Skip to content

chore(deps): bump the backend-dependencies group in /src/backend with 4 updates#2

Merged
timmanik merged 1 commit intomainfrom
dependabot/pip/src/backend/backend-dependencies-920a67af2b
Apr 7, 2026
Merged

chore(deps): bump the backend-dependencies group in /src/backend with 4 updates#2
timmanik merged 1 commit intomainfrom
dependabot/pip/src/backend/backend-dependencies-920a67af2b

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 7, 2026

Bumps the backend-dependencies group in /src/backend with 4 updates: requests, opensearch-py, numpy and requests-aws4auth.

Updates requests from 2.32.5 to 2.33.1

Release notes

Sourced from requests's releases.

v2.33.1

2.33.1 (2026-03-30)

Bugfixes

  • Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)
  • Fixed Content-Type header parsing for malformed values. (#7309)
  • Improved error consistency for malformed header values. (#7308)

New Contributors

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2331-2026-03-30

v2.33.0

2.33.0 (2026-03-25)

Announcements

  • 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

  • CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

  • Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

  • Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

  • Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

  • Various typo fixes and doc improvements.

New Contributors

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25

Changelog

Sourced from requests's changelog.

2.33.1 (2026-03-30)

Bugfixes

  • Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)
  • Fixed Content-Type header parsing for malformed values. (#7309)
  • Improved error consistency for malformed header values. (#7308)

2.33.0 (2026-03-25)

Announcements

  • 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

  • CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

  • Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

  • Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

  • Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

  • Various typo fixes and doc improvements.
Commits

Updates opensearch-py from 2.7.1 to 3.1.0

Release notes

Sourced from opensearch-py's releases.

v3.1.0

What's Changed

New Contributors

Full Changelog: opensearch-project/opensearch-py@v3.0.0...v3.1.0

v3.0.0

What's Changed

... (truncated)

Changelog

Sourced from opensearch-py's changelog.

[3.1.0]

Added

Updated APIs

Changed

  • Rename DenseVector field type to KnnVector (925)

Deprecated

  • Deprecate python 3.8 and 3.9 support which are end of life. (966)

Removed

Fixed

  • Moved client tests to dedicated files to ensure they are run (944)
  • Fix Async request signer (932)
  • Fix memory leak in parallel_bulk (981)

Security

Dependencies

  • Bumps aiohttp from >=3.9.4,<4 to >=3.10.11,<4 (#920)
  • Bumps aiohttp from >=3.10.11 to >=3.12.14 (#966)
  • Bump pytest-asyncio from <=0.25.1 to <=1.2.0 (#936, #950)
  • Bumps lycheeverse/lychee-action from 1.9.3 to 2.7.0 (#946, #980)
  • Bump actions/download-artifact from 4 to 6 (#957, #968)
  • Bump actions/cache from 3 to 4 (#958)
  • Bump peter-evans/create-pull-request from 6 to 7 (#959)
  • Bump actions/setup-python from 5 to 6 (#961)
  • Bump dangoslen/dependabot-changelog-helper from 3 to 4 (#960)
  • Bump stefanzweifel/git-auto-commit-action from 5 to 7 (#962)
  • Bump actions/checkout from 4 to 5 (#967)
  • Bump VachaShah/backport from 1.1.4 to 2.2.0 (#969)
  • Bump actions/github-script from 7 to 8 (#973)
  • Bump actions/upload-artifact from 4 to 5 (#972)
  • Bump actions/setup-java from 4 to 5 (#974)

[3.0.0]

Added

  • Added option to pass custom headers to 'AWSV4SignerAsyncAuth' (863)
  • Added sync and async sample that uses search_after parameter (859)
  • Enforced mandatory keyword-only arguments for calling auto-generated OpenSearch-py APIs (#907)

Updated APIs

Changed

  • Small refactor of AWS Signer classes for both sync and async clients (866)
  • Small refactor to fix overwriting the module files when generating apis (874)
  • Fixed a "type ignore" lint error
  • Added support for explicit proxy to RequestsHttpConnection (908)

Deprecated

Removed

... (truncated)

Commits
  • 4ad9a25 Preparing for release, 3.1.0 (#971)
  • 0979c33 Fix Changelog entry (#979)
  • 93ea96f Bump lycheeverse/lychee-action from 2.0.2 to 2.7.0 (#980)
  • e962fbe Add transport-grpc client library (#977)
  • 1e738e9 Bump actions/github-script from 7 to 8 (#973)
  • 861bee4 Bump actions/setup-java from 4 to 5 (#974)
  • d5f0078 Bump actions/upload-artifact from 4 to 5 (#972)
  • 2369c94 Bump minimum supported python 3.8 -> 3.10 (#966)
  • 4ef46e5 Updated opensearch-py to reflect the latest OpenSearch API spec (2025-11-04) ...
  • 68204b0 Bump VachaShah/backport from 1.1.4 to 2.2.0 (#969)
  • Additional commits viewable in compare view

Updates numpy from 2.2.2 to 2.4.4

Release notes

Sourced from numpy's releases.

2.4.4 (Mar 29, 2026)

NumPy 2.4.4 Release Notes

The NumPy 2.4.4 is a patch release that fixes bugs discovered after the 2.4.3 release. It should finally close issue #30816, the OpenBLAS threading problem on ARM.

This release supports Python versions 3.11-3.14

Contributors

A total of 8 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

  • Charles Harris
  • Daniel Haag +
  • Denis Prokopenko +
  • Harshith J +
  • Koki Watanabe
  • Marten van Kerkwijk
  • Matti Picus
  • Nathan Goldbaum

Pull requests merged

A total of 7 pull requests were merged for this release.

  • #30978: MAINT: Prepare 2.4.x for further development
  • #31049: BUG: Add test to reproduce problem described in #30816 (#30818)
  • #31052: BUG: fix FNV-1a 64-bit selection by using NPY_SIZEOF_UINTP (#31035)
  • #31053: BUG: avoid warning on ufunc with where=True and no output
  • #31058: DOC: document caveats of ndarray.resize on 3.14 and newer
  • #31079: TST: fix POWER VSX feature mapping (#30801)
  • #31084: MAINT: numpy.i: Replace deprecated sprintf with snprintf...

2.4.3 (Mar 9, 2026)

NumPy 2.4.3 Release Notes

The NumPy 2.4.3 is a patch release that fixes bugs discovered after the 2.4.2 release. The most user visible fix may be a threading fix for OpenBLAS on ARM, closing issue #30816.

This release supports Python versions 3.11-3.14

Contributors

A total of 11 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

  • Antareep Sarkar +

... (truncated)

Changelog

Sourced from numpy's changelog.

This is a walkthrough of the NumPy 2.4.0 release on Linux, which will be the first feature release using the numpy/numpy-release <https://github.com/numpy/numpy-release>__ repository.

The commands can be copied into the command line, but be sure to replace 2.4.0 with the correct version. This should be read together with the :ref:general release guide <prepare_release>.

Facility preparation

Before beginning to make a release, use the requirements/*_requirements.txt files to ensure that you have the needed software. Most software can be installed with pip, but some will require apt-get, dnf, or whatever your system uses for software. You will also need a GitHub personal access token (PAT) to push the documentation. There are a few ways to streamline things:

  • Git can be set up to use a keyring to store your GitHub personal access token. Search online for the details.

Prior to release

Add/drop Python versions

When adding or dropping Python versions, multiple config and CI files need to be edited in addition to changing the minimum version in pyproject.toml. Make these changes in an ordinary PR against main and backport if necessary. We currently release wheels for new Python versions after the first Python RC once manylinux and cibuildwheel support that new Python version.

Backport pull requests

Changes that have been marked for this release must be backported to the maintenance/2.4.x branch.

Update 2.4.0 milestones

Look at the issues/prs with 2.4.0 milestones and either push them off to a later version, or maybe remove the milestone. You may need to add a milestone.

Check the numpy-release repo

... (truncated)

Commits
  • be93fe2 Merge pull request #31090 from charris/prepare-2.4.4
  • f5245dc REL: Prepare for the NumPy 2.4.4 release
  • 02e838b Merge pull request #31084 from charris/backport-31056
  • fa74b2d MAINT: numpy.i: Replace deprecated sprintf with snprintf (#31056)
  • 533a6db Merge pull request #31079 from charris/backport-20801
  • 9e496cb TST: fix POWER VSX feature mapping (#30801)
  • 8052c4b Merge pull request #31058 from charris/backport-31021
  • 7f13b5a MAINT: Skip test on PyPy.
  • 4c5fdd6 MAINT: Remove unused import of tracemalloc.
  • a3ca5ed Update numpy/_core/src/multiarray/shape.c
  • Additional commits viewable in compare view

Updates requests-aws4auth from 1.3 to 1.3.1

Release notes

Sourced from requests-aws4auth's releases.

v1.3.1

1.3.1 (2024-07-21)

Changes

  • explicitly set python requirement to 3.7.
Changelog

Sourced from requests-aws4auth's changelog.

1.3.1 (2024-07-21)

Changes

  • explicitly set python requirement to 3.7.

1.3.0 (2024-07-21)

Changes

  • test against 3.12. Currently supporting 3.8-3.12.
  • add nonstandard port test, #68. Thanks @​phillipberndt.
  • remove six and support for any python before 3.7, #73. Thanks @​hugovk.

1.2.3 (2023-05-03)

Changes

  • Add manifest file so tarball installs succeed, #66. Thanks @​jantman.

1.2.2 (2023-02-02)

Bugfixes

  • The 1.2.0/1.2.1 releases had a regression error. The fix of #63 has been reverted.

1.2.1 (2023-01-25)

Bugfixes

  • Actually fix #34. Build 1.2.0 was not fully released.

1.2.0 (2023-01-20)

Bugfixes

Changes

  • test against 3.10. Currently supporting 3.8-3.10.
  • small fixup to flake8 config

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the backend-dependencies group
16e46db 
Bumps the backend-dependencies group in /src/backend with 4 updates: [requests](https://github.com/psf/requests), [opensearch-py](https://github.com/opensearch-project/opensearch-py), [numpy](https://github.com/numpy/numpy) and [requests-aws4auth](https://github.com/tedder/requests-aws4auth).


Updates `requests` from 2.32.5 to 2.33.1
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.32.5...v2.33.1)

Updates `opensearch-py` from 2.7.1 to 3.1.0
- [Release notes](https://github.com/opensearch-project/opensearch-py/releases)
- [Changelog](https://github.com/opensearch-project/opensearch-py/blob/main/CHANGELOG.md)
- [Commits](opensearch-project/opensearch-py@v2.7.1...v3.1.0)

Updates `numpy` from 2.2.2 to 2.4.4
- [Release notes](https://github.com/numpy/numpy/releases)
- [Changelog](https://github.com/numpy/numpy/blob/main/doc/RELEASE_WALKTHROUGH.rst)
- [Commits](numpy/numpy@v2.2.2...v2.4.4)

Updates `requests-aws4auth` from 1.3 to 1.3.1
- [Release notes](https://github.com/tedder/requests-aws4auth/releases)
- [Changelog](https://github.com/tedder/requests-aws4auth/blob/main/HISTORY.md)
- [Commits](tedder/requests-aws4auth@v1.3.0...v1.3.1)

---
updated-dependencies:
- dependency-name: requests
  dependency-version: 2.33.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend-dependencies
- dependency-name: opensearch-py
  dependency-version: 3.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: backend-dependencies
- dependency-name: numpy
  dependency-version: 2.4.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend-dependencies
- dependency-name: requests-aws4auth
  dependency-version: 1.3.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Apr 7, 2026

Labels

The following labels could not be found: backend, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@timmanik timmanik merged commit 67b2b46 into main Apr 7, 2026
2 checks passed
@dependabot dependabot Bot deleted the dependabot/pip/src/backend/backend-dependencies-920a67af2b branch April 7, 2026 18:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

backend dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@timmanik