chore(deps): bump the python-minor-patch group across 1 directory with 14 updates

[dependabot]

Bumps the python-minor-patch group with 14 updates in the /python directory:

Package	From	To
pytest-asyncio	1.3.0	1.4.0
ruff	0.15.13	0.15.16
typer	0.25.1	0.26.7
uvicorn	0.47.0	0.49.0
openai	2.37.0	2.41.0
mcp	1.27.1	1.27.2
fastapi	0.136.1	0.136.3
filelock	3.29.0	3.29.1
python-multipart	0.0.29	0.0.32
boto3	1.43.9	1.43.24
langgraph	1.2.0	1.2.4
langchain-core	1.4.0	1.4.1
openai-agents	0.17.2	0.17.4
langchain-openai	1.2.1	1.2.2

Updates pytest-asyncio from 1.3.0 to 1.4.0

Release notes

Sourced from pytest-asyncio's releases.

pytest-asyncio v1.4.0

1.4.0 - 2026-05-26

Deprecated

• Overriding the event_loop_policy fixture is deprecated. Use the pytest_asyncio_loop_factories hook instead. (#1419)

Added

• Added the pytest_asyncio_loop_factories hook to parametrize asyncio tests with custom event loop factories.

  The hook returns a mapping of factory names to loop factories, and pytest.mark.asyncio(loop_factories=[...]) selects a subset of configured factories per test. When a single factory is configured, test names are unchanged.

  Synchronous @pytest_asyncio.fixture functions now see the correct event loop when custom loop factories are configured, even when test code disrupts the current event loop (e.g., via asyncio.run() or asyncio.set_event_loop(None)). (#1164)

Changed

• Improved the readability of the warning message that is displayed when asyncio_default_fixture_loop_scope is unset (#1298)
• Only import asyncio.AbstractEventLoopPolicy for type checking to avoid raising a DeprecationWarning. (#1394)
• Updated minimum supported pytest version to v8.4.0. (#1397)

Fixed

• Fixed a ResourceWarning: unclosed event loop warning that could occur when a synchronous test called asyncio.run() or otherwise unset the current event loop after pytest-asyncio had run an async test or fixture. (#724)

Notes for Downstream Packagers

• Added dependency on sphinx-tabs >= 3.5 to organize documentation examples into tabs. (#1395)

pytest-asyncio v1.4.0a2

1.4.0a2 - 2026-05-02

Deprecated

• Overriding the event_loop_policy fixture is deprecated. Use the pytest_asyncio_loop_factories hook instead. (#1419)

Added

• Added the pytest_asyncio_loop_factories hook to parametrize asyncio tests with custom event loop factories.

  The hook returns a mapping of factory names to loop factories, and pytest.mark.asyncio(loop_factories=[...]) selects a subset of configured factories per test. When a single factory is configured, test names are unchanged on pytest 8.4+.

  Synchronous @pytest_asyncio.fixture functions now see the correct event loop when custom loop factories are configured, even when test code disrupts the current event loop (e.g., via asyncio.run() or asyncio.set_event_loop(None)). (#1164)

Changed

• Improved the readability of the warning message that is displayed when asyncio_default_fixture_loop_scope is unset (#1298)
• Only import asyncio.AbstractEventLoopPolicy for type checking to avoid raising a DeprecationWarning. (#1394)

... (truncated)

Commits

• 6e14cd2 chore: Prepare release of v1.4.0.
• 4b900fb Build(deps): Bump codecov/codecov-action from 6.0.0 to 6.0.1
• ab9f632 Build(deps): Bump zipp from 3.23.1 to 4.1.0
• a56fc77 Build(deps): Bump hypothesis from 6.152.6 to 6.152.8
• e8bae9b Build(deps): Bump requests from 2.34.0 to 2.34.2
• fc43340 Build(deps): Bump idna from 3.14 to 3.15
• 762eaf5 Build(deps): Bump jaraco-functools from 4.4.0 to 4.5.0
• b62e222 Build(deps): Bump click from 8.3.3 to 8.4.0
• 9190447 Build(deps): Bump pydantic from 2.13.3 to 2.13.4
• 82a393c ci: Remove unnecessary debug output.
• Additional commits viewable in compare view

Updates ruff from 0.15.13 to 0.15.16

Release notes

Sourced from ruff's releases.

0.15.16

Release Notes

Released on 2026-06-04.

Preview features

• [flake8-async] Implement yield-in-context-manager-in-async-generator (ASYNC119) (#24644)
• [pylint] Narrow diagnostic range and exclude cases without exception handlers (PLW0717) (#25440)
• [ruff] Treat yield before break from a terminal loop as terminal (RUF075) (#25447)

Bug fixes

• [eradicate] Avoid flagging ruff:ignore comments as code (ERA001) (#25537)
• [eradicate] Fix ERA001/RUF100 conflict when noqa is on commented-out code (#25414)
• [pyflakes] Avoid removing the format call when it would change behavior (F523) (#25320)
• [pylint] Avoid syntax errors in invalid character replacements in f-strings before Python 3.12 (PLE2510, PLE2512, PLE2513, PLE2514, PLE2515) (#25544)
• [pyupgrade] Avoid converting format calls with more kinds of side effects (UP032) (#25484)

Rule changes

• [flake8-pytest-style] Avoid fixes for ambiguous argnames and argvalues combinations (PT006) (#24776)

Performance

• Drop excess capacity from statement suites during parsing (#25368)

Documentation

• [pydocstyle] Improve discoverability of rules enabled for each convention (#24973)
• [ruff] Restore example code for Python versions before 3.15 (RUF017) (#25439)
• Fix typo bin/active → bin/activate in tutorial (#25473)

Other changes

• Shrink additional parser AST collections (#25465)

Contributors

• @​Redslayer112
• @​koriyoshi2041
• @​George-Ogden
• @​TejasAmle
• @​anishgirianish
• @​ntBre
• @​MichaReiser
• @​loganrosen
• @​RafaelJohn9
• @​adityasingh2400

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.16

Released on 2026-06-04.

Preview features

• [flake8-async] Implement yield-in-context-manager-in-async-generator (ASYNC119) (#24644)
• [pylint] Narrow diagnostic range and exclude cases without exception handlers (PLW0717) (#25440)
• [ruff] Treat yield before break from a terminal loop as terminal (RUF075) (#25447)

Bug fixes

• [eradicate] Avoid flagging ruff:ignore comments as code (ERA001) (#25537)
• [eradicate] Fix ERA001/RUF100 conflict when noqa is on commented-out code (#25414)
• [pyflakes] Avoid removing the format call when it would change behavior (F523) (#25320)
• [pylint] Avoid syntax errors in invalid character replacements in f-strings before Python 3.12 (PLE2510, PLE2512, PLE2513, PLE2514, PLE2515) (#25544)
• [pyupgrade] Avoid converting format calls with more kinds of side effects (UP032) (#25484)

Rule changes

• [flake8-pytest-style] Avoid fixes for ambiguous argnames and argvalues combinations (PT006) (#24776)

Performance

• Drop excess capacity from statement suites during parsing (#25368)

Documentation

• [pydocstyle] Improve discoverability of rules enabled for each convention (#24973)
• [ruff] Restore example code for Python versions before 3.15 (RUF017) (#25439)
• Fix typo bin/active → bin/activate in tutorial (#25473)

Other changes

• Shrink additional parser AST collections (#25465)

Contributors

• @​Redslayer112
• @​koriyoshi2041
• @​George-Ogden
• @​TejasAmle
• @​anishgirianish
• @​ntBre
• @​MichaReiser
• @​loganrosen
• @​RafaelJohn9
• @​adityasingh2400

0.15.15

... (truncated)

Commits

• 6c498ab Bump 0.15.16 (#25635)
• e51e132 [flake8-async] Implement yield-in-context-manager-in-async-generator (`AS...
• 7c6dcd9 [ty] Add caching for pattern match narrowing (#25613)
• 27058fc [ty] Compact retained definition and expression identities (#25606)
• bf80d05 Fix CODEOWNERS syntax (#25622)
• 10ccd51 Shrink additional parser AST collections (#25465)
• 0d7135f [ty] Upgrade Salsa (#25545)
• 49493a3 [ty] Show type alias value on hover (#25381)
• 85207d3 [ty] sys.implementation.version is not sys.version_info (#25608)
• a8a0614 [ty] Avoid retaining duplicate function signatures (#25609)
• Additional commits viewable in compare view

Updates typer from 0.25.1 to 0.26.7

Release notes

Sourced from typer's releases.

0.26.7

Fixes

• 🐛 Respect wait=False when launching URLs with xdg-open. PR #1820 by @​patrick91.

0.26.6

Fixes

• 🐛 Ensure that the default of a list argument is used correctly. PR #1821 by @​svlandeg.

Internal

• 👷 Speed up the CI by shuffling the test matrix. PR #1815 by @​svlandeg.

0.26.5

Fixes

• 🐛 Ensure that hidden commands are not shown when Rich markup is disabled. PR #1812 by @​svlandeg.

Internal

• 🔥 Remove old stub packages. PR #1810 by @​tiangolo.

0.26.4

Features

• 📝 Update AI Library Skill to avoid verbose code for CLI Options. PR #1808 by @​tiangolo.

Internal

• 👷 Add CI to create draft release after merging a release PR. PR #1807 by @​tiangolo.
• 👷 Update labeler to accept label release. PR #1806 by @​tiangolo.
• 👷 Update GitHub Action permissions for prepare-release. PR #1804 by @​tiangolo.
• 👷 Add GitHub Actions prepare release workflow. PR #1802 by @​tiangolo.
• 👷 Update publish action, do not use uv cache. PR #1803 by @​tiangolo.
• ⬆ Bump the python-packages group across 1 directory with 5 updates. PR #1793 by @​dependabot[bot].

0.26.3

Refactors

• ♻️ Unify the testing functionality. PR #1792 by @​svlandeg.

Internal

• 👷 Update version of latest-changes GitHub action. PR #1798 by @​tiangolo.

0.26.2

Fixes

• 🐛 Ensure that an envvar set for a typer.Option list is split on whitespace. PR #1791 by @​svlandeg.

... (truncated)

Changelog

Sourced from typer's changelog.

0.26.7 (2026-06-03)

Fixes

• 🐛 Respect wait=False when launching URLs with xdg-open. PR #1820 by @​patrick91.

0.26.6 (2026-06-02)

Fixes

• 🐛 Ensure that the default of a list argument is used correctly. PR #1821 by @​svlandeg.

Internal

• 👷 Speed up the CI by shuffling the test matrix. PR #1815 by @​svlandeg.

0.26.5 (2026-06-01)

Fixes

• 🐛 Ensure that hidden commands are not shown when Rich markup is disabled. PR #1812 by @​svlandeg.

Internal

• 🔥 Remove old stub packages. PR #1810 by @​tiangolo.

0.26.4 (2026-05-30)

Features

• 📝 Update AI Library Skill to avoid verbose code for CLI Options. PR #1808 by @​tiangolo.

Internal

• 👷 Add CI to create draft release after merging a release PR. PR #1807 by @​tiangolo.
• 👷 Update labeler to accept label release. PR #1806 by @​tiangolo.
• 👷 Update GitHub Action permissions for prepare-release. PR #1804 by @​tiangolo.
• 👷 Add GitHub Actions prepare release workflow. PR #1802 by @​tiangolo.
• 👷 Update publish action, do not use uv cache. PR #1803 by @​tiangolo.
• ⬆ Bump the python-packages group across 1 directory with 5 updates. PR #1793 by @​dependabot[bot].

0.26.3 (2026-05-28)

Refactors

• ♻️ Unify the testing functionality. PR #1792 by @​svlandeg.

Internal

• 👷 Update version of latest-changes GitHub action. PR #1798 by @​tiangolo.

... (truncated)

Commits

• 4e10334 🔖 Release version 0.26.7 (#1823)
• 08a8a03 📝 Update release notes
• 8e75bc3 🐛 Respect wait=False when launching URLs with xdg-open (#1820)
• d2e002a 🔖 Release version 0.26.6 (#1822)
• 2fe5d0c 📝 Update release notes
• 06fce7d 🐛 Ensure that the default of a list argument is used correctly (#1821)
• 7f888b2 📝 Update release notes
• 2e9bf9e 👷 Speed up the CI by shuffling the test matrix (#1815)
• 1888fa2 🔖 Release version 0.26.5 (#1813)
• a493a98 📝 Update release notes
• Additional commits viewable in compare view

Updates uvicorn from 0.47.0 to 0.49.0

Release notes

Sourced from uvicorn's releases.

Version 0.49.0

What's Changed

• Bump httptools minimum version to 0.8.0 by @​Kludex in Kludex/uvicorn#2962
• Consume duplicate forwarding headers in ProxyHeadersMiddleware (reverses the 0.48.0 behavior of ignoring them) by @​Kludex in Kludex/uvicorn#2971

Full Changelog: Kludex/uvicorn@0.48.0...0.49.0

Version 0.48.0

What's Changed

• Default ssl_ciphers to None and use OpenSSL defaults by @​Kludex in Kludex/uvicorn#2940
• Ignore duplicate forwarding headers in ProxyHeadersMiddleware by @​Kludex in Kludex/uvicorn#2944

Full Changelog: Kludex/uvicorn@0.47.0...0.48.0

Changelog

Sourced from uvicorn's changelog.

0.49.0 (June 3, 2026)

Changed

• Bump httptools minimum version to 0.8.0 (#2962)
• Consume duplicate forwarding headers in ProxyHeadersMiddleware (reverses the 0.48.0 behavior of ignoring them) (#2971)

0.48.0 (May 24, 2026)

Changed

• Default ssl_ciphers to None and use OpenSSL defaults (#2940)

Fixed

• Ignore duplicate forwarding headers in ProxyHeadersMiddleware (#2944)

Commits

• 3ef2e3e Version 0.49.0 (#2973)
• eeb64b1 Consume duplicate forwarding headers in ProxyHeadersMiddleware (#2971)
• 630f4ac Make the watchfiles reload tests deterministic (#2972)
• 9154922 chore(deps): bump the github-actions group across 1 directory with 6 updates ...
• 739727a Migrate docs deploy from Cloudflare Pages to Workers (#2967)
• be4a240 Gate docs preview deploy on Cloudflare token presence (#2966)
• c489d7e Bump httptools minimum version to 0.8.0 (#2962)
• 9f547bd Skip docs preview deploy for Dependabot PRs (#2961)
• 44446b8 Migrate documentation from MkDocs Material to Zensical (#2959)
• cfd659c Bump pymdown-extensions to 10.21.3 (#2958)
• Additional commits viewable in compare view

Updates openai from 2.37.0 to 2.41.0

Release notes

Sourced from openai's releases.

v2.41.0

2.41.0 (2026-06-03)

Full Changelog: v2.40.0...v2.41.0

Features

• api: responses.moderation and chat_completions.moderation (87e46c2)

v2.40.0

2.40.0 (2026-06-01)

Full Changelog: v2.39.0...v2.40.0

Features

• api: Add Amazon Bedrock Responses support

Bug Fixes

• api: allow setting bedrock api keys on the client directly (4d5bfde)

v2.39.0

2.39.0 (2026-06-01)

Full Changelog: v2.38.0...v2.39.0

Features

• api: workload identity in audit logs, additional_tools item in responses, fix ActionSearch.query to be optional. (ab60d7a)

v2.38.0

2.38.0 (2026-05-21)

Full Changelog: v2.37.0...v2.38.0

Features

• api: api update (33d1d01)
• api: manual updates (a21700a)
• api: update OpenAPI spec or Stainless config (00265c5)

Chores

• api: docs updates (ee10152)
• check release PR custom code sync (2638779)
• remove release automation trigger (bd6eea5)
• trigger release automation (f62d082)

Changelog

Sourced from openai's changelog.

2.41.0 (2026-06-03)

Full Changelog: v2.40.0...v2.41.0

Features

• api: responses.moderation and chat_completions.moderation (87e46c2)

2.40.0 (2026-06-01)

Full Changelog: v2.39.0...v2.40.0

Features

• api: Add Amazon Bedrock Responses support

Bug Fixes

• api: allow setting bedrock api keys on the client directly (4d5bfde)

2.39.0 (2026-06-01)

Full Changelog: v2.38.0...v2.39.0

Features

• api: workload identity in audit logs, additional_tools item in responses, fix ActionSearch.query to be optional. (ab60d7a)

2.38.0 (2026-05-21)

Full Changelog: v2.37.0...v2.38.0

Features

• api: api update (33d1d01)
• api: manual updates (a21700a)
• api: update OpenAPI spec or Stainless config (00265c5)

Chores

• api: docs updates (ee10152)
• check release PR custom code sync (2638779)
• remove release automation trigger (bd6eea5)
• trigger release automation (f62d082)

Commits

• 2d955a1 Merge pull request #3359 from openai/release-please--branches--main--changes-...
• 519cd02 release: 2.41.0
• 87e46c2 feat(api): responses.moderation and chat_completions.moderation
• a28a3f6 Merge pull request #3352 from openai/release-please--branches--main--changes-...
• db6ccaf Update CHANGELOG.md
• 2264f70 release: 2.40.0
• 4d5bfde fix(api): allow setting bedrock api keys on the client directly
• ccef143 Merge pull request #3326 from openai/codex/bedrock-responses-review
• a50ff0a Fix Bedrock with_options overrides
• fdf4901 codegen metadata
• Additional commits viewable in compare view

Updates mcp from 1.27.1 to 1.27.2

Release notes

Sourced from mcp's releases.

v1.27.2

What's Changed

• [v1.x] ci: deploy docs to py.sdk.modelcontextprotocol.io via Pages artifact by @​maxisbey in modelcontextprotocol/python-sdk#2635
• [v1.x] Add subject and claims to AccessToken by @​maxisbey in modelcontextprotocol/python-sdk#2690
• [v1.x] Bind transport sessions to the authenticated principal by @​maxisbey in modelcontextprotocol/python-sdk#2719
• [v1.x] Scope experimental tasks to the session that created them by @​maxisbey in modelcontextprotocol/python-sdk#2720

Full Changelog: modelcontextprotocol/python-sdk@v1.27.1...v1.27.2

Commits

• 6213787 [v1.x] Scope experimental tasks to the session that created them (#2720)
• ce267b6 [v1.x] Bind transport sessions to the authenticated principal (#2719)
• 1abcca2 [v1.x] Add subject and claims to AccessToken (#2690)
• 9773a3f [v1.x] ci: deploy docs to py.sdk.modelcontextprotocol.io via Pages artifact (...
• See full diff in compare view

Updates fastapi from 0.136.1 to 0.136.3

Release notes

Sourced from fastapi's releases.

0.136.3

Refactors

• ♻️ Do not accept underscore headers when using convert_underscores=True (the default). PR #15589 by @​tiangolo.

0.136.2

Refactors

• ♻️ Validate Server Sent Event fields to avoid applications from sending broken data. PR #15588 by @​tiangolo.

Docs

• 📝 Document --entrypoint CLI option. PR #15464 by @​YuriiMotov.
• 📝 Update and simplify docs about help and management. PR #15583 by @​tiangolo.
• 📝 Add docs references to central contributing docs. PR #15580 by @​tiangolo.
• 📝 Update security policy. PR #15577 by @​tiangolo.
• 🍱 Update sponsors: TalorData image. PR #15562 by @​tiangolo.
• 📝 Update docs, simplify usage of admonitions, only default ones. PR #15553 by @​tiangolo.
• 📝 Fix image URLs in index.md. PR #15534 by @​YuriiMotov.
• ✏️ Fix Azkaban spelling typo in virtual-environments.md‎. PR #15463 by @​isaacbernat.
• 💄 Improve layout and styling. PR #15462 by @​alejsdev.
• 💄 Refactor opinions section with interactive tabs and new logos. PR #15458 by @​alejsdev.
• 📝 Add FastAPI Conf '26 announcement to docs. PR #15457 by @​alejsdev.

Translations

• 🌐 Improve translation consistency in ‎docs/pt/docs/advanced/generate-clients.md‎. PR #15456 by @​Will-thom.
• 🌐 Update translations for ja (update-outdated). PR #15530 by @​tiangolo.
• 🌐 Update translations for uk (update-outdated). PR #15529 by @​tiangolo.
• 🌐 Update translations for pt (update-outdated). PR #15528 by @​tiangolo.
• 🌐 Update translations for de (update-outdated). PR #15527 by @​tiangolo.
• 🌐 Update translations for tr (update-outdated). PR #15526 by @​tiangolo.
• 🌐 Update translations for ko (update-outdated). PR #15525 by @​tiangolo.
• 🌐 Update translations for zh-hant (update-outdated). PR #15524 by @​tiangolo.
• 🌐 Update translations for fr (update-outdated). PR #15522 by @​tiangolo.
• 🌐 Update translations for es (update-outdated). PR #15523 by @​tiangolo.
• 🌐 Update translations for zh (update-outdated). PR #15520 by @​tiangolo.
• 🌐 Update translations for ru (update-outdated). PR #15521 by @​tiangolo.
• 🌐 Fix typos in Spanish LLM-prompt. PR #15472 by @​crr004.

Internal

• ✅ Update tests, don't double dispose the engine. PR #15587 by @​tiangolo.
• ⚡️ Speed up test suite via caching and fixture scopes to make it ~24% faster. PR #13583 by @​dikos1337.
• 🔥 Remove config files now in central GitHub repo. PR #15585 by @​tiangolo.
• ⬆ Bump urllib3 from 2.6.3 to 2.7.0. PR #15502 by @​dependabot[bot].
• ⬆ Bump idna from 3.11 to 3.15. PR #15565 by @​dependabot[bot].
• ⬆ Bump cloudflare/wrangler-action from 3.15.0 to 4.0.0. PR #15571 by @​dependabot[bot].
• 🔧 Migrate docs from MkDocs to Zensical. PR #15563 by @​tiangolo.
• 🔒️ Only allow team members to modify dependencies. PR #15548 by @​svlandeg.

... (truncated)

Commits

• 8206485 🔖 Release version 0.136.3
• c910e01 📝 Update release notes
• 063b5bf ♻️ Do not accept underscore headers when using convert_underscores=True (th...
• 22b02e2 🔖 Release version 0.136.2
• 3b252a2 📝 Update release notes
• c7fb785 ♻️ Validate Server Sent Event fields to avoid applications from sending broke...
• cb83b83 📝 Update release notes
• 00f805c ✅ Update tests, don't double dispose the engine (#15587)
• 3675137 📝 Update release notes
• 7b57e42 📝 Document --entrypoint CLI option (#15464)
• Additional commits viewable in compare view

Updates filelock from 3.29.0 to 3.29.1

Release notes

Sourced from filelock's releases.

3.29.1

What's Changed

• docs: fix API docs of release() by @​MrAnno in tox-dev/filelock#540
• docs: clarify per-thread scope of FileLock configuration by @​Gares95 in tox-dev/filelock#543
• chore: improve filelock maintenance path by @​lphuc2250gma in tox-dev/filelock#542
• chore: improve filelock maintenance path by @​lphuc2250gma in tox-dev/filelock#544
• chore: improve filelock maintenance path by @​lphuc2250gma in tox-dev/filelock#545
• 🐛 fix(soft): refuse to follow symlinks when reading the lock file by @​dxbjavid in tox-dev/filelock#548

New Contributors

• @​MrAnno made their first contribution in tox-dev/filelock#540
• @​Gares95 made their first contribution in tox-dev/filelock#543
• @​lphuc2250gma made their first contribution in tox-dev/filelock#542
• @​dxbjavid made their first contribution in tox-dev/filelock#548

Full Changelog: tox-dev/filelock@3.29.0...3.29.1

Changelog

Sourced from filelock's changelog.

########### Changelog ###########

---

3.29.1 (2026-06-03)

---

• 🐛 fix(soft): refuse to follow symlinks when reading the lock file :pr:548 - by :user:dxbjavid
• [pre-commit.ci] pre-commit autoupdate :pr:547 - by :user:pre-commit-ci[bot]
• [pre-commit.ci] pre-commit autoupdate :pr:546 - by :user:pre-commit-ci[bot]
• chore: improve filelock maintenance path :pr:545 - by :user:lphuc2250gma
• chore: improve filelock maintenance path :pr:544 - by :user:lphuc2250gma
• chore: improve filelock maintenance path :pr:542 - by :user:lphuc2250gma
• docs: clarify per-thread scope of FileLock configuration :pr:543 - by :user:Gares95
• [pre-commit.ci] pre-commit autoupdate :pr:541 - by :user:pre-commit-ci[bot]
• docs: fix API docs of release() :pr:540 - by :user:MrAnno
• [pre-commit.ci] pre-commit autoupdate :pr:539 - by :user:pre-commit-ci[bot]
• [pre-commit.ci] pre-commit autoupdate :pr:538 - by :user:pre-commit-ci[bot]
• [pre-commit.ci] pre-commit autoupdate :pr:537 - by :user:pre-commit-ci[bot]
• build(deps): bump astral-sh/setup-uv from 8.0.0 to 8.1.0 :pr:536 - by :user:dependabot[bot]
• [pre-commit.ci] pre-commit autoupdate :pr:535 - by :user:pre-commit-ci[bot]

---

3.29.0 (2026-04-19)

---

• ✨ feat(soft): enable stale lock detection on Windows :pr:534
• 🐛 fix(async): use single-thread executor for lock consistency :pr:533
• build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 :pr:530 - by :user:dependabot[bot]

---

3.28.0 (2026-04-14)

---

• 🐛 fix(ci): unbreak release workflow, publish to PyPI again :pr:529

---

3.26.1 (2026-04-09)

---

• 🐛 fix(asyncio): add exit to BaseAsyncFileLock and fix del loop handling :pr:518 - by :user:naarob
• build(deps): bump pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0 :pr:525 - by :user:dependabot[bot]

---

3.26.0 (2026-04-06)

---

• ✨ feat(soft): add PID inspection and lock breaking :pr:524
• [pre-commit.ci] pre-commit autoupdate :pr:523 - by :user:pre-commit-ci[bot]

... (truncated)

Commits

• 438b6fe Release 3.29.1
• bfbfa76 🐛 fix(soft): refuse to follow symlinks when reading the lock file (#548)
• c51a72c [pre-commit.ci] pre-commit autoupdate (#547)
• cc05fd7 [pre-commit.ci] pre-commit autoupdate (#546)
• cb947e5 chore: improve filelock maintenance path (#545)
• e087ca9 chore: improve filelock maintenance path (#544)
• f9dd949 chore: improve filelock maintenance path (#542)
• 9200f1f docs: clarify per-thread scope of FileLock configuration (#543)
• 9d8985f [pre-commit.ci] pre-commit autoupdate (#541)
• 7d1f48c docs: fix API docs of release() (#540)
• Additional commits viewable in compare view

Updates python-multipart from 0.0.29 to 0.0.32

Release notes

Sourced from python-multipart's releases.

Version 0.0.32

What's Changed

• Replace per-byte partial-boundary scan with rfind lookbehind by @​Kludex in Kludex/python-multipart#300

Full Changelog: Kludex/python-multipart@0.0.31...0.0.32

Version 0.0.31

What's Changed

• Speed up multipart header parsing and callback dispatch by @​Kludex in Kludex/python-multipart#295
• Bound header field name size before validating by @​Kludex in Kludex/python-multipart#296
• Validate Content-Length is non-negative in parse_form by @​Kludex in Kludex/python-multipart#297

Full Changelog: Kludex/python-multipart@0.0.30...0.0.31

Version 0.0.30

What's Changed

• Treat only & as the urlencoded field separator by @​Kludex in Kludex/python-multipart#290
• Ignore RFC 2231 extended parameters in parse_options_header by @​Kludex in Kludex/python-multipart#291

Full Changelog: Kludex/python-multipart@0.0.29...0.0.30

Changelog

Sourced from python-multipart's changelog.

0.0.32 (2026-06-04)

• Speed up partial-boundary scanning for CR/LF-dense part data #300.

0.0.31 (2026-06-04)

• Speed up multipart header parsing and callback dispatch #295.
• Bound header field name size before validating #296.
• Validate Content-Length is non-negative in parse_form #297.

0.0.30 (2026-05-31)

• Parse ap...

  Description has been truncated

[dependabot]

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.