⬆️(dependencies) update python dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
boto3	==1.42.17 → ==1.42.34
django-lasuite	==0.0.22 → ==0.0.23
drf-spectacular-sidecar	==2025.12.1 → ==2026.1.1
gunicorn (changelog)	==23.0.0 → ==24.1.1
ipython	==9.8.0 → ==9.9.0
jsonschema (changelog)	==4.25.1 → ==4.26.0
langfuse	==3.11.2 → ==3.12.0
markdown (changelog)	==3.10 → ==3.10.1
openai	==2.14.0 → ==2.15.0
pycrdt	==0.12.44 → ==0.12.45
pylint-django	==2.6.1 → ==2.7.0
ruff (source, changelog)	==0.14.10 → ==0.14.14
sentry-sdk (changelog)	==2.48.0 → ==2.50.0
types-requests (changelog)	==2.32.4.20250913 → ==2.32.4.20260107

---

Release Notes

boto/boto3 (boto3)

v1.42.34

Compare Source

=======

• api-change:connect: [botocore] Amazon Connect now offers public APIs to programmatically configure and run automated tests for contact center experiences. Integrate testing into CICD pipelines, run multiple tests at scale, and retrieve results via API to automate validation of voice interactions and workflows.
• api-change:datazone: [botocore] Added api for deleting data export configuration for a domain
• api-change:qconnect: [botocore] Fixes incorrect types in the UpdateAssistantAIAgent API request, adds MESSAGE to TargetType enum, and other minor changes.

v1.42.33

Compare Source

=======

• api-change:autoscaling: [botocore] This release adds support for Amazon EC2 Auto Scaling group deletion protection
• api-change:budgets: [botocore] Add Budget FilterExpression and Metrics fields to DescribeBudgetPerformanceHistory to support more granular filtering options.
• api-change:dynamodb: [botocore] Adds additional waiters to Amazon DynamoDB.
• api-change:ec2: [botocore] Add better support for fractional GPU instances in DescribeInstanceTypes API. The new fields, logicalGpuCount, gpuPartitionSize, and workload array enable better GPU resource selection and filtering for both full and fractional GPU instance types.
• api-change:endpoint-rules: [botocore] Update endpoint-rules client to latest version
• api-change:gamelift: [botocore] Amazon GameLift Servers Realtime now supports Node.js 24.x runtime on the Amazon Linux 2023 operating system.
• api-change:guardduty: [botocore] Adding new enum value for ScanStatusReason
• api-change:health: [botocore] Updates the lower range for the maxResults request property for DescribeAffectedEntities, DescribeAffectedEntitiesForOrganization, DescribeEvents, and DescribeEventsForOrganization API request properties.
• api-change:meteringmarketplace: [botocore] Customer Identifier parameter deprecation date has been removed. For new implementations, we recommend using the CustomerAWSAccountID. Your current integration will continue to work. When updating your implementation, consider migrating to CustomerAWSAccountID for improved integration.
• api-change:verifiedpermissions: [botocore] Adding documentation to user guide and API documentation for how customers can create new encrypted policy stores by passing in their customer managed key during policy store creation.

v1.42.32

Compare Source

=======

• api-change:bedrock-agentcore: [botocore] Supports custom browser extensions for AgentCore Browser and increased message payloads up to 100KB per message in an Event for AgentCore Memory
• api-change:config: [botocore] AWS Config Conformance Packs now support tag-on-create through PutConformancePack API.
• api-change:ec2: [botocore] Added support of multiple EBS cards. New EbsCardIndex parameter enables attaching volumes to specific EBS cards on supported instance types for improved storage performance.
• api-change:quicksight: [botocore] Added documentation and model for sheet layout groups - allows sheet elements to be grouped, Added documentation and the feature enables admins to have granular control over connectors under actions, Updated API documentation for PDF Export in Snapshot Export APIs

v1.42.31

Compare Source

=======

• api-change:autoscaling: [botocore] This release adds support for three new filters when describing scaling activities, StartTimeLowerBound, StartTimeUpperBound, and Status.
• api-change:bedrock-runtime: [botocore] Added support for extended prompt caching with one hour TTL.
• api-change:keyspaces: [botocore] Adds support for managing table pre-warming in Amazon Keyspaces (for Apache Cassandra)
• api-change:odb: [botocore] Adds support for associating and disassociating IAM roles with Autonomous VM cluster resources through the AssociateIamRoleToResource and DisassociateIamRoleFromResource APIs. The GetCloudAutonomousVmCluster and ListCloudAutonomousVmClusters API responses now include the iamRoles field.
• api-change:verifiedpermissions: [botocore] Amazon Verified Permissions now supports encryption of resources by a customer managed KMS key. Customers can now create new encrypted policy stores by passing in their customer managed key during policy store creation.
• api-change:workspaces-instances: [botocore] Added billing configuration support for WorkSpaces Instances with monthly and hourly billing modes, including new filtering capabilities for instance type searches.

v1.42.30

Compare Source

=======

• api-change:connect: [botocore] Adds support to allow customers to create form with Dispute configuration
• api-change:datazone: [botocore] This release adds support for numeric filtering and complex free-text searches cases for the Search and SearchListings APIs.
• api-change:glacier: [botocore] Documentation updates for Amazon Glacier's maintenance mode
• api-change:launch-wizard: [botocore] Added UpdateDeployment, ListDeploymentPatternVersions and GetDeploymentPatternVersion APIs for Launch Wizard
• api-change:resource-explorer-2: [botocore] Added ViewName to View-related responses and ServiceViewName to GetServiceView response.
• api-change:sagemaker: [botocore] Adding security consideration comments for lcc accessing execution role under root access

v1.42.29

Compare Source

=======

• api-change:cleanrooms: [botocore] This release adds support for parameters in PySpark analysis templates.
• api-change:deadline: [botocore] AWS Deadline Cloud now supports tagging Budget resources with ABAC for permissions management and selecting up to 16 filter values in the monitor and Search API.
• api-change:ec2: [botocore] This release includes documentation updates to support up to four Elastic Volume modifications per Amazon EBS volume within a rolling 24-hour period.
• api-change:ecs: [botocore] Adds support for configuring FIPS in AWS GovCloud (US) Regions via a new ECS Capacity Provider field fipsEnabled. When enabled, instances launched by the capacity provider will use a FIPS-140 enabled AMI. Instances will use FIPS-140 compliant cryptographic modules and AWS FIPS endpoints.
• api-change:evs: [botocore] A new GetVersions API has been added to retrieve VCF, ESX versions, and EC2 instances provided by Amazon EVS. The CreateEnvironment API now allows you to select a VCF version and the CreateEnvironmentHost API introduces a optional esxVersion parameter.
• api-change:lakeformation: [botocore] API Changes for GTCForLocation feature. Includes a new API, GetTemporaryDataLocationCredentials and updates to the APIs RegisterResource and UpdateResource
• api-change:opensearchserverless: [botocore] Collection groups in Amazon OpenSearch Serverless enables to organize multiple collections and enable compute resource sharing across collections with different KMS keys. This shared compute model reduces costs by eliminating the need for separate OpenSearch Compute Units (OCUs) for each KMS key.
• api-change:qconnect: [botocore] Fix inference configuration shapes for the CreateAIPrompt and UpdateAIPrompt APIs, Modify Text Length Limit for SendMessage API
• enhancement:config: [botocore] Add support for TCP Keep-Alive configuration via BOTOCORE_TCP_KEEPALIVE environment variable

v1.42.28

Compare Source

=======

• api-change:ce: [botocore] Cost Categories added support to BillingView data filter expressions through the new costCategories parameter, enabling users to filter billing views by AWS Cost Categories for more granular cost management and allocation.
• api-change:connect: [botocore] Amazon Connect makes it easier to manage contact center operating hours by enabling automated scheduling for recurring events like holidays and maintenance windows. Set up recurring patterns (weekly, monthly, etc.) or link to another hours of operation to inherit overrides.
• api-change:eks: [botocore] Added support for BOTTLEROCKET NVIDIA FIPS AMIs to AMI types in US regions.
• api-change:rds: [botocore] no feature changes. model migrated to Smithy
• api-change:redshift: [botocore] Adds support for enabling extra compute resources for automatic optimization during create and modify operations in Amazon Redshift clusters.
• api-change:redshift-serverless: [botocore] Adds support for enabling extra compute resources for automatic optimization during create and update operations in Amazon Redshift Serverless workgroups.
• api-change:socialmessaging: [botocore] This release clarifies WhatsApp template operations as a resource-authenticated operation via the parent WhatsApp Business Account. It also introduces new parameters for parameter format, CTA URL link tracking, and template body examples, and increases the phone number ID length.

v1.42.27

Compare Source

=======

• api-change:bedrock: [botocore] This change will increase TestCase guardContent input size from 1024 to 2028 characters and PolicyBuildDocumentDescription from 2000 to 4000 characters
• api-change:datazone: [botocore] Adds support for IAM role subscriptions to Glue table listings via CreateSubscriptionRequest API. Also adds owningIamPrincipalArn filter to List APIs and subscriptionGrantCreationMode parameter to subscription target APIs for controlling grant creation behavior.

v1.42.26

Compare Source

=======

• api-change:billing: [botocore] Cost Categories filtering support to BillingView data filter expressions through the new costCategories parameter, enabling users to filter billing views by AWS Cost Categories for more granular cost management and allocation.
• api-change:iot-managed-integrations: [botocore] This release introduces WiFi Simple Setup (WSS) enabling device provisioning via barcode scanning with automated network discovery, authentication, and credential provisioning. Additionally, it introduces 2P Device Capability Rediscovery for updating hub-managed device capabilities post-onboarding.
• api-change:sagemaker: [botocore] Added ultraServerType to the UltraServerInfo structure to support server type identification for SageMaker HyperPod

v1.42.25

Compare Source

=======

• api-change:bedrock-agentcore-control: [botocore] Adds optional field "view" to GetMemory API input to give customers control over whether CMK encrypted data such as strategy decryption or override prompts is returned or not.
• api-change:cloudfront: [botocore] Added EntityLimitExceeded exception handling to the following API operations AssociateDistributionWebACL, AssociateDistributionTenantWebACL, UpdateDistributionWithStagingConfig
• api-change:glue: [botocore] Adding MaterializedViews task run APIs
• api-change:medialive: [botocore] MediaPackage v2 output groups in MediaLive can now accept one additional destination for single pipeline channels and up to two additional destinations for standard channels. MediaPackage v2 destinations now support sending to cross region MediaPackage channels.
• api-change:transcribe: [botocore] Adds waiters to Amazon Transcribe.

v1.42.24

Compare Source

=======

• api-change:workspaces: [botocore] Add StateMessage and ProgressPercentage fields to DescribeCustomWorkspaceImageImport API response.

v1.42.23

Compare Source

=======

• api-change:ce: [botocore] This release updates existing reservation recommendations API to support deployment model.
• api-change:emr-serverless: [botocore] Added support for enabling disk encryption using customer managed AWS KMS keys to CreateApplication, UpdateApplication and StartJobRun APIs.

v1.42.22

Compare Source

=======

• api-change:cleanroomsml: [botocore] AWS Clean Rooms ML now supports advanced Spark configurations to optimize SQL performance when creating an MLInputChannel or an audience generation job.

v1.42.21

Compare Source

=======

• bugfix:s3: [botocore] Clarify payload_signing_enabled documentation to cover interaction with request_checksum_calculation

v1.42.20

Compare Source

=======

• api-change:cleanrooms: [botocore] Added support for publishing detailed metrics to CloudWatch for operational monitoring of collaborations, including query performance and resource utilization.
• api-change:identitystore: [botocore] This change introduces "Roles" attribute for User entities supported by AWS Identity Store SDK.

v1.42.19

Compare Source

=======

• api-change:connect: [botocore] Adds support for searching global contacts using the ActiveRegions filter, and pagination support for ListSecurityProfileFlowModules and ListEntitySecurityProfiles.
• api-change:endpoint-rules: [botocore] Update endpoint-rules client to latest version
• api-change:kafkaconnect: [botocore] This change sets the KafkaConnect GovCloud FIPS and FIPS DualStack endpoints to use kafkaconnect instead of kafkaconnect-fips as the service name. This is done to match the Kafka endpoints.

v1.42.18

Compare Source

=======

• api-change:connect: [botocore] Changes for Contact for Global Search
• api-change:elastictranscoder: [botocore] The elastictranscoder client has been removed following the deprecation of the service.
• api-change:quicksight: [botocore] This release adds support for quick users to be able to perform role upgrades on their own. Additionally it allows admins to make this feature admin or auto approval along with new self upgrade capability that can be restricted by Admins.

suitenumerique/django-lasuite (django-lasuite)

v0.0.23

Compare Source

Changed

• ⬆️(oidc) allow use mozilla-django-oidc >5.0.0 with PyJWT
• ♻️(malware) reuse existing file_hash when rescheduling a task

tfranzel/drf-spectacular-sidecar (drf-spectacular-sidecar)

v2026.1.1

Compare Source

benoitc/gunicorn (gunicorn)

v24.1.1

Compare Source

Bug Fixes

• Fix forwarded_allow_ips and proxy_allow_ips to remain as strings for backward
  compatibility with external tools like uvicorn. Network validation now uses strict
  mode to detect invalid CIDR notation (e.g., 192.168.1.1/24 where host bits are set)
  (#​3458,
  PR #​3459)

---

Full Changelog: benoitc/gunicorn@24.1.0...24.1.1

v24.1.0: Gunicorn 24.1.0

Compare Source

New Features

• Official Docker Image: Gunicorn now publishes official Docker images to GitHub Container Registry (PR #​3454)

  • Available at ghcr.io/benoitc/gunicorn
  • Based on Python 3.12 slim image
  • Uses recommended worker formula (2 × CPU + 1)
  • Configurable via environment variables

• PROXY Protocol v2 Support: Extended PROXY protocol implementation to support the binary v2 format in addition to the existing text-based v1 format (PR #​3451)

  • New --proxy-protocol modes: off, v1, v2, auto
  • auto mode (default when enabled) detects v1 or v2 automatically
  • v2 binary format is more efficient and supports additional metadata
  • Works with HAProxy, AWS NLB/ALB, and other PROXY protocol v2 sources

• CIDR Network Support: --forwarded-allow-ips and --proxy-allow-from now accept CIDR notation (e.g., 192.168.0.0/16) for specifying trusted networks (PR #​3449)

• Socket Backlog Metric: New gunicorn.socket.backlog gauge metric reports the current socket backlog size on Linux systems (PR #​3450)

• InotifyReloader Enhancement: The inotify-based reloader now watches newly imported modules, not just those loaded at startup (PR #​3447)

Bug Fixes

• Fix signal handling regression where SIGCLD alias caused "Unhandled signal: cld" errors on Linux when workers fail during boot (#​3453)
• Fix socket blocking mode on keepalive connections preventing SSL handshake failures with async workers (PR #​3452)
• Use smaller buffer size in finish_body() for faster timeout detection on slow or abandoned connections (PR #​3453)
• Handle SSLWantReadError in finish_body() to prevent worker hangs during SSL renegotiation (PR #​3448)
• Log SIGTERM as info level instead of warning to reduce noise in orchestrated environments (PR #​3446)
• Print exception details to stderr when worker fails to boot (PR #​3443)
• Fix unreader.unread() to prepend data to buffer instead of appending (PR #​3442)
• Prevent RecursionError when pickling Config objects (PR #​3441)
• Use proper exception chaining with raise from in glogging.py (PR #​3440)

Installation

pip install gunicorn==24.1.0

Or use the official Docker image:

docker pull ghcr.io/benoitc/gunicorn:24.1.0

v24.0.0

Compare Source

New Features

• ASGI Worker (Beta): Native asyncio-based ASGI support for running async Python frameworks like FastAPI, Starlette, and Quart without external dependencies

  • HTTP/1.1 with keepalive connections
  • WebSocket support
  • Lifespan protocol for startup/shutdown hooks
  • Optional uvloop for improved performance

• uWSGI Binary Protocol: Support for receiving requests from nginx via uwsgi_pass directive

• Documentation Migration: Migrated to MkDocs with Material theme

Security

• eventlet: Require eventlet >= 0.40.3 (CVE-2021-21419, CVE-2025-58068)
• gevent: Require gevent >= 24.10.1 (CVE-2023-41419, CVE-2024-3219)
• tornado: Require tornado >= 6.5.0 (CVE-2025-47287)

Install

pip install gunicorn==24.0.0

ipython/ipython (ipython)

v9.9.0

Compare Source

python-jsonschema/jsonschema (jsonschema)

v4.26.0

Compare Source

=======

• Decrease import time by delaying importing of urllib.request (#​1416).

Python-Markdown/markdown (markdown)

v3.10.1

Compare Source

Fixed

• Ensure nested elements inside inline comments are properly unescaped (#​1571).
• Make the docs build successfully with mkdocstrings-python 2.0 (#​1575).
• Fix infinite loop when multiple bogus or unclosed HTML comments appear in input (#​1578).
• Fix another infinite loop when handling bad comments (#​1586).

openai/openai-python (openai)

v2.15.0

Compare Source

Full Changelog: v2.14.0...v2.15.0

Features

• api: add new Response completed_at prop (f077752)

Chores

• internal: codegen related update (e7daba6)

y-crdt/pycrdt (pycrdt)

v0.12.45

Compare Source

• Raise all exceptions from observer callbacks in an exception group.

pylint-dev/pylint-django (pylint-django)

v2.7.0

Compare Source

We added support for pylint 4.0.0+.

Other

- CI now tests against Django 5.2
- CI now tests against python 3.13
- CI now tests against python 3.14
- CI now tests against pylint 4.0.0+

Version 2.6.1
-------------

NOTICE

We dropped support for Python 3.7, 3.8, and for pylint below 3.0.

Bugfixes

- Added Django aliases for ranges to support psycopg 2 and 3 (`#&#8203;421 <https://github.com/pylint-dev/pylint-django/pull/421>`_)
- Support for Python 3.12 datetime (`#&#8203;427 <https://github.com/pylint-dev/pylint-django/pull/427>`_)
- Fixed location of installed LICENSE file (`#&#8203;431 <https://github.com/pylint-dev/pylint-django/issues/431>`_)
- Fixed ForeignKeyStringChecker referencing linter config incorrectly (`#&#8203;430 <https://github.com/pylint-dev/pylint-django/issues/430>`_)

Other
~~~~~

- CI now tests against Django 5.1

Version 2.6.0 (09 Oct. 2024)
----------------------------

Not released for lack of a release pipeline at the time the tag was created.

Version 2.5.5 (14 May 2023)
---------------------------

NOTICE
~~~~~~

This version drops support for Python 3.6

Bugfixes

• Fixed compatibility issue with datetime classes and python 3.12 (#&#8203;425 <https://github.com/pylint-dev/pylint-django/issues/425>_)

astral-sh/ruff (ruff)

v0.14.14

Compare Source

Released on 2026-01-22.

Preview features

• Preserve required parentheses in lambda bodies (#​22747)
• Combine range suppression code diagnostics (#​22613)
• [airflow] Second positional argument to Asset/Dataset should not be a dictionary (AIR303) (#​22453)
• [ruff] Detect duplicate entries in __all__ (RUF068) (#​22114)

Bug fixes

• [pyupgrade] Allow shadowing non-builtin bindings (UP029) (#​22749)
• [pyupgrade] Apply UP045 to string arguments of typing.cast (#​22320)
• [flake8-pie] Detect duplicated declared class fields in PIE794 (#​22717)

Rule changes

• [flake8-pyi] Fix inconsistent handling of forward references for __new__, __enter__, __aenter__ in PYI034 (#​22798)
• [flake8-pytest-style] Support check parameter in PT011 (#​22725)
• [ruff] Add exception for ctypes.Structure._fields_ (RUF012) (#​22559)
• Many fixes are now marked unsafe if they would remove comments:
  • [flake8-bugbear] B009, B010, B013, B014, B033
  • [flake8-simplify] SIM910, SIM911
  • [pyupgrade] UP007, UP039, UP041, UP045
  • [refurb] FURB105, FURB116, FURB136, FURB140, FURB145, FURB154, FURB157, FURB164,FURB181, FURB188
  • [ruff] RUF019, RUF020

Documentation

• Add --exit-non-zero-on-format to formatter exit codes section (#​22761)
• Update contributing guide for adding a new rule (#​22779)
• [FastAPI] Document fix safety for FAST001 (#​22655)
• [flake8-async] Tweak explanation to focus on latency/efficiency tradeoff (ASYNC110) (#​22715)
• [pandas-vet] Make example error out-of-the-box (PD002) (#​22561)
• [refurb] Make the example work out of box (FURB101) (#​22770)
• [refurb] Make the example work out of box (FURB103) (#​22769)

Contributors

• @​alejsdev
• @​ntBre
• @​caiquejjx
• @​chirizxc
• @​denyszhak
• @​sjyangkevin
• @​MeGaGiGaGon
• @​leandrobbraga
• @​MichaReiser
• @​carljm
• @​amyreese
• @​zsol
• @​harupy

v0.14.13

Released on 2026-01-15.

This is a follow-up release to 0.14.12. Because of an issue publishing the WASM packages, there is no GitHub release or Git tag for 0.14.12, although the package was published to PyPI. The contents of the 0.14.13 release are identical to 0.14.12.

v0.14.12

Released on 2026-01-15.

Preview features

• [flake8-blind-except] Allow more logging methods (BLE001) (#​22057)
• [ruff] Respect lint.pydocstyle.property-decorators in RUF066 (#​22515)

Bug fixes

• Fix configuration path in --show-settings (#​22478)
• Respect fmt: skip for multiple statements on the same logical line (#​22119)

Rule changes

• [pydocstyle] Update Rust crate imperative to v1.0.7 (D401) (#​22519)
• [isort] Insert imports in alphabetical order (I002) (#​22493)

Documentation

• Add llms.txt support for documentation (#​22463)
• Use prek in documentation and CI (#​22505)
• [flake8-pytest-style] Add check parameter example to PT017 docs (#​22546)
• [ruff] Make example error out-of-the-box (RUF103) (#​22558)
• [ruff] document RUF100 trailing comment fix behavior (#​22479)

Other changes

• wasm: Require explicit logging initialization (#​22587)

Contributors

• @​terror
• @​harupy
• @​Jkhall81
• @​dhruvmanila
• @​lubaskinc0de
• @​zanieb
• @​MeGaGiGaGon
• @​charliermarsh
• @​renovate
• @​dylwil3
• @​MichaReiser
• @​11happy

v0.14.11

Compare Source

Released on 2026-01-08.

Preview features

• Consolidate diagnostics for matched disable/enable suppression comments (#​22099)
• Report diagnostics for invalid/unmatched range suppression comments (#​21908)
• [airflow] Passing positional argument into airflow.lineage.hook.HookLineageCollector.create_asset is not allowed (AIR303) (#​22046)
• [refurb] Mark FURB192 fix as always unsafe (#​22210)
• [ruff] Add non-empty-init-module (RUF067) (#​22143)

Bug fixes

• Fix GitHub format for multi-line diagnostics (#​22108)
• [flake8-unused-arguments] Mark **kwargs in TypeVar as used (ARG001) (#​22214)

Rule changes

• Add help: subdiagnostics for several Ruff rules that can sometimes appear to disagree with ty (#​22331)
• [pylint] Demote PLW1510 fix to display-only (#​22318)
• [pylint] Ignore identical members (PLR1714) (#​22220)
• [pylint] Improve diagnostic range for PLC0206 (#​22312)
• [ruff] Improve fix title for RUF102 invalid rule code (#​22100)
• [flake8-simplify]: Avoid unnecessary builtins import for SIM105 (#​22358)

Configuration

• Allow Python 3.15 as valid target-version value in preview (#​22419)
• Check required-version before parsing rules (#​22410)
• Include configured src directories when resolving graphs (#​22451)

Documentation

• Update T201 suggestion to not use root logger to satisfy LOG015 (#​22059)
• Fix iter example in unsafe fixes doc (#​22118)
• [flake8_print] better suggestion for basicConfig in T201 docs (#​22101)
• [pylint] Restore the fix safety docs for PLW0133 (#​22211)
• Fix Jupyter notebook discovery info for editors (#​22447)

Contributors

• @​charliermarsh
• @​ntBre
• @​cenviity
• @​njhearp
• @​cbachhuber
• @​jelle-openai
• @​AlexWaygood
• @​ValdonVitija
• @​BurntSushi
• @​Jkhall81
• @​PeterJCLaw
• @​harupy
• @​amyreese
• @​sjyangkevin
• @​woodruffw

getsentry/sentry-python (sentry-sdk)

v2.50.0

Compare Source

New Features ✨

Ai

• feat(ai): add cache writes for gen_ai by @​shellmayr in #​5319
• feat(ai): add parse_data_uri function to parse a data URI by @​constantinius in #​5311

Other

• feat(asyncio): Add on-demand way to enable AsyncioIntegration by @​sentrivana in #​5288

  You can now enable the AsyncioIntegration on demand, after calling sentry_sdk.init(). This is useful in scenarios where you don't have
  the event loop running early on, or when you need to instrument multiple event loops.

import sentry_sdk
from sentry_sdk.integrations.asyncio import enable_asyncio_integration

# Initializing the SDK as early as possible, when there is no event loop yet
sentry_sdk.init(
    ...
    # No AsyncioIntegration in explicitly provided `integrations`
)

async def main():
    enable_asyncio_integration()  # instruments the current event loop
    # ...your code...

• feat(openai-agents): Inject propagation headers for HostedMCPTool by @​alexander-alderman-webb in #​5297
• feat(stdlib): Handle proxy tunnels in httlib integration by @​sl0thentr0py in #​5303
• feat: Support array types for logs and metrics attributes by @​alexander-alderman-webb in #​5314

Bug Fixes 🐛

Integrations

• fix(integrations): google genai report image inputs by @​constantinius in #​5337
• fix(integrations): google-genai: reworked gen_ai.request.messages extraction from parameters by @​constantinius in #​5275
• fix(integrations): pydantic-ai: properly format binary input message parts to be conformant with the gen_ai.request.messages structure by @​constantinius in #​5251
• fix(integrations): Anthropic: add content transformation for images and documents by @​constantinius in #​5276
• fix(integrations): langchain add multimodal content transformation functions for images, audio, and files by @​constantinius in #​5278

Litellm

• fix(litellm): fix gen_ai.request.messages to be as expected by @​constantinius in #​5255
• fix(litellm): Guard against module shadowing by @​alexander-alderman-webb in #​5249

Other

• fix(ai): redact message parts content of type blob by @​constantinius in #​5243
• fix(clickhouse): Guard against module shadowing by @​alexander-alderman-webb in #​5250
• fix(gql): Revert signature change of patched gql.Client.execute by @​alexander-alderman-webb in #​5289
• fix(grpc): Derive interception state from channel fields by @​alexander-alderman-webb in #​5302
• fix(pure-eval): Guard against module shadowing by @​alexander-alderman-webb in #​5252
• fix(ray): Guard against module shadowing by @​alexander-alderman-webb in #​5254
• fix(threading): Handle channels shadowing by @​sentrivana in #​5299
• fix(typer): Guard against module shadowing by @​alexander-alderman-webb in #​5253
• fix: Stop suppressing exception chains in AI integrations by @​alexander-alderman-webb in #​5309
• fix: Send client reports for span recorder overflow by @​sentrivana in #​5310

Documentation 📚

• docs(metrics): Remove experimental notice by @​alexander-alderman-webb in #​5304
• docs: Update Python versions banner in README by @​sentrivana in #​5287

Internal Changes 🔧

Fastmcp

• test(fastmcp): Narrow AttributeError try-except by @​alexander-alderman-webb in #​5339
• test(fastmcp): Stop accessing non-existent attribute by @​alexander-alderman-webb in #​5338

Release

• ci(release): Bump Craft version to fix issues by @​BYK in #​5305
• ci(release): Switch from action-prepare-release to Craft by @​BYK in #​5290

Other

• chore(gen_ai): add auto-enablement for google genai by @​shellmayr in #​5295
• chore(repo): Add Claude Code settings with basic permissions by @​philipphofmann in #​5342
• ci: 🤖 Update test matrix with new releases (01/19) by @​github-actions in #​5330
• ci: Add periodic AI integration tests by @​alexander-alderman-webb in #​5313
• chore: Use pull_request_target for changelog preview by @​BYK in #​5323
• chore: add unlabeled trigger to changelog-preview by @​BYK in #​5315
• chore: Add type for metric units by @​sentrivana in #​5312
• ci: Update tox and handle generic classifiers by @​sentrivana in #​5306

v2.49.0

Compare Source

New Features ✨

• feat(api): Add Scope.set_attribute by @​sentrivana in #​5256

Bug Fixes 🐛

• fix(grpc): Gate third-party imports by @​alexander-alderman-webb in #​5246
• fix(opentelemetry): Gate third-party imports by @​alexander-alderman-webb in #​5247
• fix(ray): Keep variadic kwargs last in signatures by @​alexander-alderman-webb in #​5244
• fix(trytond): Gate third-party imports by @​alexander-alderman-webb in #​5245
• Fix openai count_tokens by @​sl0thentr0py in #​5281

Documentation 📚

• docs: Fix typo in comment by @​sentrivana in #​5280
• docs: Fix middleware_spans docstring by @​sentrivana in #​5279

Internal Changes 🔧

• ref(scope): Set global attrs on global scope by @​sentrivana in #​5259
• chore: Ignore type migration for scripts/ and tests/ in blame by @​alexander-alderman-webb in #​5284
• ref: Properly override parent func by @​sentrivana in #​5283
• ci: Allow to use Craft's new auto-versioning by @​sentrivana in #​5218
• ref: Deduplicate batchers by @​sentrivana in #​5263
• tests: Add dedicated transport format test for metrics, logs by @​sentrivana in #​5264
• ci: 🤖 Update test matrix with new releases (01/05) by @​github-actions in #​5273
• tests: General logs tests should use Sentry logs API by @​sentrivana in #​5262
• tests: Test preserialization of attributes by @​sentrivana in #​5260
• ci: Unpin Pydantic 1.x version in tests by @​alexander-alderman-webb in #​5261
• ref: Make logs, metrics go via scope by @​sentrivana in #​5213
• ci: Fix failing arq, fastapi tests on 3.7; update test matrix by @​sentrivana in #​5258

---

Configuration

📅 Schedule: Branch creation - "before 7am on monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	next@​15.5.9
	eslint-config-next@​15.5.9
	convert-stream@​1.0.2
	jest@​30.2.0
	@​typescript-eslint/​parser@​8.53.0
	@​types/​supertest@​6.0.3
	workbox-webpack-plugin@​7.1.0
	@​types/​pdf-parse@​1.1.5
	@​types/​ws@​8.18.1
	@​types/​react-dom@​19.2.3
	lodash@​4.17.23
	@​types/​jest@​30.0.0
	@​types/​luxon@​3.7.1
	crisp-sdk-web@​1.0.27
	vitest@​4.0.17
	@​types/​react@​19.2.8
	clsx@​2.1.1
	@​types/​lodash@​4.17.23
	express-ws@​5.0.2
	@​typescript-eslint/​eslint-plugin@​8.53.0
	@​types/​express-ws@​3.0.6
	@​types/​node@​24.10.9
	i18next-parser@​9.3.0
	nodemon@​3.1.11
	cross-env@​10.1.0
	emoji-mart@​5.6.0
	stylelint-prettier@​5.0.3
	ts-node@​10.9.2
	vitest-mock-extended@​3.1.0
	eslint-plugin-react@​7.37.5
	canvg@​4.0.3
	tsc-alias@​1.8.16
	uuid@​13.0.0
See 42 more rows in the dashboard

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm vite is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: ? → npm/vitest@4.0.17 → npm/vite@7.1.12 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/vite@7.1.12. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm vite is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: ? → npm/vite-tsconfig-paths@6.0.4 → npm/vite@7.3.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/vite@7.3.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report