Update Python dependencies (non-major)

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
luqum	==0.11.0 → ==0.14.0
pydantic (changelog)	==2.13.3 → ==2.13.4
python-multipart (changelog)	==0.0.27 → ==0.0.28
requests (changelog)	==2.33.1 → ==2.34.1
sentry-sdk (changelog)	==2.59.0 → ==2.60.0

---

Release Notes

jurismarches/luqum (luqum)

v0.14.0

Compare Source

===================

Added

• Support for Python 3.11, 3.12 and 3.13 (#​97 and #​111, thanks to @​cclauss and @​alexgarel)
• Support for negative values in range (#​101, thanks to @​mesemus)
• Docs on OpenRangeTransformer (#​110, thanks to @​alexgarel)

Removed

• Support for Python 3.6, 3.7, 3.8 and 3.9 (#​111, thanks to @​alexgarel)

Fixed

• Improved global state management for lexer (#​109, thanks to @​Morikko)
• Recognize E_NESTED override (#​103, thanks to @​maksle)

v0.13.0

Compare Source

===================

Added

• Add support for unbounded ranges

  Support is added for open ranges, i.e. inequality operators in
  front of a term. In tree form, the < is named To, and > is named From.

  Additionally, a TreeTransformer is also added, to convert these
  open ranges to more traditional Range objects.

  To properly support escaping, some adjustments were made to how escaping
  sequences work. After careful evaluation of how Apache Lucene handles
  escape sequences, it appears that random characters can be escaped, even
  if they result in unknown escape sequences: the escaped character is
  always yielded. This makes support for operations such as <\=foo a lot
  less complicated.

  There is no support in the ElasticsearchQueryBuilder.

v0.12.1

Compare Source

===================

Fixed

• Precedence for unknown operation and boost (#​89, thanks to @​JSCU-CNI)

v0.12.0

Compare Source

===================

Changed

• Boost can be implicit ; by default, the boost factor is 1

Added

• Add support for Lucene and Elasticsearch Boolean operations (#​71, thanks to @​linefeedse):

  • Introduce the BooleanOperation
  • add its resolution in ElasticSearch transformer
  • add it as a possible resolver for the unknown operation (no explicit operator in query)

• Set E element as ElasticsearchQueryBuilder's attributes (#​75, thanks to @​qcoumes):

  This allows to override elements such as EMust, EWord, ...,
  without the need of overriding ElasticsearchQueryBuilder's methods.

• Explicit support for Python 3.9 and Python 3.10 (#​76)

• Add a thread safe parse function (#​82)

Fixed

• Cast TokenValue.str return value to string (#​74, thanks to @​delkopiso)
• Isolated comma should be parsed as a Word (#​80)
• Better handling of escaped wildcards

Docs

• Add boolean operation to doc
• Fix quick start documentation
• Updated readthedocs instructions

CI

• Run tests with github actions

• Update all libraries for dev:

  • switch from nose to pytest as nose is not python3.10 compatible
  • remove old travis tests

pydantic/pydantic (pydantic)

v2.13.4: 2026-05-06

Compare Source

v2.13.4 (2026-05-06)

What's Changed

Packaging

• Bump libc from 0.2.155 to 0.2.185 by @​Viicos in #​13109
• Adapt pydantic-core linker flags on macOS by @​washingtoneg and @​Viicos in #​13147

Fixes

• Preserve RootModel core metadata by @​Viicos in #​13129

Full Changelog: pydantic/pydantic@v2.13.3...v2.13.4

Kludex/python-multipart (python-multipart)

v0.0.28

Compare Source

• Speed up partial-boundary tail scan via bytes.find #​281.
• Cap multipart boundary length at 256 bytes #​282.

psf/requests (requests)

v2.34.1

Compare Source

Bugfixes

• Widened json input type from dict and list to Mapping
  and Sequence. (#​7436)
• Changed headers input type to MutableMapping and removed None from
  Request.headers typing to improve handling for users. (#​7431)
• Response.reason moved from str | None to str to improve handling
  for users. (#​7437)
• Fixed a bug where some bodies with custom __getattr__ implementations
  weren't being properly detected as Iterables. (#​7433)

v2.34.0

Compare Source

Announcements

• Requests 2.34.0 introduces inline types, replacing those provided by
  typeshed. Public API types should be fully compatible with mypy, pyright,
  and ty. We believe types are comprehensive but if you find issues, please
  report them to the pinned tracking issue.

  Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for
  helping review and test the types ahead of the release. (#​7272)

Improvements

• Digest Auth hashing algorithms have added usedforsecurity=False to clarify
  security considerations. (#​7310)
• Requests added support for Python 3.15 based on beta1. Downstream projects
  should be able to start testing prior to its release in October. (#​7422)
• Requests added support for Python 3.14t. (#​7419)

Bugfixes

• Response.history no longer contains a reference to itself, preventing
  accidental looping when traversing the history list. (#​7328)
• Requests no longer performs greedy matching on no_proxy domains. The
  proxy_bypass implementation has been updated with CPython's fix from
  bpo-39057. (#​7427)
• Requests no longer incorrectly strips duplicate leading slashes in
  URI paths. This should address user issues with specific presigned
  URLs. Note the full fix requires urllib3 2.7.0+. (#​7315)

getsentry/sentry-python (sentry-sdk)

v2.60.0

Compare Source

Adds a new stream_gen_ai_spans option that controls how gen_ai spans are
sent to Sentry. When set, the SDK extracts all gen_ai spans out of a
transaction and sends them as v2 envelope items.

Enable this option if gen_ai spans are being dropped because the transaction payload exceeds size limits.

import sentry_sdk

sentry_sdk.init(
  dsn='https://examplePublicKey@o0.ingest.sentry.io/0',
  stream_gen_ai_spans=True,
)

New Features ✨

• (asyncpg) Add cursor span support via BaseCursor method patching by @​ericapisani in #​6252
• (integrations) Pass along the conversation ID for openai responses calls by @​constantinius in #​6199
• (wsgi,asgi) Introduce substitute values for filtered fields in span-streaming mode by @​ericapisani in #​6178
• Remove truncation when stream_gen_ai_spans is enabled by @​alexander-alderman-webb in #​6260
• Add option to send GenAI spans in the new span format by @​alexander-alderman-webb in #​6079

Bug Fixes 🐛

Openai

• Guard against choices=None by @​cla7aye15I4nd in #​6216
• Stop setting transaction status when child span fails by @​alexander-alderman-webb in #​6192
• Only finish relevant spans in Responses patches by @​alexander-alderman-webb in #​6191
• Only finish relevant spans in Chat Completions patches by @​alexander-alderman-webb in #​6190

Other

• (stdlib) Instrument response body read for chunked HTTP responses by @​sentrivana in #​6202
• (typing) Add @sentry_sdk.traces.trace overloads to fix typing by @​sentrivana in #​6236
• Use proto version 2 to fix backfilled user agent and IP by @​sentrivana in #​6256
• Make sure http.server spans are segments by @​sentrivana in #​6230
• Handle mypy 2.0 related failures by @​alexander-alderman-webb in #​6218

Internal Changes 🔧

Django

• Check transaction annotations on transaction events by @​alexander-alderman-webb in #​6251
• Reload middleware on test teardown by @​alexander-alderman-webb in #​6249

Openai

• Separate sync and async embeddings patches by @​alexander-alderman-webb in #​6189
• Separate sync and async Responses patches by @​alexander-alderman-webb in #​6188
• Separate sync and async Chat Completions patches by @​alexander-alderman-webb in #​6187

Other

• (langchain) Inline global state by @​alexander-alderman-webb in #​6261
• (stdlib) Only capture relevant telemetry with capture_items() by @​alexander-alderman-webb in #​6214
• (tests) Replace custom envelopes_to_x helpers with capture_items by @​sentrivana in #​6233
• (traces) Cache valid span statuses in a module-level frozenset by @​ericapisani in #​6208
• Assert presence of profile chunks after session shutdown by @​alexander-alderman-webb in #​6213
• 🤖 Update test matrix with new releases (05/11) by @​github-actions in #​6247
• Make set_custom_sampling_context() a classmethod by @​alexander-alderman-webb in #​6238
• Rename _timestamp to _end_timestamp by @​sentrivana in #​6235
• Move batcher fork safety test to batcher tests by @​sentrivana in #​6225
• Introduce inline type check for whether a span is StreamedSpan by @​ericapisani in #​6180
• Add botocore-stubs by @​alexander-alderman-webb in #​6203
• Add option to drop scrubbed user IP addresses by @​juliosuas in #​6241
• Add .warden to .gitignore by @​ericapisani in #​6210
• removed universal bdist_wheel option by @​Muskaan436 in #​6197
• (transport) Add EnvelopePrinterTransport for debug logging by @​ericapisani in #​6181

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • "before 9am on Monday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[Copilot]

Copilot wasn't able to review any files in this pull request.