Skip to content

chore(deps): bump the backend-dependencies group across 1 directory with 4 updates#13

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/src/backend/backend-dependencies-39ccea0979
Open

chore(deps): bump the backend-dependencies group across 1 directory with 4 updates#13
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/src/backend/backend-dependencies-39ccea0979

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 12, 2026
edited
Loading

Bumps the backend-dependencies group with 4 updates in the /src/backend directory: requests, opensearch-py, numpy and requests-aws4auth.

Updates requests from 2.33.1 to 2.34.2

Release notes

Sourced from requests's releases.

v2.34.2

2.34.2 (2026-05-14)

  • Moved headers input type back to Mapping to avoid invariance issues with MutableMapping and inferred dict types. Users calling Request.headers.update() may need to narrow typing in their code. (#7441)

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14

v2.34.1

2.34.1 (2026-05-13)

Bugfixes

  • Widened json input type from dict and list to Mapping and Sequence. (#7436)
  • Changed headers input type to MutableMapping and removed None from Request.headers typing to improve handling for users. (#7431)
  • Response.reason moved from str | None to str to improve handling for users. (#7437)
  • Fixed a bug where some bodies with custom __getattr__ implementations weren't being properly detected as Iterables. (#7433)

New Contributors

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13

v2.34.0

2.34.0 (2026-05-11)

Announcements

  • Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue.

    Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for helping review and test the types ahead of the release. (#7272)

Improvements

  • Digest Auth hashing algorithms have added usedforsecurity=False to clarify security considerations. (#7310)
  • Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. (#7422)
  • Requests added support for Python 3.14t. (#7419)

Bugfixes

  • Response.history no longer contains a reference to itself, preventing accidental looping when traversing the history list. (#7328)
  • Requests no longer performs greedy matching on no_proxy domains. The

... (truncated)

Changelog

Sourced from requests's changelog.

2.34.2 (2026-05-14)

  • Moved headers input type back to Mapping to avoid invariance issues with MutableMapping and inferred dict types. Users calling Request.headers.update() may need to narrow typing in their code. (#7441)

2.34.1 (2026-05-13)

Bugfixes

  • Widened json input type from dict and list to Mapping and Sequence. (#7436)
  • Changed headers input type to MutableMapping and removed None from Request.headers typing to improve handling for users. (#7431)
  • Response.reason moved from str | None to str to improve handling for users. (#7437)
  • Fixed a bug where some bodies with custom __getattr__ implementations weren't being properly detected as Iterables. (#7433)

2.34.0 (2026-05-11)

Announcements

  • Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue.

    Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for helping review and test the types ahead of the release. (#7272)

Improvements

  • Digest Auth hashing algorithms have added usedforsecurity=False to clarify security considerations. (#7310)
  • Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. (#7422)
  • Requests added support for Python 3.14t. (#7419)

Bugfixes

  • Response.history no longer contains a reference to itself, preventing accidental looping when traversing the history list. (#7328)
  • Requests no longer performs greedy matching on no_proxy domains. The proxy_bypass implementation has been updated with CPython's fix from bpo-39057. (#7427)
  • Requests no longer incorrectly strips duplicate leading slashes in URI paths. This should address user issues with specific presigned URLs. Note the full fix requires urllib3 2.7.0+. (#7315)
Commits

Updates opensearch-py from 3.1.0 to 3.2.0

Release notes

Sourced from opensearch-py's releases.

v3.2.0

What's Changed

New Contributors

Full Changelog: opensearch-project/opensearch-py@v3.1.0...v3.2.0

Changelog

Sourced from opensearch-py's changelog.

[3.2.0]

Added

  • Add dependency on opensearch-protobufs to provide client libraries for gRPC transport (#977)
  • Add ML Commons plugin documentation (#992)

Updated APIs

Changed

Deprecated

Removed

Fixed

  • Fixed AWSV4Signer.sign() not passing custom headers to AWSRequest, causing x-amz-* headers to be excluded from SigV4 signature (#1034)
  • Fixed AWSV4Signer.sign() not setting X-Amz-Content-SHA256 before SigV4Auth.add_auth(), causing the header to be absent from SignedHeaders in the Authorization header. The fix uses a guarded assignment that preserves caller-provided values (e.g., UNSIGNED-PAYLOAD, precomputed hashes) (#1038, #1039)
  • Fixed the linkchecker CI step (#987)

Security

Dependencies

  • Bump pytest-asyncio from <=1.2.0 to <=1.3.0 (#984)
  • Bump actions/checkout from 5 to 6 (#986)
  • Bump codecov/codecov-action from 4 to 5 (#985)
  • Bump actions/upload-artifact from 5 to 6 (#989)
  • Bump actions/download-artifact from 6 to 7 (#988)
  • Bump peter-evans/create-pull-request from 7 to 8 (#990)
  • Bump opensearch-protobufs from 0.19.0 to 1.2.0 (#1000)
Commits
  • 8991792 fix(signer): Include X-Amz-Content-SHA256 in SignedHeaders (#1038) (#1039)
  • d8a8c57 Fix AWSV4Signer.sign() not passing headers to AWSRequest (#1035)
  • 6551595 Bump opensearch protobufs - 1.2.0. (#1000)
  • 94ae310 Fix CI failures due to API spec updates (#1007)
  • 1ce5b46 fix(docs): use keyword arguments in security API examples (#1004)
  • 9b6d240 Bump peter-evans/create-pull-request from 7 to 8 (#990)
  • 02c5dcc Bump actions/download-artifact from 6 to 7 (#988)
  • fa8a862 Bump actions/upload-artifact from 5 to 6 (#989)
  • f5ef694 Updated opensearch-py to reflect the latest OpenSearch API spec (2026-01-22) ...
  • 10ab792 ci: fix mypy type ignore for untyped decorator in tests (#993)
  • Additional commits viewable in compare view

Updates numpy from 2.2.6 to 2.4.6

Release notes

Sourced from numpy's releases.

v2.4.6 (May 18, 2026)

NumPy 2.4.6 Release Notes

NumPy 2.4.6 is a quick release that fixes a regression discovered in the 2.4.5 release.

This release supports Python versions 3.11-3.14

Contributors

A total of 4 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

  • !EarlMilktea
  • Charles Harris
  • Sebastian Berg
  • Warren Weckesser

Pull requests merged

A total of 4 pull requests were merged for this release.

  • #31444: MAINT: Prepare 2.4.x for further development
  • #31453: BUG: Fix regression in arr.conj()
  • #31459: BUG: np.linalg.svd(..., hermitian=True) returns non-unitary...
  • #31460: BUG: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator...

v2.4.5 (May 15, 2026)

NumPy 2.4.5 Release Notes

NumPy 2.4.5 is a patch release that fixes bugs discovered after the 2.4.4 release, has some typing improvements, and maintains infrastructure.

This release supports Python versions 3.11-3.14

Contributors

A total of 17 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

  • Aleksei Nikiforov
  • Anarion Zuo +
  • Ankit Ahlawat
  • Breno Favaretto +
  • Charles Harris
  • Igor Krivenko +
  • Ijtihed Kilani +
  • Joren Hammudoglu
  • Maarten Baert +

... (truncated)

Changelog

Sourced from numpy's changelog.

This is a walkthrough of the NumPy 2.4.0 release on Linux, which will be the first feature release using the numpy/numpy-release <https://github.com/numpy/numpy-release>__ repository.

The commands can be copied into the command line, but be sure to replace 2.4.0 with the correct version. This should be read together with the :ref:general release guide <prepare_release>.

Facility preparation

Before beginning to make a release, use the requirements/*_requirements.txt files to ensure that you have the needed software. Most software can be installed with pip, but some will require apt-get, dnf, or whatever your system uses for software. You will also need a GitHub personal access token (PAT) to push the documentation. There are a few ways to streamline things:

  • Git can be set up to use a keyring to store your GitHub personal access token. Search online for the details.

Prior to release

Add/drop Python versions

When adding or dropping Python versions, multiple config and CI files need to be edited in addition to changing the minimum version in pyproject.toml. Make these changes in an ordinary PR against main and backport if necessary. We currently release wheels for new Python versions after the first Python RC once manylinux and cibuildwheel support that new Python version.

Backport pull requests

Changes that have been marked for this release must be backported to the maintenance/2.4.x branch.

Update 2.4.0 milestones

Look at the issues/prs with 2.4.0 milestones and either push them off to a later version, or maybe remove the milestone. You may need to add a milestone.

Check the numpy-release repo

... (truncated)

Commits
  • b832a09 Merge pull request #31462 from charris/prepare-2.4.6
  • 57cc147 REL: Prepare for the NumPy 2.4.6 release
  • 0c72b0b Merge pull request #31459 from charris/backport-31347
  • 9778d26 BUG: core: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator. (#...
  • e0e3876 BUG: core: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator. (#...
  • d1bffeb BUG: np.linalg.svd(..., hermitian=True) returns non-unitary vh (#31347)
  • 8d8d7e5 Merge pull request #31453 from seberg/issue-31452
  • bddaab7 BUG: Fix regression in arr.conj()
  • 37a1ecc Merge pull request #31444 from charris/begin-2.4.6
  • 3c0e043 MAINT: Prepare 2.4.x for further development
  • Additional commits viewable in compare view

Updates requests-aws4auth from 1.3.1 to 1.3.2

Release notes

Sourced from requests-aws4auth's releases.

v1.3.2

What's Changed

Full Changelog: tedder/requests-aws4auth@v1.3.1...v1.3.2

Changelog

Sourced from requests-aws4auth's changelog.

1.3.2 (2026-05-01)

Changes

Commits
  • 3dda9dc history and version
  • c9cd06a update py versions; use session token for live tests
  • 6e58b3e fix additional deprecation warnings for UTC; ensure pre-py311 compat
  • b7acfe8 Fix Deprecated datetime.datetime.utcnow()
  • 89399ca update release instructions
  • See full diff in compare view

@dependabot
chore(deps): bump the backend-dependencies group across 1 directory w…
e869303 
…ith 4 updates

Bumps the backend-dependencies group with 4 updates in the /src/backend directory: [requests](https://github.com/psf/requests), [opensearch-py](https://github.com/opensearch-project/opensearch-py), [numpy](https://github.com/numpy/numpy) and [requests-aws4auth](https://github.com/tedder/requests-aws4auth).


Updates `requests` from 2.33.1 to 2.34.2
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.33.1...v2.34.2)

Updates `opensearch-py` from 3.1.0 to 3.2.0
- [Release notes](https://github.com/opensearch-project/opensearch-py/releases)
- [Changelog](https://github.com/opensearch-project/opensearch-py/blob/main/CHANGELOG.md)
- [Commits](opensearch-project/opensearch-py@v3.1.0...v3.2.0)

Updates `numpy` from 2.2.6 to 2.4.6
- [Release notes](https://github.com/numpy/numpy/releases)
- [Changelog](https://github.com/numpy/numpy/blob/main/doc/RELEASE_WALKTHROUGH.rst)
- [Commits](numpy/numpy@v2.2.6...v2.4.6)

Updates `requests-aws4auth` from 1.3.1 to 1.3.2
- [Release notes](https://github.com/tedder/requests-aws4auth/releases)
- [Changelog](https://github.com/tedder/requests-aws4auth/blob/main/HISTORY.md)
- [Commits](tedder/requests-aws4auth@v1.3.1...v1.3.2)

---
updated-dependencies:
- dependency-name: numpy
  dependency-version: 2.4.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend-dependencies
- dependency-name: opensearch-py
  dependency-version: 3.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend-dependencies
- dependency-name: requests
  dependency-version: 2.34.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend-dependencies
- dependency-name: requests-aws4auth
  dependency-version: 1.3.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/src/backend/backend-dependencies-39ccea0979 branch from 5951b58 to e869303 Compare May 19, 2026 03:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

backend dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants