Skip to content

Bump the all-pip-updates group across 3 directories with 29 updates#69586

Closed
dependabot[bot] wants to merge 4 commits into
masterfrom
dependabot/pip/master/all-pip-updates-4dc7c3a531
Closed

Bump the all-pip-updates group across 3 directories with 29 updates#69586
dependabot[bot] wants to merge 4 commits into
masterfrom
dependabot/pip/master/all-pip-updates-4dc7c3a531

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 27, 2026

Copy link
Copy Markdown
Contributor

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.


Updates the requirements on pip, pytest, cryptography, jaraco-functools, jaraco-context, msgpack, opentelemetry-api, opentelemetry-sdk, opentelemetry-exporter-otlp-proto-http, opentelemetry-exporter-prometheus, xxhash, psutil, pyopenssl, requests, tornado, truststore, virtualenv, filelock, zipp, build, pylint, boto3, botocore, pynacl, vcert, xmldiff, pygit2, ansible and python-telegram-bot to permit the latest version.
Updates pip from 25.2 to 26.1.2

Changelog

Sourced from pip's changelog.

26.1.2 (2026-05-31)

Bug Fixes

  • Reject console_scripts and gui_scripts entry points whose name would install a script outside the scripts directory. ([#14000](https://github.com/pypa/pip/issues/14000) <https://github.com/pypa/pip/issues/14000>_)
  • Fix installation incorrectly failing when the target path contains a doubled slash, such as with pip install --root //.... ([#14001](https://github.com/pypa/pip/issues/14001) <https://github.com/pypa/pip/issues/14001>_)
  • Send a consistent Accept-Encoding header to avoid a spurious Cache entry deserialization failed warning. ([#14012](https://github.com/pypa/pip/issues/14012) <https://github.com/pypa/pip/issues/14012>_)

26.1.1 (2026-05-04)

Bug Fixes

  • Fix issue where uninstallation left behind empty directories. Revert the removal of the adjacent __pycache__ directory when a .py file is removed. ([#13973](https://github.com/pypa/pip/issues/13973) <https://github.com/pypa/pip/issues/13973>_)

26.1 (2026-04-26)

Deprecations and Removals

  • Drop support for Python 3.9. ([#13795](https://github.com/pypa/pip/issues/13795) <https://github.com/pypa/pip/issues/13795>_)

Features

  • Add experimental support to read requirements from standardized pylock.toml files (-r pylock.toml). ([#13876](https://github.com/pypa/pip/issues/13876) <https://github.com/pypa/pip/issues/13876>_)
  • Allow --uploaded-prior-to to accept a duration in days (e.g., P3D for 3 days ago). ([#13674](https://github.com/pypa/pip/issues/13674) <https://github.com/pypa/pip/issues/13674>_)

Enhancements

  • Speed up dependency resolution when there are complex conflicts. ([#13859](https://github.com/pypa/pip/issues/13859) <https://github.com/pypa/pip/issues/13859>_)
  • Reduce memory usage when resolving large dependency trees. ([#13843](https://github.com/pypa/pip/issues/13843) <https://github.com/pypa/pip/issues/13843>_)
  • Emit a deprecation warning when pip imports an unexpected module after installation of a distribution has started. ([#13912](https://github.com/pypa/pip/issues/13912) <https://github.com/pypa/pip/issues/13912>_)
  • Allow URL constraints to apply to requirements with extras. ([#12018](https://github.com/pypa/pip/issues/12018) <https://github.com/pypa/pip/issues/12018>_)
  • Allow unpinned requirements to use hashes from constraints. Constraints like {name}=={version} --hash=... feeds into hash verification for a corresponding requirement. ([#9243](https://github.com/pypa/pip/issues/9243) <https://github.com/pypa/pip/issues/9243>_)
  • Improve conflict reports that involve direct URLs. ([#13932](https://github.com/pypa/pip/issues/13932) <https://github.com/pypa/pip/issues/13932>_)
  • Show all errors instead of first error for faulty dependency_groups definitions. ([#13917](https://github.com/pypa/pip/issues/13917) <https://github.com/pypa/pip/issues/13917>_)

... (truncated)

Commits
  • 31d7d16 Bump for release
  • 79f348c Update AUTHORS.txt
  • 237a925 Merge pull request #14001 from notatallshaw/fix-is-within-directory
  • 34d0285 Merge pull request #14006 from laymonage/fix-requirements_from_scripts-space-...
  • 09d3e07 Merge pull request #14012 from notatallshaw/stable-accept-encoding
  • fa7854f Use is_within_directory for entry point check
  • d01b46c NEWS ENTRY
  • 7ff8bdd Fix is_within_directory for doubled-slash roots
  • 7ea3466 NEWS ENTRY
  • 85673ea Fix Accept-Encoding to gzip, deflate
  • Additional commits viewable in compare view

Updates pytest to 9.1.1

Release notes

Sourced from pytest's releases.

9.1.1

pytest 9.1.1 (2026-06-19)

Bug fixes

  • #14220: Fixed a logic bug in pytest.RaisesGroup which would might cause it to display incorrect "It matches FooError() which was paired with BarError" messages.
  • #14591: Fixed a regression in pytest 9.1.0 which caused overriding a parametrized fixture with an indirect @​pytest.mark.parametrize to fail with "duplicate parametrization of '<fixture name>'".
  • #14606: Fixed list-item typing errors from mypy in @pytest.mark.parametrize <pytest.mark.parametrize ref> argvalues parameter.
  • #14608: Fixed a regression in pytest 9.1.0 where conftest.py files located in <invocation dir>/test* were no longer loaded as initial conftests when invoked without arguments. This could cause certain hooks (like pytest_addoption) in these files to not fire.
Commits
  • cf470ec Prepare release version 9.1.1
  • e0c8ce6 Merge pull request #14625 from pytest-dev/patchback/backports/9.1.x/a07c31a97...
  • 1b82d16 Merge pull request #14624 from pytest-dev/patchback/backports/9.1.x/b375b79ec...
  • 501c4bc Merge pull request #14596 from bluetech/doc-classmethod
  • b61f588 Merge pull request #14622 from chrisburr/fix-14608-initial-conftest-test-subdir
  • 9a567e0 [automated] Update plugin list (#14617) (#14618)
  • ef8b299 Merge pull request #14620 from pytest-dev/patchback/backports/9.1.x/680f9f3ed...
  • 66abd07 Merge pull request #14220 from bysiber/fix-stale-iexp-raisesgroup
  • 79fbf93 Merge pull request #14612 from pytest-dev/patchback/backports/9.1.x/974ed48b6...
  • 0d312eb Merge pull request #14611 from bluetech/parametrize-argvalues-typing
  • Additional commits viewable in compare view

Updates cryptography to 49.0.0

Changelog

Sourced from cryptography's changelog.

