Skip to content

Bump the pip group across 5 directories with 11 updates#1

Open
dependabot[bot] wants to merge 1 commit intodevfrom
dependabot/pip/src/command_modules/azure-cli-extension/pip-79bb06c401
Open

Bump the pip group across 5 directories with 11 updates#1
dependabot[bot] wants to merge 1 commit intodevfrom
dependabot/pip/src/command_modules/azure-cli-extension/pip-79bb06c401

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Dec 3, 2025

Bumps the pip group with 1 update in the /src/command_modules/azure-cli-extension directory: wheel.
Bumps the pip group with 1 update in the /src/command_modules/azure-cli-batchai directory: azure-storage-blob.
Bumps the pip group with 1 update in the /src/command_modules/azure-cli-acr directory: azure-storage-blob.
Bumps the pip group with 9 updates in the /scripts/dependency directory:

Package From To
azure-storage-blob 1.1.0 12.13.0
cryptography 2.3.1 44.0.1
requests 2.19.1 2.32.4
certifi 2018.8.24 2024.7.4
idna 2.7 3.7
paramiko 2.4.1 2.4.2
pyjwt 1.6.4 2.4.0
pyyaml 3.13 5.4
urllib3 1.23 2.5.0

Bumps the pip group with 2 updates in the / directory: wheel and setuptools.

Updates wheel from 0.30.0 to 0.38.1

Changelog

Sourced from wheel's changelog.

Release Notes

UNRELEASED

  • Restored the bdist_wheel command for compatibility with setuptools older than v70.1
  • Importing wheel.bdist_wheel now emits a FutureWarning instead of a DeprecationWarning

0.46.1 (2025-04-08)

  • Temporarily restored the wheel.macosx_libfile module ([#659](https://github.com/pypa/wheel/issues/659) <https://github.com/pypa/wheel/issues/659>_)

0.46.0 (2025-04-03)

  • Dropped support for Python 3.8
  • Removed the bdist_wheel setuptools command implementation and entry point. The wheel.bdist_wheel module is now just an alias to setuptools.command.bdist_wheel, emitting a deprecation warning on import.
  • Removed vendored packaging in favor of a run-time dependency on it
  • Made the wheel.metadata module private (with a deprecation warning if it's imported
  • Made the wheel.cli package private (no deprecation warning)
  • Fixed an exception when calling the convert command with an empty description field

0.45.1 (2024-11-23)

  • Fixed pure Python wheels converted from eggs and wininst files having the ABI tag in the file name

0.45.0 (2024-11-08)

  • Refactored the convert command to not need setuptools to be installed

  • Don't configure setuptools logging unless running bdist_wheel

  • Added a redirection from wheel.bdist_wheel.bdist_wheel to setuptools.command.bdist_wheel.bdist_wheel to improve compatibility with setuptools' latest fixes.

    Projects are still advised to migrate away from the deprecated module and import the setuptools' implementation explicitly. (PR by @​abravalheri)

0.44.0 (2024-08-04)

  • Canonicalized requirements in METADATA file (PR by Wim Jeantine-Glenn)
  • Deprecated the bdist_wheel module, as the code was migrated to setuptools itself

... (truncated)

Commits
  • 6f1608d Created a new release
  • cf8f5ef Moved news item from PR #484 to its proper place
  • 9ec2016 Removed install dependency on setuptools (#483)
  • 747e1f6 Fixed PyPy SOABI parsing (#484)
  • 7627548 [pre-commit.ci] pre-commit autoupdate (#480)
  • 7b9e8e1 Test on Python 3.11 final
  • a04dfef Updated the pypi-publish action
  • 94bb62c Fixed docs not building due to code style changes
  • d635664 Updated the codecov action to the latest version
  • fcb94cd Updated version to match the release
  • Additional commits viewable in compare view

