Bump the pip group across 9 directories with 9 updates

[dependabot]

Bumps the pip group with 1 update in the /CrewAI-LangGraph directory: langgraph.
Bumps the pip group with 1 update in the /azure_model directory: requests.
Bumps the pip group with 4 updates in the /game-builder-crew directory: requests, google-cloud-aiplatform, orjson and pyasn1.
Bumps the pip group with 1 update in the /instagram_post directory: requests.
Bumps the pip group with 7 updates in the /landing_page_generator directory:

Package	From	To
requests	2.32.3	2.33.0
google-cloud-aiplatform	1.71.1	1.133.0
orjson	3.10.10	3.11.6
pyasn1	0.6.1	0.6.3
pypdf	5.1.0	6.9.2
deepdiff	8.0.1	8.6.2
nltk	3.9.1	3.9.4

Bumps the pip group with 5 updates in the /markdown_validator directory:

Package	From	To
requests	2.32.3	2.33.0
google-cloud-aiplatform	1.70.0	1.133.0
orjson	3.10.10	3.11.6
pyasn1	0.6.1	0.6.3
pypdf	5.0.1	6.9.2

Bumps the pip group with 5 updates in the /match_profile_to_positions directory:

Package	From	To
requests	2.32.3	2.33.0
google-cloud-aiplatform	1.58.0	1.133.0
orjson	3.10.6	3.11.6
pyasn1	0.6.0	0.6.3
ujson	5.10.0	5.12.0

Bumps the pip group with 5 updates in the /recruitment directory:

Package	From	To
requests	2.32.3	2.33.0
google-cloud-aiplatform	1.58.0	1.133.0
orjson	3.10.6	3.11.6
pyasn1	0.6.0	0.6.3
ujson	5.10.0	5.12.0

Bumps the pip group with 2 updates in the /trip_planner directory: requests and nltk.

Updates langgraph from 0.0.15 to 1.0.10rc1

Release notes

Sourced from langgraph's releases.

langgraph==1.0.10rc1

Changes since 1.0.9

• release: Candidate (#6947)
• Merge commit from fork
• chore: add tests to confirm expected subgraph persistence behavior (#6943)
• fix(langgraph): correct ParentCommand bubbling when checkpoint_ns includes numeric task segments (#6864)
• chore: add make type target for type checking (#6748)

langgraph==1.0.9

Changes since 1.0.8

• release: langgraph + prebuilt (#6875)
• fix: sequential interrupt handling w/ functional API (#6863)
• chore: state_updated_at sort by (#6857)
• chore: bump orjson (#6852)
• chore: conformance testing (#6842)
• chore(deps): bump the all-dependencies group in /libs/langgraph with 6 updates (#6815)
• chore(deps): bump protobuf from 6.33.4 to 6.33.5 in /libs/langgraph (#6833)
• chore(deps): bump cryptography from 46.0.3 to 46.0.5 in /libs/langgraph (#6837)
• chore(deps): bump nbconvert from 7.16.6 to 7.17.0 in /libs/langgraph (#6832)
• chore: server runtime type (#6774)
• refactor: replace bare except with BaseException in AsyncQueue (#6765)

langgraph==1.0.8

Changes since 1.0.7

• release(langgraph): 1.0.8 (#6757)
• chore: shallow copy futures (#6755)
• fix: pydantic messages double streaming (#6753)
• chore(deps-dev): bump ruff from 0.14.7 to 0.14.11 in /libs/sdk-py (#6673)
• chore: Omit lock when using connection pool (#6734)
• docs: enhance Runtime and ToolRuntime class descriptions for clarity (#6689)
• docs: add clarity to use of thread_id (#6515)
• docs: add docstrings to add_node overloads (#6514)
• docs: update notebook links and add archival notices for examples (#6720)
• release(cli): 0.4.12 (#6716)

langgraph-prebuilt==1.0.8

Changes since prebuilt==1.0.7

• release: langgraph + prebuilt (#6875)
• fix: inject ToolRuntime for dynamically registered tools (#6874)
• chore: bump orjson (#6852)
• chore(deps): bump langchain-core from 1.2.12 to 1.2.13 in /libs/prebuilt in the all-dependencies group (#6849)
• chore: conformance testing (#6842)
• chore(deps): bump the all-dependencies group in /libs/prebuilt with 3 updates (#6810)
• chore: server runtime type (#6774)
• docs(prebuilt): update warning for create_react_agent (#6760)
• release(langgraph): 1.0.8 (#6757)

... (truncated)

Commits

• See full diff in compare view

Updates requests from 2.31.0 to 2.33.0

Release notes

Sourced from requests's releases.

v2.33.0

2.33.0 (2026-03-25)

Announcements

• 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

• CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

• Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

• Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

• Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

• Various typo fixes and doc improvements.

New Contributors

• @​M0d3v1 made their first contribution in psf/requests#6865
• @​aminvakil made their first contribution in psf/requests#7220
• @​E8Price made their first contribution in psf/requests#6960
• @​mitre88 made their first contribution in psf/requests#7244
• @​magsen made their first contribution in psf/requests#6553
• @​Rohan5commit made their first contribution in psf/requests#7227

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25

v2.32.5

2.32.5 (2025-08-18)

Bugfixes

• The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

• Added support for Python 3.14.
• Dropped support for Python 3.8 following its end of support.

v2.32.4

2.32.4 (2025-06-10)

... (truncated)

Changelog

Sourced from requests's changelog.

2.33.0 (2026-03-25)

Announcements

• 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

• CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

• Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

• Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

• Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

• Various typo fixes and doc improvements.

2.32.5 (2025-08-18)

Bugfixes

• The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

• Added support for Python 3.14.
• Dropped support for Python 3.8 following its end of support.

2.32.4 (2025-06-10)

Security

• CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.

... (truncated)

Commits

• bc04dfd v2.33.0
• 66d21cb Merge commit from fork
• 8b9bc8f Move badges to top of README (#7293)
• e331a28 Remove unused extraction call (#7292)
• 753fd08 docs: fix FAQ grammar in httplib2 example
• 774a0b8 docs(socks): same block as other sections
• 9c72a41 Bump github/codeql-action from 4.33.0 to 4.34.1
• ebf7190 Bump github/codeql-action from 4.32.0 to 4.33.0
• 0e4ae38 docs: exclude Response.is_permanent_redirect from API docs (#7244)
• d568f47 docs: clarify Quickstart POST example (#6960)
• Additional commits viewable in compare view

Updates requests from 2.32.3 to 2.33.0

Release notes

Sourced from requests's releases.

v2.33.0

2.33.0 (2026-03-25)

Announcements

• 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

• CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

• Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

• Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

• Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

• Various typo fixes and doc improvements.

New Contributors

• @​M0d3v1 made their first contribution in psf/requests#6865
• @​aminvakil made their first contribution in psf/requests#7220
• @​E8Price made their first contribution in psf/requests#6960
• @​mitre88 made their first contribution in psf/requests#7244
• @​magsen made their first contribution in psf/requests#6553
• @​Rohan5commit made their first contribution in psf/requests#7227

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25

v2.32.5

2.32.5 (2025-08-18)

Bugfixes

• The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

• Added support for Python 3.14.
• Dropped support for Python 3.8 following its end of support.

v2.32.4

2.32.4 (2025-06-10)

... (truncated)

Changelog

Sourced from requests's changelog.

2.33.0 (2026-03-25)

Announcements

• 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

• CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

• Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

• Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

• Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

• Various typo fixes and doc improvements.

2.32.5 (2025-08-18)

Bugfixes

• The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

• Added support for Python 3.14.
• Dropped support for Python 3.8 following its end of support.

2.32.4 (2025-06-10)

Security

• CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.

... (truncated)

Commits

• bc04dfd v2.33.0
• 66d21cb Merge commit from fork
• 8b9bc8f Move badges to top of README (#7293)
• e331a28 Remove unused extraction call (#7292)
• 753fd08 docs: fix FAQ grammar in httplib2 example
• 774a0b8 docs(socks): same block as other sections
• 9c72a41 Bump github/codeql-action from 4.33.0 to 4.34.1
• ebf7190 Bump github/codeql-action from 4.32.0 to 4.33.0
• 0e4ae38 docs: exclude Response.is_permanent_redirect from API docs (#7244)
• d568f47 docs: clarify Quickstart POST example (#6960)
• Additional commits viewable in compare view

Updates google-cloud-aiplatform from 1.68.0 to 1.133.0

Release notes

Sourced from google-cloud-aiplatform's releases.

v1.133.0

1.133.0 (2026-01-08)

Features

• Deprecate tuning public preview SDK in favor of tuning SDK (35d362c)
• GenAI SDK client - Enabling Few-shot Prompt Optimization by passing either "OPTIMIZATION_TARGET_FEW_SHOT_RUBRICS" or "OPTIMIZATION_TARGET_FEW_SHOT_TARGET_RESPONSE" to the optimize_prompt method (715cc5b)
• GenAI SDK client(memory): Add enable_third_person_memories (65717fa)
• Support Developer Connect in AE (04f1771)

Bug Fixes

• Add None check for agent_info in evals.py (c8c0f0f)
• GenAI client(evals) - Fix TypeError in _build_generate_content_config (be2eaaa)
• Make project_number to project_id mapping fail-open. (f1c8458)
• Replace asyncio.run with create_task in ADK async thread mains. (83f4076)
• Replace asyncio.run with create_task in ADK async thread mains. (8c876ef)
• Require uri or staging bucket configuration for saving model to Vertex Experiment. (5448f06)
• Return embedding metadata if available (d9c6eb1)
• Update examples_dataframe type to PandasDataFrame in Prompt Optimizer. (a2564cc)

v1.132.0

1.132.0 (2025-12-17)

Features

• Add Lustre support to the Vertex Training Custom Job API (71747e8)

Documentation

• A comment for field restart_job_on_worker_restart in message .google.cloud.aiplatform.v1beta1.Scheduling is changed (71747e8)
• A comment for field timeout in message .google.cloud.aiplatform.v1beta1.Scheduling is changed (71747e8)

v1.131.0

1.131.0 (2025-12-16)

Features

• Allow list of events to be passed to AdkApp.async_stream_query (dd8840a)
• GenAI Client(evals) - Support CustomCodeExecution metric in Vertex Gen AI Eval Service (4114728)
• Updates the ADK template to direct structured JSON logs to standard output. (a65ec29)

Bug Fixes

... (truncated)

Changelog

Sourced from google-cloud-aiplatform's changelog.

1.133.0 (2026-01-08)

Features

• Deprecate tuning public preview SDK in favor of tuning SDK (35d362c)
• GenAI SDK client - Enabling Few-shot Prompt Optimization by passing either "OPTIMIZATION_TARGET_FEW_SHOT_RUBRICS" or "OPTIMIZATION_TARGET_FEW_SHOT_TARGET_RESPONSE" to the optimize_prompt method (715cc5b)
• GenAI SDK client(memory): Add enable_third_person_memories (65717fa)
• Support Developer Connect in AE (04f1771)

Bug Fixes

• Add None check for agent_info in evals.py (c8c0f0f)
• GenAI client(evals) - Fix TypeError in _build_generate_content_config (be2eaaa)
• Make project_number to project_id mapping fail-open. (f1c8458)
• Replace asyncio.run with create_task in ADK async thread mains. (83f4076)
• Replace asyncio.run with create_task in ADK async thread mains. (8c876ef)
• Require uri or staging bucket configuration for saving model to Vertex Experiment. (5448f06)
• Return embedding metadata if available (d9c6eb1)
• Update examples_dataframe type to PandasDataFrame in Prompt Optimizer. (a2564cc)

1.132.0 (2025-12-17)

Features

• Add Lustre support to the Vertex Training Custom Job API (71747e8)
• Add Lustre support to the Vertex Training Custom Job API (71747e8)

Documentation

• A comment for field restart_job_on_worker_restart in message .google.cloud.aiplatform.v1beta1.Scheduling is changed (71747e8)
• A comment for field timeout in message .google.cloud.aiplatform.v1beta1.Scheduling is changed (71747e8)

1.131.0 (2025-12-16)

Features

• Allow list of events to be passed to AdkApp.async_stream_query (dd8840a)
• GenAI Client(evals) - Support CustomCodeExecution metric in Vertex Gen AI Eval Service (4114728)
• Updates the ADK template to direct structured JSON logs to standard output. (a65ec29)

Bug Fixes

• Fix RagManagedVertexVectorSearch when using backend_config (df0976e)
• GenAI Client(evals) - patch for vulnerability in visualization (8a00d43)

... (truncated)

Commits

• 78f2bdd chore(main): release 1.133.0 (#6211)
• c8c0f0f fix: Add None check for agent_info in evals.py
• 9952b97 chore: rollback
• 83f4076 fix: Replace asyncio.run with create_task in ADK async thread mains.
• 937d5af Copybara import of the project:
• aaaf902 chore: bump google-auth lower bound to 2.47.0 in GenAI and Vertex SDKs
• 8c876ef fix: Replace asyncio.run with create_task in ADK async thread mains.
• 5448f06 fix: Require uri or staging bucket configuration for saving model to Vertex E...
• 65717fa feat: GenAI SDK client(memory): Add enable_third_person_memories
• be2eaaa fix: GenAI client(evals) - Fix TypeError in _build_generate_content_config
• Additional commits viewable in compare view

Updates orjson from 3.10.7 to 3.11.6

Release notes

Sourced from orjson's releases.

3.11.6

Changed

• orjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).
• Drop support for Python 3.9.
• ABI compatibility with CPython 3.15 alpha 5.
• Build now depends on Rust 1.89 or later instead of 1.85.

Fixed

• Fix sporadic crash serializing deeply nested list of dict.

3.11.5

Changed

• Show simple error message instead of traceback when attempting to build on unsupported Python versions.

3.11.4

Changed

• ABI compatibility with CPython 3.15 alpha 1.
• Publish PyPI wheels for 3.14 and manylinux i686, manylinux arm7, manylinux ppc64le, manylinux s390x.
• Build now requires a C compiler.

3.11.3

Fixed

• Fix PyPI project metadata when using maturin 1.9.2 or later.

3.11.2

Fixed

• Fix build using Rust 1.89 on amd64.

Changed

• Build now depends on Rust 1.85 or later instead of 1.82.

3.11.1

Changed

• Publish PyPI wheels for CPython 3.14.

Fixed

• Fix str on big-endian architectures.

3.11.0

... (truncated)

Changelog

Sourced from orjson's changelog.

3.11.6 - 2026-01-29

Changed

• orjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).
• Drop support for Python 3.9.
• ABI compatibility with CPython 3.15 alpha 5.
• Build now depends on Rust 1.89 or later instead of 1.85.

Fixed

• Fix sporadic crash serializing deeply nested list of dict.

3.11.5 - 2025-12-06

Changed

• Show simple error message instead of traceback when attempting to build on unsupported Python versions.

3.11.4 - 2025-10-24

Changed

• ABI compatibility with CPython 3.15 alpha 1.
• Publish PyPI wheels for 3.14 and manylinux i686, manylinux arm7, manylinux ppc64le, manylinux s390x.
• Build now requires a C compiler.

3.11.3 - 2025-08-26

Fixed

• Fix PyPI project metadata when using maturin 1.9.2 or later.

3.11.2 - 2025-08-12

Fixed

• Fix build using Rust 1.89 on amd64.

Changed

• Build now depends on Rust 1.85 or later instead of 1.82.

... (truncated)

Commits

• ec02024 3.11.6
• d581687 build, clippy misc
• 4105b29 writer::num
• 62bb185 Fix sporadic crash on serializing object close
• d860078 PyRef idiom refactors
• 343ae2f Deserializer, Utf8Buffer
• 7835f58 PyBytesRef and other input refactor
• 71e0516 PyStrRef
• 1096df4 MSRV 1.89
• b718e75 Drop support for python3.9
• Additional commits viewable in compare view

Updates pyasn1 from 0.6.1 to 0.6.3

Release notes

Sourced from pyasn1's releases.

Release 0.6.3

It's a minor release.

• Added nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (CVE-2026-30922).
• Fixed OverflowError from oversized BER length field.
• Fixed DeprecationWarning stacklevel for deprecated attributes.
• Fixed asDateTime incorrect fractional seconds parsing.

All changes are noted in the CHANGELOG.

Release 0.6.2

It's a minor release.

• Fixed continuation octet limits in OID/RELATIVE-OID decoder (CVE-2026-23490).
• Added support for Python 3.14.
• Added SECURITY.md policy.
• Migrated to pyproject.toml packaging.

All changes are noted in the CHANGELOG.

Changelog

Sourced from pyasn1's changelog.

Revision 0.6.3, released 16-03-2026

• CVE-2026-30922 (GHSA-jr27-m4p2-rc6r): Added nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (thanks for reporting, romanticpragmatism)
• Fixed OverflowError from oversized BER length field [issue #54](pyasn1/pyasn1#54) [pr #100](pyasn1/pyasn1#100)
• Fixed DeprecationWarning stacklevel for deprecated attributes [issue #86](pyasn1/pyasn1#86) [pr #101](pyasn1/pyasn1#101)
• Fixed asDateTime incorrect fractional seconds parsing [issue #81](pyasn1/pyasn1#81) [pr #102](pyasn1/pyasn1#102)

Revision 0.6.2, released 16-01-2026

• CVE-2026-23490 (GHSA-63vm-454h-vhhq): Fixed continuation octet limits in OID/RELATIVE-OID decoder (thanks to tsigouris007)
• Added support for Python 3.14 [pr #97](pyasn1/pyasn1#97)
• Added SECURITY.md policy
• Fixed unit tests failing due to missing code [issue #91](pyasn1/pyasn1#91) [pr #92](pyasn1/pyasn1#92)
• Migrated to pyproject.toml packaging [pr #90](pyasn1/pyasn1#90)

Commits

• af65c3b Prepare release 0.6.3
• 5a49bd1 Merge commit from fork
• 5494ba4 Fix asDateTime incorrect fractional seconds parsing (#102)
• 71f486e Fix DeprecationWarning stacklevel for deprecated attributes (#101)
• d7cb42d Fix OverflowError from oversized BER length field (#100)
• e7356f8 Prepare release 0.6.2
• 3908f14 Merge commit from fork
• 0a7e067 Add support for Python 3.14 (#97)
• 33656e9 Create Security Policy
• fa62307 fix for issue #91: unit tests failing due to missing code (#92)
• Additional commits viewable in compare view

Updates requests from 2.31.0 to 2.33.0

Release notes

Sourced from requests's releases.

v2.33.0

2.33.0 (2026-03-25)

Announcements

• 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

• CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

• Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

• Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

• Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

• Various typo fixes and doc improvements.

New Contributors

• @​M0d3v1 made their first contribution in psf/requests#6865
• @​aminvakil made their first contribution in psf/requests#7220
• @​E8Price made their first contribution in psf/requests#6960
• @​mitre88 made their first contribution in psf/requests#7244
• @​magsen made their first contribution in psf/requests#6553
• @​Rohan5commit made their first contribution in psf/requests#7227

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25

v2.32.5

2.32.5 (2025-08-18)

Bugfixes

• The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

• Added support for Python 3.14.
• Dropped support for Python 3.8 following its end of support.

v2.32.4

2.32.4 (2025-06-10)

... (truncated)

Changelog

Sourced from requests's changelog.

2.33.0 (2026-03-25)

Announcements

• 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

• CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

• Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

• Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

• Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

• Various typo fixes and doc improvements.

2.32.5 (2025-08-18)

Bugfixes

• The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

• Added support for Python 3.14.
• Dropped support for Python 3.8 following its end of support.

2.32.4 (2025-06-10)

Security

• CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.

... (truncated)

Commits

• bc04dfd v2.33.0
• 66d21cb Merge commit from fork
• 8b9bc8f Move badges to top of README (#7293)
• e331a28 Remove unused extraction call (#7292)
• 753fd08 docs: fix FAQ grammar in httplib2 example
• 774a0b8 docs(socks): same block as other sections
• 9c72a41 Bump github/codeql-action from 4.33.0 to 4.34.1
• ebf7190 Bump github/codeql-action from 4.32.0 to 4.33.0
• 0e4ae38 docs: exclude Response.is_permanent_redirect from API docs (#7244)
• d568f47 docs: clarify Quickstart POST example (#6960)
• Additional commits viewable in compare view

Updates requests from 2.32.3 to 2.33.0

Release notes

Sourced from requests's releases.

v2.33.0

2.33.0 (2026-03-25)

Announcements

• 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

• CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

• Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

• Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

• Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

• Various typo fixes and doc improvements.

New Contributors

• @​M0d3v1 made their first contribution in psf/requests#6865
• @​aminvakil made their first contribution in psf/requests#7220
• @​E8Price made their first contribution in psf/requests#6960
• @​mitre88 made their first contribution in psf/requests#7244
• @​magsen made their first contribution in psf/requests#6553
• @​Rohan5commit made their first contribution in psf/requests#7227

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25

v2.32.5

2.32.5 (2025-08-18)

Bugfixes

• The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

• Added support for Python 3.14.
• Dropped support for Python 3.8 following its end of support.

v2.32.4

2.32.4 (2025-06-10)

... (truncated)

Changelog

Sourced from requests's changelog.

2.33.0 (2026-03-25)

Announcements

• 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

• CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

• Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

• Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

• Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

• Various typo fixes and doc improvements.

2.32.5 (2025-08-18)

Bugfixes

• The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

• Added support for Python 3.14.
• Dropped support for Python 3.8 following its end of support.

2.32.4 (2025-06-10)

Security

• CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.

... (truncated)

Commits

• bc04dfd v2.33.0
• 66d21cb Merge commit from fork
• 8b9bc8f Move badges to top of README (#7293)
• e331a28 Remove unused extraction call (#7292)
• 753fd08 docs: fix FAQ grammar in httplib2 example
• 774a0b8 docs(socks): same block as other sections
• 9c72a41 Bump github/codeql-action from 4.33.0 to 4.34.1
• ebf7190 Bump github/codeql-action from 4.32.0 to 4.33.0
• 0e4ae38 docs: exclude Response.is_permanent_redirect from API docs (#7244)
• d568f47 docs: clarify Quickstart POST example (#6960)
• Additional commits viewable in compare view

Updates google-cloud-aiplatform from 1.71.1 to 1.133.0

Release notes

Sourced from google-cloud-aiplatform's releases.

v1.133.0

1.133.0 (2026-01-08)

Features

• Deprecate tuning public preview SDK in favor of tuning SDK (35d362c)
• GenAI SDK client - Enabling Few-shot Prompt Optimization by passing either "OPTIMIZATION_TARGET_FEW_SHOT_RUBRICS" or "OPTIMIZATION_TARGET_FEW_SHOT_TARGET_RESPONSE" to the optimize_prompt method (715cc5b)
• GenAI SDK client(memory): Add enable_third_person_memories (65717fa)
• Support Developer Connect in AE (04f1771)

Bug Fixes

• Add None check for agent_info in evals.py (c8c0f0f)
• GenAI client(evals) - Fix T...

  Description has been truncated

[secure-code-warrior-for-github]

Micro-Learning Topic: Stack overflow (Detected by phrase)

Matched on "stack overflow"

What is this? (2min video)

Also referred to as Stack buffer overflows. This vulnerability occurs when data received by a program is written to a memory location on the stack and the allocated space is not large enough to take the whole input. If proper boundary checks are not implemented, or unsafe functions like sprintf, fgets etc. are used which don't require a destination size limit the stack memory after the target buffer may be written to, allowing an attacker to alter the normal behaviour of the program. Most modern compilers now have a secure switch which may reorder stack variables and generate extra code to protect against this type of vulnerability.

Try a challenge in Secure Code Warrior