49.0.0 - 2026-06-12


* **BACKWARDS INCOMPATIBLE:** Support for ``x86_64`` macOS has been removed.
  We now only publish ``arm64`` wheels for macOS.
* **BACKWARDS INCOMPATIBLE:** Support for 32-bit Windows has been removed.
  Users should move to a 64-bit Python installation.
* **BACKWARDS INCOMPATIBLE:** Removed the deprecated
  ``PUBLIC_KEY_TYPES``, ``PRIVATE_KEY_TYPES``,
  ``CERTIFICATE_PRIVATE_KEY_TYPES``, ``CERTIFICATE_ISSUER_PUBLIC_KEY_TYPES``,
  and ``CERTIFICATE_PUBLIC_KEY_TYPES`` type aliases. Use
  ``PublicKeyTypes``, ``PrivateKeyTypes``, ``CertificateIssuerPrivateKeyTypes``,
  ``CertificateIssuerPublicKeyTypes``, and ``CertificatePublicKeyTypes``
  instead. These were deprecated in version 40.0.
* **BACKWARDS INCOMPATIBLE:** :class:`~cryptography.hazmat.primitives.ciphers.algorithms.ChaCha20`
  now treats the first 4 bytes of the ``nonce`` as a 32-bit little-endian block
  counter (as defined in :rfc:`7539`) and tracks the number of bytes processed.
  Attempting to encrypt or decrypt more data than the counter allows before it
  would overflow now raises a :class:`ValueError` rather than silently diverging
  from RFC 7539. Setting the counter portion of the ``nonce`` to zero allows
  encrypting up to 256 GiB with a given nonce.
* **BACKWARDS INCOMPATIBLE:** Loading an X.509 certificate whose ECDSA or DSA
  signature ``AlgorithmIdentifier`` contains encoded NULL parameters now raises
  a :class:`ValueError`. Such certificates are invalid, but older versions of
  Java emitted them; previously they loaded with a deprecation warning.
* Fixed cross-compilation of the CFFI bindings when ``PYO3_CROSS_LIB_DIR``
  is set. The build now derives the Python include directory from
  ``PYO3_CROSS_LIB_DIR`` instead of querying the host interpreter, which
  previously caused the build to fail during cross-compilations for embedded
  systems, on hosts which have same-version Python development headers
  installed as the target Python.
* Added support for signing and verifying X.509 certificates, certificate
  signing requests, and certificate revocation lists with
  :doc:`/hazmat/primitives/asymmetric/mldsa` keys, as well as loading
  certificates that contain ML-DSA public keys.
* Added :meth:`~cryptography.hazmat.primitives.hpke.KEM.enc_length` to
  :class:`~cryptography.hazmat.primitives.hpke.KEM` so callers can split the
  encapsulated key from the ciphertext returned by
  :meth:`~cryptography.hazmat.primitives.hpke.Suite.encrypt`.
* :meth:`~cryptography.x509.verification.ExtensionPolicy.require_present`,
  :meth:`~cryptography.x509.verification.ExtensionPolicy.may_be_present`, and
  :meth:`~cryptography.x509.verification.ExtensionPolicy.require_not_present`
  now accept any extension type. Previously only a fixed set of extension
  types was supported, which made it impossible to account for otherwise
  unrecognized critical extensions during path validation.
* Added support for using :class:`~cryptography.x509.Certificate`,
  :class:`~cryptography.x509.CertificateSigningRequest`, and
  :class:`~cryptography.x509.CertificateRevocationList` as field types in
  :doc:`/hazmat/asn1/index` structures.
* Added :func:`~cryptography.hazmat.asn1.value_set`, a class decorator that
</tr></table> 

... (truncated)

Commits
  • e300bbe bump version and changelog for 49.0.0 (#15030)
  • fa74cd8 Add external mu (message representative) support for ML-DSA (#14979)
  • f594db3 chore(deps): bump openssl from 0.10.80 to 0.10.81 (#15029)
  • 608e011 chore(deps): bump openssl-sys from 0.9.116 to 0.9.117 (#15028)
  • a322bc4 chore(deps): bump cc from 1.2.63 to 1.2.64 (#15027)
  • 33181a7 Reject critical nameConstraints extensions containing directoryName constrain...
  • 6080dc7 Bump dependencies that dependabot isn't (#15026)
  • 121faa3 chore(deps): bump virtualenv from 21.4.2 to 21.4.3 (#15023)
  • 829520b Add more robust processing for DH parameters. (#15016)
  • 0f05001 Bump downstream dependencies in CI (#15025)
  • Additional commits viewable in compare view

Updates jaraco-functools to 4.5.0

Changelog

Sourced from jaraco-functools's changelog.

v4.5.0

Features

  • bypass_when and bypass_unless now accept callable checks and evaluate them on each invocation instead of binding only at decoration time. (#36)

v4.4.0

Features

  • Add noop.

v4.3.0

Features

  • Add none_as function.

v4.2.1

No significant changes.

v4.2.0

Features

  • Add 'passthrough' function.