Updates azure-storage-blob from 1.3.1 to 12.13.0

Commits
  • e90af43 DataLake funny dependency (#25129)
  • cbec338 [AutoRelease] t2-storagecache-2022-07-06-35884(Do not merge) (#25089)
  • dc7c5a1 [Storage] API View Feedback For STG84 GA (#25085)
  • 9f66f6b [Storage] Revert removing aiohttp dependency for storage.blob.aio (#25084)
  • e40d3e1 [storage.blob] Remove aiohttp as dependency for storage.blob.aio (#24965)
  • 7915719 [Storage] Prepare for STG83 GA release (#25040)
  • 155eb8b [Storage] Add progress_hook to file-share upload/download (#24997)
  • 66dd3be [Storage] Fix more flaky lease tests (#25011)
  • 0301417 [Storage] Add argument to perf tests to use client-side encryption (#24978)
  • 4899065 [perf] Add pipeline template and storage pipelines (#24894)
  • Additional commits viewable in compare view

Updates azure-storage-blob from 1.3.1 to 12.13.0

Commits
  • e90af43 DataLake funny dependency (#25129)
  • cbec338 [AutoRelease] t2-storagecache-2022-07-06-35884(Do not merge) (#25089)
  • dc7c5a1 [Storage] API View Feedback For STG84 GA (#25085)
  • 9f66f6b [Storage] Revert removing aiohttp dependency for storage.blob.aio (#25084)
  • e40d3e1 [storage.blob] Remove aiohttp as dependency for storage.blob.aio (#24965)
  • 7915719 [Storage] Prepare for STG83 GA release (#25040)
  • 155eb8b [Storage] Add progress_hook to file-share upload/download (#24997)
  • 66dd3be [Storage] Fix more flaky lease tests (#25011)
  • 0301417 [Storage] Add argument to perf tests to use client-side encryption (#24978)
  • 4899065 [perf] Add pipeline template and storage pipelines (#24894)
  • Additional commits viewable in compare view

Updates azure-storage-blob from 1.1.0 to 12.13.0

Commits
  • e90af43 DataLake funny dependency (#25129)
  • cbec338 [AutoRelease] t2-storagecache-2022-07-06-35884(Do not merge) (#25089)
  • dc7c5a1 [Storage] API View Feedback For STG84 GA (#25085)
  • 9f66f6b [Storage] Revert removing aiohttp dependency for storage.blob.aio (#25084)
  • e40d3e1 [storage.blob] Remove aiohttp as dependency for storage.blob.aio (#24965)
  • 7915719 [Storage] Prepare for STG83 GA release (#25040)
  • 155eb8b [Storage] Add progress_hook to file-share upload/download (#24997)
  • 66dd3be [Storage] Fix more flaky lease tests (#25011)
  • 0301417 [Storage] Add argument to perf tests to use client-side encryption (#24978)
  • 4899065 [perf] Add pipeline template and storage pipelines (#24894)
  • Additional commits viewable in compare view

Updates cryptography from 2.3.1 to 44.0.1

Changelog

Sourced from cryptography's changelog.

44.0.1 - 2025-02-11


* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.4.1.
* We now build ``armv7l`` ``manylinux`` wheels and publish them to PyPI.
* We now build ``manylinux_2_34`` wheels and publish them to PyPI.

.. _v44-0-0:


44.0.0 - 2024-11-27

  • BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.9.
  • Deprecated Python 3.7 support. Python 3.7 is no longer supported by the Python core team. Support for Python 3.7 will be removed in a future cryptography release.
  • Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.4.0.
  • macOS wheels are now built against the macOS 10.13 SDK. Users on older versions of macOS should upgrade, or they will need to build cryptography themselves.
  • Enforce the :rfc:5280 requirement that extended key usage extensions must not be empty.
  • Added support for timestamp extraction to the :class:~cryptography.fernet.MultiFernet class.
  • Relax the Authority Key Identifier requirements on root CA certificates during X.509 verification to allow fields permitted by :rfc:5280 but forbidden by the CA/Browser BRs.
  • Added support for :class:~cryptography.hazmat.primitives.kdf.argon2.Argon2id when using OpenSSL 3.2.0+.
  • Added support for the :class:~cryptography.x509.Admissions certificate extension.
  • Added basic support for PKCS7 decryption (including S/MIME 3.2) via :func:~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_der, :func:~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_pem, and :func:~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_smime.

.. _v43-0-3:

43.0.3 - 2024-10-18


* Fixed release metadata for ``cryptography-vectors``

.. _v43-0-2:


43.0.2 - 2024-10-18

  • Fixed compilation when using LibreSSL 4.0.0.

.. _v43-0-1:

... (truncated)

Commits

Updates requests from 2.19.1 to 2.32.4

Release notes

Sourced from requests's releases.

v2.32.4

2.32.4 (2025-06-10)

Security

  • CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file. (#6965)

Improvements

  • Numerous documentation improvements

Deprecations

  • Added support for pypy 3.11 for Linux and macOS. (#6926)
  • Dropped support for pypy 3.9 following its end of support. (#6926)

v2.32.3

2.32.3 (2024-05-29)

Bugfixes

  • Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of HTTPAdapter. (#6716)
  • Fixed issue where Requests started failing to run on Python versions compiled without the ssl module. (#6724)

v2.32.2

2.32.2 (2024-05-21)

Deprecations

  • To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

    A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

v2.32.1

2.32.1 (2024-05-20)

Bugfixes

  • Add missing test certs to the sdist distributed on PyPI.

v2.32.0

2.32.0 (2024-05-20)

... (truncated)

Changelog

Sourced from requests's changelog.

2.32.4 (2025-06-10)

Security

  • CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.

Improvements

  • Numerous documentation improvements

Deprecations

  • Added support for pypy 3.11 for Linux and macOS.
  • Dropped support for pypy 3.9 following its end of support.

2.32.3 (2024-05-29)

Bugfixes

  • Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of HTTPAdapter. (#6716)
  • Fixed issue where Requests started failing to run on Python versions compiled without the ssl module. (#6724)

2.32.2 (2024-05-21)

Deprecations

  • To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

    A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

2.32.1 (2024-05-20)

Bugfixes

  • Add missing test certs to the sdist distributed on PyPI.

2.32.0 (2024-05-20)

Security

... (truncated)

Commits
  • 021dc72 Polish up release tooling for last manual release
  • 821770e Bump version and add release notes for v2.32.4
  • 59f8aa2 Add netrc file search information to authentication documentation (#6876)
  • 5b4b64c Add more tests to prevent regression of CVE 2024 47081
  • 7bc4587 Add new test to check netrc auth leak (#6962)
  • 96ba401 Only use hostname to do netrc lookup instead of netloc
  • 7341690 Merge pull request #6951 from tswast/patch-1
  • 6716d7c remove links
  • a7e1c74 Update docs/conf.py
  • c799b81 docs: fix dead links to kenreitz.org
  • Additional commits viewable in compare view

Updates certifi from 2018.8.24 to 2024.7.4

Commits

Updates idna from 2.7 to 3.7

Release notes

Sourced from idna's releases.

v3.7

What's Changed

  • Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

Full Changelog: kjd/idna@v3.6...v3.7

Changelog

Sourced from idna's changelog.

3.7 (2024-04-11) ++++++++++++++++

  • Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

3.6 (2023-11-25) ++++++++++++++++

  • Fix regression to include tests in source distribution.

3.5 (2023-11-24) ++++++++++++++++

  • Update to Unicode 15.1.0
  • String codec name is now "idna2008" as overriding the system codec "idna" was not working.
  • Fix typing error for codec encoding
  • "setup.cfg" has been added for this release due to some downstream lack of adherence to PEP 517. Should be removed in a future release so please prepare accordingly.
  • Removed reliance on a symlink for the "idna-data" tool to comport with PEP 517 and the Python Packaging User Guide for sdist archives.
  • Added security reporting protocol for project

Thanks Jon Ribbens, Diogo Teles Sant'Anna, Wu Tingfeng for contributions to this release.

3.4 (2022-09-14) ++++++++++++++++

  • Update to Unicode 15.0.0
  • Migrate to pyproject.toml for build information (PEP 621)
  • Correct another instance where generic exception was raised instead of IDNAError for malformed input
  • Source distribution uses zeroized file ownership for improved reproducibility

Thanks to Seth Michael Larson for contributions to this release.

3.3 (2021-10-13) ++++++++++++++++

  • Update to Unicode 14.0.0
  • Update to in-line type annotations
  • Throw IDNAError exception correctly for some malformed input
  • Advertise support for Python 3.10
  • Improve testing regime on Github

... (truncated)

Commits
  • 1d365e1 Release v3.7
  • c1b3154 Merge pull request #172 from kjd/optimize-contextj
  • 0394ec7 Merge branch 'master' into optimize-contextj
  • cd58a23 Merge pull request #152 from elliotwutingfeng/dev
  • 5beb28b More efficient resolution of joiner contexts
  • 1b12148 Update ossf/scorecard-action to v2.3.1
  • d516b87 Update Github actions/checkout to v4
  • c095c75 Merge branch 'master' into dev
  • 60a0a4c Fix typo in GitHub Actions workflow key
  • 5918a0e Merge branch 'master' into dev
  • Additional commits viewable in compare view

Updates paramiko from 2.4.1 to 2.4.2

Commits

Updates pyjwt from 1.6.4 to 2.4.0

Release notes

Sourced from pyjwt's releases.

2.4.0

Security

What's Changed

New Contributors

Full Changelog: jpadilla/pyjwt@2.3.0...2.4.0

2.3.0

What's Changed

... (truncated)

Changelog

Sourced from pyjwt's changelog.

v2.4.0 <https://github.com/jpadilla/pyjwt/compare/2.3.0...2.4.0>__

Security


- [CVE-2022-29217] Prevent key confusion through non-blocklisted public key formats. https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24

Changed



- Explicit check the key for ECAlgorithm by @estin in `[#713](https://github.com/jpadilla/pyjwt/issues/713) &lt;https://github.com/jpadilla/pyjwt/pull/713&gt;`__
- Raise DeprecationWarning for jwt.decode(verify=...) by @akx in `[#742](https://github.com/jpadilla/pyjwt/issues/742) &lt;https://github.com/jpadilla/pyjwt/pull/742&gt;`__

Fixed



- Don't use implicit optionals by @rekyungmin in `[#705](https://github.com/jpadilla/pyjwt/issues/705) &amp;lt;https://github.com/jpadilla/pyjwt/pull/705&amp;gt;`__
- documentation fix: show correct scope for decode_complete() by @sseering in `[#661](https://github.com/jpadilla/pyjwt/issues/661) &amp;lt;https://github.com/jpadilla/pyjwt/pull/661&amp;gt;`__
- fix: Update copyright information by @kkirsche in `[#729](https://github.com/jpadilla/pyjwt/issues/729) &amp;lt;https://github.com/jpadilla/pyjwt/pull/729&amp;gt;`__
- Don't mutate options dictionary in .decode_complete() by @akx in `[#743](https://github.com/jpadilla/pyjwt/issues/743) &amp;lt;https://github.com/jpadilla/pyjwt/pull/743&amp;gt;`__

Added



    

  • Add support for Python 3.10 by @hugovk in [#699](https://github.com/jpadilla/pyjwt/issues/699) &amp;lt;https://github.com/jpadilla/pyjwt/pull/699&amp;gt;__
    • 

  • api_jwk: Add PyJWKSet.getitem by @woodruffw in [#725](https://github.com/jpadilla/pyjwt/issues/725) &amp;lt;https://github.com/jpadilla/pyjwt/pull/725&amp;gt;__
    • 

  • Update usage.rst by @guneybilen in [#727](https://github.com/jpadilla/pyjwt/issues/727) &amp;lt;https://github.com/jpadilla/pyjwt/pull/727&amp;gt;__
    • 

  • Docs: mention performance reasons for reusing RSAPrivateKey when encoding by @dmahr1 in [#734](https://github.com/jpadilla/pyjwt/issues/734) &amp;lt;https://github.com/jpadilla/pyjwt/pull/734&amp;gt;__
    • 

  • Fixed typo in usage.rst by @israelabraham in [#738](https://github.com/jpadilla/pyjwt/issues/738) &amp;lt;https://github.com/jpadilla/pyjwt/pull/738&amp;gt;__
    • 

  • Add detached payload support for JWS encoding and decoding by @fviard in [#723](https://github.com/jpadilla/pyjwt/issues/723) &amp;lt;https://github.com/jpadilla/pyjwt/pull/723&amp;gt;__
    • 

  • Replace various string interpolations with f-strings by @akx in [#744](https://github.com/jpadilla/pyjwt/issues/744) &amp;lt;https://github.com/jpadilla/pyjwt/pull/744&amp;gt;__
    • 

  • Update CHANGELOG.rst by @hipertracker in [#751](https://github.com/jpadilla/pyjwt/issues/751) &amp;lt;https://github.com/jpadilla/pyjwt/pull/751&amp;gt;__
    • 



v2.3.0 &amp;lt;https://github.com/jpadilla/pyjwt/compare/2.2.0...2.3.0&amp;gt;__


Fixed



- Revert &amp;quot;Remove arbitrary kwargs.&amp;quot; `[#701](https://github.com/jpadilla/pyjwt/issues/701) &amp;lt;https://github.com/jpadilla/pyjwt/pull/701&amp;gt;`__

Added



    

  • Add exception chaining [#702](https://github.com/jpadilla/pyjwt/issues/702) &amp;lt;https://github.com/jpadilla/pyjwt/pull/702&amp;gt;__
    • 



v2.2.0 &amp;lt;https://github.com/jpadilla/pyjwt/compare/2.1.0...2.2.0&amp;gt;__


&lt;/tr&gt;&lt;/table&gt;

</code></pre>

</blockquote>

<p>... (truncated)</p>

</details>

<details>

<summary>Commits</summary>


<ul>

<li><a href="https://github.com/jpadilla/pyjwt/commit/83ff831a4d11190e3a0bed781da43f8d84352653&quot;&gt;&lt;code&gt;83ff831&lt;/code&gt;&lt;/a> chore: update changelog</li>

<li><a href="https://github.com/jpadilla/pyjwt/commit/4c1ce8fd9019dd312ff257b5141cdb6d897379d9&quot;&gt;&lt;code&gt;4c1ce8f&lt;/code&gt;&lt;/a> chore: update changelog</li>

<li><a href="https://github.com/jpadilla/pyjwt/commit/96f3f0275745c5a455c019a0d3476a054980e8ea&quot;&gt;&lt;code&gt;96f3f02&lt;/code&gt;&lt;/a> fix: failing advisory test</li>

<li><a href="https://github.com/jpadilla/pyjwt/commit/9c528670c455b8d948aff95ed50e22940d1ad3fc&quot;&gt;&lt;code&gt;9c52867&lt;/code&gt;&lt;/a> Merge pull request from GHSA-ffqj-6fqr-9h24</li>

<li><a href="https://github.com/jpadilla/pyjwt/commit/24b29adfebcb4f057a3cef5aaf35653bc0c1c8cc&quot;&gt;&lt;code&gt;24b29ad&lt;/code&gt;&lt;/a> Update CHANGELOG.rst (<a href="https://redirect.github.com/jpadilla/pyjwt/issues/751&quot;&gt;#751&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/jpadilla/pyjwt/commit/31f5acb8fb3ec6cdfe2b1b0a4a8f329b5f3ca67f&quot;&gt;&lt;code&gt;31f5acb&lt;/code&gt;&lt;/a> Replace various string interpolations with f-strings (<a href="https://redirect.github.com/jpadilla/pyjwt/issues/744&quot;&gt;#744&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/jpadilla/pyjwt/commit/5581a31c21de70444c1162bcfa29f7e0fc86edda&quot;&gt;&lt;code&gt;5581a31&lt;/code&gt;&lt;/a> [pre-commit.ci] pre-commit autoupdate (<a href="https://redirect.github.com/jpadilla/pyjwt/issues/748&quot;&gt;#748&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/jpadilla/pyjwt/commit/3d4d82248f1120c87f1f4e0e8793eaa1d54843a6&quot;&gt;&lt;code&gt;3d4d822&lt;/code&gt;&lt;/a> Don't mutate options dictionary in .decode_complete() (<a href="https://redirect.github.com/jpadilla/pyjwt/issues/743&quot;&gt;#743&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/jpadilla/pyjwt/commit/1f1fe15bb41846c602b3e106176b2c692b93a613&quot;&gt;&lt;code&gt;1f1fe15&lt;/code&gt;&lt;/a> Add a deprecation warning when jwt.decode() is called with the legacy verify=...</li>

<li><a href="https://github.com/jpadilla/pyjwt/commit/35fa28e59d99b99c6a780d2a029a74d6bbba8b1e&quot;&gt;&lt;code&gt;35fa28e&lt;/code&gt;&lt;/a> [pre-commit.ci] pre-commit autoupdate (<a href="https://redirect.github.com/jpadilla/pyjwt/issues/740&quot;&gt;#740&lt;/a&gt;)&lt;/li>

<li>Additional commits viewable in <a href="https://github.com/jpadilla/pyjwt/compare/1.6.4...2.4.0&quot;&gt;compare view</a></li>

</ul>

</details>


<br />




Updates pyyaml from 3.13 to 5.4



Changelog

Sourced from pyyaml's changelog.




5.4 (2021-01-19)



5.3.1 (2020-03-18)


    

  • yaml/pyyaml#386 -- Prevents arbitrary code execution during python/object/new constructor
    • 



5.3 (2020-01-06)



5.2 (2019-12-02)


    

  • Repair incompatibilities introduced with 5.1. The default Loader was changed,
but several methods like add_constructor still used the old default
yaml/pyyaml#279 -- A more flexible fix for custom tag constructors
yaml/pyyaml#287 -- Change default loader for yaml.add_constructor
yaml/pyyaml#305 -- Change default loader for add_implicit_resolver, add_path_resolver
    • 

  • Make FullLoader safer by removing python/object/apply from the default FullLoader
yaml/pyyaml#347 -- Move constructor for object/apply to UnsafeConstructor
    • 

  • Fix bug introduced in 5.1 where quoting went wrong on systems with sys.maxunicode <= 0xffff
yaml/pyyaml#276 -- Fix logic for quoting special characters
    • 

  • Other PRs:
yaml/pyyaml#280 -- Update CHANGES for 5.1
    • 



5.1.2 (2019-07-30)


    

  • Re-release of 5.1 with regenerated Cython sources to build properly for Python 3.8b2+
    • 






... (truncated)





Commits

    

  • 58d0cb7 5.4 release
    • 

  • a60f7a1 Fix compatibility with Jython
    • 

  • ee98abd Run CI on PR base branch changes
    • 

  • ddf2033 constructor.timezone: _copy & deepcopy
    • 

  • fc914d5 Avoid repeatedly appending to yaml_implicit_resolvers
    • 

  • a001f27 Fix for CVE-2020-14343
    • 

  • fe15062 Add 3.9 to appveyor file for completeness sake
    • 

  • 1e1c7fb Add a newline character to end of pyproject.toml
    • 

  • 0b6b7d6 Start sentences and phrases for capital letters
    • 

  • c976915 Shell code improvements
    • 

  • Additional commits viewable in compare view
    • 







Updates urllib3 from 1.23 to 2.5.0



Release notes

Sourced from urllib3's releases.




2.5.0


🚀 urllib3 is fundraising for HTTP/2 support


urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.


Thank you for your support.


Security issues


urllib3 2.5.0 fixes two moderate security issues:


    

  • Pool managers now properly control redirects when retries is passed — CVE-2025-50181 reported by @​sandumjacob (5.3 Medium, GHSA-pq67-6m6q-mj2v)
    • 

  • Redirects are now controlled by urllib3 in the Node.js runtime — CVE-2025-50182 (5.3 Medium, GHSA-48p4-8xcf-vxj5)
    • 



Features


    

  • Added support for the compression.zstd module that is new in Python 3.14. See PEP 784 for more information. (#3610)
    • 

  • Added support for version 0.5 of hatch-vcs (#3612)
    • 



Bugfixes


    

  • Raised exception for HTTPResponse.shutdown on a connection already released to the pool. (#3581)
    • 

  • Fixed incorrect CONNECT statement when using an IPv6 proxy with connection_from_host. Previously would not be wrapped in []. (#3615)
    • 



2.4.0


🚀 urllib3 is fundraising for HTTP/2 support


urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.


Thank you for your support.


Features


    

  • Applied PEP 639 by specifying the license fields in pyproject.toml. (#3522)
    • 

  • Updated exceptions to save and restore more properties during the pickle/serialization process. (#3567)
    • 

  • Added verify_flags option to create_urllib3_context with a default of VERIFY_X509_PARTIAL_CHAIN and VERIFY_X509_STRICT for Python 3.13+. (#3571)
    • 



Bugfixes


    

  • Fixed a bug with partial reads of streaming data in Emscripten. (#3555)
    • 



Misc


    

  • Switched to uv for installing development dependecies. (#3550)
    • 

  • Removed the multiple.intoto.jsonl asset from GitHub releases. Attestation of release files since v2.3.0 can be found on PyPI. (#3566)
    • 



2.3.0





... (truncated)





Changelog

Sourced from urllib3's changelog.




2.5.0 (2025-06-18)


Features


    

  • Added support for the compression.zstd module that is new in Python 3.14.
See PEP 784 <https://peps.python.org/pep-0784/>_ for more information. ([#3610](https://github.com/urllib3/urllib3/issues/3610) <https://github.com/urllib3/urllib3/issues/3610>__)
    • 

  • Added support for version 0.5 of hatch-vcs ([#3612](https://github.com/urllib3/urllib3/issues/3612) <https://github.com/urllib3/urllib3/issues/3612>__)
    • 



Bugfixes


    

  • Fixed a security issue where restricting the maximum number of followed
redirects at the urllib3.PoolManager level via the retries parameter
did not work.
    • 

  • Made the Node.js runtime respect redirect parameters such as retries
and redirects.
    • 

  • Raised exception for HTTPResponse.shutdown on a connection already released to the pool. ([#3581](https://github.com/urllib3/urllib3/issues/3581) <https://github.com/urllib3/urllib3/issues/3581>__)
    • 

  • Fixed incorrect CONNECT statement when using an IPv6 proxy with connection_from_host. Previously would not be wrapped in []. ([#3615](https://github.com/urllib3/urllib3/issues/3615) <https://github.com/urllib3/urllib3/issues/3615>__)
    • 



2.4.0 (2025-04-10)


Features


    

  • Applied PEP 639 by specifying the license fields in pyproject.toml. ([#3522](https://github.com/urllib3/urllib3/issues/3522) <https://github.com/urllib3/urllib3/issues/3522>__)
    • 

  • Updated exceptions to save and restore more properties during the pickle/serialization process. ([#3567](https://github.com/urllib3/urllib3/issues/3567) <https://github.com/urllib3/urllib3/issues/3567>__)
    • 

  • Added verify_flags option to create_urllib3_context with a default of VERIFY_X509_PARTIAL_CHAIN and VERIFY_X509_STRICT for Python 3.13+. ([#3571](https://github.com/urllib3/urllib3/issues/3571) <https://github.com/urllib3/urllib3/issues/3571>__)
    • 



Bugfixes


    

  • Fixed a bug with partial reads of streaming data in Emscripten. ([#3555](https://github.com/urllib3/urllib3/issues/3555) <https://github.com/urllib3/urllib3/issues/3555>__)
    • 



Misc


    

  • Switched to uv for installing development dependecies. ([#3550](https://github.com/urllib3/urllib3/issues/3550) <https://github.com/urllib3/urllib3/issues/3550>__)
    • 

  • Removed the multiple.intoto.jsonl asset from GitHub releases. Attestation of release files since v2.3.0 can be found on PyPI. ([#3566](https://github.com/urllib3/urllib3/issues/3566) <https://github.com/urllib3/urllib3/issues/3566>__)
    • 



2.3.0 (2024-12-22)





... (truncated)





Commits

@dependabot
Bump the pip group across 5 directories with 11 updates
2480dd6 
Bumps the pip group with 1 update in the /src/command_modules/azure-cli-extension directory: [wheel](https://github.com/pypa/wheel).
Bumps the pip group with 1 update in the /src/command_modules/azure-cli-batchai directory: [azure-storage-blob](https://github.com/Azure/azure-sdk-for-python).
Bumps the pip group with 1 update in the /src/command_modules/azure-cli-acr directory: [azure-storage-blob](https://github.com/Azure/azure-sdk-for-python).
Bumps the pip group with 9 updates in the /scripts/dependency directory:

| Package | From | To |
| --- | --- | --- |
| [azure-storage-blob](https://github.com/Azure/azure-sdk-for-python) | `1.1.0` | `12.13.0` |
| [cryptography](https://github.com/pyca/cryptography) | `2.3.1` | `44.0.1` |
| [requests](https://github.com/psf/requests) | `2.19.1` | `2.32.4` |
| [certifi](https://github.com/certifi/python-certifi) | `2018.8.24` | `2024.7.4` |
| [idna](https://github.com/kjd/idna) | `2.7` | `3.7` |
| [paramiko](https://github.com/paramiko/paramiko) | `2.4.1` | `2.4.2` |
| [pyjwt](https://github.com/jpadilla/pyjwt) | `1.6.4` | `2.4.0` |
| [pyyaml](https://github.com/yaml/pyyaml) | `3.13` | `5.4` |
| [urllib3](https://github.com/urllib3/urllib3) | `1.23` | `2.5.0` |

Bumps the pip group with 2 updates in the / directory: [wheel](https://github.com/pypa/wheel) and [setuptools](https://github.com/pypa/setuptools).


Updates `wheel` from 0.30.0 to 0.38.1
- [Release notes](https://github.com/pypa/wheel/releases)
- [Changelog](https://github.com/pypa/wheel/blob/main/docs/news.rst)
- [Commits](pypa/wheel@0.30.0...0.38.1)

Updates `azure-storage-blob` from 1.3.1 to 12.13.0
- [Release notes](https://github.com/Azure/azure-sdk-for-python/releases)
- [Commits](Azure/azure-sdk-for-python@azure-eventhub_1.3.1...azure-storage-blob_12.13.0)

Updates `azure-storage-blob` from 1.3.1 to 12.13.0
- [Release notes](https://github.com/Azure/azure-sdk-for-python/releases)
- [Commits](Azure/azure-sdk-for-python@azure-eventhub_1.3.1...azure-storage-blob_12.13.0)

Updates `azure-storage-blob` from 1.1.0 to 12.13.0
- [Release notes](https://github.com/Azure/azure-sdk-for-python/releases)
- [Commits](Azure/azure-sdk-for-python@azure-eventhub_1.3.1...azure-storage-blob_12.13.0)

Updates `cryptography` from 2.3.1 to 44.0.1
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@2.3.1...44.0.1)

Updates `requests` from 2.19.1 to 2.32.4
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.19.1...v2.32.4)

Updates `certifi` from 2018.8.24 to 2024.7.4
- [Commits](certifi/python-certifi@2018.08.24...2024.07.04)

Updates `idna` from 2.7 to 3.7
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst)
- [Commits](kjd/idna@v2.7...v3.7)

Updates `paramiko` from 2.4.1 to 2.4.2
- [Commits](paramiko/paramiko@2.4.1...2.4.2)

Updates `pyjwt` from 1.6.4 to 2.4.0
- [Release notes](https://github.com/jpadilla/pyjwt/releases)
- [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst)
- [Commits](jpadilla/pyjwt@1.6.4...2.4.0)

Updates `pyyaml` from 3.13 to 5.4
- [Release notes](https://github.com/yaml/pyyaml/releases)
- [Changelog](https://github.com/yaml/pyyaml/blob/main/CHANGES)
- [Commits](yaml/pyyaml@3.13...5.4)

Updates `urllib3` from 1.23 to 2.5.0
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@1.23...2.5.0)

Updates `wheel` from 0.31.1 to 0.38.1
- [Release notes](https://github.com/pypa/wheel/releases)
- [Changelog](https://github.com/pypa/wheel/blob/main/docs/news.rst)
- [Commits](pypa/wheel@0.30.0...0.38.1)

Updates `setuptools` from 40.0.0 to 78.1.1
- [Release notes](https://github.com/pypa/setuptools/releases)
- [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst)
- [Commits](pypa/setuptools@v40.0.0...v78.1.1)

---
updated-dependencies:
- dependency-name: wheel
  dependency-version: 0.38.1
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: azure-storage-blob
  dependency-version: 12.13.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: azure-storage-blob
  dependency-version: 12.13.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: azure-storage-blob
  dependency-version: 12.13.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: cryptography
  dependency-version: 44.0.1
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: requests
  dependency-version: 2.32.4
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: certifi
  dependency-version: 2024.7.4
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: idna
  dependency-version: '3.7'
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: paramiko
  dependency-version: 2.4.2
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: pyjwt
  dependency-version: 2.4.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: pyyaml
  dependency-version: '5.4'
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: urllib3
  dependency-version: 2.5.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: wheel
  dependency-version: 0.38.1
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: setuptools
  dependency-version: 78.1.1
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Dec 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants