chore(deps): bump the pip group across 1 directory with 10 updates

[dependabot]

Bumps the pip group with 10 updates in the / directory:

Package	From	To
requests	2.32.3	2.32.4
cryptography	43.0.3	44.0.1
h11	0.14.0	0.16.0
h2	4.1.0	4.3.0
jinja2	3.1.4	3.1.6
protobuf	5.28.3	5.29.5
setuptools	75.3.0	78.1.1
torch	2.4.1	2.8.0
urllib3	2.2.3	2.5.0
uv	0.5.1	0.9.6

Updates requests from 2.32.3 to 2.32.4

Release notes

Sourced from requests's releases.

v2.32.4

2.32.4 (2025-06-10)

Security

• CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file. (#6965)

Improvements

• Numerous documentation improvements

Deprecations

• Added support for pypy 3.11 for Linux and macOS. (#6926)
• Dropped support for pypy 3.9 following its end of support. (#6926)

Changelog

Sourced from requests's changelog.

2.32.4 (2025-06-10)

Security

• CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.

Improvements

• Numerous documentation improvements

Deprecations

• Added support for pypy 3.11 for Linux and macOS.
• Dropped support for pypy 3.9 following its end of support.

Commits

• 021dc72 Polish up release tooling for last manual release
• 821770e Bump version and add release notes for v2.32.4
• 59f8aa2 Add netrc file search information to authentication documentation (#6876)
• 5b4b64c Add more tests to prevent regression of CVE 2024 47081
• 7bc4587 Add new test to check netrc auth leak (#6962)
• 96ba401 Only use hostname to do netrc lookup instead of netloc
• 7341690 Merge pull request #6951 from tswast/patch-1
• 6716d7c remove links
• a7e1c74 Update docs/conf.py
• c799b81 docs: fix dead links to kenreitz.org
• Additional commits viewable in compare view

Updates cryptography from 43.0.3 to 44.0.1

Changelog

Sourced from cryptography's changelog.

44.0.1 - 2025-02-11

* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.4.1.
* We now build ``armv7l`` ``manylinux`` wheels and publish them to PyPI.
* We now build ``manylinux_2_34`` wheels and publish them to PyPI.
.. _v44-0-0:
44.0.0 - 2024-11-27

• BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.9.
• Deprecated Python 3.7 support. Python 3.7 is no longer supported by the Python core team. Support for Python 3.7 will be removed in a future cryptography release.
• Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.4.0.
• macOS wheels are now built against the macOS 10.13 SDK. Users on older versions of macOS should upgrade, or they will need to build cryptography themselves.
• Enforce the :rfc:5280 requirement that extended key usage extensions must not be empty.
• Added support for timestamp extraction to the :class:~cryptography.fernet.MultiFernet class.
• Relax the Authority Key Identifier requirements on root CA certificates during X.509 verification to allow fields permitted by :rfc:5280 but forbidden by the CA/Browser BRs.
• Added support for :class:~cryptography.hazmat.primitives.kdf.argon2.Argon2id when using OpenSSL 3.2.0+.
• Added support for the :class:~cryptography.x509.Admissions certificate extension.
• Added basic support for PKCS7 decryption (including S/MIME 3.2) via :func:~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_der, :func:~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_pem, and :func:~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_smime.

.. _v43-0-3:

Commits

• adaaaed Bump for 44.0.1 release (#12441)
• ccc61da [backport] test and build on armv7l (#12420) (#12431)
• f299a48 remove deprecated call (#12052)
• 439eb05 Bump version for 44.0.0 (#12051)
• 2c5ad4d chore(deps): bump maturin from 1.7.4 to 1.7.5 in /.github/requirements (#12050)
• d23968a chore(deps): bump libc from 0.2.165 to 0.2.166 (#12049)
• 133c0e0 Bump x509-limbo and/or wycheproof in CI (#12047)
• f2259d7 Bump BoringSSL and/or OpenSSL in CI (#12046)
• e201c87 fixed metadata in changelog (#12044)
• c6104cc Prohibit Python 3.9.0, 3.9.1 -- they have a bug that causes errors (#12045)
• Additional commits viewable in compare view

Updates h11 from 0.14.0 to 0.16.0

Commits

• 1c5b075 this time for surer
• d9c3699 this time for sure...
• d91b9dd blacken
• 5a4683c Soothe mypy
• 9c9567f Bump version to 0.16.0
• 114803a Merge commit from fork
• 9462006 Bump version to 0.15.0
• 70a96be Merge pull request #181 from Julien00859/Julien00859/get_int_max_str_digits
• 60782ad Reject Content-Length longer 1 billion TB
• dff7cc3 Validate Chunked-Encoding chunk footer
• Additional commits viewable in compare view

Updates h2 from 4.1.0 to 4.3.0

Changelog

Sourced from h2's changelog.