Bugfixes

  • Added missing splat in stubs -- by :user:Avasam (#29)

v4.1.0

... (truncated)

Commits

Updates jaraco-context to 6.1.2

Changelog

Sourced from jaraco-context's changelog.

v6.1.2

No significant changes.

v6.1.1

No significant changes.

v6.1.0

Features

  • In tarfile.context, ensure that the default filter honors the data filter to avoid path traversal vulnerabilities.

v6.0.2

No significant changes.

v6.0.1

Bugfixes

  • Removed type declarations as suggested by Gemini. (#13)

v6.0.0

Bugfixes

  • Fixed bug in repo_context where standard output from git would not be hidden (because git emits standard output on the stderr stream).

Deprecations and Removals

  • Removed deprecated 'tarball_context', 'infer_compression', and 'null' contexts.

... (truncated)

Commits

Updates msgpack to 1.2.1

Release notes

Sourced from msgpack's releases.

v1.2.1

What's Changed

Full Changelog: msgpack/msgpack-python@v1.2.0...v1.2.1

Changelog

Sourced from msgpack's changelog.

1.2.1

Release Date: 2026-06-19

Fix a segfault when calling Unpacker.unpack() or Unpacker.skip() after an unpacking failure. But note that reusing the same Unpacker instance after an unpacking failure is not supported. Please create a new Unpacker instance instead. GHSA-6v7p-g79w-8964

1.2.0

Release Date: 2026-06-11

  • Support free threaded Python. #654, #686
  • Dropped support for Python 3.9. #656
  • Fix missing error checks in C code. #665, #666, #667, #672
  • Fix strict_map_key option didn't work for object_pairs_hook. #673
  • Increase DEFAULT_RECURSE_LIMIT of Unpacker to 1024. #676
  • Fix memory leak when Unpacker returns error for invalid input. #671
  • Fix Packer.pack_ext_type() ignored autoreset option. #663
  • Fix Timestamp.from_datetime() returning wrong value for pre-epoch datetimes. #662
  • Fix use-after-free in unpackb() and Unpacker.unpack() for non-contiguous input. #677
  • Fix possible memory leak when calling Unpacker.__init__() several times. #687

1.1.2

Release Date: 2025-10-08

This release does not change source code. It updates only building wheels:

  • Update Cython to v3.1.4
  • Update cibuildwheel to v3.2.0
  • Drop Python 3.8
  • Add Python 3.14
  • Add windows-arm

1.1.1

Release Date: 2025-06-13

  • No change from 1.1.1rc1.

1.1.1rc1

Release Date: 2025-06-06

  • Update Cython to 3.1.1 and cibuildwheel to 2.23.3.

... (truncated)

Commits
  • 448d43f release v1.2.1 (#698)
  • 2c56ddb Merge commit from fork
  • 0f4f350 Bump pypa/cibuildwheel from 4.0.0 to 4.1.0 in the all-dependencies group (#694)
  • 11ed0a5 release v1.2.0 (#692)
  • c410a38 Bump pypa/cibuildwheel from 3.4.1 to 4.0.0 (#691)
  • 97ba6ca skip ci: remove unneeded CIBW_SKIP option
  • cdde1b0 Wheels CI hangs for MacOS Intel (#689)
  • 5eb57e1 release v1.2.0rc1 (#681)
  • 77395c1 Harden Unpacker.__init__ re-entry cleanup to prevent buffer/context leaks (...
  • 7df7136 Guard Packer buffer protocol hooks with Cython critical sections (#686)
  • Additional commits viewable in compare view

Updates opentelemetry-api to 1.43.0

Changelog

Sourced from opentelemetry-api's changelog.

Version 1.43.0/0.64b0 (2026-06-24)

Added

  • opentelemetry-sdk: add add_metric_reader / remove_metric_reader public APIs to register / unregister metric readers at runtime. (#4863)
  • opentelemetry-exporter-prometheus: add support for configuring metric scope labels (#5123)
  • opentelemetry-exporter-otlp-proto-grpc: Add grpc error details to the log message that's written when the grpc call fails. (#5143)
  • opentelemetry-exporter-http-transport: add 'opentelemetry-exporter-http-transport' package for HTTP exporters (#5194)
  • opentelemetry-sdk: Add composite/development samplers support to declarative file configuration (#5201)
  • opentelemetry-exporter-otlp-json-file: Add OTLP JSON File exporter implementation (#5207)
  • opentelemetry-sdk: add _resolve_component shared utility for declarative config plugin loading, reducing boilerplate in exporter factory functions (#5215)
  • opentelemetry-sdk: add pull metric reader support to declarative file configuration, including Prometheus metric reader via the prometheus_development config field (#5216)
  • opentelemetry-proto-json: update to use opentelemetry-proto v1.10.0 (#5224)
  • opentelemetry-proto: bump maximum supported protobuf version to 7.x.x (#5251)
  • opentelemetry-sdk: add ServiceInstanceIdResourceDetector for populating service.instance.id (#5259)
  • opentelemetry-sdk: declarative config loader now recursively converts parsed dicts into typed dataclass instances, including nested dataclasses, lists of dataclasses, and enum values. End-to-end YAML/JSON → SDK configuration now works via the factory functions. (#5269)
  • opentelemetry-sdk: add configure_sdk(config) to the declarative configuration API. Single entry point that takes a parsed OpenTelemetryConfiguration, builds the resource, and applies the tracer/meter/logger providers and propagator globally. Honors the top-level disabled flag. (#5270)
  • opentelemetry-sdk: the SDK configurator now honors the OTEL_CONFIG_FILE environment variable. When set, the SDK loads and applies the referenced declarative configuration file (YAML or JSON) in place of the env-var-based

... (truncated)

Commits
  • fcbbeb8 [release/v1.43.x-0.64bx] Prepare release 1.43.0/0.64b0 (#5349)
  • b40dcbc opentelemetry-exporter-http-transport: enable entry-point loading of transpor...
  • 10e8577 update to Sphinx to 8.1.3 in order to support Python 3.14 (#5278)
  • 6ac6895 docs: add declarative configuration guide and example (#5309)
  • 13ad4d5 opentelemetry-api: normalize empty environment propagation names to "_" in En...
  • 6a0ab84 opentelemetry-sdk: merge doesn't need a copy, dict already does this (#5326)
  • ac7a3df feat(config): support OTEL_CONFIG_FILE in the SDK configurator (#5271)
  • fa75422 Add support for composite samplers in declarative config (#5201)
  • 43f079f Update json and proto encoder to always accept None type, cleanup code / test...
  • 53c9d96 chore: cleanup typo found in test (#5324)
  • Additional commits viewable in compare view

Updates opentelemetry-sdk to 1.43.0

Changelog

Sourced from opentelemetry-sdk's changelog.

Version 1.43.0/0.64b0 (2026-06-24)

Added

  • opentelemetry-sdk: add add_metric_reader / remove_metric_reader public APIs to register / unregister metric readers at runtime. (#4863)
  • opentelemetry-exporter-prometheus: add support for configuring metric scope labels (#5123)
  • opentelemetry-exporter-otlp-proto-grpc: Add grpc error details to the log message that's written when the grpc call fails. (#5143)
  • opentelemetry-exporter-http-transport: add 'opentelemetry-exporter-http-transport' package for HTTP exporters (#5194)
  • opentelemetry-sdk: Add composite/development samplers support to declarative file configuration (#5201)
  • opentelemetry-exporter-otlp-json-file: Add OTLP JSON File exporter implementation (#5207)
  • opentelemetry-sdk: add _resolve_component shared utility for declarative config plugin loading, reducing boilerplate in exporter factory functions (#5215)
  • opentelemetry-sdk: add pull metric reader support to declarative file configuration, including Prometheus metric reader via the prometheus_development config field (#5216)
  • opentelemetry-proto-json: update to use opentelemetry-proto v1.10.0 (#5224)
  • opentelemetry-proto: bump maximum supported protobuf version to 7.x.x (#5251)
  • opentelemetry-sdk: add ServiceInstanceIdResourceDetector for populating service.instance.id (#5259)
  • opentelemetry-sdk: declarative config loader now recursively converts parsed dicts into typed dataclass instances, including nested dataclasses, lists of dataclasses, and enum values. End-to-end YAML/JSON → SDK configuration now works via the factory functions. (#5269)
  • opentelemetry-sdk: add configure_sdk(config) to the declarative configuration API. Single entry point that takes a parsed OpenTelemetryConfiguration, builds the resource, and applies the tracer/meter/logger providers and propagator globally. Honors the top-level disabled flag. (#5270)
  • opentelemetry-sdk: the SDK configurator now honors the OTEL_CONFIG_FILE environment variable. When set, the SDK loads and applies the referenced declarative configuration file (YAML or JSON) in place of the env-var-based

... (truncated)

Commits
  • fcbbeb8 [release/v1.43.x-0.64bx] Prepare release 1.43.0/0.64b0 (#5349)
  • b40dcbc opentelemetry-exporter-http-transport: enable entry-point loading of transpor...
  • 10e8577 update to Sphinx to 8.1.3 in order to support Python 3.14 (#5278)
  • 6ac6895 docs: add declarative configuration guide and example (#5309)
  • 13ad4d5 opentelemetry-api: normalize empty environment propagation names to "_" in En...
  • 6a0ab84 opentelemetry-sdk: merge doesn't need a copy, dict already does this (#5326)
  • ac7a3df feat(config): support OTEL_CONFIG_FILE in the SDK configurator (#5271)
  • fa75422 Add support for composite samplers in declarative config (#5201)
  • 43f079f Update json and proto encoder to always accept None type, cleanup code / test...
  • 53c9d96 chore: cleanup typo found in test (#5324)
  • Additional commits viewable in compare view

Updates opentelemetry-exporter-otlp-proto-http to 1.43.0

Changelog

Sourced from opentelemetry-exporter-otlp-proto-http's changelog.

Version 1.43.0/0.64b0 (2026-06-24)

Added

  • opentelemetry-sdk: add add_metric_reader / remove_metric_reader public APIs to register / unregister metric readers at runtime. (#4863)
  • opentelemetry-exporter-prometheus: add support for configuring metric scope labels (#5123)
  • opentelemetry-exporter-otlp-proto-grpc: Add grpc error details to the log message that's written when the grpc call fails. (#5143)
  • opentelemetry-exporter-http-transport: add 'opentelemetry-exporter-http-transport' package for HTTP exporters (#5194)
  • opentelemetry-sdk: Add composite/development samplers support to declarative file configuration (#5201)
  • opentelemetry-exporter-otlp-json-file: Add OTLP JSON File exporter implementation (#5207)
  • opentelemetry-sdk: add _resolve_component shared utility for declarative config plugin loading, reducing boilerplate in exporter factory functions (#5215)
  • opentelemetry-sdk: add pull metric reader support to declarative file configuration, including Prometheus metric reader via the prometheus_development config field (#5216)
  • opentelemetry-proto-json: update to use opentelemetry-proto v1.10.0 (#5224)
  • opentelemetry-proto: bump maximum supported protobuf version to 7.x.x (#5251)
  • opentelemetry-sdk: add ServiceInstanceIdResourceDetector for populating service.instance.id (#5259)
  • opentelemetry-sdk: declarative config loader now recursively converts parsed dicts into typed dataclass instances, including nested dataclasses, lists of dataclasses, and enum values. End-to-end YAML/JSON → SDK configuration now works via the factory functions. (#5269)
  • opentelemetry-sdk: add configure_sdk(config) to the declarative configuration API. Single entry point that takes a parsed OpenTelemetryConfiguration, builds the resource, and applies the tracer/meter/logger providers and propagator globally. Honors the top-level disabled flag. (#5270)
  • opentelemetry-sdk: the SDK configurator now honors the OTEL_CONFIG_FILE environment variable. When set, the SDK loads and applies the referenced declarative configuration file (YAML or JSON) in place of the env-var-based

... (truncated)

Commits
  • fcbbeb8 [release/v1.43.x-0.64bx] Prepare release 1.43.0/0.64b0 (#5349)
  • b40dcbc opentelemetry-exporter-http-transport: enable entry-point loading of transpor...
  • 10e8577 update to Sphinx to 8.1.3 in order to support Python 3.14 (#5278)
  • 6ac6895 docs: add declarative configuration guide and example (#5309)
  • 13ad4d5 opentelemetry-api: normalize empty environment propagation names to "_" in En...
  • 6a0ab84 opentelemetry-sdk: merge doesn't need a copy, dict already does this (#5326)
  • ac7a3df feat(config): support OTEL_CONFIG_FILE in the SDK configurator (#5271)
  • fa75422 Add support for composite samplers in declarative config (#5201)
  • 43f079f Update json and proto encoder to always accept None type, cleanup code / test...
  • 53c9d96 chore: cleanup typo found in test (#5324)
  • Additional commits viewable in compare view

Updates opentelemetry-exporter-prometheus to 0.64b0

Changelog

Sourced from opentelemetry-exporter-prometheus's changelog.

Version 1.43.0/0.64b0 (2026-06-24)

Added

  • opentelemetry-sdk: add add_metric_reader / remove_metric_reader public APIs to register / unregister metric readers at runtime. (#4863)
  • opentelemetry-exporter-prometheus: add support for configuring metric scope labels (#5123)
  • opentelemetry-exporter-otlp-proto-grpc: Add grpc error details to the log message that's written when the grpc call fails. (#5143)
  • opentelemetry-exporter-http-transport: add 'opentelemetry-exporter-http-transport' package for HTTP exporters (#5194)
  • opentelemetry-sdk: Add composite/development samplers support to declarative file configuration (#5201)
  • opentelemetry-exporter-otlp-json-file: Add OTLP JSON File exporter implementation (#5207)
  • opentelemetry-sdk: add _resolve_component shared utility for declarative config plugin loading, reducing boilerplate in exporter factory functions (#5215)
  • opentelemetry-sdk: add pull metric reader support to declarative file configuration, including Prometheus metric reader via the prometheus_development config field (#5216)
  • opentelemetry-proto-json: update to use opentelemetry-proto v1.10.0 (#5224)
  • opentelemetry-proto: bump maximum supported protobuf version to 7.x.x (#5251)
  • opentelemetry-sdk: add ServiceInstanceIdResourceDetector for populating service.instance.id (#5259)
  • opentelemetry-sdk: declarative config loader now recursively converts parsed dicts into typed dataclass instances, including nested dataclasses, lists of dataclasses, and enum values. End-to-end YAML/JSON → SDK configuration now works via the factory functions. (#5269)
  • opentelemetry-sdk: add configure_sdk(config) to the declarative configuration API. Single entry point that takes a parsed OpenTelemetryConfiguration, builds the resource, and applies the tracer/meter/logger providers and propagator globally. Honors the top-level disabled flag. (#5270)
  • opentelemetry-sdk: the SDK configurator now honors the OTEL_CONFIG_FILE environment variable. When set, the SDK loads and applies the referenced declarative configuration file (YAML or JSON) in place of the env-var-based

... (truncated)

Commits

Updates xxhash to 3.8.0

Release notes

Sourced from xxhash's releases.

v3.8.0

  • Speed up module-level one-shot digest(), intdigest(), and hexdigest() functions by switching them to METH_FASTCALL.
  • Keep one-shot argument handling consistent with hash constructors, including positional and keyword input/seed arguments, duplicate argument errors, and oversized seed wrapping.
  • Fix error handling in the xxh3_128 integer digest path so allocation failures are reported cleanly.
  • Fix Python 3.8 builds by adding a PyModule_AddType compatibility fallback with correct reference counting.
  • Correct type stubs for xxh64_digest(), xxh64_hexdigest(), and xxh64_intdigest(), they were incorrectly aliased to xxh3_64 functions.

Full list of changes: ifduyue/python-xxhash@v3.7.1...v3.8.0

Changelog

Sourced from xxhash's changelog.

v3.8.0 2026-06-27


- Speed up module-level one-shot ``digest()``, ``intdigest()``, and
  ``hexdigest()`` functions by switching them to ``METH_FASTCALL``.
- Keep one-shot argument handling consistent with hash constructors, including
  positional and keyword ``input``/``seed`` arguments, duplicate argument
  errors, and oversized seed wrapping.
- Fix error handling in the ``xxh3_128`` integer digest path so allocation
  failures are reported cleanly.
- Fix Python 3.8 builds by adding a ``PyModule_AddType`` compatibility
  fallback with correct reference counting.
- Correct type stubs for ``xxh64_digest()``, ``xxh64_hexdigest()``, and
  ``xxh64_intdigest()``, they were incorrectly aliased to xxh3_64 functions.

v3.7.1 2026-06-24

  • Fix memory leak in copy() and new() when memory allocation fails (rare edge case)
  • Fix seed/reset state initialization in xxh32 and xxh64 (unlikely to affect normal usage)
  • Replace Py_BuildValue with PyLong_FromUnsignedLong/LongLong for performance
  • Update README examples to use bytes literals
  • Add CodSpeed performance benchmarks and CI workflow
  • Build aarch64/armv7l on native Arm runners; test against Python 3.15.0-beta.2

v3.7.0 2025-04-25


- Drop support for Python 3.7
- Build armv7l manylinux/musllinux wheels
- Build riscv64 manylinux/musllinux wheels
- Build android and ios wheels

v3.6.0 2025-10-02

  • Build wheels for Python 3.14
  • Python free-threading support
  • Typing: Use Buffer type stubs
  • Deprecate xxhash.VERSION_TUPLE, it will be removed in the next major release

v3.5.0 2024-08-17


- Build wheels for Python 3.13

v3.4.1 2023-10-05

... (truncated)

Commits
  • 48c60f2 chore: release v3.8.0
  • c7f2397 fix: restore PyLong_FromUnsignedLong/LongLong over Py_BuildValue
  • aea7a72 test: fix positional seed tests in test_fastcall.py
  • e084433 fix: correct docstring typos in xxh3_64 copy() documentation
  • 414b254 fix(pyi): xxh64_digest/hexdigest/intdigest are functions
  • 9af9913 fix: add PyModule_AddType fallback for Python 3.8 compatibility
  • 1ecd5b4 perf: mark _get_buffer_or_str and _parse_fastcall_args as inline
  • 2b6f712 fix: detect duplicate seed, expand fastcall tests
  • 5d59623 fix: add NULL checks in xxh3_128_intdigest 128-bit math
  • 8fe3bf4 refactor: consolidate fastcall arg parsing into _parse_fastcall_args
  • Additional commits viewable in compare view

Updates psutil to 7.2.2

Changelog

Sourced from psutil's changelog.

7.2.2 — 2026-01-28 ^^^^^^^^^^^^^^^^^^

Enhancements

  • :gh:2705: [Linux]: :meth:Process.wait now uses pidfd_open() + poll() (no busy loop). Requires Linux >= 5.3 and Python >= 3.9.
  • :gh:2705: [macOS], [BSD]: :meth:Process.wait now uses kqueue() (no busy loop).

Bug fixes

  • :gh:2701, [macOS]: fix compilation error on macOS < 10.7. (patch by :user:Sergey Fedorov <barracuda156>)
  • :gh:2707, [macOS]: fix potential memory leaks in error paths of :meth:Process.memory_full_info and :meth:Process.threads.
  • :gh:2708, [macOS]: :meth:Process.cmdline and :meth:Process.environ may fail with OSError: [Errno 0] Undefined error (from sysctl(KERN_PROCARGS2)). They now raise :exc:AccessDenied instead.

7.2.1 — 2025-12-29 ^^^^^^^^^^^^^^^^^^

Bug fixes

  • :gh:2699, [FreeBSD], [NetBSD]: :func:heap_info does not detect small allocations (<= 1K). In order to fix that, we now flush internal jemalloc cache before fetching the metrics.

7.2.0 — 2025-12-23 ^^^^^^^^^^^^^^^^^^

Enhancements

  • :gh:1275: new :func:heap_info and :func:heap_trim functions, providing direct access to the platform's native C :term:heap allocator (glibc, mimalloc, libmalloc). Useful to create tools to detect memory leaks.
  • :gh:2403, [Linux]: publish wheels for Linux musl.
  • :gh:2680: unit tests are no longer installed / part of the distribution. They now live under tests/ instead of psutil/tests.

Bug fixes

  • :gh:2684, [FreeBSD], [critical]: compilation fails on FreeBSD 14 due to missing include.
  • :gh:2691, [Windows]: fix memory leak in :func:net_if_stats due to missing Py_CLEAR.

Compatibility notes

... (truncated)

Commits
  • 9eea97d Pre-release
  • 938ac64 Rm sphinxcontrib.googleanalytics; override layout.html
  • 9dcbb7e Add sphinxcontrib-googleanalytics to requirements.txt
  • 76eaf9a Try to add google analytics to doc
  • de1cafa Update doc mentioning Process.wait() internal details
  • bb30943 Refact can_use_p...

    Description has been truncated

Updates the requirements on [pip](https://github.com/pypa/pip), [pytest](https://github.com/pytest-dev/pytest), [cryptography](https://github.com/pyca/cryptography), [jaraco-functools](https://github.com/jaraco/jaraco.functools), [jaraco-context](https://github.com/jaraco/jaraco.context), [msgpack](https://github.com/msgpack/msgpack-python), [opentelemetry-api](https://github.com/open-telemetry/opentelemetry-python), [opentelemetry-sdk](https://github.com/open-telemetry/opentelemetry-python), [opentelemetry-exporter-otlp-proto-http](https://github.com/open-telemetry/opentelemetry-python), [opentelemetry-exporter-prometheus](https://github.com/open-telemetry/opentelemetry-python), [xxhash](https://github.com/ifduyue/python-xxhash), [psutil](https://github.com/giampaolo/psutil), [pyopenssl](https://github.com/pyca/pyopenssl), [requests](https://github.com/psf/requests), [tornado](https://github.com/tornadoweb/tornado), [truststore](https://github.com/sethmlarson/truststore), [virtualenv](https://github.com/pypa/virtualenv), [filelock](https://github.com/tox-dev/py-filelock), [zipp](https://github.com/jaraco/zipp), [build](https://github.com/pypa/build), [pylint](https://github.com/pylint-dev/pylint), [boto3](https://github.com/boto/boto3), [botocore](https://github.com/boto/botocore), [pynacl](https://github.com/pyca/pynacl), [vcert](https://github.com/Venafi/vcert-python), [xmldiff](https://github.com/Shoobx/xmldiff), [pygit2](https://github.com/libgit2/pygit2), [ansible](https://github.com/ansible-community/ansible-build-data) and [python-telegram-bot](https://github.com/python-telegram-bot/python-telegram-bot) to permit the latest version.

