Bump the python-requirements group across 1 directory with 29 updates

[dependabot]

Bumps the python-requirements group with 28 updates in the / directory:

Package	From	To
flask	3.1.2	3.1.3
werkzeug	3.1.4	3.1.8
sqlalchemy	2.0.45	2.0.49
geoalchemy2	0.18.1	0.19.0
pymongo	4.15.5	4.17.0
mongoengine	0.29.1	0.29.3
peewee	3.18.3	4.0.5
wtf-peewee	3.0.6	3.1.0
boto3	1.42.14	1.43.1
azure-storage-blob	12.27.1	12.28.0
pillow	12.0.0	12.2.0
redis	7.1.0	7.4.0
tox	4.29.0	4.53.0
tox-uv	1.28.0	1.35.1
pre-commit	4.5.1	4.6.0
pre-commit-uv	4.2.0	4.2.1
pallets-sphinx-themes	2.3.0	2.5.0
pylint	4.0.4	4.0.5
pytest	9.0.2	9.0.3
pytest-cov	7.0.0	7.1.0
moto	5.1.18	5.1.22
psycopg2-binary	2.9.11	2.9.12
mypy	1.19.1	1.20.2
pyright	1.1.407	1.1.409
types-boto3	1.42.14	1.43.1
types-peewee	3.18.3.20251105	4.0.1.20260426
types-wtforms	3.2.1.20250809	3.2.1.20260408
types-shapely	2.1.0.20250917	2.1.0.20260408

Updates flask from 3.1.2 to 3.1.3

Release notes

Sourced from flask's releases.

3.1.3

This is the Flask 3.1.3 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Flask/3.1.3/ Changes: https://flask.palletsprojects.com/page/changes/#version-3-1-3

• The session is marked as accessed for operations that only access the keys but not the values, such as in and len. GHSA-68rp-wp8r-4726

Changelog

Sourced from flask's changelog.

Version 3.1.3

Released 2026-02-18

• The session is marked as accessed for operations that only access the keys but not the values, such as in and len. :ghsa:68rp-wp8r-4726

Commits

• 22d9247 release version 3.1.3
• 089cb86 Merge commit from fork
• c17f379 request context tracks session access
• 27be933 start version 3.1.3
• 4e652d3 Abort if the instance folder cannot be created (#5903)
• 3d03098 Abort if the instance folder cannot be created
• 407eb76 document using gevent for async (#5900)
• ac5664d document using gevent for async
• 4f79d5b Increase required flit_core version to 3.11 (#5865)
• fe3b215 Increase required flit_core version to 3.11
• Additional commits viewable in compare view

Updates werkzeug from 3.1.4 to 3.1.8

Release notes

Sourced from werkzeug's releases.

3.1.8

This is the Werkzeug 3.1.8 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Werkzeug/3.1.8/ Changes: https://werkzeug.palletsprojects.com/page/changes/#version-3-1-8 Milestone: https://github.com/pallets/werkzeug/milestone/45?closed=1

• Request.host and get_host return the empty string if the header is missing or has invalid characters. #3142

3.1.7

This is the Werkzeug 3.1.7 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Werkzeug/3.1.7/ Changes: https://werkzeug.palletsprojects.com/page/changes/#version-3-1-7 Milestone: https://github.com/pallets/werkzeug/milestone/44?closed=1

• parse_list_header preserves partially quoted items, discards empty items, and returns empty for unclosed quoted values. #3128
• WWWAuthenticate.to_header does not produce a trailing space when there are no parameters. #3127
• Transfer-Encoding is parsed as a set. #3134
• Request.host, get_host, and host_is_trusted validate the characters of the value. An empty value is no longer allowed. A Unix socket server address is ignored. The trusted_list argument to host_is_trusted is optional. #3113
• Fix multipart form parser handling of newline at boundary. #3088
• Response.make_conditional sets the Accept-Ranges header even if it is not a satisfiable range request. #3108
• merge_slashes merges any number of consecutive slashes. #3121

3.1.6

This is the Werkzeug 3.1.6 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Werkzeug/3.1.6/ Changes: https://werkzeug.palletsprojects.com/page/changes/#version-3-1-6

• safe_join on Windows does not allow special devices names in multi-segment paths. GHSA-29vq-49wr-vm6x

3.1.5

This is the Werkzeug 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Werkzeug/3.1.5/ Changes: https://werkzeug.palletsprojects.com/page/changes/#version-3-1-5 Milestone: https://github.com/pallets/werkzeug/milestone/43?closed=1

• safe_join on Windows does not allow more special device names, regardless of extension or surrounding spaces. GHSA-87hc-h4r5-73f7
• The multipart form parser handles a \r\n sequence at a chunk boundary. This fixes the previous attempt, which caused incorrect content lengths. #3065 #3077
• Fix AttributeError when initializing DebuggedApplication with pin_security=False. #3075

Changelog

Sourced from werkzeug's changelog.

Version 3.1.8

Released 2026-04-02

• Request.host and get_host return the empty string if the header is missing or has invalid characters. :issue:3142

Version 3.1.7

Released 2026-03-23

• parse_list_header preserves partially quoted items, discards empty items, and returns empty for unclosed quoted values. :pr:3128
• WWWAuthenticate.to_header does not produce a trailing space when there are no parameters. :issue:3127
• Transfer-Encoding is parsed as a set. :pr:3134
• Request.host, get_host, and host_is_trusted validate the characters of the value. An empty value is no longer allowed. A Unix socket server address is ignored. The trusted_list argument to host_is_trusted is optional. :pr:3113
• Fix multipart form parser handling of newline at boundary. :issue:3088
• Response.make_conditional sets the Accept-Ranges header even if it is not a satisfiable range request. :issue:3108
• merge_slashes merges any number of consecutive slashes. :issue:3121

Version 3.1.6

Released 2026-02-19

• safe_join on Windows does not allow special devices names in multi-segment paths. :ghsa:29vq-49wr-vm6x
• Response.make_conditional sets the Accept-Ranges header even if it is not a satisfiable range request. :issue:3108

Version 3.1.5

Released 2026-01-08

• safe_join on Windows does not allow more special device names, regardless of extension or surrounding spaces. :ghsa:87hc-h4r5-73f7
• The multipart form parser handles a \r\n sequence at a chunk boundary. This fixes the previous attempt, which caused incorrect content lengths. :issue:3065 :issue:3077

... (truncated)

Commits

• c1a26b4 release version 3.1.8
• 7926f0b relax get_host strictness (#3148)
• deab88f relax get_host strictness
• 65eb639 start version 3.1.8
• 7720b76 release version 3.1.7 (#3135)
• 005d93b release version 3.1.7
• c328342 merge any number of slashes (#3136)
• 23142a3 merge any number of slashes
• b913d68 always set accept-ranges header
• f282943 Correct 1049dd6b2a363e1ef302b4161c340fb8582f627a
• Additional commits viewable in compare view

Updates sqlalchemy from 2.0.45 to 2.0.49

Release notes

Sourced from sqlalchemy's releases.

2.0.49

Released: April 3, 2026

orm

• [orm] [bug] Fixed issue where _orm.Session.get() would bypass the identity map and emit unnecessary SQL when with_for_update=False was passed, rather than treating it equivalently to the default of None. Pull request courtesy of Joshua Swanson.

  References: #13176

• [orm] [bug] Fixed issue where chained _orm.joinedload() options would not be applied correctly when the final relationship in the chain is declared on a base mapper and accessed through a subclass mapper in a _orm.with_polymorphic() query. The path registry now correctly computes the natural path when a property declared on a base class is accessed through a path containing a subclass mapper, ensuring the loader option can be located during query compilation.

  References: #13193

• [orm] [bug] [inheritance] Fixed issue where using _orm.Load.options() to apply a chained loader option such as _orm.joinedload() or _orm.selectinload() with _orm.PropComparator.of_type() for a polymorphic relationship would not generate the necessary clauses for the polymorphic subclasses. The polymorphic loading strategy is now correctly propagated when using a call such as joinedload(A.b).options(joinedload(B.c.of_type(poly))) to match the behavior of direct chaining e.g. joinedload(A.b).joinedload(B.c.of_type(poly)).

  References: #13202

• [orm] [bug] [inheritance] Fixed issue where using chained loader options such as _orm.selectinload() after _orm.joinedload() with _orm.PropComparator.of_type() for a polymorphic relationship would not properly apply the chained loader option. The loader option is now correctly applied when using a call such as joinedload(A.b.of_type(poly)).selectinload(poly.SubClass.c) to eagerly load related objects.

  References: #13209

typing

• [typing] [bug] Fixed a typing issue where the typed members of :data:.func would return the appropriate class of the same name, however this creates an issue for

... (truncated)

Commits

• See full diff in compare view

Updates geoalchemy2 from 0.18.1 to 0.19.0

Release notes

Sourced from geoalchemy2's releases.

0.19.0

What's Changed

• CI: Fix triggers after default branch was renamed main by @​adrien-berchet in geoalchemy/geoalchemy2#593
• Accept leading '+' in WKT coords and fix Comparator >> docstring by @​adrien-berchet in geoalchemy/geoalchemy2#594
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in geoalchemy/geoalchemy2#595
• CI: Fix Too many connections errors in MySQL and MariaDB by @​adrien-berchet in geoalchemy/geoalchemy2#597
• Fix: Ensure _GISType.column_expression is compatible with TypeDecorator by @​adrien-berchet in geoalchemy/geoalchemy2#598
• Release: 0.19.0 by @​adrien-berchet in geoalchemy/geoalchemy2#599

Full Changelog: geoalchemy/geoalchemy2@0.18.4...0.19.0

0.18.4

What's Changed

• Fix: fix shapely import by @​pjonsson in geoalchemy/geoalchemy2#588
• Fix: fix setuptools deprecation warning by @​pjonsson in geoalchemy/geoalchemy2#589
• CI: Make Coveralls optional since the service is down at the moment by @​adrien-berchet in geoalchemy/geoalchemy2#590
• CI: try the official Coveralls action by @​pjonsson in geoalchemy/geoalchemy2#592
• Release: 0.18.4 by @​adrien-berchet in geoalchemy/geoalchemy2#591

Full Changelog: geoalchemy/geoalchemy2@0.18.3...0.18.4

0.18.3

What's Changed

• Fix: Fix Shapely import by @​adrien-berchet in geoalchemy/geoalchemy2#584
• Release: 0.18.3 by @​adrien-berchet in geoalchemy/geoalchemy2#587

Full Changelog: geoalchemy/geoalchemy2@0.18.2...0.18.3

0.18.2

What's Changed

• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in geoalchemy/geoalchemy2#575
• Build: Upgrade packaging and formatting tools by @​adrien-berchet in geoalchemy/geoalchemy2#576
• Build(deps): Bump actions/setup-python from 5 to 6 by @​dependabot[bot] in geoalchemy/geoalchemy2#577
• Build(deps): Bump actions/checkout from 4 to 6 by @​dependabot[bot] in geoalchemy/geoalchemy2#578
• Chore: Add more type hints in from_shape module by @​adrien-berchet in geoalchemy/geoalchemy2#580
• Build: Fix package discovery by @​adrien-berchet in geoalchemy/geoalchemy2#581
• Release: 0.18.2 by @​adrien-berchet in geoalchemy/geoalchemy2#582

Full Changelog: geoalchemy/geoalchemy2@0.18.1...0.18.2

Changelog

Sourced from geoalchemy2's changelog.

0.19.0

• Fix: Ensure _GISType.column_expression is compatible with TypeDecorator - @​adrien-berchet (#598)
• Fix: Improve WKT parsing and fix comparator doc typo - @​adrien-berchet (#594)
• CI: Fix Too many connections errors in MySQL and MariaDB - @​adrien-berchet (#597)
• CI: Fix triggers after default branch was renamed main - @​adrien-berchet (#593)

0.18.4

• CI: Move to the official Coveralls action - @​pjonsson (#592)
• Fix: fix setuptools deprecation warning - @​pjonsson (#589)
• Fix: Fix shapely import - @​pjonsson (#588)

0.18.3

• Fix: Fix Shapely import - @​adrien-berchet (#584)

0.18.2

• Build: Fix package discovery - @​adrien-berchet (#581)
• Chore: Add more type hints in from_shape module - @​adrien-berchet (#580)
• Build: Upgrade packaging and formatting tools - @​adrien-berchet (#576)

Commits

• 792cc5e Release: 0.19.0 (#599)
• 9d17680 Fix: Ensure _GISType.column_expression is compatible with TypeDecorator (#598)
• 3d4d8ec CI: Fix Too many connections errors in MySQL and MariaDB (#597)
• b5d6336 [pre-commit.ci] pre-commit autoupdate (#595)
• 187f092 Improve WKT parsing and fix comparator doc typo (#594)
• dce1bb1 CI: Fix triggers after default branch was renamed main (#593)
• beb96c3 Release: 0.18.4 (#591)
• 6266c25 CI: Move to the official Coveralls action (#592)
• f402f63 CI: Make Coveralls optional since the service is down at the moment (#590)
• 36ebd0f Fix: fix setuptools deprecation warning (#589)
• Additional commits viewable in compare view

Updates pymongo from 4.15.5 to 4.17.0

Release notes

Sourced from pymongo's releases.

PyMongo 4.17.0

Community notes

What's Changed

• refactor(ci): replace shell=True and awk pipes with native Python by @​RinZ27 in mongodb/mongo-python-driver#2671
• PYTHON-5697 - Migrate 8.0+ tests to Windows 2022 by @​NoahStapp in mongodb/mongo-python-driver#2681
• [Spec Resync] 01-19-2026 by @​mongodb-drivers-pr-bot[bot] in mongodb/mongo-python-driver#2680
• Bump pyright from 1.1.407 to 1.1.408 by @​dependabot[bot] in mongodb/mongo-python-driver#2675
• PYTHON-5692 - [Infrastructure] Improve dependabot version updates by @​NoahStapp in mongodb/mongo-python-driver#2682
• PYTHON-5605 - Drop usage of Ubuntu 20 by @​NoahStapp in mongodb/mongo-python-driver#2683
• PYTHON-5699 & PYTHON-5698 [Spec Resync] 01-26-2026 by @​mongodb-drivers-pr-bot[bot] in mongodb/mongo-python-driver#2685
• PYTHON-5703 Use Ubuntu24 for AWS Auth tests by @​blink1073 in mongodb/mongo-python-driver#2686
• PYTHON-5704 Skip free-threading for enterprise auth builds by @​blink1073 in mongodb/mongo-python-driver#2687
• Bump astral-sh/setup-uv from 7.1.6 to 7.2.0 in the actions group across 1 directory by @​dependabot[bot] in mongodb/mongo-python-driver#2684
• Bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 in the actions group by @​dependabot[bot] in mongodb/mongo-python-driver#2692
• PYTHON-1357 - Refactor Cursor and CommandCursor by @​NoahStapp in mongodb/mongo-python-driver#2691
• [Spec Resync] 02-02-2026 by @​mongodb-drivers-pr-bot[bot] in mongodb/mongo-python-driver#2694
• PYTHON-5467 Add codecov integration by @​blink1073 in mongodb/mongo-python-driver#2690
• Bump astral-sh/setup-uv from 7.2.0 to 7.2.1 in the actions group by @​dependabot[bot] in mongodb/mongo-python-driver#2700
• PYTHON-XXXX Fixed typo in Running Tests Locally section. by @​caseyclements in mongodb/mongo-python-driver#2698
• PYTHON-5467 Fix codecov upload by @​blink1073 in mongodb/mongo-python-driver#2701
• PYTHON-5467 Fix codecov upload on Evergreen by @​blink1073 in mongodb/mongo-python-driver#2702
• PYTHON-5715 Add appName to OIDC test failpoints by @​blink1073 in mongodb/mongo-python-driver#2697
• PYTHON-5705 Improve fallback for PyOpenSSL windows system certs loading by @​blink1073 in mongodb/mongo-python-driver#2688
• PYTHON-3898 Add coverage to all variants by @​blink1073 in mongodb/mongo-python-driver#2705
• PYTHON-5729 Pin setuptools when using older gevent by @​blink1073 in mongodb/mongo-python-driver#2708
• Bump the actions group with 2 updates by @​dependabot[bot] in mongodb/mongo-python-driver#2711
• PYTHON-5708 Temporarily skip some BSON encryption tests by @​blink1073 in mongodb/mongo-python-driver#2709
• PYTHON-5732 Use mongodb-runner in Evergreen Tests by @​blink1073 in mongodb/mongo-python-driver#2703
• PYTHON-5731 - Server selection deprioritization only for overload errors on replica sets by @​NoahStapp in mongodb/mongo-python-driver#2710
• PYTHON-5737 - BSON encoding/decoding performance improvements by @​NoahStapp in mongodb/mongo-python-driver#2715
• [Spec Resync] 03-02-2026 by @​mongodb-drivers-pr-bot[bot] in mongodb/mongo-python-driver#2716
• Python 4542 - Improved sessions API by @​NoahStapp in mongodb/mongo-python-driver#2712
• PYTHON-5742 - Add Copilot instructions by @​NoahStapp in mongodb/mongo-python-driver#2717
• PYTHON-5747 Add jira link to spec resync PR by @​sleepyStick in mongodb/mongo-python-driver#2723
• PYTHON-5114 Test suite reduce killAllSessions calls by @​ShaneHarvey in mongodb/mongo-python-driver#2721
• PYTHON-5748 Remove unused SpecRunner class by @​ShaneHarvey in mongodb/mongo-python-driver#2725
• PYTHON-5754 Fix USE_ACTIVE_VENV support by @​aclark4life in mongodb/mongo-python-driver#2728
• PYTHON-5753 Add just recipes for running coverage tests locally by @​aclark4life in mongodb/mongo-python-driver#2727
• PYTHON-5758 Remove unused validation functions by @​aclark4life in mongodb/mongo-python-driver#2733
• PYTHON-5757 Deprecate Python 2 methods in SON by @​aclark4life in mongodb/mongo-python-driver#2732
• PYTHON-5766 Add codecov badge to readme by @​aclark4life in mongodb/mongo-python-driver#2737
• Bump the actions group across 1 directory with 4 updates by @​dependabot[bot] in mongodb/mongo-python-driver#2736
• [Spec Resync] 03-30-2026 by @​mongodb-drivers-pr-bot[bot] in mongodb/mongo-python-driver#2741
• Bump astral-sh/setup-uv from 7.3.0 to 7.6.0 in the actions group by @​dependabot[bot] in mongodb/mongo-python-driver#2740
• PYTHON-5401: Add AI Generated Contributions Policy by @​Jibola in mongodb/mongo-python-driver#2696
• PYTHON-5768 Add AGENTS.md w/copilot instructions by @​aclark4life in mongodb/mongo-python-driver#2744
• PYTHON-5791 - test_list_database_names should not check ordering by @​NoahStapp in mongodb/mongo-python-driver#2751
• PYTHON-5668 - Merge backpressure branch into mainline by @​NoahStapp in mongodb/mongo-python-driver#2729
• PYTHON-5795 Fix absolute link to CONTRIBUTING.md in README.md by @​aclark4life in mongodb/mongo-python-driver#2756

... (truncated)

Changelog

Sourced from pymongo's changelog.

Changes in Version 4.17.0 (2026/04/20)

PyMongo 4.17 brings a number of changes including:

• has_key, iterkeys and itervalues in :class:bson.son.SON have been deprecated and will be removed in PyMongo 5.0. These methods were deprecated in favor of the standard dictionary containment operator in and the keys() and values() methods, respectively.
• Added the :meth:~pymongo.asynchronous.client_session.AsyncClientSession.bind and :meth:~pymongo.client_session.ClientSession.bind methods that allow users to bind a session to all database operations within the scope of a context manager instead of having to explicitly pass the session to each individual operation. See the Transactions docs <https://www.mongodb.com/docs/languages/python/pymongo-driver/current/crud/transactions/#methods>_ for examples and more information.
• Added support for MongoDB's Intelligent Workload Management (IWM) and ingress connection rate limiting features. The driver now gracefully handles write-blocking scenarios and optimizes connection establishment during high-load conditions to maintain application availability. See the IWM <https://www.mongodb.com/docs/atlas/intelligent-workload-management>_ or Overload Errors <https://www.mongodb.com/docs/atlas/overload-errors/?interface=driver&language=python>_ docs for more information.

Changes in Version 4.16.0 (2026/01/07)

PyMongo 4.16 brings a number of changes including:

• Removed invalid documents from :class:bson.errors.InvalidDocument error messages as doing so may leak sensitive user data. Instead, invalid documents are stored in :attr:bson.errors.InvalidDocument.document.
• PyMongo now requires dnspython>=2.6.1, since dnspython 1.0 is no longer maintained. The minimum version is 2.6.1 to account for CVE-2023-29483 <https://www.cve.org/CVERecord?id=CVE-2023-29483>_.
• Removed support for Eventlet. Eventlet is actively being sunset by its maintainers and has compatibility issues with PyMongo's dnspython dependency.
• Use Zstandard support from the standard library for Python 3.14+, and use backports.zstd for older versions.
• Fixed return type annotation for find_one_and_* methods on :class:~pymongo.asynchronous.collection.AsyncCollection and :class:~pymongo.synchronous.collection.Collection to include None.
• Added support for NumPy 1D-arrays in :class:bson.binary.BinaryVector.
• Prevented :class:~pymongo.encryption.ClientEncryption from loading the crypt shared library to fix "MongoCryptError: An existing crypt_shared library is loaded by the application" unless the linked library search path is set.

Commits

• f2103a9 Prep branch v4.17
• 3491c08 PYTHON-5801 - Update changelog for 4.17 release (#2762)
• 912ef33 PYTHON-5798 - Overload retargeting prose tests do not ensure that sec… (#2760)
• b4e2c03 PYTHON-5800 - Simple collation is included in index information (#2761)
• f31ba09 PYTHON-5797 - Add IWM and Overload Error links to changelog (#2757)
• 5da9183 PYTHON-5794 - Add prose tests to verify correct retry behavior when a… (#2755)
• 35e51a5 Revert "PYTHON-5768 Add AGENTS.md w/copilot instructions" (#2744) (#2754)
• f41dd5c PYTHON-5772 Increase _gcp_helpers.py coverage (#2749)
• 49e7a05 PYTHON-5760 Increase _azure_helpers.py coverage (#2747)
• a2b0cd8 PYTHON-5795 Fix absolute link to CONTRIBUTING.md in README.md (#2756)
• Additional commits viewable in compare view

Updates mongoengine from 0.29.1 to 0.29.3

Changelog

Sourced from mongoengine's changelog.

Changes in 0.29.3

• Remove mentions of mongoengine[dot]org has we no longer own it #2905

Changes in 0.29.2

• fixes relted with

Commits

• 30f6d56 prep release 0.29.3
• a5fb2bd prepare 0.29.3 release
• a362ddd fix tests
• 1fcbad8 fix CI
• 19553b8 use ubuntu 22.04 for test
• 0eeec00 prepare 0.29.2 release
• See full diff in compare view

Updates peewee from 3.18.3 to 4.0.5

Release notes

Sourced from peewee's releases.

4.0.5

• Fix bug where db_value() may not get called in subclasses of Postgres JSONField / BinaryJSONField, refs #3044.
• Fix bug where indexes for table may be defined on multiple schema, #3043.
• Always fall-through to base exception class if exception is not recognized in DB drivers. This simplifies checking driver-specific subclasses of standard DB-API exceptions.

View commits

4.0.4

• Fix SQL generation for partial indexes with nulls (not) distinct clause.
• Raise an ImproperlyConfigured if pg driver unavailable at model definition-time when field db-hooks are used, rather than AttributeError.

View commits

4.0.3

• Refactor test suite - this was a mechanical refactor, just moving things around and trying to group things more clearly. Also added new tests covering some gaps.
• Expand multi-value types to include generator expressions, so you can write stuff like .in(a for a in iterable if cond).
• Ensure quotes embedded in entity names are escaped.
• Improved specification of FOR UPDATE clauses.
• Fix for negative values in paginate() method.
• Fix for newer MySQL server versions in feature detection code.
• More robust handling of unusual aliases / invalid attr names in cursor wrapper.
• Better handling of duplicated column names in cursor wrapper implementations.
• Improve performance of ModelCursorWrapper when reconstructing model instance graphs after multi-table selects.
• If only psycopg3 is installed, use it by default (#3036)

View commits

4.0.2

• Remove all Python 2.x compatibility code.
• Add streaming result cursors to pwasyncio module via db.iterate(query).
• Better serialization and deserialization of datetimes and binary data in the DataSet module. Previously binary data was encoded as base64, going forward hex is the new default. For base64 specify base64_bytes=True.
• Improvements to Postgres BinaryJSONField, support atomic removal of sub-elements, as well as alternate helper for extracting sub-elements and querying array length.
• Pydantic integration

View commits

4.0.1

• Ensure gr_context is set on greenlet in greenlet_spawn so that contextvars will be operable in sync handlers.
• Removed SqliteExtDatabase (it basically served no purpose in 4.0). Use SqliteDatabase instead.
• Moved driver and extension-specific pooled implementations into the corresponding extension module rather than putting all into playhouse.pool.
• Restore custom dumps option for postgres JSON fields.
• Major docs rewrite / reorganization.

View commits

... (truncated)

Changelog

Sourced from peewee's changelog.

4.0.5

• Fix bug where db_value() may not get called in subclasses of Postgres JSONField / BinaryJSONField, refs #3044.
• Fix bug where indexes for table may be defined on multiple schema, #3043.
• Always fall-through to base exception class if exception is not recognized in DB drivers. This simplifies checking driver-specific subclasses of standard DB-API exceptions.

View commits

4.0.4

• Fix SQL generation for partial indexes with nulls (not) distinct clause.
• Raise an ImproperlyConfigured if pg driver unavailable at model definition-time when field db-hooks are used, rather than AttributeError.

View commits

4.0.3

• Refactor test suite - this was a mechanical refactor, just moving things around and trying to group things more clearly. Also added new tests covering some gaps.
• Expand multi-value types to include generator expressions, so you can write stuff like .in(a for a in iterable if cond).
• Ensure quotes embedded in entity names are escaped.
• Improved specification of FOR UPDATE clauses.
• Fix for negative values in paginate() method.
• Fix for newer MySQL server versions in feature detection code.
• More robust handling of unusual aliases / invalid attr names in cursor wrapper.
• Better handling of duplicated column names in cursor wrapper implementations.
• Improve performance of ModelCursorWrapper when reconstructing model instance graphs after multi-table selects.
• If only psycopg3 is installed, use it by default (#3036)

View commits

4.0.2

• Remove all Python 2.x compatibility code.
• Add streaming result cursors to pwasyncio module via db.iterate(query).
• Better serialization and deserialization of datetimes and binary data in the DataSet module. Previously binary data was encoded as base64, going forward hex is the new default. For base64 specify base64_bytes=True.
• Improvements to Postgres BinaryJSONField, support atomic removal of sub-elements, as well as alternate helper for extracting sub-elements and querying array length.
• Pydantic integration

... (truncated)

Commits

• 93da1ac 4.0.5
• b0b5f1a Tests for #3044 - custom db_value in json field subclass
• 4f2bbfb Pass through to db_value(), don't just naively wrap. fixes #3044
• 19a1ca7 Ensure we don't introspect pg indexes defined on diff schema.
• 2fc7057 Merge pull request #3042 from JacksonKontny/add-scalars-documentation
• eb909b1 Add documentation for scalars method
• e031803 Rename some duplicate-named tests.
• 6575593 Few more clarifications for gaps in docs.
• be15346 Clarify some inconsistencies in doc
• f3d8645 Always fallback to base if exc not in known db-api for wrapper.
• Additional commits viewable in compare view

Updates wtf-peewee from 3.0.6 to 3.1.0

Commits

• d16af6d 3.1.0
• 15d1fe8 Clean up error messages and add test for length validator too.
• 810bdb2 Fix validation on foreign-key for missing object.
• 0638331 Add test for checking form data
• 9a2af51 Add support for JSON fields in PostgreSQL and SQLite
• 6eed100 3.0.7
• See full diff in compare view

Updates boto3 from 1.42.14 to 1.43.1

Commits

• 753bcab Merge branch 'release-1.43.1'
• dd5b3a6 Bumping version to 1.43.1
• 014f4ad Add changelog entries from botocore
• 32edf1c Bump requests from 2.32.4 to 2.33.1 (#4781)
• 959ae84 Merge branch 'release-1.43.0'
• 146ede2 Merge branch 'release-1.43.0' into develop
• 048bf84 Bumping version to 1.43.0
• 20381d5 Add changelog entries from botocore
• ee6aa97 Deprecate Python 3.9 support (#4770)
• 1780d6b Remove CC-BY-NC-SA-4.0 license headers from docs files (#4778)
• Additional commits viewable in compare view

Updates azure-storage-blob from 12.27.1 to 12.28.0

Commits

• b3301ac STG 100 GA Release Date for 2026-01-06
• beb8dfa [Storage][STG 100] Prepare branch for GA + cherry-pick block size change (#44...
• 874cfcf [Storage] Update Swagger and Release Date (#44243)
• 4aca0cc Fix perf tests on Python 3.14 + Storage change (#44230)
• cd5ecc5 [Storage] Fix 100 Live Tests (#44108)
• 1cd78b1 [Storage] Added support for Python 3.14 + update 100 release date (#44224)
• 471cda1 [Storage] Add Blob download perf test that uses HTTP library directly (#44111)
• 9e53510 [Storage] Decompression for Binary Response in Download APIs (#43587)
• 68b646b Removed create file with data and file semantics features (#43978)
• 09f0066 [Storage] Added Support for UseDevelopmentStorage=true; for Connection Stri...
• Additional commits viewable in compare view

Updates `pill...

Description has been truncated