chore(deps): bump the production group across 1 directory with 20 updates by dependabot[bot] · Pull Request #395 · GetBindu/Bindu

dependabot · 2026-03-23T21:06:12Z

Bumps the production group with 20 updates in the / directory:

Package	From	To
rich	`14.3.2`	`14.3.3`
orjson	`3.10.18`	`3.11.7`
pyjwt[crypto]	`2.10.1`	`2.12.1`
pyyaml	`6.0.2`	`6.0.3`
requests	`2.32.3`	`2.32.5`
pynacl	`1.5.0`	`1.6.2`
numpy	`2.3.5`	`2.4.3`
python-docx	`1.1.2`	`1.2.0`
opentelemetry-api	`1.35.0`	`1.40.0`
opentelemetry-sdk	`1.35.0`	`1.40.0`
opentelemetry-exporter-otlp	`1.35.0`	`1.40.0`
opentelemetry-exporter-otlp-proto-http	`1.35.0`	`1.40.0`
opentelemetry-instrumentation-fastapi	`0.56b0`	`0.61b0`
opentelemetry-instrumentation-httpx	`0.56b0`	`0.61b0`
sentry-sdk	`2.41.0`	`2.55.0`
web3	`7.13.0`	`7.14.1`
sqlalchemy[asyncio]	`2.0.44`	`2.0.48`
alembic	`1.17.2`	`1.18.4`
redis	`7.1.0`	`7.3.0`
cookiecutter	`2.6.0`	`2.7.1`

Updates rich from 14.3.2 to 14.3.3

Release notes

Sourced from rich's releases.

The infinite Release

Fixed a infinite loop in split_graphemes

[14.3.3] - 2026-02-19

Fixed

Fixed infinite loop with cells.split_graphemes Textualize/rich#4006

Changelog

Sourced from rich's changelog.

[14.3.3] - 2026-02-19

Fixed

Fixed infinite loop with cells.split_graphemes Textualize/rich#4006

Commits

ce01188 Merge pull request #4008 from Textualize/bump1433
14a47c9 bump
f54bfe0 Merge pull request #4007 from Textualize/copilot/sub-pr-4006
7338cb9 Merge pull request #4006 from Textualize/fix-grapheme-stuck
905b397 Update tests/test_cells.py
b031dca Update tests/test_cells.py
f07a3fc Add regression tests for VS16 after zero-width chars in split_graphemes
b618ccc spelling
378c34b Initial plan
87e7ca2 refinements, and tests
Additional commits viewable in compare view

Updates orjson from 3.10.18 to 3.11.7

Release notes

Sourced from orjson's releases.

3.11.7

Changed

Use a faster library to serialize float. Users with byte-exact regression tests should note positive exponents are now written using a +, e.g., 1.2e+30 instead of 1.2e30. Both formats are spec-compliant.

ABI compatibility with CPython 3.15 alpha 5 free-threading.

3.11.6

Changed

orjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).

Drop support for Python 3.9.

ABI compatibility with CPython 3.15 alpha 5.

Build now depends on Rust 1.89 or later instead of 1.85.

Fixed

Fix sporadic crash serializing deeply nested list of dict.

3.11.5

Changed

Show simple error message instead of traceback when attempting to build on unsupported Python versions.

3.11.4

Changed

ABI compatibility with CPython 3.15 alpha 1.

Publish PyPI wheels for 3.14 and manylinux i686, manylinux arm7, manylinux ppc64le, manylinux s390x.

Build now requires a C compiler.

3.11.3

Fixed

Fix PyPI project metadata when using maturin 1.9.2 or later.

3.11.2

Fixed

Fix build using Rust 1.89 on amd64.

Changed

Build now depends on Rust 1.85 or later instead of 1.82.

3.11.1

Changed

... (truncated)

Changelog

Sourced from orjson's changelog.

3.11.7 - 2026-02-02

Changed

Use a faster library to serialize float. Users with byte-exact regression tests should note positive exponents are now written using a +, e.g., 1.2e+30 instead of 1.2e30. Both formats are spec-compliant.

ABI compatibility with CPython 3.15 alpha 5 free-threading.

3.11.6 - 2026-01-29

Changed

orjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).

Drop support for Python 3.9.

ABI compatibility with CPython 3.15 alpha 5.

Build now depends on Rust 1.89 or later instead of 1.85.

Fixed

Fix sporadic crash serializing deeply nested list of dict.

3.11.5 - 2025-12-06

Changed

Show simple error message instead of traceback when attempting to build on unsupported Python versions.

3.11.4 - 2025-10-24

Changed

ABI compatibility with CPython 3.15 alpha 1.

Publish PyPI wheels for 3.14 and manylinux i686, manylinux arm7, manylinux ppc64le, manylinux s390x.

Build now requires a C compiler.

3.11.3 - 2025-08-26

Fixed

Fix PyPI project metadata when using maturin 1.9.2 or later.

3.11.2 - 2025-08-12

... (truncated)

Commits

ec2b066 3.11.7
1ca01f7 zmij
1716a22 cargo update
ec02024 3.11.6
d581687 build, clippy misc
4105b29 writer::num
62bb185 Fix sporadic crash on serializing object close
d860078 PyRef idiom refactors
343ae2f Deserializer, Utf8Buffer
7835f58 PyBytesRef and other input refactor
Additional commits viewable in compare view

Updates pyjwt[crypto] from 2.10.1 to 2.12.1

Release notes

Sourced from pyjwt[crypto]'s releases.

2.12.1

What's Changed

Add typing_extensions dependency for Python < 3.11 by @jpadilla in jpadilla/pyjwt#1151

Full Changelog: jpadilla/pyjwt@2.12.0...2.12.1

2.12.0

Security

Validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. by @dmbs335 in GHSA-752w-5fwx-jx9f

What's Changed

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jpadilla/pyjwt#1132

chore(docs): fix docs build by @tamird in jpadilla/pyjwt#1137

Annotate PyJWKSet.keys for pyright by @tamird in jpadilla/pyjwt#1134

fix: close HTTPError to prevent ResourceWarning on Python 3.14 by @veeceey in jpadilla/pyjwt#1133

chore: remove superfluous constants by @tamird in jpadilla/pyjwt#1136

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jpadilla/pyjwt#1135

chore(tests): enable mypy by @tamird in jpadilla/pyjwt#1138

Bump actions/download-artifact from 7 to 8 by @dependabot[bot] in jpadilla/pyjwt#1142

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jpadilla/pyjwt#1141

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jpadilla/pyjwt#1145

fix: do not store reference to algorithms dict on PyJWK by @akx in jpadilla/pyjwt#1143

Use PyJWK algorithm when encoding without explicit algorithm by @jpadilla in jpadilla/pyjwt#1148

New Contributors

@tamird made their first contribution in jpadilla/pyjwt#1137

@veeceey made their first contribution in jpadilla/pyjwt#1133

Full Changelog: jpadilla/pyjwt@2.11.0...2.12.0

2.11.0

What's Changed

Fixed type error in comment by @shuhaib-aot in jpadilla/pyjwt#1026

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jpadilla/pyjwt#1018

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jpadilla/pyjwt#1033

Make note of use of leeway with nbf by @djw8605 in jpadilla/pyjwt#1034

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jpadilla/pyjwt#1035

Fixes #964: Validate key against allowed types for Algorithm family by @pachewise in jpadilla/pyjwt#985

Feat #1024: Add iterator for PyJWKSet by @pachewise in jpadilla/pyjwt#1041

Fixes #1039: Add iss, issuer type checks by @pachewise in jpadilla/pyjwt#1040

Fixes #660: Improve typing/logic for options in decode, decode_complete; Improve docs by @pachewise in jpadilla/pyjwt#1045

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jpadilla/pyjwt#1042

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jpadilla/pyjwt#1052

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jpadilla/pyjwt#1053

Fix #1022: Map algorithm=None to "none" by @qqii in jpadilla/pyjwt#1056

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jpadilla/pyjwt#1055

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jpadilla/pyjwt#1058

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jpadilla/pyjwt#1060

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jpadilla/pyjwt#1061

... (truncated)

Changelog

Sourced from pyjwt[crypto]'s changelog.

v2.12.1 <https://github.com/jpadilla/pyjwt/compare/2.12.0...2.12.1>__

Fixed
- Add missing ``typing_extensions`` dependency for Python < 3.11 in `[#1150](https://github.com/jpadilla/pyjwt/issues/1150) <https://github.com/jpadilla/pyjwt/issues/1150>`__
v2.12.0 &lt;https://github.com/jpadilla/pyjwt/compare/2.11.0...2.12.0&gt;__
Fixed
Annotate PyJWKSet.keys for pyright by @tamird in [#1134](https://github.com/jpadilla/pyjwt/issues/1134) <https://github.com/jpadilla/pyjwt/pull/1134>__

Close HTTPError response to prevent ResourceWarning on Python 3.14 by @veeceey in [#1133](https://github.com/jpadilla/pyjwt/issues/1133) <https://github.com/jpadilla/pyjwt/pull/1133>__

Do not keep algorithms dict in PyJWK instances by @akx in [#1143](https://github.com/jpadilla/pyjwt/issues/1143) <https://github.com/jpadilla/pyjwt/pull/1143>__

Validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. by @dmbs335 in GHSA-752w-5fwx-jx9f <https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f>__

Use PyJWK algorithm when encoding without explicit algorithm in [#1148](https://github.com/jpadilla/pyjwt/issues/1148) <https://github.com/jpadilla/pyjwt/pull/1148>__

Added
- Docs: Add ``PyJWKClient`` API reference and document the two-tier caching system (JWK Set cache and signing key LRU cache).
v2.11.0 &lt;https://github.com/jpadilla/pyjwt/compare/2.10.1...2.11.0&gt;__
Fixed
Enforce ECDSA curve validation per RFC 7518 Section 3.4.

Fix build system warnings by @kurtmckee in [#1105](https://github.com/jpadilla/pyjwt/issues/1105) <https://github.com/jpadilla/pyjwt/pull/1105>__

Validate key against allowed types for Algorithm family in [#964](https://github.com/jpadilla/pyjwt/issues/964) <https://github.com/jpadilla/pyjwt/pull/964>__

Add iterator for JWKSet in [#1041](https://github.com/jpadilla/pyjwt/issues/1041) <https://github.com/jpadilla/pyjwt/pull/1041>__

Validate iss claim is a string during encoding and decoding by @pachewise in [#1040](https://github.com/jpadilla/pyjwt/issues/1040) <https://github.com/jpadilla/pyjwt/pull/1040>__

Improve typing/logic for options in decode, decode_complete by @pachewise in [#1045](https://github.com/jpadilla/pyjwt/issues/1045) <https://github.com/jpadilla/pyjwt/pull/1045>__

Declare float supported type for lifespan and timeout by @nikitagashkov in [#1068](https://github.com/jpadilla/pyjwt/issues/1068) <https://github.com/jpadilla/pyjwt/pull/1068>__

Fix SyntaxWarning\s/DeprecationWarning\s caused by invalid escape sequences by @kurtmckee in [#1103](https://github.com/jpadilla/pyjwt/issues/1103) <https://github.com/jpadilla/pyjwt/pull/1103>__

Development: Build a shared wheel once to speed up test suite setup times by @kurtmckee in [#1114](https://github.com/jpadilla/pyjwt/issues/1114) <https://github.com/jpadilla/pyjwt/pull/1114>__

Development: Test type annotations across all supported Python versions, increase the strictness of the type checking, and remove the mypy pre-commit hook by @kurtmckee in [#1112](https://github.com/jpadilla/pyjwt/issues/1112) <https://github.com/jpadilla/pyjwt/pull/1112>__

Added
- Support Python 3.14, and test against PyPy 3.10 and 3.11 by @kurtmckee in `[#1104](https://github.com/jpadilla/pyjwt/issues/1104) <https://github.com/jpadilla/pyjwt/pull/1104>`__
- Development: Migrate to ``build`` to test package building in CI by @kurtmckee in `[#1108](https://github.com/jpadilla/pyjwt/issues/1108) <https://github.com/jpadilla/pyjwt/pull/1108>`__
- Development: Improve coverage config and eliminate unused test suite code by @kurtmckee in `[#1115](https://github.com/jpadilla/pyjwt/issues/1115) <https://github.com/jpadilla/pyjwt/pull/1115>`__
</tr></table> 

... (truncated)

Commits

a4e1a3d Add typing_extensions dependency for Python < 3.11 (#1151)
bd9700c Use PyJWK algorithm when encoding without explicit algorithm (#1148)
051ea34 Merge commit from fork
1451d70 fix: do not store reference to algorithms dict on PyJWK (#1143)
f3ba74c [pre-commit.ci] pre-commit autoupdate (#1145)
0318ffa [pre-commit.ci] pre-commit autoupdate (#1141)
a52753d Bump actions/download-artifact from 7 to 8 (#1142)
b85050f chore(tests): enable mypy (#1138)
1272b26 [pre-commit.ci] pre-commit autoupdate (#1135)
99a8728 chore: remove superfluous constants (#1136)
Additional commits viewable in compare view

Updates pyyaml from 6.0.2 to 6.0.3

Release notes

Sourced from pyyaml's releases.

6.0.3

What's Changed

Support for Python 3.14 and free-threading (experimental).

Full Changelog: yaml/pyyaml@6.0.2...6.0.3

Changelog

Sourced from pyyaml's changelog.

6.0.3 (2025-09-25)

yaml/pyyaml#864 -- Support for Python 3.14 and free-threading (experimental)

Commits

49790e7 Release 6.0.3 (#889)
See full diff in compare view

Updates requests from 2.32.3 to 2.32.5

Release notes

Sourced from requests's releases.

v2.32.5

2.32.5 (2025-08-18)

Bugfixes

The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

Added support for Python 3.14.

Dropped support for Python 3.8 following its end of support.

v2.32.4

2.32.4 (2025-06-10)

Security

CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file. (#6965)

Improvements

Numerous documentation improvements

Deprecations

Added support for pypy 3.11 for Linux and macOS. (#6926)

Dropped support for pypy 3.9 following its end of support. (#6926)

Changelog

Sourced from requests's changelog.

2.32.5 (2025-08-18)

Bugfixes

The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

Added support for Python 3.14.

Dropped support for Python 3.8 following its end of support.

2.32.4 (2025-06-10)

Security

CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.

Improvements

Numerous documentation improvements

Deprecations

Added support for pypy 3.11 for Linux and macOS.

Dropped support for pypy 3.9 following its end of support.

Commits

b25c87d v2.32.5
131e506 Merge pull request #7010 from psf/dependabot/github_actions/actions/checkout-...
b336cb2 Bump actions/checkout from 4.2.0 to 5.0.0
46e939b Update publish workflow to use artifact-id instead of name
4b9c546 Merge pull request #6999 from psf/dependabot/github_actions/step-security/har...
7618dbe Bump step-security/harden-runner from 2.12.0 to 2.13.0
2edca11 Add support for Python 3.14 and drop support for Python 3.8 (#6993)
fec96cd Update Makefile rules (#6996)
d58d8aa docs: clarify timeout parameter uses seconds in Session.request (#6994)
91a3eab Bump github/codeql-action from 3.28.5 to 3.29.0
Additional commits viewable in compare view

Updates pynacl from 1.5.0 to 1.6.2

Changelog

Sourced from pynacl's changelog.

1.6.2 (2026-01-01)

Updated libsodium to 1.0.20-stable (2025-12-31 build) to resolve CVE-2025-69277.

1.6.1 (2025-11-10)

The MAKE environment variable can now be used to specify the make binary that should be used in the build process.

1.6.0 (2025-09-11)

BACKWARDS INCOMPATIBLE: Removed support for Python 3.6 and 3.7.

Added support for the low level AEAD AES bindings.

Added support for crypto_core_ed25519_from_uniform.

Update libsodium to 1.0.20-stable (2025-08-27 build).

Added support for free-threaded Python 3.14.

Added support for Windows on ARM wheels.

Commits

ecf41f5 changelog and version bump for 1.6.2 (#923)
685a5e7 Switch to PyPI trusted publishing (#925)
78e0aa3 missed adding these files as part of the libsodium update (#924)
9631488 Bump libsodium to the latest 1.0.20 (#922)
563b25b Add script to update vendored libsodium (#921)
d233105 Include libsodium license in wheels (#917)
cabc3a8 Bump dessant/lock-threads from 5 to 6 (#914)
f359617 Bump actions/download-artifact from 6.0.0 to 7.0.0 (#915)
fb6e37f Bump actions/upload-artifact from 5 to 6 (#916)
526f992 Bump actions/checkout from 6.0.0 to 6.0.1 (#911)
Additional commits viewable in compare view

Updates numpy from 2.3.5 to 2.4.3

Release notes

Sourced from numpy's releases.

2.4.3 (Mar 9, 2026)

NumPy 2.4.3 Release Notes

The NumPy 2.4.3 is a patch release that fixes bugs discovered after the 2.4.2 release. The most user visible fix may be a threading fix for OpenBLAS on ARM, closing issue #30816.

This release supports Python versions 3.11-3.14

Contributors

A total of 11 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

Antareep Sarkar +

Charles Harris

Joren Hammudoglu

Matthieu Darbois

Matti Picus

Nathan Goldbaum

Peter Hawkins

Pieter Eendebak

Sebastian Berg

Warren Weckesser

stratakis +

Pull requests merged

A total of 14 pull requests were merged for this release.

#30759: MAINT: Prepare 2.4.x for further development

#30827: BUG: Fix some leaks found via LeakSanitizer (#30756)

#30841: MAINT: Synchronize 2.4.x submodules with main

#30849: TYP: matlib: missing extended precision imports

#30850: BUG: Fix weak hash function in np.isin(). (#30840)

#30921: BUG: fix infinite recursion in np.ma.flatten_structured_array...

#30922: BUG: Fix buffer overrun in CPU baseline validation (#30877)

#30923: BUG: Fix busdaycalendar's handling of a bool array weekmask....

#30924: BUG: Fix reference leaks and NULL pointer dereferences (#30908)

#30925: MAINT: fix two minor issues noticed when touching the C API setup

#30955: ENH: Test .kind not .char in np.testing.assert_equal (#30879)

#30957: BUG: fix type issues in uses if PyDataType macros

#30958: MAINT: Don't use vulture 2.15, it has false positives

#30973: MAINT: update openblas (#30961)

2.4.2 (Feb 1, 2026)

NumPy 2.4.2 Release Notes

The NumPy 2.4.2 is a patch release that fixes bugs discovered after the 2.4.1 release. Highlights are:

... (truncated)

Changelog

Sourced from numpy's changelog.

This is a walkthrough of the NumPy 2.4.0 release on Linux, which will be the first feature release using the numpy/numpy-release <https://github.com/numpy/numpy-release>__ repository.

The commands can be copied into the command line, but be sure to replace 2.4.0 with the correct version. This should be read together with the :ref:general release guide <prepare_release>.

Facility preparation

Before beginning to make a release, use the requirements/*_requirements.txt files to ensure that you have the needed software. Most software can be installed with pip, but some will require apt-get, dnf, or whatever your system uses for software. You will also need a GitHub personal access token (PAT) to push the documentation. There are a few ways to streamline things:

Git can be set up to use a keyring to store your GitHub personal access token. Search online for the details.

Prior to release

Add/drop Python versions

When adding or dropping Python versions, multiple config and CI files need to be edited in addition to changing the minimum version in pyproject.toml. Make these changes in an ordinary PR against main and backport if necessary. We currently release wheels for new Python versions after the first Python RC once manylinux and cibuildwheel support that new Python version.

Backport pull requests

Changes that have been marked for this release must be backported to the maintenance/2.4.x branch.

Update 2.4.0 milestones

Look at the issues/prs with 2.4.0 milestones and either push them off to a later version, or maybe remove the milestone. You may need to add a milestone.

Check the numpy-release repo

... (truncated)

Commits

8bcb2e7 Merge pull request #30974 from charris/prepare-2.4.3
9a2b5ee REL: Prepare for the NumPy 2.4.3 release
a822ac2 Merge pull request #30973 from charris/backport-30961
039bf54 MAINT: update openblas (#30961)
254bafa Merge pull request #30955 from charris/backport-30879
0cc7d38 ENH: Test .kind not .char in np.testing.assert_equal (#30879)
9ee571d Merge pull request #30957 from charris/backport-30918
f302a16 Merge pull request #30958 from charris/backport-30938
d240a09 MAINT: Don't use vulture 2.15, it has false positives
4fc08e9 MAINT: Don't use vulture 2.15, it has false positives
Additional commits viewable in compare view

Updates python-docx from 1.1.2 to 1.2.0

Changelog

Sourced from python-docx's changelog.

1.2.0 (2025-06-16) ++++++++++++++++++

Add support for comments

Drop support for Python 3.8, add testing for Python 3.13

Commits

e454546 release: prepare v1.2.0 release
1fe6601 build: small adjustments for tox
4fbe1f6 docs: add Comments docs
a809d6c comments: add Comment.text
e3a321d comments: add Run.mark_comment_range()
af3b973 comments: add Document.add_comment()
66da522 xfail: acceptance test for Document.add_comment()
761f4cc comments: add Comment.author, .initials setters
8ac9fc4 comments: add Comments.add_comment()
d360409 xfail: acceptance test for Comment mutations
Additional commits viewable in compare view

Updates opentelemetry-api from 1.35.0 to 1.40.0

Changelog

Sourced from opentelemetry-api's changelog.

Version 1.40.0/0.61b0 (2026-03-04)

opentelemetry-sdk: deprecate LoggingHandler in favor of opentelemetry-instrumentation-logging, see opentelemetry-instrumentation-logging documentation (#4919)

opentelemetry-sdk: Clarify log processor error handling expectations in documentation (#4915)

bump semantic-conventions to v1.40.0 (#4941)

Add stale PR GitHub Action (#4926)

opentelemetry-sdk: Drop unused Jaeger exporter environment variables (exporter removed in 1.22.0) (#4918)

opentelemetry-sdk: Clarify timeout units in environment variable documentation (#4906)

opentelemetry-exporter-otlp-proto-grpc: Fix re-initialization of gRPC channel on UNAVAILABLE error (#4825)

opentelemetry-exporter-prometheus: Fix duplicate HELP/TYPE declarations for metrics with different label sets (#4868)

Allow loading all resource detectors by setting OTEL_EXPERIMENTAL_RESOURCE_DETECTORS to * (#4819)

opentelemetry-sdk: Fix the type hint of the _metrics_data property to allow None (#4837).

Regenerate opentelemetry-proto code with v1.9.0 release (#4840)

Add python 3.14 support (#4798)

Silence events API warnings for internal users (#4847)

opentelemetry-sdk: make it possible to override the default processors in the SDK configurator (#4806)

Prevent possible endless recursion from happening in SimpleLogRecordProcessor.on_emit, (#4799) and (#4867).

Implement span start/end metrics (#4880)

Add environment variable carriers to API (#4609)

Add experimental composable rule based sampler (#4882)

Make ConcurrentMultiSpanProcessor fork safe (#4862)

opentelemetry-exporter-otlp-proto-http: fix retry logic and error handling for connection failures in trace, metric, and log exporters (#4709)

opentelemetry-sdk: avoid RuntimeError during iteration of view instrument match dictionary in MetricReaderStorage.collect() (#4891)

Implement experimental TracerConfigurator (#4861)

opentelemetry-sdk: Fix instrument creation race condition (#4913)

bump semantic-conventions to v1.39.0 (#4914)

... (truncated)

Commits

dd22021 Prepare release 1.40.0/0.61b0 (#4949)
26c7166 api: add docstrings to core metrics instrument abstract methods (#4923)
c17ba89 opentelemetry-sdk: deprecate logging handler (#4919)
6ea15ff docs: Clarify log processor error handling expectations (#4915)
24f4fb0 bump semconv to v1.40.0 (#4941)
2308baf maint: Add stale github action (#4926)
99b47df config: generate model code from json schema (#4879)
9a658ac Add Lukas to approvers (#4939)
1c64c14 opentelemetry-sdk: change sdk metrics related parameters as named (#4937)
7247af7 opentelemetry-sdk: change sdk metrics related parameters as named (#4937)
Additional commits viewable in compare view

Updates opentelemetry-sdk from 1.35.0 to 1.40.0

Changelog

Sourced from opentelemetry-sdk's changelog.

Version 1.40.0/0.61b0 (2026-03-04)

opentelemetry-sdk: deprecate LoggingHandler in favor of opentelemetry-instrumentation-logging, see opentelemetry-instrumentation-logging documentation (#4919)

opentelemetry-sdk: Clarify log processor error handling expectations in documentation (#4915)

bump semantic-conventions to v1.40.0 (#4941)

Add stale PR GitHub Action (#4926)

opentelemetry-sdk: Drop unused Jaeger exporter environment variables (exporter removed in 1.22.0) (#4918)

opentelemetry-sdk: Clarify timeout units in environment variable documentation (#4906)

opentelemetry-exporter-otlp-proto-grpc: Fix re-initialization of gRPC channel on UNAVAILABLE error (#4825)

opentelemetry-exporter-prometheus: Fix duplicate HELP/TYPE declarations for metrics with different label sets (#4868)

Allow loading all resource detectors by setting OTEL_EXPERIMENTAL_RESOURCE_DETECTORS to * (#4819)

opentelemetry-sdk: Fix the type hint of the _metrics_data property to allow None (#4837).

Regenerate opentelemetry-proto code with v1.9.0 release (#4840)

Add python 3.14 support (#4798)

Silence events API warnings for internal users (#4847)

opentelemetry-sdk: make it possible to override the default processors in the SDK configurator (#4806)

Prevent possible endless recursion from happening in SimpleLogRecordProcessor.on_emit, (#4799) and (#4867).

Implement span start/end metrics (#4880)

Add environment variable carriers to API (#4609)

Add experimental composable rule based sampler (#4882)

Make ConcurrentMultiSpanProcessor fork safe (#4862)

opentelemetry-exporter-otlp-proto-http: fix retry logic and error handling for connection failures in trace, metric, and log exporters (#4709)

opentelemetry-sdk: avoid RuntimeError during iteration of view instrument match dictionary in MetricReaderStorage.collect() (#4891)

Implement experimental TracerConfigurator (#4861)

opentelemetry-sdk: Fix instrument creation race condition (#4913)

bump semantic-conventions to v1.39.0 (#4914)

... (truncated)

Commits

dd22021 Prepare release 1.40.0/0.61b0 (#4949)
26c7166 api: add docstrings to core metrics instrument abstract methods (#4923)
c17ba89 opentelemetry-sdk: deprecate logging handler (#4919)
6ea15ff docs: Clarify log processor error handling expectations (#4915)
24f4fb0 bump semconv to v1.40.0 (#4941)
2308baf maint: Add stale github action (#4926)
99b47df config: generate model code from json schema (#4879)
9a658ac Add Lukas to approvers (#4939)
1c64c14 opentelemetry-sdk: change sdk metrics related parameters as named (#4937)
7247af7 opentelemetry-sdk: change sdk metrics related parameters as named (#4937)
Additional commits viewable in compare view

Updates opentelemetry-exporter-otlp from 1.35.0 to 1.40.0

Changelog

Sourced from opentelemetry-exporter-otlp's changelog.

Version 1.40.0/0.61b0 (2026-03-04)

opentelemetry-sdk: deprecate LoggingHandler in favor of opentelemetry-instrumentation-logging, see opentelemetry-instrumentation-logging documentation (#4919)

opentelemetry-sdk: Clarify log processor error handling expectations in documentation (#4915)

bump semantic-conventions to v1.40.0 (#4941)

Add stale PR GitHub Action (#4926)

opentelemetry-sdk: Drop unused Jaeger exporter environment variables (exporter removed in 1.22.0) (#4918)

opentelemetry-sdk: Clarify timeout units in environment variable documentation (#4906)

opentelemetry-exporter-otlp-proto-grpc: Fix re-initialization of gRPC channel on UNAVAILABLE error (#4825)

opentelemetry-exporter-prometheus: Fix duplicate HELP/TYPE declarations for metrics with different label sets (#4868)

Allow loading all resource detectors by setting OTEL_EXPERIMENTAL_RESOURCE_DETECTORS to * (#4819)

opentelemetry-sdk: Fix the type hint of the _metrics_data property to allow None (#4837).

Regenerate opentelemetry-proto code with v1.9.0 release (#4840)

Add python 3.14 support (#4798)

Silence events API warnings for internal users (

…ates Bumps the production group with 20 updates in the / directory: | Package | From | To | | --- | --- | --- | | [rich](https://github.com/Textualize/rich) | `14.3.2` | `14.3.3` | | [orjson](https://github.com/ijl/orjson) | `3.10.18` | `3.11.7` | | [pyjwt[crypto]](https://github.com/jpadilla/pyjwt) | `2.10.1` | `2.12.1` | | [pyyaml](https://github.com/yaml/pyyaml) | `6.0.2` | `6.0.3` | | [requests](https://github.com/psf/requests) | `2.32.3` | `2.32.5` | | [pynacl](https://github.com/pyca/pynacl) | `1.5.0` | `1.6.2` | | [numpy](https://github.com/numpy/numpy) | `2.3.5` | `2.4.3` | | [python-docx](https://github.com/python-openxml/python-docx) | `1.1.2` | `1.2.0` | | [opentelemetry-api](https://github.com/open-telemetry/opentelemetry-python) | `1.35.0` | `1.40.0` | | [opentelemetry-sdk](https://github.com/open-telemetry/opentelemetry-python) | `1.35.0` | `1.40.0` | | [opentelemetry-exporter-otlp](https://github.com/open-telemetry/opentelemetry-python) | `1.35.0` | `1.40.0` | | [opentelemetry-exporter-otlp-proto-http](https://github.com/open-telemetry/opentelemetry-python) | `1.35.0` | `1.40.0` | | [opentelemetry-instrumentation-fastapi](https://github.com/open-telemetry/opentelemetry-python-contrib) | `0.56b0` | `0.61b0` | | [opentelemetry-instrumentation-httpx](https://github.com/open-telemetry/opentelemetry-python-contrib) | `0.56b0` | `0.61b0` | | [sentry-sdk](https://github.com/getsentry/sentry-python) | `2.41.0` | `2.55.0` | | [web3](https://github.com/ethereum/web3.py) | `7.13.0` | `7.14.1` | | [sqlalchemy[asyncio]](https://github.com/sqlalchemy/sqlalchemy) | `2.0.44` | `2.0.48` | | [alembic](https://github.com/sqlalchemy/alembic) | `1.17.2` | `1.18.4` | | [redis](https://github.com/redis/redis-py) | `7.1.0` | `7.3.0` | | [cookiecutter](https://github.com/cookiecutter/cookiecutter) | `2.6.0` | `2.7.1` | Updates `rich` from 14.3.2 to 14.3.3 - [Release notes](https://github.com/Textualize/rich/releases) - [Changelog](https://github.com/Textualize/rich/blob/master/CHANGELOG.md) - [Commits](Textualize/rich@v14.3.2...v14.3.3) Updates `orjson` from 3.10.18 to 3.11.7 - [Release notes](https://github.com/ijl/orjson/releases) - [Changelog](https://github.com/ijl/orjson/blob/master/CHANGELOG.md) - [Commits](ijl/orjson@3.10.18...3.11.7) Updates `pyjwt[crypto]` from 2.10.1 to 2.12.1 - [Release notes](https://github.com/jpadilla/pyjwt/releases) - [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst) - [Commits](jpadilla/pyjwt@2.10.1...2.12.1) Updates `pyyaml` from 6.0.2 to 6.0.3 - [Release notes](https://github.com/yaml/pyyaml/releases) - [Changelog](https://github.com/yaml/pyyaml/blob/6.0.3/CHANGES) - [Commits](yaml/pyyaml@6.0.2...6.0.3) Updates `requests` from 2.32.3 to 2.32.5 - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v2.32.3...v2.32.5) Updates `pynacl` from 1.5.0 to 1.6.2 - [Changelog](https://github.com/pyca/pynacl/blob/main/CHANGELOG.rst) - [Commits](pyca/pynacl@1.5.0...1.6.2) Updates `numpy` from 2.3.5 to 2.4.3 - [Release notes](https://github.com/numpy/numpy/releases) - [Changelog](https://github.com/numpy/numpy/blob/main/doc/RELEASE_WALKTHROUGH.rst) - [Commits](numpy/numpy@v2.3.5...v2.4.3) Updates `python-docx` from 1.1.2 to 1.2.0 - [Changelog](https://github.com/python-openxml/python-docx/blob/master/HISTORY.rst) - [Commits](python-openxml/python-docx@v1.1.2...v1.2.0) Updates `opentelemetry-api` from 1.35.0 to 1.40.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-python/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-python/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-python@v1.35.0...v1.40.0) Updates `opentelemetry-sdk` from 1.35.0 to 1.40.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-python/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-python/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-python@v1.35.0...v1.40.0) Updates `opentelemetry-exporter-otlp` from 1.35.0 to 1.40.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-python/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-python/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-python@v1.35.0...v1.40.0) Updates `opentelemetry-exporter-otlp-proto-http` from 1.35.0 to 1.40.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-python/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-python/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-python@v1.35.0...v1.40.0) Updates `opentelemetry-instrumentation-fastapi` from 0.56b0 to 0.61b0 - [Release notes](https://github.com/open-telemetry/opentelemetry-python-contrib/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-python-contrib/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-python-contrib/commits) Updates `opentelemetry-instrumentation-httpx` from 0.56b0 to 0.61b0 - [Release notes](https://github.com/open-telemetry/opentelemetry-python-contrib/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-python-contrib/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-python-contrib/commits) Updates `sentry-sdk` from 2.41.0 to 2.55.0 - [Release notes](https://github.com/getsentry/sentry-python/releases) - [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md) - [Commits](getsentry/sentry-python@2.41.0...2.55.0) Updates `web3` from 7.13.0 to 7.14.1 - [Changelog](https://github.com/ethereum/web3.py/blob/v7.14.1/docs/release_notes.rst) - [Commits](ethereum/web3.py@v7.13.0...v7.14.1) Updates `sqlalchemy[asyncio]` from 2.0.44 to 2.0.48 - [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases) - [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst) - [Commits](https://github.com/sqlalchemy/sqlalchemy/commits) Updates `alembic` from 1.17.2 to 1.18.4 - [Release notes](https://github.com/sqlalchemy/alembic/releases) - [Changelog](https://github.com/sqlalchemy/alembic/blob/main/CHANGES) - [Commits](https://github.com/sqlalchemy/alembic/commits) Updates `redis` from 7.1.0 to 7.3.0 - [Release notes](https://github.com/redis/redis-py/releases) - [Changelog](https://github.com/redis/redis-py/blob/master/CHANGES) - [Commits](redis/redis-py@v7.1.0...v7.3.0) Updates `cookiecutter` from 2.6.0 to 2.7.1 - [Release notes](https://github.com/cookiecutter/cookiecutter/releases) - [Commits](cookiecutter/cookiecutter@2.6.0...v2.7.1) --- updated-dependencies: - dependency-name: rich dependency-version: 14.3.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production - dependency-name: orjson dependency-version: 3.11.7 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production - dependency-name: pyjwt[crypto] dependency-version: 2.12.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production - dependency-name: pyyaml dependency-version: 6.0.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production - dependency-name: requests dependency-version: 2.32.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production - dependency-name: pynacl dependency-version: 1.6.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production - dependency-name: numpy dependency-version: 2.4.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production - dependency-name: python-docx dependency-version: 1.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production - dependency-name: opentelemetry-api dependency-version: 1.40.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production - dependency-name: opentelemetry-sdk dependency-version: 1.40.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production - dependency-name: opentelemetry-exporter-otlp dependency-version: 1.40.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production - dependency-name: opentelemetry-exporter-otlp-proto-http dependency-version: 1.40.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production - dependency-name: opentelemetry-instrumentation-fastapi dependency-version: 0.61b0 dependency-type: direct:production dependency-group: production - dependency-name: opentelemetry-instrumentation-httpx dependency-version: 0.61b0 dependency-type: direct:production dependency-group: production - dependency-name: sentry-sdk dependency-version: 2.55.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production - dependency-name: web3 dependency-version: 7.14.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production - dependency-name: sqlalchemy[asyncio] dependency-version: 2.0.48 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production - dependency-name: alembic dependency-version: 1.18.4 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production - dependency-name: redis dependency-version: 7.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production - dependency-name: cookiecutter dependency-version: 2.7.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Mar 23, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the production group across 1 directory with 20 updates#395

chore(deps): bump the production group across 1 directory with 20 updates#395
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/production-dfcd03c7c3

dependabot bot commented on behalf of github Mar 23, 2026

`v2.12.0 <https://github.com/jpadilla/pyjwt/compare/2.11.0...2.12.0>`__

`v2.11.0 <https://github.com/jpadilla/pyjwt/compare/2.10.1...2.11.0>`__

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Mar 23, 2026

The infinite Release

[14.3.3] - 2026-02-19

Fixed

[14.3.3] - 2026-02-19

Fixed

3.11.7

Changed

3.11.6

Changed

Fixed

3.11.5

Changed

3.11.4

Changed

3.11.3

Fixed

3.11.2

Fixed

Changed

3.11.1

Changed

3.11.7 - 2026-02-02

Changed

3.11.6 - 2026-01-29

Changed

Fixed

3.11.5 - 2025-12-06

Changed

3.11.4 - 2025-10-24

Changed

3.11.3 - 2025-08-26

Fixed

3.11.2 - 2025-08-12

2.12.1

What's Changed

2.12.0

Security

What's Changed

New Contributors

2.11.0

What's Changed

v2.12.1 <https://github.com/jpadilla/pyjwt/compare/2.12.0...2.12.1>__

v2.12.0 &lt;https://github.com/jpadilla/pyjwt/compare/2.11.0...2.12.0&gt;__

v2.11.0 &lt;https://github.com/jpadilla/pyjwt/compare/2.10.1...2.11.0&gt;__

6.0.3

What's Changed

v2.32.5

2.32.5 (2025-08-18)

v2.32.4

2.32.4 (2025-06-10)

2.32.5 (2025-08-18)

2.32.4 (2025-06-10)

1.6.2 (2026-01-01)

1.6.1 (2025-11-10)

1.6.0 (2025-09-11)

2.4.3 (Mar 9, 2026)

NumPy 2.4.3 Release Notes

Contributors

Pull requests merged

2.4.2 (Feb 1, 2026)

NumPy 2.4.2 Release Notes

Facility preparation

Prior to release

Add/drop Python versions

Backport pull requests

Update 2.4.0 milestones

Check the numpy-release repo

Version 1.40.0/0.61b0 (2026-03-04)

Version 1.40.0/0.61b0 (2026-03-04)

Version 1.40.0/0.61b0 (2026-03-04)

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

`v2.12.1 <https://github.com/jpadilla/pyjwt/compare/2.12.0...2.12.1>`__

`v2.12.0 <https://github.com/jpadilla/pyjwt/compare/2.11.0...2.12.0>`__

`v2.11.0 <https://github.com/jpadilla/pyjwt/compare/2.10.1...2.11.0>`__