chore(deps): bump the pip group across 12 directories with 7 updates

Open dependabot[bot] opened this issue 2 months ago • 2 comments

Bumps the pip group with 1 update in the /gemini/multimodal-live-api/project-livewire/server directory: requests. Bumps the pip group with 1 update in the /gemini/sample-apps/llamadeploy-on-cloud-run directory: llama-index. Bumps the pip group with 5 updates in the /gemini/sample-apps/quickbot/conversational-app-multi-playbook/backend directory:

Package	From	To
requests	`2.31.0`	`2.32.4`
gunicorn	`20.1.0`	`22.0.0`
urllib3	`1.26.16`	`2.5.0`
langchain-community	`0.3.1`	`0.3.27`
langchain-core	`0.3.9`	`0.3.15`

Bumps the pip group with 1 update in the /gemini/sample-apps/quickbot/conversational-app-multi-playbook/functions/create-intent directory: langchain-core. Bumps the pip group with 5 updates in the /gemini/sample-apps/quickbot/conversational-app-single-playbook/backend directory:

Package	From	To
requests	`2.31.0`	`2.32.4`
gunicorn	`20.1.0`	`22.0.0`
urllib3	`1.26.16`	`2.5.0`
langchain-community	`0.3.1`	`0.3.27`
langchain-core	`0.3.9`	`0.3.15`

Bumps the pip group with 1 update in the /gemini/sample-apps/quickbot/conversational-app-single-playbook/functions/create-intent directory: langchain-core. Bumps the pip group with 5 updates in the /gemini/sample-apps/quickbot/document-search-using-agent-builder/backend directory:

Package	From	To
requests	`2.31.0`	`2.32.4`
gunicorn	`20.1.0`	`22.0.0`
urllib3	`1.26.16`	`2.5.0`
langchain-community	`0.3.1`	`0.3.27`
langchain-core	`0.3.9`	`0.3.15`

Bumps the pip group with 4 updates in the /gemini/sample-apps/quickbot/image-background-changer-using-imagen3/backend directory: requests, gunicorn, urllib3 and pillow. Bumps the pip group with 3 updates in the /gemini/sample-apps/quickbot/linkedin-profile-image-generation-using-imagen3/backend directory: requests, gunicorn and urllib3. Bumps the pip group with 3 updates in the /gemini/sample-apps/quickbot/text-to-image-using-imagen3/backend directory: requests, gunicorn and urllib3. Bumps the pip group with 5 updates in the /gemini/sample-apps/quickbot/website-search-using-agent-builder/backend directory:

Package	From	To
requests	`2.31.0`	`2.32.4`
gunicorn	`20.1.0`	`22.0.0`
urllib3	`1.26.16`	`2.5.0`
langchain-community	`0.3.1`	`0.3.27`
langchain-core	`0.3.9`	`0.3.15`

Bumps the pip group with 2 updates in the /gemini/tuning/genai-mlops-tune-and-eval directory: requests and urllib3.

Updates requests from 2.32.3 to 2.32.4

Release notes

Sourced from requests's releases.

v2.32.4

2.32.4 (2025-06-10)

Security

CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file. (#6965)

Improvements

Numerous documentation improvements

Deprecations

Added support for pypy 3.11 for Linux and macOS. (#6926)

Dropped support for pypy 3.9 following its end of support. (#6926)

Changelog

Sourced from requests's changelog.

2.32.4 (2025-06-10)

Security

CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.

Improvements

Numerous documentation improvements

Deprecations

Added support for pypy 3.11 for Linux and macOS.

Dropped support for pypy 3.9 following its end of support.

Commits

021dc72 Polish up release tooling for last manual release
821770e Bump version and add release notes for v2.32.4
59f8aa2 Add netrc file search information to authentication documentation (#6876)
5b4b64c Add more tests to prevent regression of CVE 2024 47081
7bc4587 Add new test to check netrc auth leak (#6962)
96ba401 Only use hostname to do netrc lookup instead of netloc
7341690 Merge pull request #6951 from tswast/patch-1
6716d7c remove links
a7e1c74 Update docs/conf.py
c799b81 docs: fix dead links to kenreitz.org
Additional commits viewable in compare view

Updates requests from 2.32.3 to 2.32.4

Release notes

Sourced from requests's releases.

v2.32.4

2.32.4 (2025-06-10)

Security

CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file. (#6965)

Improvements

Numerous documentation improvements

Deprecations

Added support for pypy 3.11 for Linux and macOS. (#6926)

Dropped support for pypy 3.9 following its end of support. (#6926)

Changelog

Sourced from requests's changelog.

2.32.4 (2025-06-10)

Security

CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.

Improvements

Numerous documentation improvements

Deprecations

Added support for pypy 3.11 for Linux and macOS.

Dropped support for pypy 3.9 following its end of support.

Commits

021dc72 Polish up release tooling for last manual release
821770e Bump version and add release notes for v2.32.4
59f8aa2 Add netrc file search information to authentication documentation (#6876)
5b4b64c Add more tests to prevent regression of CVE 2024 47081
7bc4587 Add new test to check netrc auth leak (#6962)
96ba401 Only use hostname to do netrc lookup instead of netloc
7341690 Merge pull request #6951 from tswast/patch-1
6716d7c remove links
a7e1c74 Update docs/conf.py
c799b81 docs: fix dead links to kenreitz.org
Additional commits viewable in compare view

Updates requests from 2.32.3 to 2.32.4

Release notes

Sourced from requests's releases.

v2.32.4

2.32.4 (2025-06-10)

Security

CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file. (#6965)

Improvements

Numerous documentation improvements

Deprecations

Added support for pypy 3.11 for Linux and macOS. (#6926)

Dropped support for pypy 3.9 following its end of support. (#6926)

Changelog

Sourced from requests's changelog.

2.32.4 (2025-06-10)

Security

CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.

Improvements

Numerous documentation improvements

Deprecations

Added support for pypy 3.11 for Linux and macOS.

Dropped support for pypy 3.9 following its end of support.

Commits

021dc72 Polish up release tooling for last manual release
821770e Bump version and add release notes for v2.32.4
59f8aa2 Add netrc file search information to authentication documentation (#6876)
5b4b64c Add more tests to prevent regression of CVE 2024 47081
7bc4587 Add new test to check netrc auth leak (#6962)
96ba401 Only use hostname to do netrc lookup instead of netloc
7341690 Merge pull request #6951 from tswast/patch-1
6716d7c remove links
a7e1c74 Update docs/conf.py
c799b81 docs: fix dead links to kenreitz.org
Additional commits viewable in compare view

Updates requests from 2.32.3 to 2.32.4

Release notes

Sourced from requests's releases.

v2.32.4

2.32.4 (2025-06-10)

Security

CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file. (#6965)

Improvements

Numerous documentation improvements

Deprecations

Added support for pypy 3.11 for Linux and macOS. (#6926)

Dropped support for pypy 3.9 following its end of support. (#6926)

Changelog

Sourced from requests's changelog.

2.32.4 (2025-06-10)

Security

CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.

Improvements

Numerous documentation improvements

Deprecations

Added support for pypy 3.11 for Linux and macOS.

Dropped support for pypy 3.9 following its end of support.

Commits

021dc72 Polish up release tooling for last manual release
821770e Bump version and add release notes for v2.32.4
59f8aa2 Add netrc file search information to authentication documentation (#6876)
5b4b64c Add more tests to prevent regression of CVE 2024 47081
7bc4587 Add new test to check netrc auth leak (#6962)
96ba401 Only use hostname to do netrc lookup instead of netloc
7341690 Merge pull request #6951 from tswast/patch-1
6716d7c remove links
a7e1c74 Update docs/conf.py
c799b81 docs: fix dead links to kenreitz.org
Additional commits viewable in compare view

Updates requests from 2.32.3 to 2.32.4

Release notes

Sourced from requests's releases.

v2.32.4

2.32.4 (2025-06-10)

Security

CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file. (#6965)

Improvements

Numerous documentation improvements

Deprecations

Added support for pypy 3.11 for Linux and macOS. (#6926)

Dropped support for pypy 3.9 following its end of support. (#6926)

Changelog

Sourced from requests's changelog.

2.32.4 (2025-06-10)

Security

CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.

Improvements

Numerous documentation improvements

Deprecations

Added support for pypy 3.11 for Linux and macOS.

Dropped support for pypy 3.9 following its end of support.

Commits

021dc72 Polish up release tooling for last manual release
821770e Bump version and add release notes for v2.32.4
59f8aa2 Add netrc file search information to authentication documentation (#6876)
5b4b64c Add more tests to prevent regression of CVE 2024 47081
7bc4587 Add new test to check netrc auth leak (#6962)
96ba401 Only use hostname to do netrc lookup instead of netloc
7341690 Merge pull request #6951 from tswast/patch-1
6716d7c remove links
a7e1c74 Update docs/conf.py
c799b81 docs: fix dead links to kenreitz.org
Additional commits viewable in compare view

Updates requests from 2.32.3 to 2.32.4

Release notes

Sourced from requests's releases.

v2.32.4

2.32.4 (2025-06-10)

Security

CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file. (#6965)

Improvements

Numerous documentation improvements

Deprecations

Added support for pypy 3.11 for Linux and macOS. (#6926)

Dropped support for pypy 3.9 following its end of support. (#6926)

Changelog

Sourced from requests's changelog.

2.32.4 (2025-06-10)

Security

CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.

Improvements

Numerous documentation improvements

Deprecations

Added support for pypy 3.11 for Linux and macOS.

Dropped support for pypy 3.9 following its end of support.

Commits

021dc72 Polish up release tooling for last manual release
821770e Bump version and add release notes for v2.32.4
59f8aa2 Add netrc file search information to authentication documentation (#6876)
5b4b64c Add more tests to prevent regression of CVE 2024 47081
7bc4587 Add new test to check netrc auth leak (#6962)
96ba401 Only use hostname to do netrc lookup instead of netloc
7341690 Merge pull request #6951 from tswast/patch-1
6716d7c remove links
a7e1c74 Update docs/conf.py
c799b81 docs: fix dead links to kenreitz.org
Additional commits viewable in compare view

Updates requests from 2.32.3 to 2.32.4

Release notes

Sourced from requests's releases.

v2.32.4

2.32.4 (2025-06-10)

Security

CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file. (#6965)

Improvements

Numerous documentation improvements

Deprecations

Added support for pypy 3.11 for Linux and macOS. (#6926)

Dropped support for pypy 3.9 following its end of support. (#6926)

Changelog

Sourced from requests's changelog.

2.32.4 (2025-06-10)

Security

CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.

Improvements

Numerous documentation improvements

Deprecations

Added support for pypy 3.11 for Linux and macOS.

Dropped support for pypy 3.9 following its end of support.

Commits

021dc72 Polish up release tooling for last manual release
821770e Bump version and add release notes for v2.32.4
59f8aa2 Add netrc file search information to authentication documentation (#6876)
5b4b64c Add more tests to prevent regression of CVE 2024 47081
7bc4587 Add new test to check netrc auth leak (#6962)
96ba401 Only use hostname to do netrc lookup instead of netloc
7341690 Merge pull request #6951 from tswast/patch-1
6716d7c remove links
a7e1c74 Update docs/conf.py
c799b81 docs: fix dead links to kenreitz.org
Additional commits viewable in compare view

Updates requests from 2.32.3 to 2.32.4

Release notes

Sourced from requests's releases.

v2.32.4

2.32.4 (2025-06-10)

Security

CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file. (#6965)

Improvements

Numerous documentation improvements

Deprecations

Added support for pypy 3.11 for Linux and macOS. (#6926)

Dropped support for pypy 3.9 following its end of support. (#6926)

Changelog

Sourced from requests's changelog.

2.32.4 (2025-06-10)

Security

CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.

Improvements

Numerous documentation improvements

Deprecations

Added support for pypy 3.11 for Linux and macOS.

Dropped support for pypy 3.9 following its end of support.

Commits

021dc72 Polish up release tooling for last manual release
821770e Bump version and add release notes for v2.32.4
59f8aa2 Add netrc file search information to authentication documentation (#6876)
5b4b64c Add more tests to prevent regression of CVE 2024 47081
7bc4587 Add new test to check netrc auth leak (#6962)
96ba401 Only use hostname to do netrc lookup instead of netloc
7341690 Merge pull request #6951 from tswast/patch-1
6716d7c remove links
a7e1c74 Update docs/conf.py
c799b81 docs: fix dead links to kenreitz.org
Additional commits viewable in compare view

Updates requests from 2.32.3 to 2.32.4

Release notes

Sourced from requests's releases.

v2.32.4

2.32.4 (2025-06-10)

Security

CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file. (#6965)

Improvements

Numerous documentation improvements

Deprecations

Added support for pypy 3.11 for Linux and macOS. (#6926)

Dropped support for pypy 3.9 following its end of support. (#6926)

Changelog

Sourced from requests's changelog.

2.32.4 (2025-06-10)

Security

CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.

Improvements

Numerous documentation improvements

Deprecations

Added support for pypy 3.11 for Linux and macOS.

Dropped support for pypy 3.9 following its end of support.

Commits

021dc72 Polish up release tooling for last manual release
821770e Bump version and add release notes for v2.32.4
59f8aa2 Add netrc file search information to authentication documentation (#6876)
5b4b64c Add more tests to prevent regression of CVE 2024 47081
7bc4587 Add new test to check netrc auth leak (#6962)
96ba401 Only use hostname to do netrc lookup instead of netloc
7341690 Merge pull request #6951 from tswast/patch-1
6716d7c remove links
a7e1c74 Update docs/conf.py
c799b81 docs: fix dead links to kenreitz.org
Additional commits viewable in compare view

Updates llama-index from 0.12.28 to 0.12.41

Release notes

Sourced from llama-index's releases.

v0.12.41 (2025-06-07)

Release Notes

llama-index-core [0.12.41]

feat: Add MutableMappingKVStore for easier caching (#18893)

fix: async functions in tool specs (#19000)

fix: properly apply file limit to SimpleDirectoryReader (#18983)

fix: overwriting of LLM callback manager from Settings (#18951)

fix: Adding warning in the docstring of JsonPickleSerializer for the user to deserialize only safe things, rename to PickleSerializer (#18943)

fix: ImageDocument path and url checking to ensure that the input is really an image (#18947)

chore: remove some unused utils from core (#18985)

llama-index-embeddings-azure-openai [0.3.8]

fix: Azure api-key and azure-endpoint resolution fixes (#18975)

fix: api_base vs azure_endpoint resolution fixes (#19002)

llama-index-graph-stores-ApertureDB [0.1.0]

feat: Aperturedb propertygraph (#18749)

llama-index-indices-managed-llama-cloud [0.7.4]

fix: resolve retriever llamacloud index (#18949)

chore: composite retrieval add ReRankConfig (#18973)

llama-index-llms-azure-openai [0.3.4]

fix: api_base vs azure_endpoint resolution fixes (#19002)

llama-index-llms-bedrock-converse [0.7.1]

fix: handle empty message content to prevent ValidationError (#18914)

llama-index-llms-litellm [0.5.1]

feat: Add DocumentBlock support to LiteLLM integration (#18955)

llama-index-llms-ollama [0.6.2]

feat: Add support for the new think feature in ollama (#18993)

llama-index-llms-openai [0.4.4]

feat: add OpenAI JSON Schema structured output support (#18897)

fix: skip tool description length check in openai response api (#18956)

llama-index-packs-searchain [0.1.0]

... (truncated)

Changelog

Sourced from llama-index's changelog.

llama-index-core [0.12.41]

feat: Add MutableMappingKVStore for easier caching (#18893)

fix: async functions in tool specs (#19000)

fix: properly apply file limit to SimpleDirectoryReader (#18983)

fix: overwriting of LLM callback manager from Settings (#18951)

fix: Adding warning in the docstring of JsonPickleSerializer for the user to deserialize only safe things, rename to PickleSerializer (#18943)

fix: ImageDocument path and url checking to ensure that the input is really an image (#18947)

chore: remove some unused utils from core (#18985)

llama-index-embeddings-azure-openai [0.3.8]

fix: Azure api-key and azure-endpoint resolution fixes (#18975)

fix: api_base vs azure_endpoint resolution fixes (#19002)

llama-index-graph-stores-ApertureDB [0.1.0]

feat: Aperturedb propertygraph (#18749)

llama-index-indices-managed-llama-cloud [0.7.4]

fix: resolve retriever llamacloud index (#18949)

chore: composite retrieval add ReRankConfig (#18973)

llama-index-llms-azure-openai [0.3.4]

fix: api_base vs azure_endpoint resolution fixes (#19002)

llama-index-llms-bedrock-converse [0.7.1]

fix: handle empty message content to prevent ValidationError (#18914)

llama-index-llms-litellm [0.5.1]

feat: Add DocumentBlock support to LiteLLM integration (#18955)

llama-index-llms-ollama [0.6.2]

feat: Add support for the new think feature in ollama (#18993)

llama-index-llms-openai [0.4.4]

feat: add OpenAI JSON Schema structured output support (#18897)

fix: skip tool description length check in openai response api (#18956)

llama-index-packs-searchain [0.1.0]

feat: Add searchain package (#18929)

llama-index-readers-docugami [0.3.1]

... (truncated)

Commits

98739a6 v0.12.41 (#19002)
aff1065 fix: async functions in tool specs (#19000)
fa00eb7 actually format the args into a start event instance (#19001)
0fb1351 Add support for the new think feature in ollama 0.9 (#18993)
c68be03 Update custom_multi_turn_memory.ipynb (#18994)
c1cd863 ElevenLabs integration (#18967)
2b7dbf3 docs: update resources docs (#18991)
3093dab Adding Docs for resources (#18980)
53614e2 Prevent SimpleDirectoryReader from excessive memory consumption (#18983)
5d8280c llama-index-readers-gcs: Allow newer versions of gcsfs (#18987)
Additional commits viewable in compare view

Updates requests from 2.31.0 to 2.32.4

Release notes

Sourced from requests's releases.

v2.32.4

2.32.4 (2025-06-10)

Security

CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file. (#6965)

Improvements

Numerous documentation improvements

Deprecations

Added support for pypy 3.11 for Linux and macOS. (#6926)

Dropped support for pypy 3.9 following its end of support. (#6926)

Changelog

Sourced from requests's changelog.

2.32.4 (2025-06-10)

Security

CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.

Improvements

Numerous documentation improvements

Deprecations

Added support for pypy 3.11 for Linux and macOS.

Dropped support for pypy 3.9 following its end of support.

Commits

021dc72 Polish up release tooling for last manual release
821770e Bump version and add release notes for v2.32.4
59f8aa2 Add netrc file search information to authentication documentation (#6876)
5b4b64c Add more tests to prevent regression of CVE 2024 47081
7bc4587 Add new test to check netrc auth leak (#6962)
96ba401 Only use hostname to do netrc lookup instead of netloc
7341690 Merge pull request #6951 from tswast/patch-1
6716d7c remove links
a7e1c74 Update docs/conf.py
c799b81 docs: fix dead links to kenreitz.org
Additional commits viewable in compare view

Updates gunicorn from 20.1.0 to 22.0.0

Release notes

Sourced from gunicorn's releases.

Gunicorn 22.0 has been released

Gunicorn 22.0.0 has been released. This version fix the numerous security vulnerabilities. You're invited to upgrade asap your own installation.

Changes:

22.0.0 - 2024-04-17
===================

use utime to notify workers liveness
migrate setup to pyproject.toml
fix numerous security vulnerabilities in HTTP parser (closing some request smuggling vectors)
parsing additional requests is no longer attempted past unsupported request framing
on HTTP versions < 1.1 support for chunked transfer is refused (only used in exploits)
requests conflicting configured or passed SCRIPT_NAME now produce a verbose error
Trailer fields are no longer inspected for headers indicating secure scheme
support Python 3.12

** Breaking changes **

minimum version is Python 3.7
the limitations on valid characters in the HTTP method have been bounded to Internet Standards
requests specifying unsupported transfer coding (order) are refused by default (rare)
HTTP methods are no longer casefolded by default (IANA method registry contains none affected)
HTTP methods containing the number sign (#) are no longer accepted by default (rare)
HTTP versions < 1.0 or >= 2.0 are no longer accepted by default (rare, only HTTP/1.1 is supported)
HTTP versions consisting of multiple digits or containing a prefix/suffix are no longer accepted
HTTP header field names Gunicorn cannot safely map to variables are silently dropped, as in other software
HTTP headers with empty field name are refused by default (no legitimate use cases, used in exploits)
requests with both Transfer-Encoding and Content-Length are refused by default (such a message might indicate an attempt to perform request smuggling)
empty transfer codings are no longer permitted (reportedly seen with really old & broken proxies)

** SECURITY **

fix CVE-2024-1135

Documentation is available there: https://docs.gunicorn.org/en/stable/news.html
Packages: https://pypi.org/project/gunicorn/

Gunicorn 21.2.0 has been released

Gunicorn 21.2.0 has been released. This version fix the issue introduced in the threaded worker.

Changes:

21.2.0 - 2023-07-19
===================
fix thread worker: revert change considering connection as idle .
</tr></table>

... (truncated)

Commits

f63d59e bump to 22.0
4ac81e0 Merge pull request #3175 from e-kwsm/typo
401cecf Merge pull request #3179 from dhdaines/exclude-eventlet-0360
0243ec3 fix(deps): exclude eventlet 0.36.0
628a0bc chore: fix typos
88fc4a4 Merge pull request #3131 from pajod/patch-py12-rebased
deae2fc CI: back off the agressive timeout
f470382 docs: promise 3.12 compat
5e30bfa add changelog to project.urls (updated for PEP621)
481c3f9 remove setup.cfg - overridden by pyproject.toml
Additional commits viewable in compare view

Updates urllib3 from 1.26.16 to 2.5.0

Release notes

Sourced from urllib3's releases.

2.5.0

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Security issues

urllib3 2.5.0 fixes two moderate security issues:

Pool managers now properly control redirects when retries is passed — CVE-2025-50181 reported by @sandumjacob (5.3 Medium, GHSA-pq67-6m6q-mj2v)

Redirects are now controlled by urllib3 in the Node.js runtime — CVE-2025-50182 (5.3 Medium, GHSA-48p4-8xcf-vxj5)

Features

Added support for the compression.zstd module that is new in Python 3.14. See PEP 784 for more information. (#3610)

Added support for version 0.5 of hatch-vcs (#3612)

Bugfixes

Raised exception for HTTPResponse.shutdown on a connection already released to the pool. (#3581)

Fixed incorrect CONNECT statement when using an IPv6 proxy with connection_from_host. Previously would not be wrapped in []. (#3615)

2.4.0

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Features

Applied PEP 639 by specifying the license fields in pyproject.toml. (#3522)

Updated exceptions to save and restore more properties during the pickle/serialization process. (#3567)

Added verify_flags option to create_urllib3_context with a default of VERIFY_X509_PARTIAL_CHAIN and VERIFY_X509_STRICT for Python 3.13+. (#3571)

Bugfixes

Fixed a bug with partial reads of streaming data in Emscripten. (#3555)

Misc

Switched to uv for installing development dependecies. (#3550)

Removed the multiple.intoto.jsonl asset from GitHub releases. Attestation of release files since v2.3.0 can be found on PyPI. (#3566)

2.3.0

... (truncated)

Changelog

Sourced from urllib3's changelog.

2.5.0 (2025-06-18)

Features

Added support for the compression.zstd module that is new in Python 3.14. See PEP 784 <https://peps.python.org/pep-0784/>_ for more information. ([#3610](https://github.com/urllib3/urllib3/issues/3610) <https://github.com/urllib3/urllib3/issues/3610>__)

Added support for version 0.5 of hatch-vcs ([#3612](https://github.com/urllib3/urllib3/issues/3612) <https://github.com/urllib3/urllib3/issues/3612>__)

Bugfixes

Fixed a security issue where restricting the maximum number of followed redirects at the urllib3.PoolManager level via the retries parameter did not work.

Made the Node.js runtime respect redirect parameters such as retries and redirects.

Raised exception for HTTPResponse.shutdown on a connection already released to the pool. ([#3581](https://github.com/urllib3/urllib3/issues/3581) <https://github.com/urllib3/urllib3/issues/3581>__)

Fixed incorrect CONNECT statement when using an IPv6 proxy with connection_from_host. Previously would not be wrapped in []. ([#3615](https://github.com/urllib3/urllib3/issues/3615) <https://github.com/urllib3/urllib3/issues/3615>__)

2.4.0 (2025-04-10)

Features

Applied PEP 639 by specifying the license fields in pyproject.toml. ([#3522](https://github.com/urllib3/urllib3/issues/3522) <https://github.com/urllib3/urllib3/issues/3522>__)

Updated exceptions to save and restore more properties during the pickle/serialization process. ([#3567](https://github.com/urllib3/urllib3/issues/3567) <https://github.com/urllib3/urllib3/issues/3567>__)

Added verify_flags option to create_urllib3_context with a default of VERIFY_X509_PARTIAL_CHAIN and VERIFY_X509_STRICT for Python 3.13+. ([#3571](https://github.com/urllib3/urllib3/issues/3571) <https://github.com/urllib3/urllib3/issues/3571>__)

Bugfixes

Fixed a bug with partial reads of streaming data in Emscripten. ([#3555](https://github.com/urllib3/urllib3/issues/3555) <https://github.com/urllib3/urllib3/issues/3555>__)

Misc

Switched to uv for installing development dependecies. ([#3550](https://github.com/urllib3/urllib3/issues/3550) <https://github.com/urllib3/urllib3/issues/3550>__)

Removed the multiple.intoto.jsonl asset from GitHub releases. Attestation of release files since v2.3.0 can be found on PyPI. ([#3566](https://github.com/urllib3/urllib3/issues/3566) <https://github.com/urllib3/urllib3/issues/3566>__)

2.3.0 (2024-12-22)

... (truncated)

Commits

aaab4ec Release 2.5.0
7eb4a2a Merge commit from fork
f05b132 Merge commit from fork
d03fe32 Fix HTTP tunneling with IPv6 in older Python versions
11661e9 Bump github/codeql-action from 3.28.0 to 3.29.0 (#3624)

Oct 06 '25 20:10 dependabot[bot]

Dependabot couldn't find a genai-mlops-tune-and-eval. Because of this, Dependabot cannot update this pull request.

Oct 07 '25 07:10 dependabot[bot]

@dependabot rebase

Oct 07 '25 15:10 holtskinner

chore(deps): bump the pip group across 12 directories with 7 updates

v2.32.4

2.32.4 (2025-06-10)

2.32.4 (2025-06-10)

v2.32.4

2.32.4 (2025-06-10)

2.32.4 (2025-06-10)

v2.32.4

2.32.4 (2025-06-10)

2.32.4 (2025-06-10)

v2.32.4

2.32.4 (2025-06-10)

2.32.4 (2025-06-10)

v2.32.4

2.32.4 (2025-06-10)

2.32.4 (2025-06-10)

v2.32.4

2.32.4 (2025-06-10)

2.32.4 (2025-06-10)

v2.32.4

2.32.4 (2025-06-10)

2.32.4 (2025-06-10)

v2.32.4

2.32.4 (2025-06-10)

2.32.4 (2025-06-10)

v2.32.4

2.32.4 (2025-06-10)

2.32.4 (2025-06-10)

v0.12.41 (2025-06-07)

Release Notes

llama-index-core [0.12.41]

llama-index-embeddings-azure-openai [0.3.8]

llama-index-graph-stores-ApertureDB [0.1.0]

llama-index-indices-managed-llama-cloud [0.7.4]

llama-index-llms-azure-openai [0.3.4]

llama-index-llms-bedrock-converse [0.7.1]

llama-index-llms-litellm [0.5.1]

llama-index-llms-ollama [0.6.2]

llama-index-llms-openai [0.4.4]

llama-index-packs-searchain [0.1.0]

llama-index-core [0.12.41]

llama-index-embeddings-azure-openai [0.3.8]

llama-index-graph-stores-ApertureDB [0.1.0]

llama-index-indices-managed-llama-cloud [0.7.4]

llama-index-llms-azure-openai [0.3.4]

llama-index-llms-bedrock-converse [0.7.1]

llama-index-llms-litellm [0.5.1]

llama-index-llms-ollama [0.6.2]

llama-index-llms-openai [0.4.4]

llama-index-packs-searchain [0.1.0]

llama-index-readers-docugami [0.3.1]

v2.32.4

2.32.4 (2025-06-10)

2.32.4 (2025-06-10)

Gunicorn 22.0 has been released

Gunicorn 21.2.0 has been released

2.5.0

🚀 urllib3 is fundraising for HTTP/2 support

Security issues

Features

Bugfixes

2.4.0

🚀 urllib3 is fundraising for HTTP/2 support

Features

Bugfixes

Misc

2.3.0

2.5.0 (2025-06-18)

Features

Bugfixes

2.4.0 (2025-04-10)

Features

Bugfixes

Misc

2.3.0 (2024-12-22)

`llama-index-core` [0.12.41]

`llama-index-embeddings-azure-openai` [0.3.8]

`llama-index-graph-stores-ApertureDB` [0.1.0]

`llama-index-indices-managed-llama-cloud` [0.7.4]

`llama-index-llms-azure-openai` [0.3.4]

`llama-index-llms-bedrock-converse` [0.7.1]

`llama-index-llms-litellm` [0.5.1]

`llama-index-llms-ollama` [0.6.2]

`llama-index-llms-openai` [0.4.4]

`llama-index-packs-searchain` [0.1.0]

`llama-index-core` [0.12.41]

`llama-index-embeddings-azure-openai` [0.3.8]

`llama-index-graph-stores-ApertureDB` [0.1.0]

`llama-index-indices-managed-llama-cloud` [0.7.4]

`llama-index-llms-azure-openai` [0.3.4]

`llama-index-llms-bedrock-converse` [0.7.1]

`llama-index-llms-litellm` [0.5.1]

`llama-index-llms-ollama` [0.6.2]

`llama-index-llms-openai` [0.4.4]

`llama-index-packs-searchain` [0.1.0]

`llama-index-readers-docugami` [0.3.1]