Skip to content

build(deps): bump the pip group across 25 directories with 2 updates#37

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/basicmessage_storage/pip-82638878dc
Closed

build(deps): bump the pip group across 25 directories with 2 updates#37
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/basicmessage_storage/pip-82638878dc

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Mar 27, 2026

Bumps the pip group with 1 update in the /basicmessage_storage directory: ecdsa.
Bumps the pip group with 1 update in the /basicmessage_storage/integration directory: requests.
Bumps the pip group with 1 update in the /cheqd/integration directory: requests.
Bumps the pip group with 1 update in the /connection_update directory: ecdsa.
Bumps the pip group with 1 update in the /connection_update/integration directory: requests.
Bumps the pip group with 1 update in the /connections directory: ecdsa.
Bumps the pip group with 1 update in the /connections/integration directory: requests.
Bumps the pip group with 1 update in the /firebase_push_notifications directory: ecdsa.
Bumps the pip group with 1 update in the /firebase_push_notifications/integration directory: requests.
Bumps the pip group with 1 update in the /hedera directory: ecdsa.
Bumps the pip group with 1 update in the /hedera/integration directory: requests.
Bumps the pip group with 1 update in the /multitenant_provider directory: ecdsa.
Bumps the pip group with 1 update in the /multitenant_provider/integration directory: requests.
Bumps the pip group with 1 update in the /oid4vc directory: ecdsa.
Bumps the pip group with 1 update in the /oid4vc/integration directory: requests.
Bumps the pip group with 1 update in the /plugin_globals directory: ecdsa.
Bumps the pip group with 1 update in the /plugin_globals/integration directory: requests.
Bumps the pip group with 1 update in the /redis_events directory: ecdsa.
Bumps the pip group with 1 update in the /redis_events/integration directory: requests.
Bumps the pip group with 1 update in the /rpc directory: ecdsa.
Bumps the pip group with 1 update in the /rpc/integration directory: requests.
Bumps the pip group with 1 update in the /status_list directory: ecdsa.
Bumps the pip group with 1 update in the /status_list/integration directory: requests.
Bumps the pip group with 1 update in the /webvh directory: ecdsa.
Bumps the pip group with 1 update in the /webvh/integration directory: requests.

Updates ecdsa from 0.19.1 to 0.19.2

Release notes

Sourced from ecdsa's releases.

0.19.2

Bug fixes:

  • Fix CVE-2026-33936, a DER parsing issue in remove_octet_string(), remove_constructed(), and remove_implitic() where a truncated buffer wasn't detected. This can lead to high level functions, like SigningKey.from_der() to raise unexpected exceptions. (Mohamed Abdelaal (0xmrma))

Maintenance:

  • Update CI to use newer version of Ubuntu.
Changelog

Sourced from ecdsa's changelog.

  • Release 0.19.2 (26 Mar 2026)

Bug fixes:

  • Fix CVE-2026-33936, a DER parsing issue in remove_octet_string(), remove_constructed(), and remove_implitic() where a truncated buffer wasn't detected. This can lead to high level functions, like SigningKey.from_der() to raise unexpected exceptions. (Mohamed Abdelaal (0xmrma))

Maintenance:

  • Update CI to use newer version of Ubuntu.

  • Release 0.19.1 (13 Mar 2025)

New API:

  • der.remove_implitic and der.encode_implicit for decoding and encoding DER IMPLICIT values with custom tag values and arbitrary classes

Bug fixes:

  • Minor fixes around arithmetic with curves that have non-prime order (useful for experimentation, not practical deployments)
  • Fix arithmetic to work with curves that have (0, 0) on the curve
  • Fix canonicalization of signatures when s is just slightly above half of curve order

Maintenance:

  • Dropped official support for Python 3.5 (again, issues with CI, support for Python 2.6 and Python 2.7 is unchanged)

  • Officialy support Python 3.12 and 3.13 (add them to CI)

  • Removal of few more unnecessary six.b literals (Alexandre Detiste)

  • Fix typos in warning messages

  • Release 0.19.0 (08 Apr 2024)

New API:

  • to_ssh in VerifyingKey and SigningKey, supports Ed25519 keys only (Pablo Mazzini)

New features:

  • Support for twisted Brainpool curves

Doc fix:

  • Fix curve equation in glossary
  • Documentation for signature encoding and signature decoding functions

Maintenance:

  • Dropped official support for 3.3 and 3.4 (because of problems running them in CI, not because it's actually incompatible; support for 2.6 and 2.7 is

... (truncated)

Commits
  • bd66899 Merge commit from fork
  • 9c046ee tests: reject truncated DER lengths
  • acc40fd der: reject truncated lengths in octet/implicit/constructed
  • 55aca78 Merge pull request #363 from gstarovo/ubuntu20-deprecation
  • c4f0df1 chore: change to ubuntu-22 since u-20 is deprecated
  • See full diff in compare view

Updates requests from 2.32.4 to 2.33.0

Release notes

Sourced from requests's releases.

v2.33.0

2.33.0 (2026-03-25)

Announcements

  • 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

  • CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

  • Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

  • Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

  • Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

  • Various typo fixes and doc improvements.

New Contributors

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25

v2.32.5

2.32.5 (2025-08-18)

Bugfixes

  • The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

  • Added support for Python 3.14.
  • Dropped support for Python 3.8 following its end of support.
Changelog

Sourced from requests's changelog.

2.33.0 (2026-03-25)

Announcements

  • 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

  • CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

  • Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

  • Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

  • Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

  • Various typo fixes and doc improvements.

2.32.5 (2025-08-18)

Bugfixes

  • The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

  • Added support for Python 3.14.
  • Dropped support for Python 3.8 following its end of support.
Commits
  • bc04dfd v2.33.0
  • 66d21cb Merge commit from fork
  • 8b9bc8f Move badges to top of README (#7293)
  • e331a28 Remove unused extraction call (#7292)
  • 753fd08 docs: fix FAQ grammar in httplib2 example
  • 774a0b8 docs(socks): same block as other sections
  • 9c72a41 Bump github/codeql-action from 4.33.0 to 4.34.1
  • ebf7190 Bump github/codeql-action from 4.32.0 to 4.33.0
  • 0e4ae38 docs: exclude Response.is_permanent_redirect from API docs (#7244)
  • d568f47 docs: clarify Quickstart POST example (#6960)
  • Additional commits viewable in compare view

Updates requests from 2.32.4 to 2.33.0

Release notes

Sourced from requests's releases.

v2.33.0

2.33.0 (2026-03-25)

Announcements

  • 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

  • CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

  • Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

  • Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

  • Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

  • Various typo fixes and doc improvements.

New Contributors

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25

v2.32.5

2.32.5 (2025-08-18)

Bugfixes

  • The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

  • Added support for Python 3.14.
  • Dropped support for Python 3.8 following its end of support.
Changelog

Sourced from requests's changelog.

2.33.0 (2026-03-25)

Announcements

  • 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

  • CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

  • Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

  • Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

  • Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

  • Various typo fixes and doc improvements.

2.32.5 (2025-08-18)

Bugfixes

  • The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

  • Added support for Python 3.14.
  • Dropped support for Python 3.8 following its end of support.
Commits
  • bc04dfd v2.33.0
  • 66d21cb Merge commit from fork
  • 8b9bc8f Move badges to top of README (#7293)
  • e331a28 Remove unused extraction call (#7292)
  • 753fd08 docs: fix FAQ grammar in httplib2 example
  • 774a0b8 docs(socks): same block as other sections
  • 9c72a41 Bump github/codeql-action from 4.33.0 to 4.34.1
  • ebf7190 Bump github/codeql-action from 4.32.0 to 4.33.0
  • 0e4ae38 docs: exclude Response.is_permanent_redirect from API docs (#7244)
  • d568f47 docs: clarify Quickstart POST example (#6960)
  • Additional commits viewable in compare view

Updates ecdsa from 0.19.1 to 0.19.2

Release notes

Sourced from ecdsa's releases.

0.19.2

Bug fixes:

  • Fix CVE-2026-33936, a DER parsing issue in remove_octet_string(), remove_constructed(), and remove_implitic() where a truncated buffer wasn't detected. This can lead to high level functions, like SigningKey.from_der() to raise unexpected exceptions. (Mohamed Abdelaal (0xmrma))

Maintenance:

  • Update CI to use newer version of Ubuntu.
Changelog

Sourced from ecdsa's changelog.

  • Release 0.19.2 (26 Mar 2026)

Bug fixes:

  • Fix CVE-2026-33936, a DER parsing issue in remove_octet_string(), remove_constructed(), and remove_implitic() where a truncated buffer wasn't detected. This can lead to high level functions, like SigningKey.from_der() to raise unexpected exceptions. (Mohamed Abdelaal (0xmrma))

Maintenance:

  • Update CI to use newer version of Ubuntu.

  • Release 0.19.1 (13 Mar 2025)

New API:

  • der.remove_implitic and der.encode_implicit for decoding and encoding DER IMPLICIT values with custom tag values and arbitrary classes

Bug fixes:

  • Minor fixes around arithmetic with curves that have non-prime order (useful for experimentation, not practical deployments)
  • Fix arithmetic to work with curves that have (0, 0) on the curve
  • Fix canonicalization of signatures when s is just slightly above half of curve order

Maintenance:

  • Dropped official support for Python 3.5 (again, issues with CI, support for Python 2.6 and Python 2.7 is unchanged)

  • Officialy support Python 3.12 and 3.13 (add them to CI)

  • Removal of few more unnecessary six.b literals (Alexandre Detiste)

  • Fix typos in warning messages

  • Release 0.19.0 (08 Apr 2024)

New API:

  • to_ssh in VerifyingKey and SigningKey, supports Ed25519 keys only (Pablo Mazzini)

New features:

  • Support for twisted Brainpool curves

Doc fix:

  • Fix curve equation in glossary
  • Documentation for signature encoding and signature decoding functions

Maintenance:

  • Dropped official support for 3.3 and 3.4 (because of problems running them in CI, not because it's actually incompatible; support for 2.6 and 2.7 is

... (truncated)

Commits
  • bd66899 Merge commit from fork
  • 9c046ee tests: reject truncated DER lengths
  • acc40fd der: reject truncated lengths in octet/implicit/constructed
  • 55aca78 Merge pull request #363 from gstarovo/ubuntu20-deprecation
  • c4f0df1 chore: change to ubuntu-22 since u-20 is deprecated
  • See full diff in compare view

Updates requests from 2.32.4 to 2.33.0

Release notes

Sourced from requests's releases.

v2.33.0

2.33.0 (2026-03-25)

Announcements

  • 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

  • CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

  • Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

  • Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

  • Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

  • Various typo fixes and doc improvements.

New Contributors

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25

v2.32.5

2.32.5 (2025-08-18)

Bugfixes

  • The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

  • Added support for Python 3.14.
  • Dropped support for Python 3.8 following its end of support.
Changelog

Sourced from requests's changelog.

2.33.0 (2026-03-25)

Announcements

  • 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

  • CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

  • Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

  • Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

  • Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

  • Various typo fixes and doc improvements.

2.32.5 (2025-08-18)

Bugfixes

  • The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

  • Added support for Python 3.14.
  • Dropped support for Python 3.8 following its end of support.
Commits
  • bc04dfd v2.33.0
  • 66d21cb Merge commit from fork
  • 8b9bc8f Move badges to top of README (#7293)
  • e331a28 Remove unused extraction call (#7292)
  • 753fd08 docs: fix FAQ grammar in httplib2 example
  • 774a0b8 docs(socks): same block as other sections
  • 9c72a41 Bump github/codeql-action from 4.33.0 to 4.34.1
  • ebf7190 Bump github/codeql-action from 4.32.0 to 4.33.0
  • 0e4ae38 docs: exclude Response.is_permanent_redirect from API docs (#7244)
  • d568f47 docs: clarify Quickstart POST example (#6960)
  • Additional commits viewable in compare view

Updates ecdsa from 0.19.1 to 0.19.2

Release notes

Sourced from ecdsa's releases.

0.19.2

Bug fixes:

  • Fix CVE-2026-33936, a DER parsing issue in remove_octet_string(), remove_constructed(), and remove_implitic() where a truncated buffer wasn't detected. This can lead to high level functions, like SigningKey.from_der() to raise unexpected exceptions. (Mohamed Abdelaal (0xmrma))

Maintenance:

  • Update CI to use newer version of Ubuntu.
Changelog

Sourced from ecdsa's changelog.

  • Release 0.19.2 (26 Mar 2026)

Bug fixes:

  • Fix CVE-2026-33936, a DER parsing issue in remove_octet_string(), remove_constructed(), and remove_implitic() where a truncated buffer wasn't detected. This can lead to high level functions, like SigningKey.from_der() to raise unexpected exceptions. (Mohamed Abdelaal (0xmrma))

Maintenance:

  • Update CI to use newer version of Ubuntu.

  • Release 0.19.1 (13 Mar 2025)

New API:

  • der.remove_implitic and der.encode_implicit for decoding and encoding DER IMPLICIT values with custom tag values and arbitrary classes

Bug fixes:

  • Minor fixes around arithmetic with curves that have non-prime order (useful for experimentation, not practical deployments)
  • Fix arithmetic to work with curves that have (0, 0) on the curve
  • Fix canonicalization of signatures when s is just slightly above half of curve order

Maintenance:

  • Dropped official support for Python 3.5 (again, issues with CI, support for Python 2.6 and Python 2.7 is unchanged)

  • Officialy support Python 3.12 and 3.13 (add them to CI)

  • Removal of few more unnecessary six.b literals (Alexandre Detiste)

  • Fix typos in warning messages

  • Release 0.19.0 (08 Apr 2024)

New API:

  • to_ssh in VerifyingKey and SigningKey, supports Ed25519 keys only (Pablo Mazzini)

New features:

  • Support for twisted Brainpool curves

Doc fix:

  • Fix curve equation in glossary
  • Documentation for signature encoding and signature decoding functions

Maintenance:

  • Dropped official support for 3.3 and 3.4 (because of problems running them in CI, not because it's actually incompatible; support for 2.6 and 2.7 is

... (truncated)

Commits
  • bd66899 Merge commit from fork
  • 9c046ee tests: reject truncated DER lengths
  • acc40fd der: reject truncated lengths in octet/implicit/constructed
  • 55aca78 Merge pull request #363 from gstarovo/ubuntu20-deprecation
  • c4f0df1 chore: change to ubuntu-22 since u-20 is deprecated
  • See full diff in compare view

Updates requests from 2.32.4 to 2.33.0

Release notes

Sourced from requests's releases.

v2.33.0

2.33.0 (2026-03-25)

Announcements

  • 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

  • CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

  • Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

  • Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

  • Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

  • Various typo fixes and doc improvements.

New Contributors

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25

v2.32.5

2.32.5 (2025-08-18)

Bugfixes

  • The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

  • Added support for Python 3.14.
  • Dropped support for Python 3.8 following its end of support.
Changelog

Sourced from requests's changelog.

2.33.0 (2026-03-25)

Announcements

  • 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

  • CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

  • Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

  • Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

  • Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

  • Various typo fixes and doc improvements.

2.32.5 (2025-08-18)

Bugfixes

  • The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

  • Added support for Python 3.14.
  • Dropped support for Python 3.8 following its end of support.
Commits
  • bc04dfd v2.33.0
  • 66d21cb Merge commit from fork
  • 8b9bc8f Move badges to top of README (#7293)
  • e331a28 Remove unused extraction call (#7292)
  • 753fd08 docs: fix FAQ grammar in httplib2 example
  • 774a0b8 docs(socks): same block as other sections
  • 9c72a41 Bump github/codeql-action from 4.33.0 to 4.34.1
  • ebf7190 Bump github/codeql-action from 4.32.0 to 4.33.0
  • 0e4ae38 docs: exclude Response.is_permanent_redirect from API docs (#7244)
  • d568f47 docs: clarify Quickstart POST example (#6960)
  • Additional commits viewable in compare view

Updates ecdsa from 0.19.1 to 0.19.2

Release notes

Sourced from ecdsa's releases.

0.19.2

Bug fixes:

  • Fix CVE-2026-33936, a DER parsing issue in remove_octet_string(), remove_constructed(), and remove_implitic() where a truncated buffer wasn't detected. This can lead to high level functions, like SigningKey.from_der() to raise unexpected exceptions. (Mohamed Abdelaal (0xmrma))

Maintenance:

  • Update CI to use newer version of Ubuntu.
Changelog

Sourced from ecdsa's changelog.

  • Release 0.19.2 (26 Mar 2026)

Bug fixes:

  • Fix CVE-2026-33936, a DER parsing issue in remove_octet_string(), remove_constructed(), and remove_implitic() where a truncated buffer wasn't detected. This can lead to high level functions, like SigningKey.from_der() to raise unexpected exceptions. (Mohamed Abdelaal (0xmrma))

Maintenance:

  • Update CI to use newer version of Ubuntu.

  • Release 0.19.1 (13 Mar 2025)

New API:

  • der.remove_implitic and der.encode_implicit for decoding and encoding DER IMPLICIT values with custom tag values and arbitrary classes

Bug fixes:

  • Minor fixes around arithmetic with curves that have non-prime order (useful for experimentation, not practical deployments)
  • Fix arithmetic to work with curves that have (0, 0) on the curve
  • Fix canonicalization of signatures when s is just slightly above half of curve order

Maintenance:

  • Dropped official support for Python 3.5 (again, issues with CI, support for Python 2.6 and Python 2.7 is unchanged)

  • Officialy support Python 3.12 and 3.13 (add them to CI)

  • Removal of few more unnecessary six.b literals (Alexandre Detiste)

  • Fix typos in warning messages

  • Release 0.19.0 (08 Apr 2024)

New API:

  • to_ssh in VerifyingKey and SigningKey, supports Ed25519 keys only (Pablo Mazzini)

New features:

  • Support for twisted Brainpool curves

Doc fix:

  • Fix curve equation in glossary
  • Documentation for signature encoding and signature decoding functions

Maintenance:

  • Dropped official support for 3.3 and 3.4 (because of problems running them in CI, not because it's actually incompatible; support for 2.6 and 2.7 is

... (truncated)

Commits
  • bd66899 Merge commit from fork
  • 9c046ee tests: reject truncated DER lengths
  • acc40fd der: reject truncated lengths in octet/implicit/constructed
  • 55aca78 Merge pull request #363 from gstarovo/ubuntu20-deprecation
  • c4f0df1 chore: change to ubuntu-22 since u-20 is deprecated
  • See full diff in compare view

Updates requests from 2.32.4 to 2.33.0

Release notes

Sourced from requests's releases.

v2.33.0

2.33.0 (2026-03-25)

Announcements

  • 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

  • CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

  • Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

  • Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

  • Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

  • Various typo fixes and doc improvements.

New Contributors

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25

v2.32.5

2.32.5 (2025-08-18)

Bugfixes

  • The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

  • Added support for Python 3.14.
  • Dropped support for Python 3.8 following its end of support.
Changelog

Sourced from requests's changelog.

2.33.0 (2026-03-25)

Announcements

  • 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

  • CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

  • Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

  • Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

  • Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

  • Various typo fixes and doc improvements.

2.32.5 (2025-08-18)

Bugfixes

  • The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

  • Added support for Python 3.14.
  • Dropped support for Python 3.8 following its end of support.
Commits
  • bc04dfd v2.33.0
  • 66d21cb Merge commit from fork
  • 8b9bc8f Move badges to top of README (#7293)
  • e331a28 Remove unused extraction call (#7292)
  • 753fd08 docs: fix FAQ grammar in httplib2 example
  • 774a0b8 docs(socks): same block as other sections
  • 9c72a41 Bump github/codeql-action from 4.33.0 to 4.34.1
  • ebf7190 Bump github/codeql-action from 4.32.0 to 4.33.0
  • 0e4ae38 docs: exclude Response.is_permanent_redirect from API docs (#7244)
  • d568f47 docs: clarify Quickstart POST example (#6960)
  • Additional commits viewable in compare view

Updates ecdsa from 0.19.1 to 0.19.2

Release notes

Sourced from ecdsa's releases.

0.19.2

Bug fixes:

  • Fix CVE-2026-33936, a DER parsing issue in remove_octet_string(), remove_constructed(), and remove_implitic() where a truncated buffer wasn't detected. This can lead to high level functions, like SigningKey.from_der() to raise unexpected exceptions. (Mohamed Abdelaal (0xmrma))

Maintenance:

  • Update CI to use newer version of Ubuntu.
Changelog

Sourced from ecdsa's changelog.

  • Release 0.19.2 (26 Mar 2026)

Bug fixes:

  • Fix CVE-2026-33936, a DER parsing issue in remove_octet_string(), remove_constructed(), and remove_implitic() where a truncated buffer wasn't detected. This can lead to high level functions, like SigningKey.from_der() to raise unexpected exceptions. (Mohamed Abdelaal (0xmrma))

Maintenance:

  • Update CI to use newer version of Ubuntu.

  • Release 0.19.1 (13 Mar 2025)

New API:

  • der.remove_implitic and der.encode_implicit for decoding and encoding DER IMPLICIT values with custom tag values and arbitrary classes

Bug fixes:

  • Minor fixes around arithmetic with curves that have non-prime order (useful for experimentation, not practical deployments)
  • Fix arithmetic to work with curves that have (0, 0) on the curve
  • Fix canonicalization of signatures when s is just slightly above half of curve order

Maintenance:

  • Dropped official support for Python 3.5 (again, issues with CI, support for Python 2.6 and Python 2.7 is unchanged)

  • Officialy support Python 3.12 and 3.13 (add them to CI)

  • Removal of few more unnecessary six.b literals (Alexandre Detiste)

  • Fix typos in warning messages

  • Release 0.19.0 (08 Apr 2024)

New API:

  • to_ssh in VerifyingKey and SigningKey, supports Ed25519 keys only (Pablo Mazzini)

New features:

  • Support for twisted Brainpool curves

Doc fix:

  • Fix curve equation in glossary
  • Documentation for signature encoding and signature decoding functions

Maintenance:

  • Dropped official support for 3.3 and 3.4 (because of problems running them in CI, not because it's actually incompatible; support for 2.6 and 2.7 is

... (truncated)

Commits
  • bd66899 Merge commit from fork
  • 9c046ee tests: reject truncated DER lengths
  • acc40fd der: reject truncated lengths in octet/implicit/constructed
  • 55aca78 Merge pull request #363 from gstarovo/ubuntu20-deprecation
  • c4f0df1 chore: change to ubuntu-22 since u-20 is deprecated
  • See full diff in compare view

Updates requests from 2.32.4 to 2.33.0

Release notes

Sourced from requests's releases.

v2.33.0

2.33.0 (2026-03-25)

Announcements

  • 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

  • CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

  • Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

  • Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

  • Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

  • Various typo fixes and doc improvements.

New Contributors

@dependabot
build(deps): bump the pip group across 25 directories with 2 updates
c5728e4 
Bumps the pip group with 1 update in the /basicmessage_storage directory: [ecdsa](https://github.com/tlsfuzzer/python-ecdsa).
Bumps the pip group with 1 update in the /basicmessage_storage/integration directory: [requests](https://github.com/psf/requests).
Bumps the pip group with 1 update in the /cheqd/integration directory: [requests](https://github.com/psf/requests).
Bumps the pip group with 1 update in the /connection_update directory: [ecdsa](https://github.com/tlsfuzzer/python-ecdsa).
Bumps the pip group with 1 update in the /connection_update/integration directory: [requests](https://github.com/psf/requests).
Bumps the pip group with 1 update in the /connections directory: [ecdsa](https://github.com/tlsfuzzer/python-ecdsa).
Bumps the pip group with 1 update in the /connections/integration directory: [requests](https://github.com/psf/requests).
Bumps the pip group with 1 update in the /firebase_push_notifications directory: [ecdsa](https://github.com/tlsfuzzer/python-ecdsa).
Bumps the pip group with 1 update in the /firebase_push_notifications/integration directory: [requests](https://github.com/psf/requests).
Bumps the pip group with 1 update in the /hedera directory: [ecdsa](https://github.com/tlsfuzzer/python-ecdsa).
Bumps the pip group with 1 update in the /hedera/integration directory: [requests](https://github.com/psf/requests).
Bumps the pip group with 1 update in the /multitenant_provider directory: [ecdsa](https://github.com/tlsfuzzer/python-ecdsa).
Bumps the pip group with 1 update in the /multitenant_provider/integration directory: [requests](https://github.com/psf/requests).
Bumps the pip group with 1 update in the /oid4vc directory: [ecdsa](https://github.com/tlsfuzzer/python-ecdsa).
Bumps the pip group with 1 update in the /oid4vc/integration directory: [requests](https://github.com/psf/requests).
Bumps the pip group with 1 update in the /plugin_globals directory: [ecdsa](https://github.com/tlsfuzzer/python-ecdsa).
Bumps the pip group with 1 update in the /plugin_globals/integration directory: [requests](https://github.com/psf/requests).
Bumps the pip group with 1 update in the /redis_events directory: [ecdsa](https://github.com/tlsfuzzer/python-ecdsa).
Bumps the pip group with 1 update in the /redis_events/integration directory: [requests](https://github.com/psf/requests).
Bumps the pip group with 1 update in the /rpc directory: [ecdsa](https://github.com/tlsfuzzer/python-ecdsa).
Bumps the pip group with 1 update in the /rpc/integration directory: [requests](https://github.com/psf/requests).
Bumps the pip group with 1 update in the /status_list directory: [ecdsa](https://github.com/tlsfuzzer/python-ecdsa).
Bumps the pip group with 1 update in the /status_list/integration directory: [requests](https://github.com/psf/requests).
Bumps the pip group with 1 update in the /webvh directory: [ecdsa](https://github.com/tlsfuzzer/python-ecdsa).
Bumps the pip group with 1 update in the /webvh/integration directory: [requests](https://github.com/psf/requests).


Updates `ecdsa` from 0.19.1 to 0.19.2
- [Release notes](https://github.com/tlsfuzzer/python-ecdsa/releases)
- [Changelog](https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS)
- [Commits](tlsfuzzer/python-ecdsa@python-ecdsa-0.19.1...python-ecdsa-0.19.2)

Updates `requests` from 2.32.4 to 2.33.0
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.32.4...v2.33.0)

Updates `requests` from 2.32.4 to 2.33.0
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.32.4...v2.33.0)

Updates `ecdsa` from 0.19.1 to 0.19.2
- [Release notes](https://github.com/tlsfuzzer/python-ecdsa/releases)
- [Changelog](https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS)
- [Commits](tlsfuzzer/python-ecdsa@python-ecdsa-0.19.1...python-ecdsa-0.19.2)

Updates `requests` from 2.32.4 to 2.33.0
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.32.4...v2.33.0)

Updates `ecdsa` from 0.19.1 to 0.19.2
- [Release notes](https://github.com/tlsfuzzer/python-ecdsa/releases)
- [Changelog](https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS)
- [Commits](tlsfuzzer/python-ecdsa@python-ecdsa-0.19.1...python-ecdsa-0.19.2)

Updates `requests` from 2.32.4 to 2.33.0
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.32.4...v2.33.0)

Updates `ecdsa` from 0.19.1 to 0.19.2
- [Release notes](https://github.com/tlsfuzzer/python-ecdsa/releases)
- [Changelog](https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS)
- [Commits](tlsfuzzer/python-ecdsa@python-ecdsa-0.19.1...python-ecdsa-0.19.2)

Updates `requests` from 2.32.4 to 2.33.0
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.32.4...v2.33.0)

Updates `ecdsa` from 0.19.1 to 0.19.2
- [Release notes](https://github.com/tlsfuzzer/python-ecdsa/releases)
- [Changelog](https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS)
- [Commits](tlsfuzzer/python-ecdsa@python-ecdsa-0.19.1...python-ecdsa-0.19.2)

Updates `requests` from 2.32.4 to 2.33.0
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.32.4...v2.33.0)

Updates `ecdsa` from 0.19.1 to 0.19.2
- [Release notes](https://github.com/tlsfuzzer/python-ecdsa/releases)
- [Changelog](https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS)
- [Commits](tlsfuzzer/python-ecdsa@python-ecdsa-0.19.1...python-ecdsa-0.19.2)

Updates `requests` from 2.32.4 to 2.33.0
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.32.4...v2.33.0)

Updates `ecdsa` from 0.19.1 to 0.19.2
- [Release notes](https://github.com/tlsfuzzer/python-ecdsa/releases)
- [Changelog](https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS)
- [Commits](tlsfuzzer/python-ecdsa@python-ecdsa-0.19.1...python-ecdsa-0.19.2)

Updates `requests` from 2.32.4 to 2.33.0
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.32.4...v2.33.0)

Updates `ecdsa` from 0.19.1 to 0.19.2
- [Release notes](https://github.com/tlsfuzzer/python-ecdsa/releases)
- [Changelog](https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS)
- [Commits](tlsfuzzer/python-ecdsa@python-ecdsa-0.19.1...python-ecdsa-0.19.2)

Updates `requests` from 2.32.4 to 2.33.0
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.32.4...v2.33.0)

Updates `ecdsa` from 0.19.1 to 0.19.2
- [Release notes](https://github.com/tlsfuzzer/python-ecdsa/releases)
- [Changelog](https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS)
- [Commits](tlsfuzzer/python-ecdsa@python-ecdsa-0.19.1...python-ecdsa-0.19.2)

Updates `requests` from 2.32.4 to 2.33.0
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.32.4...v2.33.0)

Updates `ecdsa` from 0.19.1 to 0.19.2
- [Release notes](https://github.com/tlsfuzzer/python-ecdsa/releases)
- [Changelog](https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS)
- [Commits](tlsfuzzer/python-ecdsa@python-ecdsa-0.19.1...python-ecdsa-0.19.2)

Updates `requests` from 2.32.4 to 2.33.0
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.32.4...v2.33.0)

Updates `ecdsa` from 0.19.1 to 0.19.2
- [Release notes](https://github.com/tlsfuzzer/python-ecdsa/releases)
- [Changelog](https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS)
- [Commits](tlsfuzzer/python-ecdsa@python-ecdsa-0.19.1...python-ecdsa-0.19.2)

Updates `requests` from 2.32.4 to 2.33.0
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.32.4...v2.33.0)

Updates `ecdsa` from 0.19.1 to 0.19.2
- [Release notes](https://github.com/tlsfuzzer/python-ecdsa/releases)
- [Changelog](https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS)
- [Commits](tlsfuzzer/python-ecdsa@python-ecdsa-0.19.1...python-ecdsa-0.19.2)

Updates `requests` from 2.32.4 to 2.33.0
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.32.4...v2.33.0)

---
updated-dependencies:
- dependency-name: ecdsa
  dependency-version: 0.19.2
  dependency-type: indirect
  dependency-group: pip
- dependency-name: requests
  dependency-version: 2.33.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: requests
  dependency-version: 2.33.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: ecdsa
  dependency-version: 0.19.2
  dependency-type: indirect
  dependency-group: pip
- dependency-name: requests
  dependency-version: 2.33.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: ecdsa
  dependency-version: 0.19.2
  dependency-type: indirect
  dependency-group: pip
- dependency-name: requests
  dependency-version: 2.33.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: ecdsa
  dependency-version: 0.19.2
  dependency-type: indirect
  dependency-group: pip
- dependency-name: requests
  dependency-version: 2.33.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: ecdsa
  dependency-version: 0.19.2
  dependency-type: indirect
  dependency-group: pip
- dependency-name: requests
  dependency-version: 2.33.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: ecdsa
  dependency-version: 0.19.2
  dependency-type: indirect
  dependency-group: pip
- dependency-name: requests
  dependency-version: 2.33.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: ecdsa
  dependency-version: 0.19.2
  dependency-type: indirect
  dependency-group: pip
- dependency-name: requests
  dependency-version: 2.33.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: ecdsa
  dependency-version: 0.19.2
  dependency-type: indirect
  dependency-group: pip
- dependency-name: requests
  dependency-version: 2.33.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: ecdsa
  dependency-version: 0.19.2
  dependency-type: indirect
  dependency-group: pip
- dependency-name: requests
  dependency-version: 2.33.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: ecdsa
  dependency-version: 0.19.2
  dependency-type: indirect
  dependency-group: pip
- dependency-name: requests
  dependency-version: 2.33.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: ecdsa
  dependency-version: 0.19.2
  dependency-type: indirect
  dependency-group: pip
- dependency-name: requests
  dependency-version: 2.33.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: ecdsa
  dependency-version: 0.19.2
  dependency-type: indirect
  dependency-group: pip
- dependency-name: requests
  dependency-version: 2.33.0
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Mar 27, 2026
@dependabot @github
Copy link
Copy Markdown
Author

dependabot Bot commented on behalf of github Mar 28, 2026

Superseded by #38.

@dependabot dependabot Bot closed this Mar 28, 2026
@dependabot dependabot Bot deleted the dependabot/pip/basicmessage_storage/pip-82638878dc branch March 28, 2026 18:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants