Skip to content

Bump the pip group with 3 updates#336

Merged
ezio-melotti merged 1 commit intomainfrom
dependabot/pip/pip-492dc75e32
May 1, 2026
Merged

Bump the pip group with 3 updates#336
ezio-melotti merged 1 commit intomainfrom
dependabot/pip/pip-492dc75e32

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 1, 2026

Updates the requirements on sentry-sdk, tomlkit and urllib3 to permit the latest version.
Updates sentry-sdk to 2.58.0

Release notes

Sourced from sentry-sdk's releases.

2.58.0

New Features ✨

Bug Fixes 🐛

Anthropic

Pydantic Ai

Other

Internal Changes 🔧

Litellm

Other

Other

Changelog

Sourced from sentry-sdk's changelog.

2.58.0

New Features ✨

Bug Fixes 🐛

Anthropic

Pydantic Ai

Other

Internal Changes 🔧

Litellm

Other

Other

... (truncated)

Commits
  • ce445d9 release: 2.58.0
  • c0c0e9c feat(litellm): Add async callbacks (#5969)
  • ea74b63 test(litellm): Replace mocks with httpx types in rate-limit test (#5975)
  • 06ed1bc test(litellm): Replace mocks with httpx types in embedding tests (#5970)
  • 66ef2e6 test(litellm): Replace mocks with httpx types in nonstreaming `completion()...
  • 96ebbf6 fix(litellm): Avoid double span exits when streaming (#5933)
  • 7e22b5d build(deps): bump actions/github-script from 8.0.0 to 9.0.0 (#5979)
  • 35151a9 build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 (#5980)
  • d1c5b53 build(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1 (#5981)
  • e255aaf build(deps): bump getsentry/testing-ai-sdk-integrations from 6b1f51ec8af03e19...
  • Additional commits viewable in compare view

Updates tomlkit to 0.14.0

Release notes

Sourced from tomlkit's releases.

0.14.0

What's Changed

New Contributors

Full Changelog: python-poetry/tomlkit@0.13.3...0.14.0

Changelog

Sourced from tomlkit's changelog.

[0.14.0] - 2026-01-13

Changed

  • Drop support for Python older than 3.9. Remove 3.8 from the CI matrix.

Added

  • Custom encoders can now receive _parent and _sort_keys parameters to enable proper encoding of nested structures. (#429)
  • Add String.type property to get the string type. (#443)

Fixed

  • Fixed tomlkit.boolean() API to correctly handle boolean inputs. (#442)

[0.13.3] - 2025-06-05

Added

  • Add .item() method to array and tables to retrieve an item by key. (#390)

Fixed

  • Fix missing newline when parsing a separated array of tables without trailing new line. (#381)
  • Fix non-existing key error when deleting an item from an out-of-order table. (#383)
  • Ensure newline is added between the plain values and the first table. (#387)
  • Fix repeated whitespace when removing an array item. (#405)
  • Fix invalid serialization after removing array item if the comma is on its own line. (#408)
  • Fix serialization of a nested dotted key table. (#411)
  • Refine the error message when use non-string as single key. (#412)
  • Fix invalid serialization after overwriting a key of a out-of-order table. (#414)

[0.13.2] - 2024-08-14

Fixed

  • Fix deleting keys from an out-of-order table does not remove all table parts. (#379)

[0.13.1] - 2024-08-14

Fixed

  • Fix the Table.is_super_table() check for tables with dotted key as the only child. (#374)
  • Count table as a super table if it has children and all children are either tables or arrays of tables. (#377)

[0.13.0] - 2024-07-10

Changed

  • Expect a tomlkit-specific error instead of TypeError from a custom encoder. (#355)

... (truncated)

Commits
  • 090a28e chore(deps-dev): bump setuptools from 70.0.0 to 78.1.1 (#453)
  • 9bccd76 chore: bump version to 0.14.0 in pyproject.toml and init.py
  • e457892 chore(deps-dev): bump urllib3 from 2.2.2 to 2.6.3 (#452)
  • 82970a1 chore: update pre-commit hooks and refactor imports for consistency
  • edba395 chore: update Python version and GitHub Actions to use latest versions (#451)
  • 5495784 feat: add String.type property to retrieve the string type
  • a61a4d5 [pre-commit.ci] pre-commit autoupdate (#444)
  • 87ace5e [pre-commit.ci] pre-commit autoupdate (#438)
  • 3687d0d fix: update boolean function to handle both string and boolean inputs correctly
  • 6042e0c feat: enhance custom encoders to accept _parent and _sort_keys parameters (#436)
  • Additional commits viewable in compare view

Updates urllib3 to 2.6.3

Release notes

Sourced from urllib3's releases.

2.6.3

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Changes

Changelog

Sourced from urllib3's changelog.

2.6.3 (2026-01-07)

  • Fixed a high-severity security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (GHSA-38jv-5279-wg99 <https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99>__)
  • Started treating Retry-After times greater than 6 hours as 6 hours by default. ([#3743](https://github.com/urllib3/urllib3/issues/3743) <https://github.com/urllib3/urllib3/issues/3743>__)
  • Fixed urllib3.connection.VerifiedHTTPSConnection on Emscripten. ([#3752](https://github.com/urllib3/urllib3/issues/3752) <https://github.com/urllib3/urllib3/issues/3752>__)

2.6.2 (2025-12-11)

  • Fixed HTTPResponse.read_chunked() to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. ([#3734](https://github.com/urllib3/urllib3/issues/3734) <https://github.com/urllib3/urllib3/issues/3734>__)

2.6.1 (2025-12-08)

  • Restore previously removed HTTPResponse.getheaders() and HTTPResponse.getheader() methods. ([#3731](https://github.com/urllib3/urllib3/issues/3731) <https://github.com/urllib3/urllib3/issues/3731>__)

2.6.0 (2025-12-05)

Security

  • Fixed a security issue where streaming API could improperly handle highly compressed HTTP content ("decompression bombs") leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (GHSA-2xpw-w6gg-jr37 <https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37>__)
  • Fixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the Content-Encoding header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (GHSA-gm62-xv2j-4w53 <https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53>__)

.. caution::

  • If urllib3 is not installed with the optional urllib3[brotli] extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to benefit from the security fixes and avoid warnings. Prefer using

... (truncated)

Commits
  • 0248277 Release 2.6.3
  • 8864ac4 Merge commit from fork
  • 70cecb2 Fix Scorecard issues related to vulnerable dev dependencies (#3755)
  • 41f249a Move "v2.0 Migration Guide" to the end of the table of contents (#3747)
  • fd4dffd Patch VerifiedHTTPSConnection for Emscripten (#3752)
  • 13f0bfd Handle massive values in Retry-After when calculating time to sleep for (#3743)
  • 8c480bf Bump actions/upload-artifact from 5.0.0 to 6.0.0 (#3748)
  • 4b40616 Bump actions/cache from 4.3.0 to 5.0.1 (#3750)
  • 82b8479 Bump actions/download-artifact from 6.0.0 to 7.0.0 (#3749)
  • 34284cb Mention experimental features in the security policy (#3746)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the pip group with 3 updates
39ce11b 
Updates the requirements on [sentry-sdk](https://github.com/getsentry/sentry-python), [tomlkit](https://github.com/sdispater/tomlkit) and [urllib3](https://github.com/urllib3/urllib3) to permit the latest version.

Updates `sentry-sdk` to 2.58.0
- [Release notes](https://github.com/getsentry/sentry-python/releases)
- [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md)
- [Commits](getsentry/sentry-python@2.0.0...2.58.0)

Updates `tomlkit` to 0.14.0
- [Release notes](https://github.com/sdispater/tomlkit/releases)
- [Changelog](https://github.com/python-poetry/tomlkit/blob/master/CHANGELOG.md)
- [Commits](python-poetry/tomlkit@0.13.0...0.14.0)

Updates `urllib3` to 2.6.3
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.0.0...2.6.3)

---
updated-dependencies:
- dependency-name: sentry-sdk
  dependency-version: 2.58.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: tomlkit
  dependency-version: 0.14.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: urllib3
  dependency-version: 2.6.3
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels May 1, 2026
@ezio-melotti ezio-melotti merged commit 8a51377 into main May 1, 2026
33 of 34 checks passed
@dependabot dependabot Bot deleted the dependabot/pip/pip-492dc75e32 branch May 1, 2026 05:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ezio-melotti ezio-melotti ezio-melotti approved these changes

Assignees

@ezio-melotti ezio-melotti

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ezio-melotti