Skip to content

chore(deps): bump the dependencies group with 8 updates#3

Merged
timmanik merged 1 commit intomainfrom
dependabot/pip/dependencies-f4afca5922
Apr 7, 2026
Merged

chore(deps): bump the dependencies group with 8 updates#3
timmanik merged 1 commit intomainfrom
dependabot/pip/dependencies-f4afca5922

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 7, 2026

Bumps the dependencies group with 8 updates:

Package From To
opensearch-py 2.7.1 3.1.0
boto3 1.37.1 1.42.84
requests-aws4auth 1.3 1.3.1
pyyaml 6.0.2 6.0.3
streamlit 1.41.1 1.56.0
aws-cdk-lib 2.186.0 2.248.0
beautifulsoup4 4.12.3 4.14.3
python-dotenv 1.0.0 1.2.2

Updates opensearch-py from 2.7.1 to 3.1.0

Release notes

Sourced from opensearch-py's releases.

v3.1.0

What's Changed

New Contributors

Full Changelog: opensearch-project/opensearch-py@v3.0.0...v3.1.0

v3.0.0

What's Changed

... (truncated)

Changelog

Sourced from opensearch-py's changelog.

[3.1.0]

Added

Updated APIs

Changed

  • Rename DenseVector field type to KnnVector (925)

Deprecated

  • Deprecate python 3.8 and 3.9 support which are end of life. (966)

Removed

Fixed

  • Moved client tests to dedicated files to ensure they are run (944)
  • Fix Async request signer (932)
  • Fix memory leak in parallel_bulk (981)

Security

Dependencies

  • Bumps aiohttp from >=3.9.4,<4 to >=3.10.11,<4 (#920)
  • Bumps aiohttp from >=3.10.11 to >=3.12.14 (#966)
  • Bump pytest-asyncio from <=0.25.1 to <=1.2.0 (#936, #950)
  • Bumps lycheeverse/lychee-action from 1.9.3 to 2.7.0 (#946, #980)
  • Bump actions/download-artifact from 4 to 6 (#957, #968)
  • Bump actions/cache from 3 to 4 (#958)
  • Bump peter-evans/create-pull-request from 6 to 7 (#959)
  • Bump actions/setup-python from 5 to 6 (#961)
  • Bump dangoslen/dependabot-changelog-helper from 3 to 4 (#960)
  • Bump stefanzweifel/git-auto-commit-action from 5 to 7 (#962)
  • Bump actions/checkout from 4 to 5 (#967)
  • Bump VachaShah/backport from 1.1.4 to 2.2.0 (#969)
  • Bump actions/github-script from 7 to 8 (#973)
  • Bump actions/upload-artifact from 4 to 5 (#972)
  • Bump actions/setup-java from 4 to 5 (#974)

[3.0.0]

Added

  • Added option to pass custom headers to 'AWSV4SignerAsyncAuth' (863)
  • Added sync and async sample that uses search_after parameter (859)
  • Enforced mandatory keyword-only arguments for calling auto-generated OpenSearch-py APIs (#907)

Updated APIs

Changed

  • Small refactor of AWS Signer classes for both sync and async clients (866)
  • Small refactor to fix overwriting the module files when generating apis (874)
  • Fixed a "type ignore" lint error
  • Added support for explicit proxy to RequestsHttpConnection (908)

Deprecated

Removed

... (truncated)

Commits
  • 4ad9a25 Preparing for release, 3.1.0 (#971)
  • 0979c33 Fix Changelog entry (#979)
  • 93ea96f Bump lycheeverse/lychee-action from 2.0.2 to 2.7.0 (#980)
  • e962fbe Add transport-grpc client library (#977)
  • 1e738e9 Bump actions/github-script from 7 to 8 (#973)
  • 861bee4 Bump actions/setup-java from 4 to 5 (#974)
  • d5f0078 Bump actions/upload-artifact from 4 to 5 (#972)
  • 2369c94 Bump minimum supported python 3.8 -> 3.10 (#966)
  • 4ef46e5 Updated opensearch-py to reflect the latest OpenSearch API spec (2025-11-04) ...
  • 68204b0 Bump VachaShah/backport from 1.1.4 to 2.2.0 (#969)
  • Additional commits viewable in compare view

Updates boto3 from 1.37.1 to 1.42.84

Commits
  • d0fa3ae Merge branch 'release-1.42.84'
  • a4e4154 Bumping version to 1.42.84
  • 7fe1990 Add changelog entries from botocore
  • 5eac849 Add zizmor workflow and apply initial fixes (#4755)
  • 319798f Merge branch 'release-1.42.83'
  • 5a0933e Merge branch 'release-1.42.83' into develop
  • afa955e Bumping version to 1.42.83
  • 969066d Add changelog entries from botocore
  • f4c3140 Merge branch 'release-1.42.82'
  • 8237e0e Merge branch 'release-1.42.82' into develop
  • Additional commits viewable in compare view

Updates requests-aws4auth from 1.3 to 1.3.1

Release notes

Sourced from requests-aws4auth's releases.

v1.3.1

1.3.1 (2024-07-21)

Changes

  • explicitly set python requirement to 3.7.
Changelog

Sourced from requests-aws4auth's changelog.

1.3.1 (2024-07-21)

Changes

  • explicitly set python requirement to 3.7.

1.3.0 (2024-07-21)

Changes

  • test against 3.12. Currently supporting 3.8-3.12.
  • add nonstandard port test, #68. Thanks @​phillipberndt.
  • remove six and support for any python before 3.7, #73. Thanks @​hugovk.

1.2.3 (2023-05-03)

Changes

  • Add manifest file so tarball installs succeed, #66. Thanks @​jantman.

1.2.2 (2023-02-02)

Bugfixes

  • The 1.2.0/1.2.1 releases had a regression error. The fix of #63 has been reverted.

1.2.1 (2023-01-25)

Bugfixes

  • Actually fix #34. Build 1.2.0 was not fully released.

1.2.0 (2023-01-20)

Bugfixes

Changes

  • test against 3.10. Currently supporting 3.8-3.10.
  • small fixup to flake8 config

... (truncated)

Commits

Updates pyyaml from 6.0.2 to 6.0.3

Release notes

Sourced from pyyaml's releases.

6.0.3

What's Changed

  • Support for Python 3.14 and free-threading (experimental).

Full Changelog: yaml/pyyaml@6.0.2...6.0.3

Changelog

Sourced from pyyaml's changelog.

6.0.3 (2025-09-25)

  • yaml/pyyaml#864 -- Support for Python 3.14 and free-threading (experimental)
Commits

Updates streamlit from 1.41.1 to 1.56.0

Release notes

Sourced from streamlit's releases.

1.56.0

What's Changed

New Features 🎉

Bug Fixes 🐛

Other Changes

... (truncated)

Commits

Updates aws-cdk-lib from 2.186.0 to 2.248.0

Release notes

Sourced from aws-cdk-lib's releases.

v2.248.0

Bug Fixes

  • eks: downgrade isolated subnet validation from error to warning (#37500) (470856c), closes #37491

Alpha modules (2.248.0-alpha.0)

v2.247.0

⚠ BREAKING CHANGES

  • ** L1 resources are automatically generated from public CloudFormation Resource Schemas. They are built to closely reflect the real state of CloudFormation. Sometimes these updates can contain changes that are incompatible with previous types, but more accurately reflect reality. In this release we have changed:

aws-bedrockagentcore: AWS::BedrockAgentCore::OnlineEvaluationConfig: ExecutionStatus attribute removed. aws-appstream: AWS::AppStream::ImageBuilder: Name property is now immutable. aws-eks: AWS::EKS::Capability: EKS_CAPABILITY_ACK_S3_LOGS vended log type removed.

Features

  • update L1 CloudFormation resource definitions (#37410) (bd2c318)
  • apigatewayv2: add role support for lambda authorizers (#35706) (2fb2f16), closes #35696
  • batch: skip unregister job definition on update (#36011) (2fb2240)
  • elasticloadbalancingv2: jwt verification for application load balancer (#36099) (aacd28a), closes #36096

Bug Fixes

Alpha modules (2.247.0-alpha.0)

Features

v2.246.0

Features

Bug Fixes

Reverts

... (truncated)

Changelog

Sourced from aws-cdk-lib's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

2.248.0-alpha.0 (2026-04-02)

2.247.0-alpha.0 (2026-04-02)

Features

2.246.0-alpha.0 (2026-03-31)

2.245.0-alpha.0 (2026-03-27)

Features

  • s3tables-alpha: add support for partition spec, sort order, and table properties (#36811) (2696cd1)
  • s3tables-alpha: add metrics configuration support for TableBucket (#37275) (e8786f5)
  • s3tables-alpha: implement ITaggableV2 on TableBucket and Table L2 constructs (#37277) (69c8944), closes #33054

2.244.0-alpha.0 (2026-03-19)

Bug Fixes

  • kinesisanalytics-flink-alpha: mark deprecated flink runtimes as deprecated (#37155) (0a89447)

2.243.0-alpha.0 (2026-03-11)

2.242.0-alpha.0 (2026-03-10)

Features

  • mixins-preview: allow passing resource objects into properties in CFN Property mixins (#37148) (f238629)
  • mixins-preview: generate EventBridge pattern for all events (#37081) (f30e836)
  • mixins-preview: support custom merge strategies via IMergeStrategy (#37170) (0dec011)

2.241.0-alpha.0 (2026-03-02)

Features

  • mixins-preview: add recordFields and outputFormat to Vended Logs Mixin (#37042) (dd94c31)
  • mixins-preview: cross account delivery destinations (#36827) (a759eb6)

... (truncated)

Commits
  • b5670b3 chore(release): 2.248.0 (#37509)
  • 693603e chore(release): 2.248.0
  • 9aceb58 chore(merge-back): 2.247.0 (#37506)
  • 78536e6 Merge branch 'main' into merge-back/2.247.0
  • 322299f chore(deps-dev): bump lodash from 4.17.23 to 4.18.1 in the npm_and_yarn group...
  • 470856c fix(eks): downgrade isolated subnet validation from error to warning (#37500)
  • 0fbaf7a docs(mixins): expand mixin guidelines with when-not-to-use criteria, auxiliar...
  • f50b8a4 chore(release): 2.247.0 (#37497)
  • 447ac6c chore: trigger build
  • 7b6c66f chore: update analytics metadata blueprints
  • Additional commits viewable in compare view

Updates beautifulsoup4 from 4.12.3 to 4.14.3

Updates python-dotenv from 1.0.0 to 1.2.2

Release notes

Sourced from python-dotenv's releases.

v1.2.2

Added

  • Support for Python 3.14, including the free-threaded (3.14t) build. (#)

Changed

  • The dotenv run command now forwards flags directly to the specified command by @​bbc2 in theskumar/python-dotenv#607
  • Improved documentation clarity regarding override behavior and the reference page.
  • Updated PyPy support to version 3.11.
  • Documentation for FIFO file support.
  • Support for Python 3.9.

Fixed

Breaking Changes

  • dotenv.set_key and dotenv.unset_key used to follow symlinks in some situations. This is no longer the case. For that behavior to be restored in all cases, follow_symlinks=True should be used.

  • In the CLI, set and unset used to follow symlinks in some situations. This is no longer the case.

  • dotenv.set_key, dotenv.unset_key and the CLI commands set and unset used to reset the file mode of the modified .env file to 0o600 in some situations. This is no longer the case: The original mode of the file is now preserved. Is the file needed to be created or wasn't a regular file, mode 0o600 is used.

Misc

New Contributors

Full Changelog: theskumar/python-dotenv@v1.2.1...v1.2.2

v1.2.1

What's Changed

... (truncated)

Changelog

Sourced from python-dotenv's changelog.

[1.2.2] - 2026-03-01

Added

  • Support for Python 3.14, including the free-threaded (3.14t) build. (#588)

Changed

  • The dotenv run command now forwards flags directly to the specified command by [@​bbc2] in #607
  • Improved documentation clarity regarding override behavior and the reference page.
  • Updated PyPy support to version 3.11.
  • Documentation for FIFO file support.
  • Dropped Support for Python 3.9.

Fixed

  • Improved set_key and unset_key behavior when interacting with symlinks by [@​bbc2] in [790c5c0]
  • Corrected the license specifier and added missing Python 3.14 classifiers in package metadata by [@​JYOuyang] in #590

Breaking Changes

  • dotenv.set_key and dotenv.unset_key used to follow symlinks in some situations. This is no longer the case. For that behavior to be restored in all cases, follow_symlinks=True should be used.

  • In the CLI, set and unset used to follow symlinks in some situations. This is no longer the case.

  • dotenv.set_key, dotenv.unset_key and the CLI commands set and unset used to reset the file mode of the modified .env file to 0o600 in some situations. This is no longer the case: The original mode of the file is now preserved. Is the file needed to be created or wasn't a regular file, mode 0o600 is used.

[1.2.1] - 2025-10-26

  • Move more config to pyproject.toml, removed setup.cfg
  • Add support for reading .env from FIFOs (Unix) by [@​sidharth-sudhir] in #586

[1.2.0] - 2025-10-26

[1.1.1] - 2025-06-24

Fixed

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • `@dependabot ignore ...

Description has been truncated

@dependabot
chore(deps): bump the dependencies group with 8 updates
26a9e8c 
Bumps the dependencies group with 8 updates:

| Package | From | To |
| --- | --- | --- |
| [opensearch-py](https://github.com/opensearch-project/opensearch-py) | `2.7.1` | `3.1.0` |
| [boto3](https://github.com/boto/boto3) | `1.37.1` | `1.42.84` |
| [requests-aws4auth](https://github.com/tedder/requests-aws4auth) | `1.3` | `1.3.1` |
| [pyyaml](https://github.com/yaml/pyyaml) | `6.0.2` | `6.0.3` |
| [streamlit](https://github.com/streamlit/streamlit) | `1.41.1` | `1.56.0` |
| [aws-cdk-lib](https://github.com/aws/aws-cdk) | `2.186.0` | `2.248.0` |
| [beautifulsoup4](https://www.crummy.com/software/BeautifulSoup/bs4/) | `4.12.3` | `4.14.3` |
| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.0` | `1.2.2` |


Updates `opensearch-py` from 2.7.1 to 3.1.0
- [Release notes](https://github.com/opensearch-project/opensearch-py/releases)
- [Changelog](https://github.com/opensearch-project/opensearch-py/blob/main/CHANGELOG.md)
- [Commits](opensearch-project/opensearch-py@v2.7.1...v3.1.0)

Updates `boto3` from 1.37.1 to 1.42.84
- [Release notes](https://github.com/boto/boto3/releases)
- [Commits](boto/boto3@1.37.1...1.42.84)

Updates `requests-aws4auth` from 1.3 to 1.3.1
- [Release notes](https://github.com/tedder/requests-aws4auth/releases)
- [Changelog](https://github.com/tedder/requests-aws4auth/blob/main/HISTORY.md)
- [Commits](tedder/requests-aws4auth@v1.3.0...v1.3.1)

Updates `pyyaml` from 6.0.2 to 6.0.3
- [Release notes](https://github.com/yaml/pyyaml/releases)
- [Changelog](https://github.com/yaml/pyyaml/blob/6.0.3/CHANGES)
- [Commits](yaml/pyyaml@6.0.2...6.0.3)

Updates `streamlit` from 1.41.1 to 1.56.0
- [Release notes](https://github.com/streamlit/streamlit/releases)
- [Commits](streamlit/streamlit@1.41.1...1.56.0)

Updates `aws-cdk-lib` from 2.186.0 to 2.248.0
- [Release notes](https://github.com/aws/aws-cdk/releases)
- [Changelog](https://github.com/aws/aws-cdk/blob/main/CHANGELOG.v2.alpha.md)
- [Commits](aws/aws-cdk@v2.186.0...v2.248.0)

Updates `beautifulsoup4` from 4.12.3 to 4.14.3

Updates `python-dotenv` from 1.0.0 to 1.2.2
- [Release notes](https://github.com/theskumar/python-dotenv/releases)
- [Changelog](https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md)
- [Commits](theskumar/python-dotenv@v1.0.0...v1.2.2)

---
updated-dependencies:
- dependency-name: opensearch-py
  dependency-version: 3.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: boto3
  dependency-version: 1.42.84
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: requests-aws4auth
  dependency-version: 1.3.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: pyyaml
  dependency-version: 6.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: streamlit
  dependency-version: 1.56.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: aws-cdk-lib
  dependency-version: 2.248.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: beautifulsoup4
  dependency-version: 4.14.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: python-dotenv
  dependency-version: 1.2.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Apr 7, 2026

Labels

The following labels could not be found: python. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@timmanik timmanik merged commit 6f2b861 into main Apr 7, 2026
2 checks passed
@dependabot dependabot bot deleted the dependabot/pip/dependencies-f4afca5922 branch April 7, 2026 18:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@timmanik