deps(deps): Bump the "dependencies" group with 3 updates across multiple ecosystems

[dependabot]

Bumps the dependencies group with 7 updates:

Package	From	To
actions/setup-node	6.3.0	6.4.0
vladopajic/go-test-coverage	2.18.4	2.18.7
jdfalk/gha-release-go	a7d189ff3dd4b13e7b42f989decf23d7701adab5	c7f72a3df997a97a1c9433893d4d25fc98f99c7e
jdfalk/gha-release-frontend	1e52bef3914c9157fbc59faa6ca8212b6fa6133a	f77c3d10f7d3f6be435be9bbbd1446f5599f48aa
jdfalk/gha-release-docker	ae29d4b40344ec00050679a42dacfee84f4a1a2c	9f854f0837efd3eac6647c93b86ca06d6b58cf6a
jdfalk/package-assets-action	494bfba81714612985e0f3ca7af43c42bdd3c629	49725e715503b7021778d248f56fe50e001a68ed
github/codeql-action	4.35.1	4.35.2

Updates actions/setup-node from 6.3.0 to 6.4.0

Release notes

Sourced from actions/setup-node's releases.

v6.4.0

What's Changed

Dependency updates:

• Upgrade @​actions dependencies by @​Copilot in actions/setup-node#1525
• Update Node.js versions in versions.yml and bump package to v6.4.0 by @​priya-kinthali in actions/setup-node#1533

New Contributors

• @​Copilot made their first contribution in actions/setup-node#1525

Full Changelog: actions/setup-node@v6...v6.4.0

Commits

• 48b55a0 Update Node.js versions in versions.yml and bump package to v6.4.0 (#1533)
• ab72c7e Upgrade @​actions dependencies (#1525)
• See full diff in compare view

Updates vladopajic/go-test-coverage from 2.18.4 to 2.18.7

Release notes

Sourced from vladopajic/go-test-coverage's releases.

v2.18.7

What's Changed

• fix(coverage): file search should be preceded by / by @​vladopajic in vladopajic/go-test-coverage#308
• chore(deps): bump github.com/rs/zerolog from 1.35.0 to 1.35.1 by @​dependabot[bot] in vladopajic/go-test-coverage#307

Full Changelog: vladopajic/go-test-coverage@v2.18.6...v2.18.7

v2.18.6

What's Changed

• fix(docker): add certs by @​vladopajic in vladopajic/go-test-coverage#306

Full Changelog: vladopajic/go-test-coverage@v2.18.5...v2.18.6

v2.18.5

What's Changed

• chore: remove deprecated field by @​vladopajic in vladopajic/go-test-coverage#286
• chore(deps): bump dawidd6/action-download-artifact from 16 to 18 by @​dependabot[bot] in vladopajic/go-test-coverage#287
• chore: cosmetics by @​vladopajic in vladopajic/go-test-coverage#288
• chore(deps): bump dawidd6/action-download-artifact from 18 to 19 by @​dependabot[bot] in vladopajic/go-test-coverage#289
• chore(deps): bump github.com/rs/zerolog from 1.34.0 to 1.35.0 by @​dependabot[bot] in vladopajic/go-test-coverage#290
• chore(deps): bump golang.org/x/image from 0.18.0 to 0.38.0 by @​dependabot[bot] in vladopajic/go-test-coverage#291
• chore: remove magic values from args by @​vladopajic in vladopajic/go-test-coverage#203
• chore: update .github/.testcoverage.yml by @​vladopajic in vladopajic/go-test-coverage#293
• chore: update docker-entrypoint.sh by @​vladopajic in vladopajic/go-test-coverage#294
• chore(ci): reuse action test steps by @​vladopajic in vladopajic/go-test-coverage#295
• ci: trigger via pull request by @​vladopajic in vladopajic/go-test-coverage#296
• test(action): add more test cases by @​vladopajic in vladopajic/go-test-coverage#297
• chore(deps): bump dawidd6/action-download-artifact from 19 to 20 by @​dependabot[bot] in vladopajic/go-test-coverage#299
• chore(deps): bump golang from 1.26.1 to 1.26.2 by @​dependabot[bot] in vladopajic/go-test-coverage#301
• fix(coverage): fix comment annotation column bound case by @​vladopajic in vladopajic/go-test-coverage#302
• chore(coverage): ruse file ast by @​vladopajic in vladopajic/go-test-coverage#304
• chore: improvements by @​vladopajic in vladopajic/go-test-coverage#303

TLD

• this release includes security hardening and various improvements.
• smaller performance gains in #304

Full Changelog: vladopajic/go-test-coverage@v2.18.4...2.18.5

Commits

• 8cfd056 chore(version): bump to v2.18.7
• 4203ba5 chore(deps): bump github.com/rs/zerolog from 1.35.0 to 1.35.1 (#307)
• c43ff5b fix(coverage): file search should be preceded by / (#308)
• b7a53f8 chore(version): bump to v2.18.6
• bb6f9c6 fix(docker): add certs (#306)
• 5b86b55 chore(version): bump to v2.18.5
• 54057b8 chore: improvements (#303)
• a1eb8f2 chore(coverage): ruse file ast (#304)
• e212d64 fix(coverage): fix comment annotation column bound case (#302)
• f91bdba chore(deps): bump golang from 1.26.1 to 1.26.2 (#301)
• Additional commits viewable in compare view

Updates jdfalk/gha-release-go from a7d189ff3dd4b13e7b42f989decf23d7701adab5 to c7f72a3df997a97a1c9433893d4d25fc98f99c7e

Commits

• c7f72a3 chore: bootstrap repo to ghcommon standards (action)
• See full diff in compare view

Updates jdfalk/gha-release-frontend from 1e52bef3914c9157fbc59faa6ca8212b6fa6133a to f77c3d10f7d3f6be435be9bbbd1446f5599f48aa

Commits

• f77c3d1 chore: bootstrap repo to ghcommon standards (action)
• See full diff in compare view

Updates jdfalk/gha-release-docker from ae29d4b40344ec00050679a42dacfee84f4a1a2c to 9f854f0837efd3eac6647c93b86ca06d6b58cf6a

Commits

• 9f854f0 chore: bootstrap repo to ghcommon standards (action)
• See full diff in compare view

Updates jdfalk/package-assets-action from 494bfba81714612985e0f3ca7af43c42bdd3c629 to 49725e715503b7021778d248f56fe50e001a68ed

Changelog

Sourced from jdfalk/package-assets-action's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased]

Added

• Dockerized execution path controlled by use-docker/docker-image
• Automated GHCR publish workflow with digest pinning and tag bump
• README updated with docker usage and input/output tables

Changed

Fixed

Security

[1.0.0] - 2026-01-02

Added

• Initial implementation of action functionality
• Core workflow integration
• Documentation and usage examples

---

Format: [version] - YYYY-MM-DD

Commits

• 49725e7 fix(dependabot): quote schedule time so YAML 1.1 parser keeps it as a string
• e36845e chore: bootstrap repo to ghcommon standards (action)
• See full diff in compare view

Updates github/codeql-action from 4.35.1 to 4.35.2

Release notes

Sourced from github/codeql-action's releases.

v4.35.2

• The undocumented TRAP cache cleanup feature that could be enabled using the CODEQL_ACTION_CLEANUP_TRAP_CACHES environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the trap-caching: false input to the init Action. #3795
• The Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. #3789
• Python analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. #3794
• Fixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. #3807
• Update default CodeQL bundle version to 2.25.2. #3823

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

• Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. #3852

4.35.2 - 15 Apr 2026

• The undocumented TRAP cache cleanup feature that could be enabled using the CODEQL_ACTION_CLEANUP_TRAP_CACHES environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the trap-caching: false input to the init Action. #3795
• The Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. #3789
• Python analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. #3794
• Fixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. #3807
• Update default CodeQL bundle version to 2.25.2. #3823

4.35.1 - 27 Mar 2026

• Fix incorrect minimum required Git version for improved incremental analysis: it should have been 2.36.0, not 2.11.0. #3781

4.35.0 - 27 Mar 2026

• Reduced the minimum Git version required for improved incremental analysis from 2.38.0 to 2.11.0. #3767
• Update default CodeQL bundle version to 2.25.1. #3773

4.34.1 - 20 Mar 2026

• Downgrade default CodeQL bundle version to 2.24.3 due to issues with a small percentage of Actions and JavaScript analyses. #3762

4.34.0 - 20 Mar 2026

• Added an experimental change which disables TRAP caching when improved incremental analysis is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. #3569
• We are rolling out improved incremental analysis to C/C++ analyses that use build mode none. We expect this rollout to be complete by the end of April 2026. #3584
• Update default CodeQL bundle version to 2.25.0. #3585

4.33.0 - 16 Mar 2026

• Upcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. #3562

  To opt out of this change:

  • Repositories owned by an organization: Create a custom repository property with the name github-codeql-file-coverage-on-prs and the type "True/false", then set this property to true in the repository's settings. For more information, see Managing custom properties for repositories in your organization. Alternatively, if you are using an advanced setup workflow, you can set the CODEQL_ACTION_FILE_COVERAGE_ON_PRS environment variable to true in your workflow.
  • User-owned repositories using default setup: Switch to an advanced setup workflow and set the CODEQL_ACTION_FILE_COVERAGE_ON_PRS environment variable to true in your workflow.
  • User-owned repositories using advanced setup: Set the CODEQL_ACTION_FILE_COVERAGE_ON_PRS environment variable to true in your workflow.

• Fixed a bug which caused the CodeQL Action to fail loading repository properties if a "Multi select" repository property was configured for the repository. #3557

• The CodeQL Action now loads custom repository properties on GitHub Enterprise Server, enabling the customization of features such as github-codeql-disable-overlay that was previously only available on GitHub.com. #3559

• Once private package registries can be configured with OIDC-based authentication for organizations, the CodeQL Action will now be able to accept such configurations. #3563

• Fixed the retry mechanism for database uploads. Previously this would fail with the error "Response body object should not be disturbed or locked". #3564

• A warning is now emitted if the CodeQL Action detects a repository property whose name suggests that it relates to the CodeQL Action, but which is not one of the properties recognised by the current version of the CodeQL Action. #3570

4.32.6 - 05 Mar 2026

... (truncated)

Commits

• 95e58e9 Merge pull request #3824 from github/update-v4.35.2-d2e135a73
• 6f31bfe Update changelog for v4.35.2
• d2e135a Merge pull request #3823 from github/update-bundle/codeql-bundle-v2.25.2
• 60abb65 Add changelog note
• 5a0a562 Update default bundle to codeql-bundle-v2.25.2
• 6521697 Merge pull request #3820 from github/dependabot/github_actions/dot-github/wor...
• 3c45af2 Merge pull request #3821 from github/dependabot/npm_and_yarn/npm-minor-345b93...
• f1c3393 Rebuild
• 1024fc4 Rebuild
• 9dd4cfe Bump the npm-minor group across 1 directory with 6 updates
• Additional commits viewable in compare view

Bumps the dependencies group with 2 updates: @typescript-eslint/eslint-plugin and typescript-eslint.

Updates @typescript-eslint/eslint-plugin from 8.58.2 to 8.59.1

Release notes

Sourced from @​typescript-eslint/eslint-plugin's releases.

v8.59.1

8.59.1 (2026-04-27)

🩹 Fixes

• eslint-plugin: [no-unnecessary-type-assertion] fix crash "TypeError: checker.getTypeArguments is not a function" (#12246)
• eslint-plugin: [no-unnecessary-type-assertion] preserve index signatures in undefined unions (#12257)
• eslint-plugin: [no-unnecessary-type-assertion] preserve phantom type arguments in generic inference (#12269)
• eslint-plugin: [no-unnecessary-type-assertion] avoid false positive in logical assignment assertions (#12278)
• eslint-plugin: [no-unnecessary-type-arguments] handle instantiation expressions (#12220)
• eslint-plugin: [no-unnecessary-condition] treat void as nullish in no-unnecessary-condition (#12241)

❤️ Thank You

• anasm266 @​anasm266
• Anshika Jain @​Anshikakalpana
• Ulrich Stark
• yugo innami @​nami8824

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.59.0

8.59.0 (2026-04-20)

🚀 Features

• eslint-plugin: [no-unnecessary-type-assertion] report more cases based on assignability (#11789)

❤️ Thank You

• Ulrich Stark

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/eslint-plugin's changelog.

8.59.1 (2026-04-27)

🩹 Fixes

• eslint-plugin: [no-unnecessary-condition] treat void as nullish in no-unnecessary-condition (#12241)
• eslint-plugin: [no-unnecessary-type-arguments] handle instantiation expressions (#12220)
• eslint-plugin: [no-unnecessary-type-assertion] avoid false positive in logical assignment assertions (#12278)
• eslint-plugin: [no-unnecessary-type-assertion] preserve phantom type arguments in generic inference (#12269)
• eslint-plugin: [no-unnecessary-type-assertion] preserve index signatures in undefined unions (#12257)
• eslint-plugin: [no-unnecessary-type-assertion] fix crash "TypeError: checker.getTypeArguments is not a function" (#12246)

❤️ Thank You

• anasm266 @​anasm266
• Anshika Jain @​Anshikakalpana
• Ulrich Stark
• yugo innami @​nami8824

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.59.0 (2026-04-20)

🚀 Features

• eslint-plugin: [no-unnecessary-type-assertion] report more cases based on assignability (#11789)

❤️ Thank You

• Ulrich Stark

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

• 5245793 chore(release): publish 8.59.1
• 3cef124 chore(eslint-plugin): switch auto-generated test cases to hand-written in dot...
• 27c507b test: make sort-type-constituents tests fully static (#12262)
• a03b31d chore(eslint-plugin): switch auto-generated test cases to hand-written in no-...
• a7099a7 chore(eslint-plugin): switch auto-generated test cases to hand-written in no-...
• bfbd4a5 chore(eslint-plugin): switch auto-generated test cases to hand-written in no-...
• b49d4b1 chore(eslint-plugin): switch auto-generated test cases to hand-written in no-...
• 3097e72 chore(eslint-plugin): switch auto-generated test cases to hand-written in nam...
• 676191b chore(eslint-plugin): switch auto-generated test cases to hand-written in mem...
• e9dce8b fix(eslint-plugin): [no-unnecessary-condition] treat void as nullish in no-un...
• Additional commits viewable in compare view

Updates typescript-eslint from 8.58.2 to 8.59.1

Release notes

Sourced from typescript-eslint's releases.

v8.59.1

8.59.1 (2026-04-27)

🩹 Fixes

• eslint-plugin: [no-unnecessary-type-assertion] fix crash "TypeError: checker.getTypeArguments is not a function" (#12246)
• eslint-plugin: [no-unnecessary-type-assertion] preserve index signatures in undefined unions (#12257)
• eslint-plugin: [no-unnecessary-type-assertion] preserve phantom type arguments in generic inference (#12269)
• eslint-plugin: [no-unnecessary-type-assertion] avoid false positive in logical assignment assertions (#12278)
• eslint-plugin: [no-unnecessary-type-arguments] handle instantiation expressions (#12220)
• eslint-plugin: [no-unnecessary-condition] treat void as nullish in no-unnecessary-condition (#12241)

❤️ Thank You

• anasm266 @​anasm266
• Anshika Jain @​Anshikakalpana
• Ulrich Stark
• yugo innami @​nami8824

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.59.0

8.59.0 (2026-04-20)

🚀 Features

• eslint-plugin: [no-unnecessary-type-assertion] report more cases based on assignability (#11789)

❤️ Thank You

• Ulrich Stark

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from typescript-eslint's changelog.

8.59.1 (2026-04-27)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.59.0 (2026-04-20)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

• 5245793 chore(release): publish 8.59.1
• ea9ae4f chore(release): publish 8.59.0
• See full diff in compare view

Updates the requirements on pyyaml, pyjwt, cryptography, requests and python-dotenv to permit the latest version.
Updates pyyaml to 6.0.3

Release notes

Sourced from pyyaml's releases.

6.0.3

What's Changed

• Support for Python 3.14 and free-threading (experimental).

Full Changelog: yaml/pyyaml@6.0.2...6.0.3

Changelog

Sourced from pyyaml's changelog.

6.0.3 (2025-09-25)

• yaml/pyyaml#864 -- Support for Python 3.14 and free-threading (experimental)

6.0.2 (2024-08-06)

• yaml/pyyaml#808 -- Support for Cython 3.x and Python 3.13

6.0.1 (2023-07-18)

• yaml/pyyaml#702 -- pin Cython build dep to < 3.0

6.0 (2021-10-13)

• yaml/pyyaml#327 -- Change README format to Markdown
• yaml/pyyaml#483 -- Add a test for YAML 1.1 types
• yaml/pyyaml#497 -- fix float resolver to ignore . and ._
• yaml/pyyaml#550 -- drop Python 2.7
• yaml/pyyaml#553 -- Fix spelling of “hexadecimal”
• yaml/pyyaml#556 -- fix representation of Enum subclasses
• yaml/pyyaml#557 -- fix libyaml extension compiler warnings
• yaml/pyyaml#560 -- fix ResourceWarning on leaked file descriptors
• yaml/pyyaml#561 -- always require Loader arg to yaml.load()
• yaml/pyyaml#564 -- remove remaining direct distutils usage

5.4.1 (2021-01-20)

• yaml/pyyaml#480 -- Fix stub compat with older pyyaml versions that may unwittingly load it

5.4 (2021-01-19)

• yaml/pyyaml#407 -- Build modernization, remove distutils, fix metadata, build wheels, CI to GHA
• yaml/pyyaml#472 -- Fix for CVE-2020-14343, moves arbitrary python tags to UnsafeLoader
• yaml/pyyaml#441 -- Fix memory leak in implicit resolver setup
• yaml/pyyaml#392 -- Fix py2 copy support for timezone objects
• yaml/pyyaml#378 -- Fix compatibility with Jython

5.3.1 (2020-03-18)

• yaml/pyyaml#386 -- Prevents arbitrary code execution during python/object/new constructor

5.3 (2020-01-06)

• yaml/pyyaml#290 -- Use is instead of equality for comparing with None
• yaml/pyyaml#270 -- Fix typos and stylistic nit
• yaml/pyyaml#309 -- Fix up small typo
• yaml/pyyaml#161 -- Fix handling of slots
• yaml/pyyaml#358 -- Allow calling add_multi_constructor with None
• yaml/pyyaml#285 -- Add use of safe_load() function in README
• yaml/pyyaml#351 -- Fix reader for Unicode code points over 0xFFFF

... (truncated)

Commits

• 49790e7 Release 6.0.3 (#889)
• 41309b0 Release 6.0.2 (#819)
• dd9f0e1 6.0.2rc1 (#809)
• f5527a2 disable CI trigger on PR edits
• b4d80a7 Python 3.12 + musllinux_1_1_x86_64 wheel support
• c42fa3b 6.0.1 release
• ae08bdc block Cython 3.0+ as a build dep (#702)
• f873cfe Add python 3.11 support (#663)
• See full diff in compare view

Updates pyjwt to 2.12.1

Release notes

Sourced from pyjwt's releases.

2.12.1

What's Changed

• Add typing_extensions dependency for Python < 3.11 by @​jpadilla in jpadilla/pyjwt#1151

Full Changelog: jpadilla/pyjwt@2.12.0...2.12.1

Changelog

Sourced from pyjwt's changelog.

v2.12.1 <https://github.com/jpadilla/pyjwt/compare/2.12.0...2.12.1>__

Fixed

- Add missing ``typing_extensions`` dependency for Python < 3.11 in `[#1150](https://github.com/jpadilla/pyjwt/issues/1150) <https://github.com/jpadilla/pyjwt/issues/1150>`__
v2.12.0 &lt;https://github.com/jpadilla/pyjwt/compare/2.11.0...2.12.0&gt;__
Fixed

• Annotate PyJWKSet.keys for pyright by @​tamird in [#1134](https://github.com/jpadilla/pyjwt/issues/1134) <https://github.com/jpadilla/pyjwt/pull/1134>__
• Close HTTPError response to prevent ResourceWarning on Python 3.14 by @​veeceey in [#1133](https://github.com/jpadilla/pyjwt/issues/1133) <https://github.com/jpadilla/pyjwt/pull/1133>__
• Do not keep algorithms dict in PyJWK instances by @​akx in [#1143](https://github.com/jpadilla/pyjwt/issues/1143) <https://github.com/jpadilla/pyjwt/pull/1143>__
• Validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. by @​dmbs335 in GHSA-752w-5fwx-jx9f <https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f>__
• Use PyJWK algorithm when encoding without explicit algorithm in [#1148](https://github.com/jpadilla/pyjwt/issues/1148) <https://github.com/jpadilla/pyjwt/pull/1148>__

Added

- Docs: Add ``PyJWKClient`` API reference and document the two-tier caching system (JWK Set cache and signing key LRU cache).
v2.11.0 <https://github.com/jpadilla/pyjwt/compare/2.10.1...2.11.0>__
Fixed

• Enforce ECDSA curve validation per RFC 7518 Section 3.4.
• Fix build system warnings by @​kurtmckee in [#1105](https://github.com/jpadilla/pyjwt/issues/1105) <https://github.com/jpadilla/pyjwt/pull/1105>__
• Validate key against allowed types for Algorithm family in [#964](https://github.com/jpadilla/pyjwt/issues/964) <https://github.com/jpadilla/pyjwt/pull/964>__
• Add iterator for JWKSet in [#1041](https://github.com/jpadilla/pyjwt/issues/1041) <https://github.com/jpadilla/pyjwt/pull/1041>__
• Validate iss claim is a string during encoding and decoding by @​pachewise in [#1040](https://github.com/jpadilla/pyjwt/issues/1040) <https://github.com/jpadilla/pyjwt/pull/1040>__
• Improve typing/logic for options in decode, decode_complete by @​pachewise in [#1045](https://github.com/jpadilla/pyjwt/issues/1045) <https://github.com/jpadilla/pyjwt/pull/1045>__
• Declare float supported type for lifespan and timeout by @​nikitagashkov in [#1068](https://github.com/jpadilla/pyjwt/issues/1068) <https://github.com/jpadilla/pyjwt/pull/1068>__
• Fix SyntaxWarning\s/DeprecationWarning\s caused by invalid escape sequences by @​kurtmckee in [#1103](https://github.com/jpadilla/pyjwt/issues/1103) <https://github.com/jpadilla/pyjwt/pull/1103>__
• Development: Build a shared wheel once to speed up test suite setup times by @​kurtmckee in [#1114](https://github.com/jpadilla/pyjwt/issues/1114) <https://github.com/jpadilla/pyjwt/pull/1114>__
• Development: Test type annotations across all supported Python versions, increase the strictness of the type checking, and remove the mypy pre-commit hook by @​kurtmckee in [#1112](https://github.com/jpadilla/pyjwt/issues/1112) <https://github.com/jpadilla/pyjwt/pull/1112>__

Added

- Support Python 3.14, and test against PyPy 3.10 and 3.11 by @kurtmckee in `[#1104](https://github.com/jpadilla/pyjwt/issues/1104) <https://github.com/jpadilla/pyjwt/pull/1104>`__
- Development: Migrate to ``build`` to test package building in CI by @kurtmckee in `[#1108](https://github.com/jpadilla/pyjwt/issues/1108) <https://github.com/jpadilla/pyjwt/pull/1108>`__
- Development: Improve coverage config and eliminate unused test suite code by @kurtmckee in `[#1115](https://github.com/jpadilla/pyjwt/issues/1115) <https://github.com/jpadilla/pyjwt/pull/1115>`__
</tr></table> 

... (truncated)

Commits

• a4e1a3d Add typing_extensions dependency for Python < 3.11 (#1151)
• bd9700c Use PyJWK algorithm when encoding without explicit algorithm (#1148)
• 051ea34 Merge commit from fork
• 1451d70 fix: do not store reference to algorithms dict on PyJWK (#1143)
• f3ba74c [pre-commit.ci] pre-commit autoupdate (#1145)
• 0318ffa [pre-commit.ci] pre-commit autoupdate (#1141)
• a52753d Bump actions/download-artifact from 7 to 8 (#1142)
• b85050f chore(tests): enable mypy (#1138)
• 1272b26 [pre-commit.ci] pre-commit autoupdate (#1135)
• 99a8728 chore: remove superfluous constants (#1136)
• Additional commits viewable in compare view

Updates cryptography to 41.0.7

Changelog

Sourced from cryptography's changelog.

41.0.7 - 2023-11-27

* Fixed compilation when using LibreSSL 3.8.2.
.. _v41-0-6:
41.0.6 - 2023-11-27

• Fixed a null-pointer-dereference and segfault that could occur when loading certificates from a PKCS#7 bundle. Credit to pkuzco for reporting the issue. CVE-2023-49083

.. _v41-0-5:

41.0.5 - 2023-10-24

* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.1.4.
* Added a function to support an upcoming ``pyOpenSSL`` release.
.. _v41-0-4:
41.0.4 - 2023-09-19

• Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.1.3.

.. _v41-0-3:

41.0.3 - 2023-08-01

* Fixed performance regression loading DH public keys.
* Fixed a memory leak when using
  :class:`~cryptography.hazmat.primitives.ciphers.aead.ChaCha20Poly1305`.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.1.2.
.. _v41-0-2:
41.0.2 - 2023-07-10

• Fixed bugs in creating and parsing SSH certificates where critical options with values were handled incorrectly. Certificates are now created correctly and parsing accepts correct values as well as the previously generated invalid forms with a warning. In the next release, support for parsing these invalid forms will be removed.

... (truncated)

Commits

• 4054596 Backport LibreSSL 3.8.2 support for a 41.0.7 release (#9931)
• f09c261 41.0.6 release (#9927)
• 5012bed bump for 41.0.5 release (#9766)
• 563b119 Added binding needed for pyOpenSSL (#9739) (#9740)
• fc11bce bump for 41.0.4 (#9629)
• b22271c bump for 41.0.3 (#9330)
• 774a4a1 Only check DH key validity when loading a private key. (#9071) (#9319)
• bfa4d95 changelog for 41.0.3 (#9320)
• 0da7165 backport fix the memory leak in fixedpool (#9272) (#9309)
• 7431db7 bump for 41.0.2 (#9215)
• Additional commits viewable in compare view

Updates requests to 2.33.1

Release notes

Sourced from requests's releases.

v2.33.1

2.33.1 (2026-03-30)

Bugfixes

• Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)
• Fixed Content-Type header parsing for malformed values. (#7309)
• Improved error consistency for malformed header values. (#7308)

New Contributors

• @​ferdnyc made their first contribution in psf/requests#7277

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2331-2026-03-30

Changelog

Sourced from requests's changelog.

2.33.1 (2026-03-30)

Bugfixes

• Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)
• Fixed Content-Type header parsing for malformed values. (#7309)
• Improved error consistency for malformed header values. (#7308)

2.33.0 (2026-03-25)

Announcements

• 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

• CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

• Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

• Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

• Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

• Various typo fixes and doc improvements.

2.32.5 (2025-08-18)

Bugfixes

• The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

• Added support for Python 3.14.

... (truncated)

Commits

• 111d2b7 v2.33.1
• f0198e6 Fix malformed value parsing for Content-Type (#7309)
• bc7dd0f Fix cosmetic header validity parsing regex (#7308)
• Description has been truncated