Sourced from requests-cache's releases.

v1.3: Performance and memory use improvements, compatibility fixes, and LRU filesystem backend

See Changelog for complete release details.

Sourced from requests-cache's changelog.

1.3.0 (2026-02-02)

⚠️ Deprecations & removals:

• See changes to BSON and JSON serializers below:

💾 Serialization:

• Significantly reduce the memory usage of JSON serialization
• ⚠️ serializer='json' will no longer automatically use ultrajson if installed; it must be specified explicitly
• ⚠️ Drop support for standalone bson codec; please install pymongo to use BSON serialization
• Remove [bson] package extra to prevent accidentally installing it in the same environment as pymongo
• When using BSON serialization with the filesystem backend, add a .bson file extension by default
• Add support for orjson as a JSON serializer
  • However, see ijl/orjson#483 for potential memory issues
• Add the following serializer objects to specify a JSON library: json_serializer, ujson_serializer, and orjson_serializer
• Remove [json] package extra due to multiple supported JSON libraries
• Allow decode_content to be set to different values across multiple sessions in use at the same time

💾 Backends:

• SQLite:
  • Use exclusive transaction locks to prevent write contention; replaces retry behavior
• *Filesystem:
  • Add {py:class}requests_cache.backends.filesystem.LRUFileDict class to optionally limit the size of the filesystem cache. Enabled with max_cache_bytes argument.
• Redis:
  • For maintenance/inspection methods that iterate over the cache, use SCAN and HSCAN instead of KEYS, HKEYS, and HGETALL
• DynamoDB:
  • Add optional parameter create_table of DynamoDBCache to control if the class attempts to create the table in DynamoDB or not.
• GridFS:
  • Add a connection parameter to allow passing an existing MongoClient object

🕗 Expiration & headers:

• Add support for Vary: Cookie

⚙️ Session settings:

• Add autoclose option to close backend connections when the session is closed
• Add read_only option to read existing cached responses, but not write any new responses to the cache

ℹ️ Cache convenience methods:

• Add verify parameter to BaseCache.contains() and delete() to handle requests made with SSL verification disabled

🧩 Compatibility and packaging:

• Add support for Python 3.13 and 3.14
• Add compatibility with url-normalize 2.0
• Add compatibility with FIPS-compliant systems
  • Note: Due to using a different hashing algorithm for cache keys, caches cannot be shared between FIPS- and non-FIPS-compliant systems
• Packaging and project config are now managed by uv
  • This has no impact for users; installation from PyPI still works the same
  • For developers, see Contributing Guide for details

🪲 Bugfixes:

• Allow content_root_key setting to target a sub-tree in normalize_json_body, so only listed fields under that key are ignored in cache keys

... (truncated)

• aad7dad Update changelog
• 054f130 Update dependencies and pre-commit hooks
• d89e1a6 Update contributors
• 8d9d42a Bump j178/prek-action from 1.0.11 to 1.1.0
• 001532f Merge pull request #1135 from requests-cache/readonly
• 1aa3227 Add read-only session setting
• c4281ba Update pip-audit false positives to ignore
• bb373d2 Merge pull request #1134 from requests-cache/vary-cookie
• 5deac10 Add support for Vary: Cookie
• 3e1e5b4 Merge pull request #1132 from requests-cache/gridfs-connection
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)