Updates `pip` from 25.2 to 26.1.2
- [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst)
- [Commits](pypa/pip@25.2...26.1.2)

Updates `pytest` to 9.1.1
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](pytest-dev/pytest@8.4.2...9.1.1)

Updates `cryptography` to 49.0.0
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@48.0.0...49.0.0)

Updates `jaraco-functools` to 4.5.0
- [Release notes](https://github.com/jaraco/jaraco.functools/releases)
- [Changelog](https://github.com/jaraco/jaraco.functools/blob/main/NEWS.rst)
- [Commits](jaraco/jaraco.functools@v4.4.0...v4.5.0)

Updates `jaraco-context` to 6.1.2
- [Release notes](https://github.com/jaraco/jaraco.context/releases)
- [Changelog](https://github.com/jaraco/jaraco.context/blob/main/NEWS.rst)
- [Commits](jaraco/jaraco.context@v6.1.1...v6.1.2)

Updates `msgpack` to 1.2.1
- [Release notes](https://github.com/msgpack/msgpack-python/releases)
- [Changelog](https://github.com/msgpack/msgpack-python/blob/main/CHANGELOG.md)
- [Commits](msgpack/msgpack-python@v1.1.2...v1.2.1)

Updates `opentelemetry-api` to 1.43.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-python/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-python/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-python@v1.41.1...v1.43.0)

Updates `opentelemetry-sdk` to 1.43.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-python/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-python/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-python@v1.41.1...v1.43.0)

Updates `opentelemetry-exporter-otlp-proto-http` to 1.43.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-python/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-python/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-python@v1.41.1...v1.43.0)

Updates `opentelemetry-exporter-prometheus` to 0.64b0
- [Release notes](https://github.com/open-telemetry/opentelemetry-python/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-python/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-python/commits)

Updates `xxhash` to 3.8.0
- [Release notes](https://github.com/ifduyue/python-xxhash/releases)
- [Changelog](https://github.com/ifduyue/python-xxhash/blob/v3.8.0/CHANGELOG.rst)
- [Commits](ifduyue/python-xxhash@v3.7.0...v3.8.0)

Updates `psutil` to 7.2.2
- [Changelog](https://github.com/giampaolo/psutil/blob/master/docs/changelog.rst)
- [Commits](giampaolo/psutil@v5.0.0...v7.2.2)

Updates `pyopenssl` to 26.3.0
- [Changelog](https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst)
- [Commits](pyca/pyopenssl@26.2.0...26.3.0)

Updates `requests` to 2.34.2
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v0.2.0...v2.34.2)

Updates `tornado` to 6.5.7
- [Changelog](https://github.com/tornadoweb/tornado/blob/master/docs/releases.rst)
- [Commits](tornadoweb/tornado@v6.5.6...v6.5.7)

Updates `truststore` to 0.10.4
- [Release notes](https://github.com/sethmlarson/truststore/releases)
- [Changelog](https://github.com/sethmlarson/truststore/blob/main/CHANGELOG.md)
- [Commits](sethmlarson/truststore@v0.10.0...v0.10.4)

Updates `virtualenv` to 21.5.1
- [Release notes](https://github.com/pypa/virtualenv/releases)
- [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst)
- [Commits](pypa/virtualenv@21.4.2...21.5.1)

Updates `filelock` to 3.29.4
- [Release notes](https://github.com/tox-dev/py-filelock/releases)
- [Changelog](https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst)
- [Commits](tox-dev/filelock@3.29.1...3.29.4)

Updates `zipp` to 4.1.0
- [Release notes](https://github.com/jaraco/zipp/releases)
- [Changelog](https://github.com/jaraco/zipp/blob/main/NEWS.rst)
- [Commits](jaraco/zipp@v3.23.1...v4.1.0)

Updates `build` to 1.5.0
- [Release notes](https://github.com/pypa/build/releases)
- [Changelog](https://github.com/pypa/build/blob/main/CHANGELOG.rst)
- [Commits](pypa/build@1.4.4...1.5.0)

Updates `cryptography` to 49.0.0
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@48.0.0...49.0.0)

Updates `virtualenv` to 21.5.1
- [Release notes](https://github.com/pypa/virtualenv/releases)
- [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst)
- [Commits](pypa/virtualenv@21.4.2...21.5.1)

Updates `filelock` to 3.29.4
- [Release notes](https://github.com/tox-dev/py-filelock/releases)
- [Changelog](https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst)
- [Commits](tox-dev/filelock@3.29.1...3.29.4)

Updates `pylint` to 4.0.6
- [Release notes](https://github.com/pylint-dev/pylint/releases)
- [Commits](pylint-dev/pylint@v3.1.0...v4.0.6)

Updates `boto3` to 1.43.36
- [Release notes](https://github.com/boto/boto3/releases)
- [Commits](boto/boto3@1.43.24...1.43.36)

Updates `botocore` to 1.43.36
- [Commits](boto/botocore@1.43.24...1.43.36)

Updates `pynacl` to 1.6.2
- [Changelog](https://github.com/pyca/pynacl/blob/main/CHANGELOG.rst)
- [Commits](pyca/pynacl@1.5.0...1.6.2)

Updates `vcert` to 0.20.0
- [Release notes](https://github.com/Venafi/vcert-python/releases)
- [Commits](https://github.com/Venafi/vcert-python/commits)

Updates `xmldiff` to 3.0
- [Release notes](https://github.com/Shoobx/xmldiff/releases)
- [Changelog](https://github.com/Shoobx/xmldiff/blob/master/CHANGES.rst)
- [Commits](Shoobx/xmldiff@2.7.0...3.0)

Updates `pygit2` to 1.19.3
- [Release notes](https://github.com/libgit2/pygit2/releases)
- [Changelog](https://github.com/libgit2/pygit2/blob/master/CHANGELOG.md)
- [Commits](libgit2/pygit2@v1.19.2...v1.19.3)

Updates `ansible` to 14.1.0
- [Changelog](https://github.com/ansible-community/ansible-build-data/blob/main/docs/release-process.md)
- [Commits](ansible-community/ansible-build-data@14.0.0...14.1.0)

Updates `python-telegram-bot` to 22.8
- [Release notes](https://github.com/python-telegram-bot/python-telegram-bot/releases)
- [Commits](python-telegram-bot/python-telegram-bot@v22.7...v22.8)

Updates `cryptography` to 49.0.0
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@48.0.0...49.0.0)

Updates `pyopenssl` to 26.3.0
- [Changelog](https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst)
- [Commits](pyca/pyopenssl@26.2.0...26.3.0)

---
updated-dependencies:
- dependency-name: pip
  dependency-version: 26.1.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all-pip-updates
- dependency-name: pytest
  dependency-version: 9.1.1
  dependency-type: direct:production
  dependency-group: all-pip-updates
- dependency-name: cryptography
  dependency-version: 49.0.0
  dependency-type: direct:production
  dependency-group: all-pip-updates
- dependency-name: jaraco-functools
  dependency-version: 4.5.0
  dependency-type: direct:production
  dependency-group: all-pip-updates
- dependency-name: jaraco-context
  dependency-version: 6.1.2
  dependency-type: direct:production
  dependency-group: all-pip-updates
- dependency-name: msgpack
  dependency-version: 1.2.1
  dependency-type: direct:production
  dependency-group: all-pip-updates
- dependency-name: opentelemetry-api
  dependency-version: 1.43.0
  dependency-type: direct:production
  dependency-group: all-pip-updates
- dependency-name: opentelemetry-sdk
  dependency-version: 1.43.0
  dependency-type: direct:production
  dependency-group: all-pip-updates
- dependency-name: opentelemetry-exporter-otlp-proto-http
  dependency-version: 1.43.0
  dependency-type: direct:production
  dependency-group: all-pip-updates
- dependency-name: opentelemetry-exporter-prometheus
  dependency-version: 0.64b0
  dependency-type: direct:production
  dependency-group: all-pip-updates
- dependency-name: xxhash
  dependency-version: 3.8.0
  dependency-type: direct:production
  dependency-group: all-pip-updates
- dependency-name: psutil
  dependency-version: 7.2.2
  dependency-type: direct:production
  dependency-group: all-pip-updates
- dependency-name: pyopenssl
  dependency-version: 26.3.0
  dependency-type: direct:production
  dependency-group: all-pip-updates
- dependency-name: requests
  dependency-version: 2.34.2
  dependency-type: direct:production
  dependency-group: all-pip-updates
- dependency-name: tornado
  dependency-version: 6.5.7
  dependency-type: direct:production
  dependency-group: all-pip-updates
- dependency-name: truststore
  dependency-version: 0.10.4
  dependency-type: direct:production
  dependency-group: all-pip-updates
- dependency-name: virtualenv
  dependency-version: 21.5.1
  dependency-type: direct:production
  dependency-group: all-pip-updates
- dependency-name: filelock
  dependency-version: 3.29.4
  dependency-type: direct:production
  dependency-group: all-pip-updates
- dependency-name: zipp
  dependency-version: 4.1.0
  dependency-type: direct:production
  dependency-group: all-pip-updates
- dependency-name: build
  dependency-version: 1.5.0
  dependency-type: direct:production
  dependency-group: all-pip-updates
- dependency-name: cryptography
  dependency-version: 49.0.0
  dependency-type: direct:production
  dependency-group: all-pip-updates
- dependency-name: virtualenv
  dependency-version: 21.5.1
  dependency-type: direct:production
  dependency-group: all-pip-updates
- dependency-name: filelock
  dependency-version: 3.29.4
  dependency-type: direct:production
  dependency-group: all-pip-updates
- dependency-name: pylint
  dependency-version: 4.0.6
  dependency-type: direct:production
  dependency-group: all-pip-updates
- dependency-name: boto3
  dependency-version: 1.43.36
  dependency-type: direct:production
  dependency-group: all-pip-updates
- dependency-name: botocore
  dependency-version: 1.43.36
  dependency-type: direct:production
  dependency-group: all-pip-updates
- dependency-name: pynacl
  dependency-version: 1.6.2
  dependency-type: direct:production
  dependency-group: all-pip-updates
- dependency-name: vcert
  dependency-version: 0.20.0
  dependency-type: direct:production
  dependency-group: all-pip-updates
- dependency-name: xmldiff
  dependency-version: '3.0'
  dependency-type: direct:production
  dependency-group: all-pip-updates
- dependency-name: pygit2
  dependency-version: 1.19.3
  dependency-type: direct:production
  dependency-group: all-pip-updates
- dependency-name: ansible
  dependency-version: 14.1.0
  dependency-type: direct:production
  dependency-group: all-pip-updates
- dependency-name: python-telegram-bot
  dependency-version: '22.8'
  dependency-type: direct:production
  dependency-group: all-pip-updates
- dependency-name: cryptography
  dependency-version: 49.0.0
  dependency-type: direct:production
  dependency-group: all-pip-updates
- dependency-name: pyopenssl
  dependency-version: 26.3.0
  dependency-type: direct:production
  dependency-group: all-pip-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the test:full Run the full test suite label Jun 27, 2026
@dependabot dependabot Bot requested a review from a team as a code owner June 27, 2026 21:10
@dependabot dependabot Bot added the test:full Run the full test suite label Jun 27, 2026
@dependabot dependabot Bot temporarily deployed to workflow-restart June 27, 2026 21:10 Inactive
salt-pr-bot added 2 commits June 30, 2026 17:54
Several packages in this update drop Python 3.9 support (jaraco.functools,
jaraco.context, msgpack, opentelemetry, pyopenssl, xxhash, virtualenv, zipp,
pytest). Add python_version < '3.10' markers so py3.9 stays on the last
compatible releases while newer Pythons take the updates.

Revert two bumps that reintroduce documented conflicts: vcert (0.18+ hard-pins
pynacl/cryptography/six against the rest of CI -- comment says stay on 0.9.x)
and pylint (comment caps to ~=3.1.0 until the codebase is audited for the new
4.x checks).

Regenerate all lock files.
Resolve requirements conflicts with master's newer alignment work: keep the
blanket pytest <9 cap (OOM fix), pylint ~=3.1.0 revert, multidict/botocore
comments and the ansible py-floor cleanup, while layering the dependabot
opentelemetry/xxhash bumps behind python_version < '3.10' markers. Regenerate
all lock files.
@dependabot @github

dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor Author

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

test:full Run the full test suite

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant