build(deps): bump the pipenv group across 1 directory with 34 updates

[dependabot]

Bumps the pipenv group with 31 updates in the / directory:

Package	From	To
rich-click	1.8.8	1.9.4
securesystemslib	1.3.0	1.3.1
requests	2.32.3	2.32.5
dynaconf	3.2.10	3.2.12
isort	6.0.1	7.0.0
sqlalchemy	2.0.40	2.0.44
psycopg2	2.9.10	2.9.11
beaupy	3.10.1	3.10.2
sigstore	3.6.2	4.1.0
boto3	1.38.8	1.41.5
google-cloud-kms	3.4.1	3.7.0
hvac	2.3.0	2.4.0
azure-keyvault-keys	4.10.0	4.11.0
prompt-toolkit	3.0.51	3.0.52
setuptools	80.3.1	80.9.0
pykcs11	1.5.17	1.5.18
exceptiongroup	1.2.2	1.3.1
black	25.1.0	25.11.0
flake8	7.2.0	7.3.0
tox	4.25.0	4.32.0
pytest	8.3.5	9.0.1
pytest-cov	6.1.1	7.0.0
pytest-xdist	3.6.1	3.8.0
mypy	1.15.0	1.18.2
pip	25.1.1	25.3
sphinxcontrib-plantuml	0.30	0.31
hatchling	1.27.0	1.28.0
build	1.2.2.post1	1.3.0
pre-commit	4.2.0	4.5.0
bandit	1.8.3	1.9.2
types-requests	2.32.0.20250328	2.32.4.20250913

Updates rich-click from 1.8.8 to 1.9.4

Release notes

Sourced from rich-click's releases.

v1.9.4

• Added Typer 0.20 support
• Fix lack of support for flag_value=....

v1.9.3

• Fixed subcommand discovery in help text. Behavior should now be the same as 1.8. [#304]

v1.9.3.dev0

• Fixed subcommand discovery in help text. Behavior should now be the same as 1.8. [#304]

v1.9.2

• Fixed legacy Windows rendering
• Fix issue with parent click.Group and child rich_click.RichCommand error formatter not resolving.
• Add headers to tables (by default these are not shown).

v1.9.2.dev0

• Fixed legacy windows rendering
• Fix issue with parent click.Group and child rich_click.RichCommand error formatter not resolving.
• Add headers to tables (by default these are not shown).

v1.9.1

• Fixed bug where running the rich-click CLI on a @rich_click.argument() sometimes caused arguments show up in the option panel when it shouldn't.
• Slightly reduced horizontal padding of the modern theme format.
• Fixed Click 8.3 compatibility with rendering defaults in help text.

v1.9.0

[!WARNING] Version 1.9.0 deprecates support for a lot of old versions of things:

• Python 3.7 support is removed. The minimum supported Python version is 3.8.
• Click 7 support is removed. The minimum supported Click version is 8.0.
• Rich 10 and 11 support is removed. The minimum supported Rich version is 12.

[!WARNING] Version 1.9.0 introduces a minor breaking change: The DEFAULT_STRING, ENVVAR_STRING, REQUIRED_STRING, and DEPRECATED_STRING config options are now rendered with Text.from_markup. So for example, REQUIRED_STRING = "[required]" would be rendered as Rich markup. You must now escape the rich markup: REQUIRED_STRING = "\\[required]"

Big changes:

• Themes! Check them out with rich-click --themes.
• Typer support: rich-click typer_app --help.
• RichPanels API introduced. This replaces the "groups" feature going forward (although groups will continue to be supported).
  • @click.option_panel()
  • @click.command_panel()
• IDE tab completion support for decorators. Now you should no longer need to guess what goes in @click.option() or @click.command(context_settings=...) etc.
• Help for arguments: help= is now a valid kwarg for @click.argument() decorator. See docs for more information.

Small changes:

... (truncated)

Changelog

Sourced from rich-click's changelog.

Version 1.9.4 (2025-10-24)

• Added Typer 0.20 support
• Fix lack of support for flag_value=....

Version 1.9.3 (2025-10-09)

• Fixed subcommand discovery in help text. Behavior should now be the same as 1.8. [#304]

Version 1.9.2 (2025-10-04)

• Fixed legacy windows rendering
• Fix issue with parent click.Group and child rich_click.RichCommand error formatter not resolving.
• Add headers to tables (by default these are not shown).

Version 1.9.1 (2025-09-20)

• Fixed bug where running the rich-click CLI on a @rich_click.argument() sometimes caused arguments show up in the option panel when it shouldn't.
• Slightly reduced horizontal padding of the modern theme format.
• Fixed Click 8.3 compatibility with rendering defaults in help text.

Version 1.9.0 (2025-09-16)

[!WARNING] Version 1.9.0 deprecates support for a lot of old versions of things:

• Python 3.7 support is removed. The minimum supported Python version is 3.8.
• Click 7 support is removed. The minimum supported Click version is 8.0.
• Rich 10 and 11 support is removed. The minimum supported Rich version is 12.

[!WARNING] Version 1.9.0 introduces a minor breaking change: The DEFAULT_STRING, ENVVAR_STRING, REQUIRED_STRING, and DEPRECATED_STRING config options are now rendered with Text.from_markup. So for example, REQUIRED_STRING = "[required]" would be rendered as Rich markup. You must now escape the rich markup: REQUIRED_STRING = "\\[required]"

Big changes:

• Themes! Check them out with rich-click --themes.
• Typer support: rich-click typer_app --help.
• RichPanels API introduced. This replaces the "groups" feature going forward (although groups will continue to be supported).
  • @click.option_panel()
  • @click.command_panel()
• IDE tab completion support for decorators. Now you should no longer need to guess what goes in @click.option() or @click.command(context_settings=...) etc.
• Help for arguments: help= is now a valid kwarg for @click.argument() decorator. See docs for more information.

Small changes:

• "Deprecated" text properly handled and stylized in all places.
• Command aliases: @cli.command(aliases=["foo"])

... (truncated)

Commits

• 7577bb9 Merge pull request #309 from dwreeves/1.9.4
• 6915292 version bump
• d1d294c Merge pull request #308 from dwreeves/fix-flag-value-issue
• 2bcbd9f update
• fdbe026 Merge pull request #306 from omad/patch-1
• f55d3b8 Merge branch 'patch-1' of github.com-dwreeves:omad/rich-click into patch-1
• 515a091 Merge pull request #307 from dwreeves/typer-0.20-support
• 49dff4b Fix Typer 0.20
• 7879344 Fix example links for documentation site
• 0ea0e0a Bump to 1.9.3
• Additional commits viewable in compare view

Updates securesystemslib from 1.3.0 to 1.3.1

Release notes

Sourced from securesystemslib's releases.

v1.3.1

See CHANGELOG.md for details.

Changelog

Sourced from securesystemslib's changelog.

securesystemslib v1.3.1

Fixed

• AWSSigner: Don't send payload to AWS for signing, send hash only (#1026)
• Set Development status classifier to "production/stable" in Python packaging (#1030)

Internals

• Minor infrastructure changes (#1005, #1013)

Commits

• 6f77419 Merge pull request #1030 from jku/release-prep-1.3.1
• b71cc52 Prepare release 1.3.1
• f683509 Merge pull request #1026 from ArkadiuszNitkaSWI/fix-aws-signer
• 9752719 Merge pull request #1027 from secure-systems-lab/dependabot/pip/test-and-lint...
• 4226b76 build(deps): bump the test-and-lint-dependencies group with 4 updates
• 6394e3e Review changes
• dee9a83 linter
• 07b0fc7 update .gitignore
• e8158a4 Fix AWS signer, allow messages bigger than 4kB
• e23f855 Merge pull request #1023 from secure-systems-lab/dependabot/pip/dependencies-...
• Additional commits viewable in compare view

Updates click from 8.1.8 to 8.3.1

Release notes

Sourced from click's releases.

8.3.1

This is the Click 8.3.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/click/8.3.1/ Changes: https://click.palletsprojects.com/page/changes/#version-8-3-1 Milestone: https://github.com/pallets/click/milestone/28

• Don't discard pager arguments by correctly using subprocess.Popen. #3039 #3055
• Replace Sentinel.UNSET default values by None as they're passed through the Context.invoke() method. #3066 #3065 #3068
• Fix conversion of Sentinel.UNSET happening too early, which caused incorrect behavior for multiple parameters using the same name. #3071 #3079
• Fix rendering when prompt and confirm parameter prompt_suffix is empty. #3019 #3021
• When Sentinel.UNSET is found during parsing, it will skip calls to type_cast_value. #3069 #3090
• Hide Sentinel.UNSET values as None when looking up for other parameters through the context inside parameter callbacks. #3136 #3137

8.3.0

This is the Click 8.3.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecation, or introduce potentially breaking changes.

We encourage everyone to upgrade. You can read more about our Version Support Policy on our website.

PyPI: https://pypi.org/project/click/8.3.0/ Changes: https://click.palletsprojects.com/page/changes/#version-8-3-0 Milestone https://github.com/pallets/click/milestone/27

• Improved flag option handling: Reworked the relationship between flag_value and default parameters for better consistency:

  • The default parameter value is now preserved as-is and passed directly to CLI functions (no more unexpected transformations)
  • Exception: flag options with default=True maintain backward compatibility by defaulting to their flag_value
  • The default parameter can now be any type (bool, None, etc.)
  • Fixes inconsistencies reported in: #1992 #2514 #2610 #3024 #3030

• Allow default to be set on Argument for nargs = -1. #2164 #3030

• Show correct auto complete value for nargs option in combination with flag option #2813

• Show correct auto complete value for nargs option in combination with flag option #2813

• Fix handling of quoted and escaped parameters in Fish autocompletion. #2995 #3013

• Lazily import shutil. #3023

• Properly forward exception information to resources registered with click.core.Context.with_resource(). #2447 #3058

• Fix regression related to EOF handling in CliRunner. #2939 #2940

8.2.2

This is the Click 8.2.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/click/8.2.2/

... (truncated)

Changelog

Sourced from click's changelog.

Version 8.3.1

Released 2025-11-15

• Don't discard pager arguments by correctly using subprocess.Popen. :issue:3039 :pr:3055
• Replace Sentinel.UNSET default values by None as they're passed through the Context.invoke() method. :issue:3066 :issue:3065 :pr:3068
• Fix conversion of Sentinel.UNSET happening too early, which caused incorrect behavior for multiple parameters using the same name. :issue:3071 :pr:3079
• Hide Sentinel.UNSET values as None when looking up for other parameters through the context inside parameter callbacks. :issue:3136 :pr:3137
• Fix rendering when prompt and confirm parameter prompt_suffix is empty. :issue:3019 :pr:3021
• When Sentinel.UNSET is found during parsing, it will skip calls to type_cast_value. :issue:3069 :pr:3090

Version 8.3.0

Released 2025-09-17

• Improved flag option handling: Reworked the relationship between flag_value and default parameters for better consistency:

  • The default parameter value is now preserved as-is and passed directly to CLI functions (no more unexpected transformations)
  • Exception: flag options with default=True maintain backward compatibility by defaulting to their flag_value
  • The default parameter can now be any type (bool, None, etc.)
  • Fixes inconsistencies reported in: :issue:1992 :issue:2514 :issue:2610 :issue:3024 :pr:3030

• Allow default to be set on Argument for nargs = -1. :issue:2164 :pr:3030

• Show correct auto complete value for nargs option in combination with flag option :issue:2813

• Fix handling of quoted and escaped parameters in Fish autocompletion. :issue:2995 :pr:3013

• Lazily import shutil. :pr:3023

• Properly forward exception information to resources registered with click.core.Context.with_resource(). :issue:2447 :pr:3058

• Fix regression related to EOF handling in CliRunner. :issue:2939 :pr:2940

Version 8.2.2

Released 2025-07-31

• Fix reconciliation of default, flag_value and type parameters for flag options, as well as parsing and normalization of environment variables.

... (truncated)

Commits

• 1d038f2 release version 8.3.1
• 03f3889 Fix Ruff UP038 warning (#3141)
• 3867781 Fix Ruff UP038 warning
• b91bb95 Provide altered context to callbacks to hide UNSET values as None (#3137)
• 437e1e3 Temporarily provide a fake context to the callback to hide UNSET values as ...
• ea70da4 Don't test using a file in docs/ (#3102)
• e27b307 Make uv run --all-extras pyright --verifytypes click pass (#3072)
• a92c573 Fix test_edit to work with BSD sed (#3129)
• bd131e1 Fix test_edit to work with BSD sed
• 0b5c6b7 Add Best practices section (#3127)
• Additional commits viewable in compare view

Updates rich from 14.0.0 to 14.2.0

Release notes

Sourced from rich's releases.

The Easy as Pi release

This release bumps Python compatibility to the just-released Python 3.14.

[14.2.0] - 2025-10-09

Changed

• Python3.14 compatibility Textualize/rich#3861

The Lively Release

Live objects may now be nested. Previously a progress bar inside another progress context would fail. See the changelog below for this and other changes.

[14.1.0] - 2025-06-25

Changed

• Removed typing_extensions from runtime dependencies Textualize/rich#3763
• Live objects (including Progress) may now be nested Textualize/rich#3768
• Added padding property to Syntax which returns a tuple of four integers Textualize/rich#3782

Fixed

• Fixed extraction of recursive exceptions Textualize/rich#3772
• Fixed padding applied to Syntax Textualize/rich#3782
• Fixed Panel title missing the panel background style Textualize/rich#3569

Added

• Added TTY_INTERACTIVE environment variable to force interactive mode off or on Textualize/rich#3777

Changelog

Sourced from rich's changelog.

[14.2.0] - 2025-10-09

Changed

• Python3.14 compatibility Textualize/rich#3861

[14.1.0] - 2025-06-25

Changed

• Removed typing_extensions from runtime dependencies Textualize/rich#3763
• Live objects (including Progress) may now be nested Textualize/rich#3768
• Added padding property to Syntax which returns a tuple of four integers Textualize/rich#3782

Fixed

• Fixed extraction of recursive exceptions Textualize/rich#3772
• Fixed padding applied to Syntax Textualize/rich#3782
• Fixed Panel title missing the panel background style Textualize/rich#3569

Added

• Added TTY_INTERACTIVE environment variable to force interactive mode off or on Textualize/rich#3777

Commits

• 494f83c changelog
• d476e85 Merge pull request #3862 from GeroZayas/docs/es-readme-sync-2025-10
• 518daaa docs(es): sync README.es.md (macOS, 16 colors, Python 3.8+)
• cd5074f Merge pull request #3861 from Textualize/python314
• 041406c removed asv
• 655b521 test fixes
• 27c2d2d bump for Python3.14
• ea9d4db Update feature_request.md
• 2dca1b7 Merge pull request #3808 from Textualize/bump1410
• 19b6ddd version bump
• Additional commits viewable in compare view

Updates requests from 2.32.3 to 2.32.5

Release notes

Sourced from requests's releases.

v2.32.5

2.32.5 (2025-08-18)

Bugfixes

• The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

• Added support for Python 3.14.
• Dropped support for Python 3.8 following its end of support.

v2.32.4

2.32.4 (2025-06-10)

Security

• CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file. (#6965)

Improvements

• Numerous documentation improvements

Deprecations

• Added support for pypy 3.11 for Linux and macOS. (#6926)
• Dropped support for pypy 3.9 following its end of support. (#6926)

Changelog

Sourced from requests's changelog.

2.32.5 (2025-08-18)

Bugfixes

• The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

• Added support for Python 3.14.
• Dropped support for Python 3.8 following its end of support.

2.32.4 (2025-06-10)

Security

• CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.

Improvements

• Numerous documentation improvements

Deprecations

• Added support for pypy 3.11 for Linux and macOS.
• Dropped support for pypy 3.9 following its end of support.

Commits

• b25c87d v2.32.5
• 131e506 Merge pull request #7010 from psf/dependabot/github_actions/actions/checkout-...
• b336cb2 Bump actions/checkout from 4.2.0 to 5.0.0
• 46e939b Update publish workflow to use artifact-id instead of name
• 4b9c546 Merge pull request #6999 from psf/dependabot/github_actions/step-security/har...
• 7618dbe Bump step-security/harden-runner from 2.12.0 to 2.13.0
• 2edca11 Add support for Python 3.14 and drop support for Python 3.8 (#6993)
• fec96cd Update Makefile rules (#6996)
• d58d8aa docs: clarify timeout parameter uses seconds in Session.request (#6994)
• 91a3eab Bump github/codeql-action from 3.28.5 to 3.29.0
• Additional commits viewable in compare view

Updates dynaconf from 3.2.10 to 3.2.12

Release notes

Sourced from dynaconf's releases.

3.2.12

What's Changed

• Incremental improvment to access performance by @​pedro-psb in dynaconf/dynaconf#1304
• fix: get method to return Any type. by @​rochacbruno in dynaconf/dynaconf#1314
• perf: add lru caching to find_the_correct_casing function by @​pedro-psb in dynaconf/dynaconf#1326

Full Changelog: dynaconf/dynaconf@3.2.11...3.2.12

3.2.11

What's Changed

Release version 3.2.11

Shortlog of commits since last release:

• Bruno Rocha (9): @​rochacbruno

  • fix(cli): handle empty hooks and boolean environments.
  • fix: Better way for CLI to find the Django Settings
  • fix: windows CI
  • feat: Run CLI as module with python -m dynaconf (#1290)
  • fix: use sys.argv instead of click.get_os_args (#1292)
  • fix: -k must exit code 1 when key do not exist (#1293)
  • feat: envless load file (#1295)
  • fix: add correct supported python version to 3.2.x

• Fabricio Aguiar (1): @​fao89

  • fix: make raw variables private (#1287)

• Pedro Brochado (1): @​pedro-psb

  • docs: clarification on redis hash title when using custom envvar prefixes (#1273)

Milestone https://github.com/dynaconf/dynaconf/milestone/31?closed=1

Full Changelog: dynaconf/dynaconf@3.2.10...3.2.11

Changelog

Sourced from dynaconf's changelog.

3.2.12 - 2025-10-10

Bug Fixes

• get method to return Any type.. By Bruno Rocha.
• remove unnecessary recursive evaluation call on Settings.get. By Pedro Brochado.
• improve performance of settings access in a loop (part 1). By Pedro Brochado.

3.2.11 - 2025-05-06

Bug Fixes

• add correct supported python version to 3.2.x. By Bruno Rocha.
• -k must exit code 1 when key do not exist (#1293). By Bruno Rocha.
• use sys.argv instead of click.get_os_args (#1292). By Bruno Rocha.
• windows CI. By Bruno Rocha.
• make raw variables private (#1287). By Fabricio Aguiar.
• Better way for CLI to find the Django Settings. By Bruno Rocha.
• handle empty hooks and boolean environments.. By Bruno Rocha.

Features

• envless load file (#1295). By Bruno Rocha.
• Run CLI as module with python -m dynaconf (#1290). By Bruno Rocha.

Docs

• clarification on redis hash title when using custom envvar prefixes (#1273). By Pedro Brochado.

Commits

• 7606f35 Release version 3.2.12
• da44e51 perf: add lru caching to find_the_correct_casing function (#1326)
• b75eda0 fix: get method to return Any type.
• 4f3df1a misc: add some profile/perf scripts
• 420aceb refactor: merge safe{get,copy} into .get and .copy
• 18c0c84 fix: remove unnecessary recursive evaluation call on Settings.get
• 0fde96f refactor: rewrite decorator as explicit call
• 52efd9e Bump to version 3.2.12-dev0
• c61da8f Release version 3.2.11
• f8189fb fix: add correct supported python version to 3.2.x
• Additional commits viewable in compare view

Updates isort from 6.0.1 to 7.0.0

Release notes

Sourced from isort's releases.

7.0.0

Changes

💥 Breaking Changes

• Drop support for Python 3.9 (#2430) @​DanielNoord

🚀 Features

• Show absolute paths in skipped file messages (#2416) @​pranlawate

🪲 Fixes

• Some fixes for Python 3.14 (#2433) @​DanielNoord
• Test on 3.14 and fix any bugs (#2425) @​DanielNoord
• Update CHANGELOG.md + Fix Formatting and Grammar (#2419) @​lukbrew25
• Fix output of hanging indent for long lines with noqa (#2407) @​matan1008

👷 Continuous Integration

• Format with ruff instead of black (#2432) @​DanielNoord
• Target 3.10 for ruff (#2431) @​DanielNoord
• Update development dependencies to latest version (#2426) @​DanielNoord
• docs: update pre-commit examples to version 6.1.0 (#2413) @​pranlawate
• Small cleanup for developer environment (#2418) @​DanielNoord

📦 Dependencies

• Bump actions/setup-python from 5 to 6 in the github-actions group (#2411) @dependabot[bot]

6.1.0

Changes

• Update docs discussions channel (#2410) @​staticdev
• Add python 3.14 classifier and badge (#2409) @​staticdev
• Drop use of non-standard pkg_resources API (#2405) @​dvarrazzo
• Use working isort version in pre-commit example (#2402) @​iainelder
• fix typo in _get_files_from_dir_cached test (#2392) @​tiltingpenguin
• Resolve bandit warnings (#2379) @​kurtmckee
• Add tox for cross-platform, parallel test suite execution (#2378) @​kurtmckee
• Add Project URLs to PyPI Side Panel (#2387) @​guillermodotn
• Fix typos (#2376) @​co63oc

👷 Continuous Integration

• Add make bash scripts portable (#2377) @​staticdev

📦 Dependencies

• Bump actions/checkout from 4 to 5 in the github-actions group (#2406) @dependabot[bot]

... (truncated)

Changelog

Sourced from isort's changelog.

Changelog

NOTE: isort follows the semver versioning standard. Find out more about isort's release policy here.

Unreleased

• Removed --old-finders and --magic-placement flags and old_finders configuration option. The legacy finder logic that relied on environment introspection has been removed (#2445) @​joao-faria-dev

6.1.0 October 1 2025

• Add python 3.14 classifier and badge (#2409) @​staticdev
• Drop use of non-standard pkg_resources API (#2405) @​dvarrazzo

Commits

• 0a09c78 Merge pull request #2433 from DanielNoord/python-314
• 0fee794 Add 3.14 to stdlibds
• 332a1ad Bump zstandard for 3.14 compat
• f756e56 Merge pull request #2432 from DanielNoord/ruff-it-up
• 52f5134 Format with ruff instead of black
• 012aa69 Merge pull request #2431 from DanielNoord/ruff-it-up
• 89773db Target 3.10 with ruff
• 933e382 Merge pull request #2430 from DanielNoord/drop-39
• 8b6e00c Remove support for Python 3.9
• b5f9f29 Bump profile plugin to 3.10+ and re-lock
• Additional commits viewable in compare view

Updates sqlalchemy from 2.0.40 to 2.0.44

Release notes

Sourced from sqlalchemy's releases.

2.0.44

Released: October 10, 2025

platform

• [platform] [bug] Unblocked automatic greenlet installation for Python 3.14 now that there are greenlet wheels on pypi for python 3.14.

orm

• [orm] [usecase] The way ORM Annotated Declarative interprets Python PEP 695 type aliases in Mapped[] annotations has been refined to expand the lookup scheme. A PEP 695 type can now be resolved based on either its direct presence in _orm.registry.type_annotation_map or its immediate resolved value, as long as a recursive lookup across multiple PEP 695 types is not required for it to resolve. This change reverses part of the restrictions introduced in 2.0.37 as part of #11955, which deprecated (and disallowed in 2.1) the ability to resolve any PEP 695 type that was not explicitly present in _orm.registry.type_annotation_map. Recursive lookups of PEP 695 types remains deprecated in 2.0 and disallowed in version 2.1, as do implicit lookups of NewType types without an entry in _orm.registry.type_annotation_map.

  Additionally, new support has been added for generic PEP 695 aliases that refer to PEP 593 Annotated constructs containing _orm.mapped_column() configurations. See the sections below for examples.

  References: #12829

• [orm] [bug] Fixed a caching issue where _orm.with_loader_criteria() would incorrectly reuse cached bound parameter values when used with _sql.CompoundSelect constructs such as _sql.union(). The issue was caused by the cache key for compound selects not including the execution options that are part of the _sql.Executable base class, which _orm.with_loader_criteria() uses to apply its criteria dynamically. The fix ensures that compound selects and other executable constructs properly include execution options in their cache key traversal.

  References: #12905

engine

• [engine] [bug] Implemented initial support for free-threaded Python by adding new tests and reworking the test harness to include Python 3.13t and Python 3.14t in

... (truncated)

Commits

• See full diff in compare view

Updates psycopg2 from 2.9.10 to 2.9.11

Changelog

Sourced from psycopg2's changelog.

Current release

What's new in psycopg 2.9.11 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Add support for Python 3.14.
• Avoid a segfault passing more arguments than placeholders if Python is built with assertions enabled (:ticket:[#1791](https://github.com/psycopg/psycopg2/issues/1791)).
• Add riscv64 platform binary packages (:ticket:[#1813](https://github.com/psycopg/psycopg2/issues/1813)).
• ~psycopg2.errorcodes map and ~psycopg2.errors classes updated to PostgreSQL 18.
• Drop support for Python 3.8.

What's new in psycopg 2.9.10 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Add support for Python 3.13.
• Receive notifications on commit (:ticket:[#1728](https://github.com/psycopg/psycopg2/issues/1728)).
• ~psycopg2.errorcodes map and ~psycopg2.errors classes updated to PostgreSQL 17.
• Drop support for Python 3.7.

What's new in psycopg 2.9.9 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Add support for Python 3.12.
• Drop support for Python 3.6.

What's new in psycopg 2.9.8 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Wheel package bundled with PostgreSQL 16 libpq in order to add support for recent features, such as sslcertmode.

What's new in psycopg 2.9.7 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Fix propagation of exceptions raised during module initialization (:ticket:[#1598](https://github.com/psycopg/psycopg2/issues/1598)).
• Fix building when pg_config returns an empty string (:ticket:[#1599](https://github.com/psycopg/psycopg2/issues/1599)).
• Wheel package bundled with OpenSSL 1.1.1v.

What's new in psycopg 2.9.6 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

... (truncated)

Commits

• fd9ae8c chore: bump to version 2.9.11
• d923840 chore: update docs requirements
• d42dc71 Merge branch 'fix-1791'
• 4fde656 fix: avoid failed assert passing more arguments than placeholders
• 8308c19 fix: drop warning about the use of deprecated PyWeakref_GetObject function
• 1a1eabf build(deps): bump actions/github-script from 7 to 8
• 897af8b build(deps): bump peter-evans/repository-dispatch from 3 to 4
• ceefd30 build(deps): bump actions/checkout from 4 to 5
• 4dc5854 build(deps): bump actions/setup-python from 5 to 6
• 1945788 Merge pull request #1802 from edgarrmondragon/cp314-wheels
• Additional commits viewable in compare view

Updates beaupy from 3.10.1 to 3.10.2

Release notes

Sourced from beaupy's releases.

v3.10.2

What's Changed

• chore(deps): update dependency flake8 to v7.1.1 by @​renovate[bot] in petereon/beaupy#129
• chore(deps): update dependency isort to v5.13.2 by @​renovate[bot] in petereon/beaupy#130
• chore(deps): update dependency mypy to v1.14.1 by @​renovate[bot] in petereon/beaupy#131
• docs: adding documentation for global config by @​petereon in petereon/beaupy#148
• chore(deps): update dependency pytest to v8.4.2 by @​renovate[bot] in petereon/beaupy#147
• chore(deps): update dependency black to v25 by @​renovate[bot] in petereon/beaupy#144
• chore(deps): update dependency pydoc-markdown to v4.8.2 by @​renovate[bot] in petereon/beaupy#132

Full Changelog: petereon/beaupy@v3.10.1...v3.10.2

Commits

• a2dc157 chore: bump version from 3.10.1 to 3.10.2
• 7599e5a Merge pull request #132 from petereon/renovate/pydoc-markdown-4.x
• 6b2bb33 chore(deps): update dependency pydoc-markdown to v4.8.2
• d2b0cbc Merge pull request #144 from petereon/renovate/black-25.x
• 926fb4e chore(deps): update dependency black to v25
• df126ef Merge pull request #147 from petereon/renovate/pytest-8.x
• 0eb7725 chore(deps): update dependency pytest to v8.4.2
• 7b92346 chore: linting code
• 531e870 chore: fix weird types
• dfd9dbc docs: adding documentation for global config (#148)
• Additional commits viewable in compare view

Updates sigstore from 3.6.2 to 4.1.0

Release notes

Sourced from sigstore's releases.

v4.1.0

Added

• cli: Support using other Sigstore instances with --instance URL. New instances are trusted with new top level command trust-instance ROOTFILE. #1548

Changed

• Added ...

  Description has been truncated