Skip to content

Bump the straightforward-dependencies group across 3 directories with 7 updates#2706

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/straightforward-dependencies-f8aa6e471b
Open

Bump the straightforward-dependencies group across 3 directories with 7 updates#2706
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/straightforward-dependencies-f8aa6e471b

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Mar 30, 2026
edited
Loading

Bumps the straightforward-dependencies group with 1 update in the / directory: redshift-connector.
Bumps the straightforward-dependencies group with 6 updates in the /lambdas directory:

Package From To
urllib3 2.6.2 2.7.0
google-api-python-client 2.187.0 2.196.0
requests 2.32.5 2.33.1
httplib2 0.31.0 0.31.2
numpy 2.3.5 2.4.4
s3fs 2026.2.0 2026.4.0

Bumps the straightforward-dependencies group with 1 update in the /scripts directory: redshift-connector.

Updates redshift-connector from 2.1.10 to 2.1.13

Release notes

Sourced from redshift-connector's releases.

v2.1.13

No release notes provided.

v2.1.12

No release notes provided.

v2.1.11

chore: bump version to 2.1.11

Changelog

Sourced from redshift-connector's changelog.

v2.1.13 (2026-03-30)

  • Raised minimum supported Python version from 3.6 to 3.7
  • Fixed prepared statement cache desync causing KeyError after DDL/ROLLBACK
  • Raised lxml upper bound from <6.0.0 to <=6.0.2 to unblock Python 3.14 support
  • Bumped beautifulsoup4 minimum version from 4.7.0 to 4.13.5 to fix lxml 6.0 parsing bug with curly braces
  • Fixed Python 3.7/3.8 type hint compatibility in Metadata API

v2.1.12 (2026-03-04)

  • Added support for Identity Enhanced Credentials authentication
  • Fixed metadata retrieval to sanitize invalid negative and None values in metadataAPIHelper

v2.1.11 (2026-02-09)

  • Fixed build failure when using setuptools version 72 or later by replacing deprecated TestCommand with generic Command base class
Commits
  • f034099 Update CHANGELOG.md
  • 537001f chore: bump version to 2.1.13
  • 356583b chore: Raised lxml upper bound from <6.0.0 to <=6.0.2 to unblock Python 3.14 ...
  • a0527a8 fix: Fixed Python 3.7/3.8 type hint compatibility in Metadata API
  • d5516e9 chore: Raised minimum supported Python version from 3.6 to 3.7
  • bc4503e fix: Fixed prepared statement cache desync causing KeyError after DDL/ROLLBACK
  • 342df24 Update CHANGELOG.md
  • 5294c00 chore: bump version to 2.1.12
  • 8862ce2 fix: adjust function column integration test due to known issue in SQL UDF
  • f724f79 feat: Added support for Identity Enhanced Credentials authentication
  • Additional commits viewable in compare view

Updates redshift-connector from 2.1.10 to 2.1.13

Release notes

Sourced from redshift-connector's releases.

v2.1.13

No release notes provided.

v2.1.12

No release notes provided.

v2.1.11

chore: bump version to 2.1.11

Changelog

Sourced from redshift-connector's changelog.

v2.1.13 (2026-03-30)

  • Raised minimum supported Python version from 3.6 to 3.7
  • Fixed prepared statement cache desync causing KeyError after DDL/ROLLBACK
  • Raised lxml upper bound from <6.0.0 to <=6.0.2 to unblock Python 3.14 support
  • Bumped beautifulsoup4 minimum version from 4.7.0 to 4.13.5 to fix lxml 6.0 parsing bug with curly braces
  • Fixed Python 3.7/3.8 type hint compatibility in Metadata API

v2.1.12 (2026-03-04)

  • Added support for Identity Enhanced Credentials authentication
  • Fixed metadata retrieval to sanitize invalid negative and None values in metadataAPIHelper

v2.1.11 (2026-02-09)

  • Fixed build failure when using setuptools version 72 or later by replacing deprecated TestCommand with generic Command base class
Commits
  • f034099 Update CHANGELOG.md
  • 537001f chore: bump version to 2.1.13
  • 356583b chore: Raised lxml upper bound from <6.0.0 to <=6.0.2 to unblock Python 3.14 ...
  • a0527a8 fix: Fixed Python 3.7/3.8 type hint compatibility in Metadata API
  • d5516e9 chore: Raised minimum supported Python version from 3.6 to 3.7
  • bc4503e fix: Fixed prepared statement cache desync causing KeyError after DDL/ROLLBACK
  • 342df24 Update CHANGELOG.md
  • 5294c00 chore: bump version to 2.1.12
  • 8862ce2 fix: adjust function column integration test due to known issue in SQL UDF
  • f724f79 feat: Added support for Identity Enhanced Credentials authentication
  • Additional commits viewable in compare view

Updates urllib3 from 2.6.2 to 2.7.0

Release notes

Sourced from urllib3's releases.

2.7.0

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Security

Addressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.

  • Decompression-bomb safeguards of the streaming API were bypassed:

    1. When HTTPResponse.drain_conn() was called after the response had been read and decompressed partially. (Reported by @​Cycloctane)
    2. During the second HTTPResponse.read(amt=N) or HTTPResponse.stream(amt=N) call when the response was decompressed using the official Brotli library. (Reported by @​kimkou2024)

    See GHSA-mf9v-mfxr-j63j for details.

  • HTTP pools created using ProxyManager.connection_from_url did not strip sensitive headers specified in Retry.remove_headers_on_redirect when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by @​christos-spearbit)

Deprecations and Removals

  • Used FutureWarning instead of DeprecationWarning for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (urllib3/urllib3#3763)
  • Removed support for end-of-life Python 3.9. (urllib3/urllib3#3720)
  • Removed support for end-of-life PyPy3.10. (urllib3/urllib3#4979)
  • Bumped the minimum supported pyOpenSSL version to 19.0.0. (urllib3/urllib3#3777)

Bugfixes

  • Fixed a bug where HTTPResponse.read(amt=None) was ignoring decompressed data buffered from previous partial reads. (urllib3/urllib3#3636)
  • Fixed a bug where HTTPResponse.read() could cache only part of the response after a partial read when cache_content=True. (urllib3/urllib3#4967)
  • Fixed HTTPResponse.stream() and HTTPResponse.read_chunked() to handle amt=0. (urllib3/urllib3#3793)
  • Updated _TYPE_BODY type alias to include missing Iterable[str], matching the documented and runtime behavior of chunked request bodies. (urllib3/urllib3#3798)
  • Fixed LocationParseError when paths resembling schemeless URIs were passed to HTTPConnectionPool.urlopen(). (urllib3/urllib3#3352)
  • Fixed BaseHTTPResponse.readinto() type annotation to accept memoryview in addition to bytearray, matching the io.RawIOBase.readinto contract and enabling use with io.BufferedReader without type errors. (urllib3/urllib3#3764)

2.6.3

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Changes

Changelog

Sourced from urllib3's changelog.

2.7.0 (2026-05-07)

Security

Addressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.

  • Decompression-bomb safeguards of the streaming API were bypassed:

    1. When HTTPResponse.drain_conn() was called after the response had been read and decompressed partially.
    2. During the second HTTPResponse.read(amt=N) or HTTPResponse.stream(amt=N) call when the response was decompressed using the official Brotli <https://pypi.org/project/brotli/>__ library.

    See GHSA-mf9v-mfxr-j63j <https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j>__ for details.

  • HTTP pools created using ProxyManager.connection_from_url did not strip sensitive headers specified in Retry.remove_headers_on_redirect when redirecting to a different host. (GHSA-qccp-gfcp-xxvc <https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc>__)

Deprecations and Removals

  • Used FutureWarning instead of DeprecationWarning for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. ([#3763](https://github.com/urllib3/urllib3/issues/3763) <https://github.com/urllib3/urllib3/issues/3763>__)
  • Removed support for end-of-life Python 3.9. ([#3720](https://github.com/urllib3/urllib3/issues/3720) <https://github.com/urllib3/urllib3/issues/3720>__)
  • Removed support for end-of-life PyPy3.10. ([#4979](https://github.com/urllib3/urllib3/issues/4979) <https://github.com/urllib3/urllib3/issues/4979>__)
  • Bumped the minimum supported pyOpenSSL version to 19.0.0. ([#3777](https://github.com/urllib3/urllib3/issues/3777) <https://github.com/urllib3/urllib3/issues/3777>__)

Bugfixes

  • Fixed a bug where HTTPResponse.read(amt=None) was ignoring decompressed data buffered from previous partial reads. ([#3636](https://github.com/urllib3/urllib3/issues/3636) <https://github.com/urllib3/urllib3/issues/3636>__)
  • Fixed a bug where HTTPResponse.read() could cache only part of the response after a partial read when cache_content=True.

... (truncated)

Commits

Updates google-api-python-client from 2.187.0 to 2.196.0

Release notes

Sourced from google-api-python-client's releases.

v2.196.0

2.196.0 (2026-05-05)

Features

Bug Fixes

... (truncated)

Commits

Updates google-api-python-client from 2.187.0 to 2.196.0

Release notes

Sourced from google-api-python-client's releases.

v2.196.0

2.196.0 (2026-05-05)

Features

Bug Fixes

... (truncated)

Commits

Updates requests from 2.32.5 to 2.33.1

Release notes

Sourced from requests's releases.

v2.33.1

2.33.1 (2026-03-30)

Bugfixes

  • Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)
  • Fixed Content-Type header parsing for malformed values. (#7309)
  • Improved error consistency for malformed header values. (#7308)

New Contributors

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2331-2026-03-30

v2.33.0

2.33.0 (2026-03-25)

Announcements

  • 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

  • CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

  • Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

  • Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

  • Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

  • Various typo fixes and doc improvements.

New Contributors

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25

Changelog

Sourced from requests's changelog.

2.33.1 (2026-03-30)

Bugfixes

  • Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)
  • Fixed Content-Type header parsing for malformed values. (#7309)
  • Improved error consistency for malformed header values. (#7308)

2.33.0 (2026-03-25)

Announcements

  • 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

  • CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

  • Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

  • Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

  • Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

  • Various typo fixes and doc improvements.
Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Mar 30, 2026
@dependabot dependabot Bot requested review from a team as code owners March 30, 2026 08:13
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Mar 30, 2026
@dependabot dependabot Bot force-pushed the dependabot/pip/straightforward-dependencies-f8aa6e471b branch from 83d92a2 to dc31ea6 Compare April 6, 2026 08:11
@dependabot dependabot Bot force-pushed the dependabot/pip/straightforward-dependencies-f8aa6e471b branch from dc31ea6 to b3aadfe Compare April 13, 2026 08:17
@dependabot dependabot Bot force-pushed the dependabot/pip/straightforward-dependencies-f8aa6e471b branch from b3aadfe to 90b5f64 Compare April 20, 2026 08:30
@dependabot dependabot Bot force-pushed the dependabot/pip/straightforward-dependencies-f8aa6e471b branch from 90b5f64 to 3a1b1f9 Compare April 27, 2026 08:48
@dependabot dependabot Bot force-pushed the dependabot/pip/straightforward-dependencies-f8aa6e471b branch from 3a1b1f9 to e438bfb Compare May 4, 2026 09:05
@dependabot
Bump the straightforward-dependencies group across 3 directories with…
b181cfb 
… 7 updates

Bumps the straightforward-dependencies group with 1 update in the / directory: [redshift-connector](https://github.com/aws/amazon-redshift-python-driver).
Bumps the straightforward-dependencies group with 6 updates in the /lambdas directory:

| Package | From | To |
| --- | --- | --- |
| [urllib3](https://github.com/urllib3/urllib3) | `2.6.2` | `2.7.0` |
| [google-api-python-client](https://github.com/googleapis/google-api-python-client) | `2.187.0` | `2.196.0` |
| [requests](https://github.com/psf/requests) | `2.32.5` | `2.33.1` |
| [httplib2](https://github.com/httplib2/httplib2) | `0.31.0` | `0.31.2` |
| [numpy](https://github.com/numpy/numpy) | `2.3.5` | `2.4.4` |
| [s3fs](https://github.com/fsspec/s3fs) | `2026.2.0` | `2026.4.0` |

Bumps the straightforward-dependencies group with 1 update in the /scripts directory: [redshift-connector](https://github.com/aws/amazon-redshift-python-driver).


Updates `redshift-connector` from 2.1.10 to 2.1.13
- [Release notes](https://github.com/aws/amazon-redshift-python-driver/releases)
- [Changelog](https://github.com/aws/amazon-redshift-python-driver/blob/master/CHANGELOG.md)
- [Commits](aws/amazon-redshift-python-driver@v2.1.10...v2.1.13)

Updates `redshift-connector` from 2.1.10 to 2.1.13
- [Release notes](https://github.com/aws/amazon-redshift-python-driver/releases)
- [Changelog](https://github.com/aws/amazon-redshift-python-driver/blob/master/CHANGELOG.md)
- [Commits](aws/amazon-redshift-python-driver@v2.1.10...v2.1.13)

Updates `urllib3` from 2.6.2 to 2.7.0
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.6.2...2.7.0)

Updates `google-api-python-client` from 2.187.0 to 2.196.0
- [Release notes](https://github.com/googleapis/google-api-python-client/releases)
- [Commits](googleapis/google-api-python-client@v2.187.0...v2.196.0)

Updates `google-api-python-client` from 2.187.0 to 2.196.0
- [Release notes](https://github.com/googleapis/google-api-python-client/releases)
- [Commits](googleapis/google-api-python-client@v2.187.0...v2.196.0)

Updates `requests` from 2.32.5 to 2.33.1
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.32.5...v2.33.1)

Updates `httplib2` from 0.31.0 to 0.31.2
- [Changelog](https://github.com/httplib2/httplib2/blob/master/CHANGELOG)
- [Commits](httplib2/httplib2@v0.31.0...v0.31.2)

Updates `numpy` from 2.3.5 to 2.4.4
- [Release notes](https://github.com/numpy/numpy/releases)
- [Changelog](https://github.com/numpy/numpy/blob/main/doc/RELEASE_WALKTHROUGH.rst)
- [Commits](numpy/numpy@v2.3.5...v2.4.4)

Updates `urllib3` from 2.6.2 to 2.7.0
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.6.2...2.7.0)

Updates `s3fs` from 2026.2.0 to 2026.4.0
- [Changelog](https://github.com/fsspec/s3fs/blob/main/release-procedure.md)
- [Commits](fsspec/s3fs@2026.2.0...2026.4.0)

Updates `urllib3` from 2.6.2 to 2.7.0
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.6.2...2.7.0)

Updates `redshift-connector` from 2.1.10 to 2.1.13
- [Release notes](https://github.com/aws/amazon-redshift-python-driver/releases)
- [Changelog](https://github.com/aws/amazon-redshift-python-driver/blob/master/CHANGELOG.md)
- [Commits](aws/amazon-redshift-python-driver@v2.1.10...v2.1.13)

Updates `redshift-connector` from 2.1.10 to 2.1.13
- [Release notes](https://github.com/aws/amazon-redshift-python-driver/releases)
- [Changelog](https://github.com/aws/amazon-redshift-python-driver/blob/master/CHANGELOG.md)
- [Commits](aws/amazon-redshift-python-driver@v2.1.10...v2.1.13)

---
updated-dependencies:
- dependency-name: google-api-python-client
  dependency-version: 2.193.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: straightforward-dependencies
- dependency-name: google-api-python-client
  dependency-version: 2.193.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: straightforward-dependencies
- dependency-name: httplib2
  dependency-version: 0.31.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: straightforward-dependencies
- dependency-name: numpy
  dependency-version: 2.4.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: straightforward-dependencies
- dependency-name: redshift-connector
  dependency-version: 2.1.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: straightforward-dependencies
- dependency-name: redshift-connector
  dependency-version: 2.1.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: straightforward-dependencies
- dependency-name: redshift-connector
  dependency-version: 2.1.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: straightforward-dependencies
- dependency-name: redshift-connector
  dependency-version: 2.1.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: straightforward-dependencies
- dependency-name: requests
  dependency-version: 2.33.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: straightforward-dependencies
- dependency-name: s3fs
  dependency-version: 2026.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: straightforward-dependencies
- dependency-name: urllib3
  dependency-version: 2.6.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: straightforward-dependencies
- dependency-name: urllib3
  dependency-version: 2.6.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: straightforward-dependencies
- dependency-name: urllib3
  dependency-version: 2.6.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: straightforward-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/straightforward-dependencies-f8aa6e471b branch from e438bfb to b181cfb Compare May 11, 2026 10:34
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented May 11, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants