Skip to content

Bump the python-packages group with 5 updates#854

Merged
hramezani merged 1 commit into
mainfrom
dependabot/uv/python-packages-ae55853e13
May 1, 2026
Merged

Bump the python-packages group with 5 updates#854
hramezani merged 1 commit into
mainfrom
dependabot/uv/python-packages-ae55853e13

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 1, 2026

Copy link
Copy Markdown
Contributor

Bumps the python-packages group with 5 updates:

Package From To
pydantic 2.13.1 2.13.3
azure-keyvault-secrets 4.10.0 4.11.0
boto3 1.42.90 1.42.95
mypy 1.20.1 1.20.2
pre-commit 4.5.1 4.6.0

Updates pydantic from 2.13.1 to 2.13.3

Release notes

Sourced from pydantic's releases.

v2.13.3 2026-04-20

v2.13.3 (2026-04-20)

What's Changed

Fixes

Full Changelog: pydantic/pydantic@v2.13.2...v2.13.3

v2.13.2 2026-04-17

v2.13.2 (2026-04-17)

What's Changed

Fixes

  • Fix ValidationInfo.field_name missing with model_validate_json() by @​Viicos in #13084

Full Changelog: pydantic/pydantic@v2.13.1...v2.13.2

Changelog

Sourced from pydantic's changelog.

v2.13.3 (2026-04-20)

GitHub release

What's Changed

Fixes

v2.13.2 (2026-04-17)

GitHub release

What's Changed

Fixes

  • Fix ValidationInfo.field_name missing with model_validate_json() by @​Viicos in #13084
Commits
  • 9e9a111 Fix backported test
  • 1ec8c6a Prepare release v2.13.3
  • fb4f204 Handle AttributeError subclasses with from_attributes
  • ca3ddd1 Prepare release v2.13.2
  • 000e823 Fix ValidationInfo.field_name missing with model_validate_json()
  • See full diff in compare view

Updates azure-keyvault-secrets from 4.10.0 to 4.11.0

Release notes

Sourced from azure-keyvault-secrets's releases.

azure-keyvault-secrets_4.11.0

4.11.0 (2026-03-26)

Features Added

  • Added support for service API version 2025-07-01
    • Added support for retrieving secrets with out_content_type
    • Added the previous_version property to SecretProperties

Other Changes

  • Key Vault API version 2025-07-01 is now the default
Commits
  • 5f7e04e remove bypass local dns (#46354)
  • a753a30 Sync eng/common directory with azure-sdk-tools for PR 15153 (#46348)
  • 36c1bc0 Sync .github directory with azure-sdk-tools repository (#46338)
  • a529fa5 agentserver release (#46304)
  • 310def1 [agentserver-responses] Harden response model, type safety, and builder API (...
  • 6b9ea94 [Key Vault] Add default value for inner_error (#46315)
  • fdc2a54 feat(cosmos/workloads): add performance metrics collection for DR drill testi...
  • bec9bd8 Use pinned pypi-shipped uv through CFS rather than uv native installer (#46...
  • 4ea3dd1 updated pinned apistub version 0.3.28 (#46312)
  • 0b97526 Add agent dev skill for search (#45972)
  • Additional commits viewable in compare view

Updates boto3 from 1.42.90 to 1.42.95

Commits
  • a47ce81 Merge branch 'release-1.42.95'
  • 03cc5cd Bumping version to 1.42.95
  • ab160a5 Add changelog entries from botocore
  • 1009404 Merge branch 'release-1.42.94'
  • 0017b80 Merge branch 'release-1.42.94' into develop
  • d13e367 Bumping version to 1.42.94
  • 7ddb8f5 Add changelog entries from botocore
  • 7b0e06b Bump actions/github-script from 8.0.0 to 9.0.0 (#4774)
  • 30acde7 Merge branch 'release-1.42.93'
  • 5e30d50 Merge branch 'release-1.42.93' into develop
  • Additional commits viewable in compare view

Updates mypy from 1.20.1 to 1.20.2

Changelog

Sourced from mypy's changelog.

Mypy 1.20.1

  • Always disable sync in SQLite cache (Ivan Levkivskyi, PR 21184)
  • Temporarily skip few base64 tests (Ivan Levkivskyi, PR 21193)
  • Revert dict.__or__ typeshed change (Ivan Levkivskyi, PR 21186)
  • Fix narrowing for match case with variadic tuples (Shantanu, PR 21192)
  • Avoid narrowing type[T] in type calls (Shantanu, PR 21174)
  • Fix regression for catching empty tuple in except (Shantanu, PR 21153)
  • Fix reachability for frozenset and dict view narrowing (Shantanu, PR 21151)
  • Fix narrowing with chained comparison (Shantanu, PR 21150)
  • Avoid narrowing to unreachable at module level (Shantanu, PR 21144)
  • Allow dangerous identity comparisons to Any typed variables (Shantanu, PR 21142)
  • --warn-unused-config should not be a strict flag (Ivan Levkivskyi, PR 21139)

Mypy 1.20.2

  • Use WAL with SQLite cache and fix close (Shantanu, PR 21154)
  • Adjust SQLite journal mode (Ivan Levkivskyi, PR 21217)
  • Correctly aggregate narrowing information on parent expressions (Shantanu, PR 21206)
  • Fix regression related to generic callables (Shantanu, PR 21208)
  • Fix regression by avoiding widening types in some contexts (Shantanu, PR 21242)
  • Fix slicing in non-strict optional mode (Shantanu, PR 21282)
  • mypyc: Fix match statement semantics for "or" pattern (Shantanu, PR 21156)
  • mypyc: Fix issue with module dunder attributes (Piotr Sawicki, PR 21275)
  • Initial support for Python 3.15.0a8 (Marc Mueller, PR 21255)

Acknowledgements

Thanks to all mypy contributors who contributed to this release:

  • A5rocks
  • Aaron Wieczorek
  • Adam Turner
  • Ali Hamdan
  • asce
  • BobTheBuidler
  • Brent Westbrook
  • Brian Schubert
  • bzoracler
  • Chris Burroughs
  • Christoph Tyralla
  • Colin Watson
  • Donghoon Nam
  • E. M. Bray
  • Emma Smith
  • Ethan Sarp
  • George Ogden
  • getzze
  • grayjk
  • Gregor Riepl
  • Ivan Levkivskyi

... (truncated)

Commits

Updates pre-commit from 4.5.1 to 4.6.0

Release notes

Sourced from pre-commit's releases.

pre-commit v4.6.0

Features

  • pre-commit hook-impl: allow --hook-dir to be missing to enable easier usage with git 2.54+ git hooks.

Fixes

Changelog

Sourced from pre-commit's changelog.

4.6.0 - 2026-04-21

Features

  • pre-commit hook-impl: allow --hook-dir to be missing to enable easier usage with git 2.54+ git hooks.

Fixes

Commits
  • f35134b v4.6.0
  • 2a51ffc Merge pull request #3662 from pre-commit/hook-impl-optional-hook-dir
  • d7dee32 make --hook-dir optional for hook-impl
  • 965aeb1 Merge pull request #3661 from pre-commit/hook-impl-required
  • 2eacc06 --hook-type is required for hook-impl
  • f5678bf Merge pull request #3657 from pre-commit/pre-commit-ci-update-config
  • 054cc5b [pre-commit.ci] pre-commit autoupdate
  • 5c0f302 Merge pull request #3652 from pre-commit/pre-commit-ci-update-config
  • a5d9114 [pre-commit.ci] pre-commit autoupdate
  • 129a1f5 Merge pull request #3641 from pre-commit/mxr-patch-1
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the python-packages group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [pydantic](https://github.com/pydantic/pydantic) | `2.13.1` | `2.13.3` |
| [azure-keyvault-secrets](https://github.com/Azure/azure-sdk-for-python) | `4.10.0` | `4.11.0` |
| [boto3](https://github.com/boto/boto3) | `1.42.90` | `1.42.95` |
| [mypy](https://github.com/python/mypy) | `1.20.1` | `1.20.2` |
| [pre-commit](https://github.com/pre-commit/pre-commit) | `4.5.1` | `4.6.0` |


Updates `pydantic` from 2.13.1 to 2.13.3
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)
- [Commits](pydantic/pydantic@v2.13.1...v2.13.3)

Updates `azure-keyvault-secrets` from 4.10.0 to 4.11.0
- [Release notes](https://github.com/Azure/azure-sdk-for-python/releases)
- [Commits](Azure/azure-sdk-for-python@azure-keyvault-secrets_4.10.0...azure-keyvault-secrets_4.11.0)

Updates `boto3` from 1.42.90 to 1.42.95
- [Release notes](https://github.com/boto/boto3/releases)
- [Commits](boto/boto3@1.42.90...1.42.95)

Updates `mypy` from 1.20.1 to 1.20.2
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md)
- [Commits](python/mypy@v1.20.1...v1.20.2)

Updates `pre-commit` from 4.5.1 to 4.6.0
- [Release notes](https://github.com/pre-commit/pre-commit/releases)
- [Changelog](https://github.com/pre-commit/pre-commit/blob/main/CHANGELOG.md)
- [Commits](pre-commit/pre-commit@v4.5.1...v4.6.0)

---
updated-dependencies:
- dependency-name: pydantic
  dependency-version: 2.13.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-packages
- dependency-name: azure-keyvault-secrets
  dependency-version: 4.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: boto3
  dependency-version: 1.42.95
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-packages
- dependency-name: mypy
  dependency-version: 1.20.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: python-packages
- dependency-name: pre-commit
  dependency-version: 4.6.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: python-packages
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels May 1, 2026
@hramezani hramezani merged commit eaa3b43 into main May 1, 2026
19 checks passed
@hramezani hramezani deleted the dependabot/uv/python-packages-ae55853e13 branch May 1, 2026 07:08
736-c41-2c1-e464fc974 added a commit to Swiss-Armed-Forces/Loom that referenced this pull request Jun 29, 2026
This MR contains the following updates:

| Package | Type | Update | Change | OpenSSF |
|---|---|---|---|---|
| [debugpy](https://aka.ms/debugpy) ([source](https://github.com/microsoft/debugpy)) | dev | patch | `1.8.20` → `1.8.21` | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/microsoft/debugpy/badge)](https://securityscorecards.dev/viewer/?uri=github.com/microsoft/debugpy) |
| [numpy](https://github.com/numpy/numpy) ([changelog](https://numpy.org/doc/stable/release)) | dependencies | patch | `2.4.4` → `2.4.6` | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/numpy/numpy/badge)](https://securityscorecards.dev/viewer/?uri=github.com/numpy/numpy) |
| [pydantic-settings](https://github.com/pydantic/pydantic-settings) ([changelog](https://github.com/pydantic/pydantic-settings/releases)) | dependencies | patch | `2.14.0` → `2.14.2` | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/pydantic/pydantic-settings/badge)](https://securityscorecards.dev/viewer/?uri=github.com/pydantic/pydantic-settings) |
| [python-multipart](https://github.com/Kludex/python-multipart) ([changelog](https://github.com/Kludex/python-multipart/blob/master/CHANGELOG.md)) | dependencies | patch | `^0.0.22` → `^0.0.32` | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/Kludex/python-multipart/badge)](https://securityscorecards.dev/viewer/?uri=github.com/Kludex/python-multipart) |
| [types-requests](https://github.com/python/typeshed) ([changelog](https://github.com/typeshed-internal/stub_uploader/blob/main/data/changelogs/requests.md)) | dependencies | patch | `2.32.0.20240523` → `2.32.4.20260324` | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/python/typeshed/badge)](https://securityscorecards.dev/viewer/?uri=github.com/python/typeshed) |

---

### Release Notes

<details>
<summary>microsoft/debugpy (debugpy)</summary>

### [`v1.8.21`](https://github.com/microsoft/debugpy/releases/tag/v1.8.21): debugpy v1.8.21

[Compare Source](microsoft/debugpy@v1.8.20...v1.8.21)

Fixes for:

- Return evaluate result in DAP response body instead of writing to stdout: [#&#8203;2027](microsoft/debugpy#2027)
- Prevent invalid `scopes` request from crashing debug session: [#&#8203;2026](microsoft/debugpy#2026)
- Skip uninitialized `__slots__` in variable resolver: [#&#8203;2024](microsoft/debugpy#2024)
- Handle `-c` arguments that are `bytes` instead of `str`: [#&#8203;2021](microsoft/debugpy#2021)
- Fix evaluation of variables from chained exception frames: [#&#8203;2018](microsoft/debugpy#2018)
- `ContinueRequest` with a specific `threadId` no longer resumes all threads (in-process adapter): [#&#8203;2012](microsoft/debugpy#2012)
- Avoid strong reference to exceptions during unwind: [#&#8203;2008](microsoft/debugpy#2008)
- Show error message on evaluate failures in the hover context: [#&#8203;2006](microsoft/debugpy#2006)
- Display `dlerror` output when `dlopen` fails: [#&#8203;2000](microsoft/debugpy#2000)
- Replace removed `pkgutil.get_loader` with `importlib.util.find_spec` in `get_fullname`: [#&#8203;1998](microsoft/debugpy#1998)

Enhancements:

- Add option to ignore all system exit codes: [#&#8203;2017](microsoft/debugpy#2017)
- Pull changes from pydevd up to March 2026: [#&#8203;2010](microsoft/debugpy#2010)

Infrastructure work:

- Suppress Flawfinder false positives on Cython memcpy / read-loop iterators (TSA [#&#8203;2816216](https://github.com/microsoft/debugpy/issues/2816216), [#&#8203;2816217](https://github.com/microsoft/debugpy/issues/2816217), [#&#8203;2816218](https://github.com/microsoft/debugpy/issues/2816218), [#&#8203;2816219](https://github.com/microsoft/debugpy/issues/2816219), [#&#8203;2816220](https://github.com/microsoft/debugpy/issues/2816220)): [#&#8203;2028](microsoft/debugpy#2028), [#&#8203;2029](microsoft/debugpy#2029), [#&#8203;2030](microsoft/debugpy#2030), [#&#8203;2031](microsoft/debugpy#2031), [#&#8203;2032](microsoft/debugpy#2032)

Thanks to [@&#8203;maxbachmann](https://github.com/maxbachmann), [@&#8203;mfussenegger](https://github.com/mfussenegger), and [@&#8203;sambrightman](https://github.com/sambrightman) for the commits.

</details>

<details>
<summary>numpy/numpy (numpy)</summary>

### [`v2.4.6`](https://github.com/numpy/numpy/releases/tag/v2.4.6): (May 18, 2026)

[Compare Source](numpy/numpy@v2.4.5...v2.4.6)

### NumPy 2.4.6 Release Notes

NumPy 2.4.6 is a quick release that fixes a regression discovered in the 2.4.5
release.

This release supports Python versions 3.11-3.14

#### Contributors

A total of 4 people contributed to this release. People with a "+" by their
names contributed a patch for the first time.

- !EarlMilktea
- Charles Harris
- Sebastian Berg
- Warren Weckesser

#### Pull requests merged

A total of 4 pull requests were merged for this release.

- [#&#8203;31444](numpy/numpy#31444): MAINT: Prepare 2.4.x for further development
- [#&#8203;31453](numpy/numpy#31453): BUG: Fix regression in `arr.conj()`
- [#&#8203;31459](numpy/numpy#31459): BUG: `np.linalg.svd(..., hermitian=True)` returns non-unitary...
- [#&#8203;31460](numpy/numpy#31460): BUG: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator...

### [`v2.4.5`](https://github.com/numpy/numpy/releases/tag/v2.4.5): (May 15, 2026)

[Compare Source](numpy/numpy@v2.4.4...v2.4.5)

### NumPy 2.4.5 Release Notes

NumPy 2.4.5 is a patch release that fixes bugs discovered after the 2.4.4
release, has some typing improvements, and maintains infrastructure.

This release supports Python versions 3.11-3.14

#### Contributors

A total of 17 people contributed to this release. People with a "+" by their
names contributed a patch for the first time.

- Aleksei Nikiforov
- Anarion Zuo +
- Ankit Ahlawat
- Breno Favaretto +
- Charles Harris
- Igor Krivenko +
- Ijtihed Kilani +
- Joren Hammudoglu
- Maarten Baert +
- Matti Picus
- Nathan Goldbaum
- Praneeth Kodumagulla +
- Ralf Gommers
- RoomWithOutRoof +
- Sebastian Berg
- Warren Weckesser
- div +

#### Pull requests merged

A total of 28 pull requests were merged for this release.

- [#&#8203;31093](numpy/numpy#31093): MAINT: Prepare 2.4.x for further development
- [#&#8203;31182](numpy/numpy#31182): TYP: fix `np.shape` assignability issue for python lists ([#&#8203;31171](numpy/numpy#31171))
- [#&#8203;31197](numpy/numpy#31197): ENH: Return rank 0 for empty matrices in matrix\_rank ([#&#8203;30422](numpy/numpy#30422))
- [#&#8203;31198](numpy/numpy#31198): CI/BUG: add native jobs for s390x, fix bug in `pack_inner`...
- [#&#8203;31199](numpy/numpy#31199): BUG: f2py map complex\_long\_double to NPY\_CLONGDOUBLE
- [#&#8203;31205](numpy/numpy#31205): MAINT: f2py: Stop setting re.\_MAXCACHE to 50.
- [#&#8203;31206](numpy/numpy#31206): BUG: fix heap buffer overflow in timedelta to string casts
- [#&#8203;31207](numpy/numpy#31207): MAINT: Rename ppc64le and s390x workflow ([#&#8203;31121](numpy/numpy#31121))
- [#&#8203;31208](numpy/numpy#31208): BUG: Fix matvec/vecmat in-place aliasing (out=input produces...
- [#&#8203;31209](numpy/numpy#31209): TYP: `tile`: accept numpy scalars and arrays as second argument...
- [#&#8203;31211](numpy/numpy#31211): DEP: Undo deprecation for np.dtype() signature used by old pickles...
- [#&#8203;31212](numpy/numpy#31212): REV: Manual revert of float16 svml use ([#&#8203;31178](numpy/numpy#31178))
- [#&#8203;31222](numpy/numpy#31222): TYP: `ix_` fix for boolean and non-1d input ([#&#8203;31218](numpy/numpy#31218))
- [#&#8203;31329](numpy/numpy#31329): BUG: incorrect temp elision for new-style (NEP 43) user-defined...
- [#&#8203;31330](numpy/numpy#31330): TYP: fix sliding\_window\_view axis parameter typing
- [#&#8203;31335](numpy/numpy#31335): BUG: Prevent deadlock due to downstream importing NumPy in dlopen...
- [#&#8203;31336](numpy/numpy#31336): BUG: Fix segfault in nditer.multi\_index when \_\_getitem\_\_ raises...
- [#&#8203;31338](numpy/numpy#31338): TYP: Fix ruff lint error
- [#&#8203;31357](numpy/numpy#31357): BUG: fix memory leak in np.zeros when fill-zero loop raises ([#&#8203;31320](numpy/numpy#31320))
- [#&#8203;31358](numpy/numpy#31358): BUG: np.einsum() fails with a 0-dimensional out argument and...
- [#&#8203;31379](numpy/numpy#31379): BUG: Fix signed overflow issue in npy\_gcd for INT\_MIN on s390x...
- [#&#8203;31383](numpy/numpy#31383): CI: remove Cirrus CI FreeBSD job ([#&#8203;31380](numpy/numpy#31380))
- [#&#8203;31390](numpy/numpy#31390): BUILD: newer MKL uses so.3
- [#&#8203;31391](numpy/numpy#31391): BLD/MAINT: improve support for Intel LLVM compilers
- [#&#8203;31401](numpy/numpy#31401): BUG: Avoid UB in [safe]()\[add,sub,mul] helpers ([#&#8203;31396](numpy/numpy#31396))
- [#&#8203;31402](numpy/numpy#31402): BUG: exclude \_\_pycache\_\_ directories from wheels ([#&#8203;31397](numpy/numpy#31397))
- [#&#8203;31404](numpy/numpy#31404): TYP: `_NestedSequence` type parameter default to work around...
- [#&#8203;31426](numpy/numpy#31426): TYP: Fix `DTypeLike` runtime type-checker support ([#&#8203;31425](numpy/numpy#31425))

</details>

<details>
<summary>pydantic/pydantic-settings (pydantic-settings)</summary>

### [`v2.14.2`](https://github.com/pydantic/pydantic-settings/releases/tag/v2.14.2)

[Compare Source](pydantic/pydantic-settings@v2.14.1...v2.14.2)

#### What's Changed

This is a security patch release.

- Prevent `NestedSecretsSettingsSource` from following symlinks outside `secrets_dir` by [@&#8203;hramezani](https://github.com/hramezani) in [#&#8203;889](pydantic/pydantic-settings#889)
- Prepare release 2.14.2 by [@&#8203;hramezani](https://github.com/hramezani) in [#&#8203;890](pydantic/pydantic-settings#890)

##### Security

Fixes [GHSA-4xgf-cpjx-pc3j](GHSA-4xgf-cpjx-pc3j): `NestedSecretsSettingsSource` with `secrets_nested_subdir=True` could follow a symbolic link inside `secrets_dir` pointing outside it, reading out-of-tree files into settings values and bypassing the `secrets_dir_max_size` cap. Affected versions: `>= 2.12.0, < 2.14.2`.

**Full Changelog**: <pydantic/pydantic-settings@v2.14.1...v2.14.2>

### [`v2.14.1`](https://github.com/pydantic/pydantic-settings/releases/tag/v2.14.1)

[Compare Source](pydantic/pydantic-settings@v2.14.0...v2.14.1)

#### What's Changed

- Bump the python-packages group with 4 updates by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;850](pydantic/pydantic-settings#850)
- Bump the python-packages group with 5 updates by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;854](pydantic/pydantic-settings#854)
- Bump the github-actions group with 3 updates by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;853](pydantic/pydantic-settings#853)
- Bump the python-packages group with 2 updates by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;856](pydantic/pydantic-settings#856)
- Fix field named `cls` conflicting with classmethod parameter by [@&#8203;hramezani](https://github.com/hramezani) in [#&#8203;858](pydantic/pydantic-settings#858)
- Prepare release 2.14.1 by [@&#8203;hramezani](https://github.com/hramezani) in [#&#8203;859](pydantic/pydantic-settings#859)

**Full Changelog**: <pydantic/pydantic-settings@v2.14.0...v2.14.1>

</details>

<details>
<summary>Kludex/python-multipart (python-multipart)</summary>

### [`v0.0.32`](https://github.com/Kludex/python-multipart/blob/HEAD/CHANGELOG.md#0032-2026-06-04)

[Compare Source](Kludex/python-multipart@0.0.31...0.0.32)

- Speed up partial-boundary scanning for CR/LF-dense part data [#&#8203;300](Kludex/python-multipart#300).

### [`v0.0.31`](https://github.com/Kludex/python-multipart/blob/HEAD/CHANGELOG.md#0031-2026-06-04)

[Compare Source](Kludex/python-multipart@0.0.30...0.0.31)

- Speed up multipart header parsing and callback dispatch [#&#8203;295](Kludex/python-multipart#295).
- Bound header field name size before validating [#&#8203;296](Kludex/python-multipart#296).
- Validate `Content-Length` is non-negative in `parse_form` [#&#8203;297](Kludex/python-multipart#297).

### [`v0.0.30`](https://github.com/Kludex/python-multipart/blob/HEAD/CHANGELOG.md#0030-2026-05-31)

[Compare Source](Kludex/python-multipart@0.0.29...0.0.30)

- Parse `application/x-www-form-urlencoded` bodies per the WHATWG URL standard, treating only `&` as a field separator [#&#8203;290](Kludex/python-multipart#290).
- Ignore RFC 2231/5987 extended parameters (`name*`, `filename*`) in `parse_options_header`, keeping the plain parameter authoritative per [RFC 7578 §4.2](https://datatracker.ietf.org/doc/html/rfc7578#section-4.2) [#&#8203;291](Kludex/python-multipart#291).

### [`v0.0.29`](https://github.com/Kludex/python-multipart/blob/HEAD/CHANGELOG.md#0029-2026-05-17)

[Compare Source](Kludex/python-multipart@0.0.28...0.0.29)

- Handle malformed RFC 2231 continuations in `parse_options_header` [#&#8203;270](Kludex/python-multipart#270).

### [`v0.0.28`](https://github.com/Kludex/python-multipart/blob/HEAD/CHANGELOG.md#0028-2026-05-10)

[Compare Source](Kludex/python-multipart@0.0.27...0.0.28)

- Speed up partial-boundary tail scan via `bytes.find` [#&#8203;281](Kludex/python-multipart#281).
- Cap multipart boundary length at 256 bytes [#&#8203;282](Kludex/python-multipart#282).

### [`v0.0.27`](https://github.com/Kludex/python-multipart/blob/HEAD/CHANGELOG.md#0027-2026-04-27)

[Compare Source](Kludex/python-multipart@0.0.26...0.0.27)

- Add multipart header limits [#&#8203;267](Kludex/python-multipart#267).
- Pass parse offsets via constructors [#&#8203;268](Kludex/python-multipart#268).

### [`v0.0.26`](https://github.com/Kludex/python-multipart/blob/HEAD/CHANGELOG.md#0026-2026-04-10)

[Compare Source](Kludex/python-multipart@0.0.25...0.0.26)

- Skip preamble before the first multipart boundary more efficiently [#&#8203;262](Kludex/python-multipart#262).
- Silently discard epilogue data after the closing multipart boundary [#&#8203;259](Kludex/python-multipart#259).

### [`v0.0.25`](https://github.com/Kludex/python-multipart/blob/HEAD/CHANGELOG.md#0025-2026-04-10)

[Compare Source](Kludex/python-multipart@0.0.24...0.0.25)

- Add MIME content type info to `File` [#&#8203;143](Kludex/python-multipart#143).
- Handle CTE values case-insensitively [#&#8203;258](Kludex/python-multipart#258).
- Remove custom `FormParser` classes [#&#8203;257](Kludex/python-multipart#257).
- Add `UPLOAD_DELETE_TMP` to `FormParser` config [#&#8203;254](Kludex/python-multipart#254).
- Emit `field_end` for trailing bare field names on finalize [#&#8203;230](Kludex/python-multipart#230).
- Handle multipart headers case-insensitively [#&#8203;252](Kludex/python-multipart#252).
- Apply Apache-2.0 properly [#&#8203;247](Kludex/python-multipart#247).

### [`v0.0.24`](https://github.com/Kludex/python-multipart/blob/HEAD/CHANGELOG.md#0024-2026-04-05)

[Compare Source](Kludex/python-multipart@0.0.23...0.0.24)

- Validate `chunk_size` in `parse_form()` [#&#8203;244](Kludex/python-multipart#244).

### [`v0.0.23`](https://github.com/Kludex/python-multipart/blob/HEAD/CHANGELOG.md#0023-2026-04-05)

[Compare Source](Kludex/python-multipart@0.0.22...0.0.23)

- Remove unused `trust_x_headers` parameter and `X-File-Name` fallback [#&#8203;196](Kludex/python-multipart#196).
- Return processed length from `QuerystringParser._internal_write` [#&#8203;229](Kludex/python-multipart#229).
- Cleanup metadata dunders from `__init__.py` [#&#8203;227](Kludex/python-multipart#227).

</details>

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box

---

This MR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMTAuMTYiLCJ1cGRhdGVkSW5WZXIiOiI0My4yNDYuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIiwicmVub3ZhdGUiXX0=-->

See merge request swiss-armed-forces/cyber-command/cea/loom!460

Co-authored-by: Loom MR Pipeline Trigger <group_103951964_bot_9504bb8dead6d4e406ad817a607f24be@noreply.gitlab.com>
Co-authored-by: shrewd-laidback palace <shrewd-laidback-palace-736-c41-2c1-e464fc974@swiss-armed-forces-open-source.ch>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant