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue.

  Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for helping review and test the types ahead of the release. (#7272)

Improvements

• Digest Auth hashing algorithms have added usedforsecurity=False to clarify security considerations. (#7310)
• Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. (#7422)
• Requests added support for Python 3.14t. (#7419)

Bugfixes

• Response.history no longer contains a reference to itself, preventing accidental looping when traversing the history list. (#7328)
• Requests no longer performs greedy matching on no_proxy domains. The

... (truncated)

Changelog

Sourced from requests's changelog.

2.34.2 (2026-05-14)

• Moved headers input type back to Mapping to avoid invariance issues with MutableMapping and inferred dict types. Users calling Request.headers.update() may need to narrow typing in their code. (#7441)

2.34.1 (2026-05-13)

Bugfixes

• Widened json input type from dict and list to Mapping and Sequence. (#7436)
• Changed headers input type to MutableMapping and removed None from Request.headers typing to improve handling for users. (#7431)
• Response.reason moved from str | None to str to improve handling for users. (#7437)
• Fixed a bug where some bodies with custom __getattr__ implementations weren't being properly detected as Iterables. (#7433)

2.34.0 (2026-05-11)

Announcements

• Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue.

  Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for helping review and test the types ahead of the release. (#7272)

Improvements

• Digest Auth hashing algorithms have added usedforsecurity=False to clarify security considerations. (#7310)
• Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. (#7422)
• Requests added support for Python 3.14t. (#7419)

Bugfixes

• Response.history no longer contains a reference to itself, preventing accidental looping when traversing the history list. (#7328)
• Requests no longer performs greedy matching on no_proxy domains. The proxy_bypass implementation has been updated with CPython's fix from bpo-39057. (#7427)
• Requests no longer incorrectly strips duplicate leading slashes in URI paths. This should address user issues with specific presigned URLs. Note the full fix requires urllib3 2.7.0+. (#7315)

Commits

• 6e83187 v2.34.2
• 84d10f0 Move Request.headers back to Mapping (#7441)
• b7b549b v2.34.1
• e511bc7 Fix mutability issues with headers input types (#7431)
• 5691f59 Update JsonType containers to read-based collections (#7436)
• 2144213 Constrain Response.reason to str (#7437)
• 6404f34 Fix prepare_body stream detection for __getattr__-based file wrappers (#7...
• 0b401c7 v2.34.0
• 86b378d Align Session.get parameters with requests.get (#7429)
• a4f9a59 Port bpo-39057 to Requests (#7427)
• Additional commits viewable in compare view

Updates hcloud from 2.19.0 to 2.20.0

Release notes

Sourced from hcloud's releases.

v2.20.0

Load Balancer HTTP Services now support timeout_idle

HTTP Services now support the field timeout_idle, which controls the time a HTTP connection is allowed to idle before it is being dropped.

See the changelog for more information.

Features

• load-balancer: support timeout_idle http service field (#649)

Changelog

Sourced from hcloud's changelog.

v2.20.0

Load Balancer HTTP Services now support timeout_idle

HTTP Services now support the field timeout_idle, which controls the time a HTTP connection is allowed to idle before it is being dropped.

See the changelog for more information.

Features

• load-balancer: support timeout_idle http service field (#649)

Commits

• 0bbc9dd chore(main): release v2.20.0 (#651)
• 1669de2 feat(load-balancer): support timeout_idle http service field (#649)
• See full diff in compare view

Updates linode-api4 from 5.43.0 to 5.44.0

Release notes

Sourced from linode-api4's releases.

v5.44.0

What's Changed

📋 New Project

• ⚠️ Breaking Change: Project SLADE + CLEO by @​ezilber-akamai in linode/linode_api4-python#696

🚀 New Features

• Add global quotas and quota usage support for OBJ services by @​zliang-akamai in linode/linode_api4-python#661
• Add support for firewall rules version and fingerprint by @​zliang-akamai in linode/linode_api4-python#656

💡 Improvements

• Remove outdated note about Linode interfaces availability by @​zliang-akamai in linode/linode_api4-python#683
• Cleanup entity related response fields from alert definition by @​shkaruna in linode/linode_api4-python#690
• Change assignments type from dict to list in ip_addresses_assign by @​mawilk90 in linode/linode_api4-python#687

🧪 Testing Improvements

• Update Images in integration tests by @​yec-akamai in linode/linode_api4-python#694
• Fix failing integration test by @​ezilber-akamai in linode/linode_api4-python#697

📖 Documentation

• update API documentation links in Lock classes by @​zliang-akamai in linode/linode_api4-python#679

📦 Dependency Updates

• build(deps): bump actions/github-script from 8 to 9 by @​dependabot[bot] in linode/linode_api4-python#682
• build(deps): bump actions/dependency-review-action from 4 to 5 by @​dependabot[bot] in linode/linode_api4-python#695

Full Changelog: linode/linode_api4-python@v5.43.0...v5.44.0

Commits

• 416f7a9 Merge pull request #691 from linode/dev
• fcc41e5 Fix failing integration test (#697)
• dfc536e TPT-4113: Project SLADE + CLEO (#696)
• 368aed4 Add support for firewall rules version and fingerprint (#656)
• 68772a8 Update Images in integration tests (#694)
• 8985109 Change assignments type from dict to list (#687)
• bf13f2e build(deps): bump actions/dependency-review-action from 4 to 5 (#695)
• 7bf9b4d docs: update API documentation links in Lock classes (#679)
• b690c4f build(deps): bump actions/github-script from 8 to 9 (#682)
• 4fec1e5 ACLP: Cleanup entity related response fields from alert definition (#690)
• Additional commits viewable in compare view

Updates openstacksdk from 4.12.0 to 4.14.0

Updates cs from 3.4.0 to 3.4.1

Release notes

Sourced from cs's releases.

v3.4.1

This is the last version supporting Python 3.9.

What's Changed

• build(deps): bump actions/checkout from 4 to 5 by @​dependabot[bot] in ngine-io/cs#143
• build(deps): bump actions/setup-python from 5 to 6 by @​dependabot[bot] in ngine-io/cs#145
• build(deps): bump actions/stale from 9 to 10 by @​dependabot[bot] in ngine-io/cs#144
• build(deps): bump actions/checkout from 5 to 6 by @​dependabot[bot] in ngine-io/cs#147
• fix f-string bug in Error-Message by @​powo in ngine-io/cs#149
• tests: fix linting by @​resmo in ngine-io/cs#150

New Contributors

• @​powo made their first contribution in ngine-io/cs#149

Full Changelog: ngine-io/cs@v3.4.0...v3.4.1

Commits

• a999da1 tests: fix linting (#150)
• 53605ab bump version
• bdfa552 fix f-string bug in Error-Message (#149)
• 8d87f66 build(deps): bump actions/checkout from 5 to 6 (#147)
• a7bab96 build(deps): bump actions/stale from 9 to 10 (#144)
• f3bcfd0 build(deps): bump actions/setup-python from 5 to 6 (#145)
• 2042dc7 build(deps): bump actions/checkout from 4 to 5 (#143)
• 3bde880 README: add pypi version badge
• See full diff in compare view

[dguido]

Automated evaluation: clean 3-way merge, uv sync + full unit suite (119 passed) on the combined batch, no downgrades, no major version crossings. Resolves flagged CVEs (idna/urllib3) where applicable.