4.3.0 (2025-08-23)

API Changes (Backward Incompatible)

• Reject header names and values containing illegal characters, based on RFC 9113, section 8.2.1. The main Python API is compatible, but some previously valid requests/response headers might now be blocked. Use the validate_inbound_headers config option if needed. Thanks to Sebastiano Sartor (sebsrt) for the report.
• Convert emitted events into Python dataclass, which introduces new constructors with required arguments. Instantiating these events without arguments, as previously commonly used API pattern, will no longer work.

API Changes (Backward Compatible)

• h2 events now have tighter type bounds, e.g. stream_id is guaranteed to not be None for most events now. This simplifies downstream type checking.
• Various typing-related improvements.

Bugfixes

• Fix error value when opening a new stream on too many open streams.

4.2.0 (2025-02-01)

API Changes (Backward Incompatible)

• Support for Python 3.6 has been removed.
• Support for Python 3.7 has been removed.
• Support for Python 3.8 has been removed.
• Remove mistakenly set max_inbound_frame_size attribute on H2Stream.

API Changes (Backward Compatible)

• Support for Python 3.11 has been added.
• Support for Python 3.12 has been added.
• Support for Python 3.13 has been added.
• Add an ability to send outbound cookies separately to improve headers compression.
• Updated packaging and testing infrastructure.

Bugfixes

• Fix repr() checks for Python 3.11
• Fix asyncio / wsgi examples.
• Clarify docs on using curl with http2.

Commits

• 1aae569 v4.3.0
• 9e4bbed merge surrounding whitespace and uppercase validators into illegal character ...
• 035e989 be stricter about which characters to accept for headers
• 883ed37 reject header names and values containing unpermitted characters \r, \n, ...
• 0583911 lint: fix TC006
• bbd3d90 fix(packaging): bump twine to pass meta check wildcard bugs
• ea3140f cleanup
• 9ce83ff exclude RDT from sdist
• 492d3db Update .readthedocs.yaml
• 243461d Create RTD config
• Additional commits viewable in compare view

Updates jinja2 from 3.1.4 to 3.1.6

Release notes

Sourced from jinja2's releases.

3.1.6

This is the Jinja 3.1.6 security release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Jinja2/3.1.6/ Changes: https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6

• The |attr filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. GHSA-cpwx-vrp4-4pq7

3.1.5

This is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Jinja2/3.1.5/ Changes: https://jinja.palletsprojects.com/changes/#version-3-1-5 Milestone: https://github.com/pallets/jinja/milestone/16?closed=1

• The sandboxed environment handles indirect calls to str.format, such as by passing a stored reference to a filter that calls its argument. GHSA-q2x7-8rv6-6q7h
• Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. #1792, GHSA-gmj6-6f8f-6699
• Sandbox does not allow clear and pop on known mutable sequence types. #2032
• Calling sync render for an async template uses asyncio.run. #1952
• Avoid unclosed auto_aiter warnings. #1960
• Return an aclose-able AsyncGenerator from Template.generate_async. #1960
• Avoid leaving root_render_func() unclosed in Template.generate_async. #1960
• Avoid leaving async generators unclosed in blocks, includes and extends. #1960
• The runtime uses the correct concat function for the current environment when calling block references. #1701
• Make |unique async-aware, allowing it to be used after another async-aware filter. #1781
• |int filter handles OverflowError from scientific notation. #1921
• Make compiling deterministic for tuple unpacking in a {% set ... %} call. #2021
• Fix dunder protocol (copy/pickle/etc) interaction with Undefined objects. #2025
• Fix copy/pickle support for the internal missing object. #2027
• Environment.overlay(enable_async) is applied correctly. #2061
• The error message from FileSystemLoader includes the paths that were searched. #1661
• PackageLoader shows a clearer error message when the package does not contain the templates directory. #1705
• Improve annotations for methods returning copies. #1880
• urlize does not add mailto: to values like @a@b. #1870
• Tests decorated with @pass_context can be used with the |select filter. #1624
• Using set for multiple assignment (a, b = 1, 2) does not fail when the target is a namespace attribute. #1413
• Using set in all branches of {% if %}{% elif %}{% else %} blocks does not cause the variable to be considered initially undefined. #1253

Changelog

Sourced from jinja2's changelog.

Version 3.1.6

Released 2025-03-05

• The |attr filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. :ghsa:cpwx-vrp4-4pq7

Version 3.1.5

Released 2024-12-21

• The sandboxed environment handles indirect calls to str.format, such as by passing a stored reference to a filter that calls its argument. :ghsa:q2x7-8rv6-6q7h
• Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. :issue:1792, :ghsa:gmj6-6f8f-6699
• Sandbox does not allow clear and pop on known mutable sequence types. :issue:2032
• Calling sync render for an async template uses asyncio.run. :pr:1952
• Avoid unclosed auto_aiter warnings. :pr:1960
• Return an aclose-able AsyncGenerator from Template.generate_async. :pr:1960
• Avoid leaving root_render_func() unclosed in Template.generate_async. :pr:1960
• Avoid leaving async generators unclosed in blocks, includes and extends. :pr:1960
• The runtime uses the correct concat function for the current environment when calling block references. :issue:1701
• Make |unique async-aware, allowing it to be used after another async-aware filter. :issue:1781
• |int filter handles OverflowError from scientific notation. :issue:1921
• Make compiling deterministic for tuple unpacking in a {% set ... %} call. :issue:2021
• Fix dunder protocol (copy/pickle/etc) interaction with Undefined objects. :issue:2025
• Fix copy/pickle support for the internal missing object. :issue:2027
• Environment.overlay(enable_async) is applied correctly. :pr:2061
• The error message from FileSystemLoader includes the paths that were searched. :issue:1661
• PackageLoader shows a clearer error message when the package does not contain the templates directory. :issue:1705
• Improve annotations for methods returning copies. :pr:1880
• urlize does not add mailto: to values like @a@b. :pr:1870

... (truncated)

Commits

• 1520688 release version 3.1.6
• 90457bb Merge commit from fork
• 065334d attr filter uses env.getattr
• 033c200 start version 3.1.6
• bc68d4e use global contributing guide (#2070)
• 247de5e use global contributing guide
• ab8218c use project advisory link instead of global
• b4ffc8f release version 3.1.5 (#2066)
• 877f6e5 release version 3.1.5
• 8d58859 remove test pypi
• Additional commits viewable in compare view

Updates protobuf from 5.28.3 to 5.29.5

Commits

• f5de0a0 Updating version.json and repo version numbers to: 29.5
• 8563766 Merge pull request #21858 from shaod2/py-cp-29
• 05ba1a8 Add recursion depth limits to pure python
• 1ef3f01 Internal pure python fixes
• 69cca9b Remove fast-path check for non-clang compilers in MessageCreator. (#21612)
• 21fdb7a fix: contains check segfaults on empty map (#20446) (#20904)
• 03c50e3 Re-enable aarch64 tests. (#20853)
• 128f0aa Add volatile to featuresResolved (#20767)
• bdd49bb Merge pull request #20755 from protocolbuffers/29.x-202503192110
• c659468 Updating version.json and repo version numbers to: 29.5-dev
• Additional commits viewable in compare view

Updates setuptools from 75.3.0 to 78.1.1

Changelog

Sourced from setuptools's changelog.

v78.1.1

Bugfixes

• More fully sanitized the filename in PackageIndex._download. (#4946)

v78.1.0

Features

• Restore access to _get_vc_env with a warning. (#4874)

v78.0.2

Bugfixes

• Postponed removals of deprecated dash-separated and uppercase fields in setup.cfg. All packages with deprecated configurations are advised to move before 2026. (#4911)

v78.0.1

Misc

• #4909

v78.0.0

Bugfixes

• Reverted distutils changes that broke the monkey patching of command classes. (#4902)

Deprecations and Removals

• Setuptools no longer accepts options containing uppercase or dash characters in setup.cfg.

... (truncated)

Commits

• 8e4868a Bump version: 78.1.0 → 78.1.1
• 100e9a6 Merge pull request #4951
• 8faf1d7 Add news fragment.
• 2ca4a9f Rely on re.sub to perform the decision in one expression.
• e409e80 Extract _sanitize method for sanitizing the filename.
• 250a6d1 Add a check to ensure the name resolves relative to the tmpdir.
• d8390fe Extract _resolve_download_filename with test.
• 4e1e893 Merge https://github.com/jaraco/skeleton
• 3a3144f Fix typo: pyproject.license -> project.license (#4931)
• d751068 Fix typo: pyproject.license -> project.license
• Additional commits viewable in compare view

Updates torch from 2.4.1 to 2.8.0

Release notes

Sourced from torch's releases.

PyTorch 2.8.0 Release Notes

• Highlights
• Backwards Incompatible Changes
• Deprecations
• New Features
• Improvements
• Bug fixes
• Performance
• Documentation
• Developers

Highlights

... (truncated)

Commits

• ba56102 Cherrypick: Add the RunLLM widget to the website (#159592)
• c525a02 [dynamo, docs] cherry pick torch.compile programming model docs into 2.8 (#15...
• a1cb3cc [Release Only] Remove nvshmem from list of preload libraries (#158925)
• c76b235 Move out super large one off foreach_copy test (#158880)
• 20a0e22 Revert "[Dynamo] Allow inlining into AO quantization modules (#152934)" (#158...
• 9167ac8 [MPS] Switch Cholesky decomp to column wise (#158237)
• 5534685 [MPS] Reimplement tri[ul] as Metal shaders (#158867)
• d19e08d Cherry pick PR 158746 (#158801)
• a6c044a [cherry-pick] Unify torch.tensor and torch.ops.aten.scalar_tensor behavior (#...
• 620ebd0 [Dynamo] Use proper sources for constructing dataclass defaults (#158689)
• Additional commits viewable in compare view

Updates urllib3 from 2.2.3 to 2.5.0

Release notes

Sourced from urllib3's releases.

2.5.0

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Security issues

urllib3 2.5.0 fixes two moderate security issues:

• Pool managers now properly control redirects when retries is passed — CVE-2025-50181 reported by @​sandumjacob (5.3 Medium, GHSA-pq67-6m6q-mj2v)
• Redirects are now controlled by urllib3 in the Node.js runtime — CVE-2025-50182 (5.3 Medium, GHSA-48p4-8xcf-vxj5)

Features

• Added support for the compression.zstd module that is new in Python 3.14. See PEP 784 for more information. (#3610)
• Added support for version 0.5 of hatch-vcs (#3612)

Bugfixes

• Raised exception for HTTPResponse.shutdown on a connection already released to the pool. (#3581)
• Fixed incorrect CONNECT statement when using an IPv6 proxy with connection_from_host. Previously would not be wrapped in []. (#3615)

2.4.0

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Features

• Applied PEP 639 by specifying the license fields in pyproject.toml. (#3522)
• Updated exceptions to save and restore more properties during the pickle/serialization process. (#3567)
• Added verify_flags option to create_urllib3_context with a default of VERIFY_X509_PARTIAL_CHAIN and VERIFY_X509_STRICT for Python 3.13+. (#3571)

Bugfixes

• Fixed a bug with partial reads of streaming data in Emscripten. (#3555)

Misc

• Switched to uv for installing development dependecies. (#3550)
• Removed the multiple.intoto.jsonl asset from GitHub releases. Attestation of release files since v2.3.0 can be found on PyPI. (#3566)

2.3.0

... (truncated)

Changelog

Sourced from urllib3's changelog.

2.5.0 (2025-06-18)

Features

• Added support for the compression.zstd module that is new in Python 3.14. See PEP 784 <https://peps.python.org/pep-0784/>_ for more information. ([#3610](https://github.com/urllib3/urllib3/issues/3610) <https://github.com/urllib3/urllib3/issues/3610>__)
• Added support for version 0.5 of hatch-vcs ([#3612](https://github.com/urllib3/urllib3/issues/3612) <https://github.com/urllib3/urllib3/issues/3612>__)

Bugfixes

• Fixed a security issue where restricting the maximum number of followed redirects at the urllib3.PoolManager level via the retries parameter did not work.
• Made the Node.js runtime respect redirect parameters such as retries and redirects.
• Raised exception for HTTPResponse.shutdown on a connection already released to the pool. ([#3581](https://github.com/urllib3/urllib3/issues/3581) <https://github.com/urllib3/urllib3/issues/3581>__)
• Fixed incorrect CONNECT statement when using an IPv6 proxy with connection_from_host. Previously would not be wrapped in []. ([#3615](https://github.com/urllib3/urllib3/issues/3615) <https://github.com/urllib3/urllib3/issues/3615>__)

2.4.0 (2025-04-10)

Features

• Applied PEP 639 by specifying the license fields in pyproject.toml. ([#3522](https://github.com/urllib3/urllib3/issues/3522) <https://github.com/urllib3/urllib3/issues/3522>__)
• Updated exceptions to save and restore more properties during the pickle/serialization process. ([#3567](https://github.com/urllib3/urllib3/issues/3567) <https://github.com/urllib3/urllib3/issues/3567>__)
• Added verify_flags option to create_urllib3_context with a default of VERIFY_X509_PARTIAL_CHAIN and VERIFY_X509_STRICT for Python 3.13+. ([#3571](https://github.com/urllib3/urllib3/issues/3571) <https://github.com/urllib3/urllib3/issues/3571>__)

Bugfixes

• Fixed a bug with partial reads of streaming data in Emscripten. ([#3555](https://github.com/urllib3/urllib3/issues/3555) <https://github.com/urllib3/urllib3/issues/3555>__)

Misc

• Switched to uv for installing development dependecies. ([#3550](https://github.com/urllib3/urllib3/issues/3550) <https://github.com/urllib3/urllib3/issues/3550>__)
• Removed the multiple.intoto.jsonl asset from GitHub releases. Attestation of release files since v2.3.0 can be found on PyPI. ([#3566](https://github.com/urllib3/urllib3/issues/3566) <https://github.com/urllib3/urllib3/issues/3566>__)

2.3.0 (2024-12-22)

... (truncated)

Commits

• aaab4ec Release 2.5.0
• 7eb4a2a Merge commit from fork
• f05b132 Merge commit from fork
• d03fe32 Fix HTTP tunneling with IPv6 in older Python versions
• 11661e9 Bump github/codeql-action from 3.28.0 to 3.29.0 (#3624)
• 6a0ecc6 Update v2 migration guide to 2.4.0 (#3621)
• 8e32e60 Raise exception for shutdown on a connection already released to the pool (#3...
• 9996e0f Fix emscripten CI for Chrome 137+ (#3599)
• 4fd1a99 Bump RECENT_DATE (#3617)
• c4b5917 Add support for the new compression.zstd module in Python 3.14 (#3611)
• Additional commits viewable in compare view

Updates uv from 0.5.1 to 0.9.6

Release notes

Sourced from uv's releases.

0.9.6

Release Notes

Released on 2025-10-29.

This release contains an upgrade to Astral's fork of async_zip, which addresses potential sources of ZIP parsing differentials between uv and other Python packaging tooling. See GHSA-pqhf-p39g-3x64 for additional details.

Security

• Address ZIP parsing differentials (GHSA-pqhf-p39g-3x64)

Python

• Upgrade GraalPy to 25.0.1 (#16401)

Enhancements

• Add --clear to uv build to remove old build artifacts (#16371)
• Add --no-create-gitignore to uv build (#16369)
• Do not error when a virtual environment directory cannot be removed due to a busy error (#16394)
• Improve hint on pip install --system when externally managed (#16392)
• Running uv lock --check with outdated lockfile will print that --check was passed, instead of --locked (#16322)
• Update uv init template for Maturin (#16449)
• Improve ordering of Python sources in logs (#16463)
• Restore DockerHub release images and annotations (#16441)

Bug fixes

• Check for matching Python implementation during uv python upgrade (#16420)
• Deterministically order --find-links distributions (#16446)
• Don't panic in uv export --frozen when the lockfile is outdated (#16407)
• Fix root of uv tree when --package is used with circular dependencies (#15908)
• Show package list with pip freeze --quiet (#16491)
• Limit uv auth login pyx.dev retries to 60s (#16498)
• Add an empty group with uv add --group ... -r ... (#16490)

Documentation

• Update docs for maturin build backend init template (#16469)
• Update docs to reflect previous changes to signal forwarding semantics (#16430)
• Add instructions for installing via MacPorts (#16039)

Install uv 0.9.6

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/uv/releases/download/0.9.6/uv-installer.sh | sh

... (truncated)

Changelog

Sourced from uv's changelog.

0.9.6

Released on 2025-10-29.

This release contains an upgrade to Astral's fork of async_zip, which addresses potential sources of ZIP parsing differentials between uv and other Python packaging tooling. See GHSA-pqhf-p39g-3x64 for additional details.

Security

• Address ZIP parsing differentials (GHSA-pqhf-p39g-3x64)

Python

• Upgrade GraalPy to 25.0.1 (#16401)

Enhancements

• Add --clear to uv build to remove old build artifacts (#16371)
• Add --no-create-gitignore to uv build (#16369)
• Do not error when a virtual environment directory cannot be removed due to a busy error (#16394)
• Improve hint on pip install --system when externally managed (#16392)
• Running uv lock --check with outdated lockfile will print that --check was passed, instead of --locked (#16322)
• Update uv init template for Maturin (#16449)
• Improve ordering of Python sources in logs (#16463)
• Restore DockerHub release images and annotations (#16441)

Bug fixes

• Check for matching Python implementation during uv python upgrade (#16420)
• Deterministically order --find-links distributions (#16446)
• Don't panic in uv export --frozen when the lockfile is outdated (#16407)
• Fix root of uv tree when --package is used with circular dependencies (#15908)
• Show package list with pip freeze --quiet (#16491)
• Limit uv auth login pyx.dev retries to 60s (#16498)
• Add an empty group with uv add --group ... -r ... (#16490)

Documentation

• Update docs for maturin build backend init template (#16469)
• Update docs to reflect previous changes to signal forwarding semantics (#16430)
• Add instructions for installing via MacPorts (#16039)

0.9.5

Released on 2025-10-21.

This release contains an upgrade to astral-tokio-tar, which addresses a vulnerability in tar extraction on malformed archives with mismatching size information between the ustar header and PAX extensions. While the astral-tokio-tar advisory has been graded as "high" due its potential broader impact, the specific impact to uv is low due to a lack of novel attacker capability. Specifically, uv only processes tar archives from source distributions, which already possess the capability for full arbitrary code execution by design, meaning that an attacker gains no additional capabilities through astral-tokio-tar.

Regardless, we take the hypothetical risk of parser differentials very seriously. Out of an abundance of caution, we have assigned this upgrade an advisory: GHSA-w476-p2h3-79g9

Security

... (truncated)

Commits

• 2652244 Bump version to 0.9.6 (#16500)
• 19372ff Update Rust crate etcetera to 0.11.0 (#16501)
• de96aa1 Use std home_dir instead of home crate (#16483)
• db1d34e Support GitHub Gist URLs via HTTP redirects in uv run (#16451)
• c6d0b41 Limit uv auth login pyx.dev retries to 60s (#16498)
• 2d54f32 Fix a small clippy warning (#16499)
• c4f5741 Add an empty group with uv add -r (#16490)
• da659fe Merge commit from fork
• 41cd3d1 Sync latest Python releases (#16486)
• a759612 Show package list with pip freeze --quiet (#16491)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[mergebot-dev]

Impact Assessment Report for PR/MR #221

Overall Impact Score: 5.2

Recommendation: Requires human review

---

Summary Table

Assessment Agent	Score	Key Findings	Suggested Actions
Code Analysis Agent	7.0	Major dependency upgrades (torch, cryptography, requests, urllib3, etc.) with backward-incompatible and security changes	Thorough regression/integration testing, review release notes
Complexity Assessment Agent	2.0	No code or structural changes; complexity risk is low, only indirect impact from dependency bumps	Run full tests, monitor for deprecation or breakage
Test Coverage Agent	1.0	No source or test code changes, minimal impact on test coverage; integration risks due to upstream changes	Execute all project tests and consider smoke integration tests
Risk Assessment Agent	6.0	Medium-high risk from compatibility, major version jumps, security, and stability concerns	Validate environment, audit critical usages, manual testing

---

Detailed Assessments

• Code Analysis Agent: Score 7.0

  • Findings: This PR bumps major dependencies in poetry.lock & pyproject.toml, including torch, cryptography, requests, urllib3, and more. Multiple version jumps (some major), security fixes, removal of deprecated features, and new platform requirements. Likely indirect impact on model behavior and cryptography/security flows; no direct code edits.
  • Suggested Action: Conduct thorough regression and integration testing against upgraded dependencies. Review release notes and changelogs for torch and cryptography, especially for major breaking changes. Communicate testing priorities to the team.

• Complexity Assessment Agent: Score 2.0

  • Findings: No introduction of new algorithms, code refactoring, or structural modifications. All risk comes from new versions of dependencies. The complexity score is low, reflecting the absence of direct code changes but noting the need for attentiveness for indirect effects (API change/deprecation).
  • Suggested Action: Run full test suite, monitor warnings and runtime behavior for integration breakage, especially around torch/cryptography. If issues arise, consider incremental upgrades of major packages.

• Test Coverage Agent: Score 1.0

  • Findings: No test or source code files changed; coverage unchanged directly. Integration risks may be untested if test suite does not sufficiently exercise functionality of upgraded libraries. No explicit coverage issues identified, but indirect risk from dependency changes.
  • Suggested Action: Run all existing tests in CI, monitor for failures or regressions in areas utilizing updated dependencies. Consider smoke/integration tests focused on upgraded libraries, add tests if gaps are identified during review.

• Risk Assessment Agent: Score 6.0

  • Findings: Security vulnerabilities are patched, which is positive, but breaking changes (torch, cryptography, urllib3, environment requirements) introduce medium-high risk. Potential for runtime errors, incompatibility, and performance regressions. Torch upgrade is especially impactful for ML-heavy workloads. Deployment environment must meet new requirements (Python ≥ 3.9, LibreSSL/OpenSSL versions).
  • Suggested Action: Verify all environment prerequisites. Audit API usage for all major upgraded dependencies. Test for regressions/performance issues. Rollout cautiously, with fallback/rollback plan in case of critical breakage.

---

Triage & Next Steps

Triage Level: Medium-High

• Review focus:

  • Validate environment compatibility (Python version, OpenSSL/LibreSSL).
  • Audit and test code paths depending on torch, cryptography, requests, and urllib3.
  • Review CI pipeline results for regressions or failures post-upgrade.
  • Examine for deprecation warnings, runtime errors, and performance regressions.
  • Ensure changelogs/breaking changes for major dependencies are understood and mitigated.

• Blockers:

  • No automated auto-approval permitted due to medium-high overall risk and score above threshold (3.0).
  • Manual review and comprehensive testing required before merge.
  • Potential for environment or API incompatibility that could disrupt production workloads.

---

Justification

The overall impact score for PR/MR #221 is 5.2, exceeding the auto-approval threshold. This result is derived from weighted agent assessments—Code Analysis (0.40), Complexity (0.20), Test Coverage (0.20), and Risk (0.20):

• Code Analysis (7.0, weight 0.40): High score due to broad, impactful upgrades of key dependencies with potential breaking changes and security fixes.
• Complexity (2.0, weight 0.20): Low direct complexity; risk is mostly indirect from dependency upgrades.
• Test Coverage (1.0, weight 0.20): Minimal impact, but legacy tests might miss subtle integration risks.
• Risk Assessment (6.0, weight 0.20): Medium-high risk from changes to underlying dependencies, platform requirements, and possible regression/performance issues.

Despite positive actions such as closing security vulnerabilities, the magnitude of dependency changes, especially in critical packages (torch, cryptography), introduces moderate risk of breakage, compatibility, and stability issues. There are significant indirect impacts on production environments and AI-related components, demanding comprehensive manual regression testing, compatibility checks, and careful deployment planning. Until these concerns are addressed, manual review is required and direct auto-approval/merge is not recommended.

---

---

Requesting Another Review

Trigger	Command	Description
Comment command	/mergebot review	Queue an immediate re-analysis by Mergebot.
Mention	@mergebot-dev[bot]	Mention the Mergebot account in any PR comment to request a follow-up review.
Dashboard	Check "Request a Rerun" in the Mergebot dashboard	Adds this PR to the rerun queue for the next scheduled scan.

[mergebot-dev]

❌ PR has not been auto-approved as per the Impact Assessment Report.
Please review the report and take necessary actions manually.