Bump the dependencies group with 38 updates

[dependabot]

Bumps the dependencies group with 38 updates:

Package	From	To
pydantic	2.12.5	2.13.0
pymongo	4.10.1	4.16.0
paramiko	3.5.1	4.0.0
boto3	1.42.46	1.42.89
memray	1.19.2	1.19.3
azure-storage-blob	12.27.1	12.28.0
azure-identity	1.25.2	1.25.3
moto	5.1.21	5.1.22
responses	0.21.0	0.26.0
mkdocs-material	9.7.1	9.7.6
attrs	25.4.0	26.1.0
botocore	1.42.46	1.42.89
cryptography	46.0.6	46.0.7
pydantic-core	2.41.5	2.46.0
pytz	2025.2	2026.1.post1
urllib3	1.26.20	2.6.3
tzdata	2025.3	2026.1
azure-core	1.38.1	1.39.0
backrefs	6.1	6.2
certifi	2026.1.4	2026.2.25
charset-normalizer	3.4.4	3.4.7
mkdocs-get-deps	0.2.0	0.2.2
mpmath	1.3.0	1.4.1
msal	1.34.0	1.36.0
narwhals	2.16.0	2.19.0
plotly	6.5.2	6.7.0
pyjwt	2.12.0	2.12.1
pymdown-extensions	10.20.1	10.21.2
pytest-cov	7.0.0	7.1.0
rich	14.3.2	15.0.0
ruff	0.15.0	0.15.10
textual	7.5.0	8.2.3
tomli	2.4.0	2.4.1
virtualenv	20.36.1	21.2.3
werkzeug	3.1.6	3.1.8
xmltodict	1.0.2	1.0.4
pybtex	0.25.1	0.26.1
zipp	3.23.0	3.23.1

Updates pydantic from 2.12.5 to 2.13.0

Release notes

Sourced from pydantic's releases.

v2.13.0 2026-04-13

v2.13.0 (2026-04-13)

The highlights of the v2.13 release are available in the blog post. Several minor changes (considered non-breaking changes according to our versioning policy) are also included in this release. Make sure to look into them before upgrading.

This release contains the updated pydantic.v1 namespace, matching version 1.10.26 which includes support for Python 3.14.

What's Changed

See the beta releases for all changes sinces 2.12.

Packaging

• Add zizmor for GitHub Actions workflow linting by @​Viicos in #13039
• Update jiter to v0.14.0 to fix a segmentation fault on musl Linux by @​Viicos in #13064

New Features

• Allow default factories of private attributes to take validated model data by @​Viicos in #13013

Changes

• Warn when serializing fixed length tuples with too few items by @​arvindsaripalli in #13016

Fixes

• Change type of Any when synthesizing _build_sources for BaseSettings.__init__() signature in the mypy plugin by @​Viicos in #13049
• Fix model equality when using runtime extra configuration by @​Viicos in #13062

New Contributors

• @​arvindsaripalli made their first contribution in #13016

Full Changelog: pydantic/pydantic@v2.12.0...v2.13.0

v2.13.0b3 2026-03-31

What's Changed

Packaging

• Add riscv64 build target for manylinux by @​boosterl in #12723

New Features

• Add ascii_only option to StringConstraints by @​ai-man-codes in #12907
• Support exclude_if in computed fields by @​andresliszt in #12748
• Push down constraints in unions involving MISSING sentinel by @​Viicos in #12908

... (truncated)

Changelog

Sourced from pydantic's changelog.

v2.13.0 (2026-04-13)

GitHub release

The highlights of the v2.13 release are available in the blog post. Several minor changes (considered non-breaking changes according to our versioning policy) are also included in this release. Make sure to look into them before upgrading.

This release contains the updated pydantic.v1 namespace, matching version 1.10.26 which includes support for Python 3.14.

What's Changed

See the beta releases for all changes sinces 2.12.

New Features

• Allow default factories of private attributes to take validated model data by @​Viicos in #13013

Changes

• Warn when serializing fixed length tuples with too few items by @​arvindsaripalli in #13016

Fixes

• Change type of Any when synthesizing _build_sources for BaseSettings.__init__() signature in the mypy plugin by @​Viicos in #13049
• Fix model equality when using runtime extra configuration by @​Viicos in #13062

Packaging

• Add zizmor for GitHub Actions workflow linting by @​Viicos in #13039
• Update jiter to v0.14.0 to fix a segmentation fault on musl Linux by @​Viicos in #13064

New Contributors

• @​arvindsaripalli made their first contribution in #13016

v2.13.0b3 (2026-03-31)

GitHub release

What's Changed

New Features

• Add ascii_only option to StringConstraints by @​ai-man-codes in #12907
• Support exclude_if in computed fields by @​andresliszt in #12748
• Push down constraints in unions involving MISSING sentinel by @​Viicos in #12908

Changes

... (truncated)

Commits

• 46bf4fa Fix Pydantic release workflow (#13067)
• 1b359ed Prepare release v2.13.0 (#13065)
• b1bf194 Fix model equality when using runtime extra configuration (#13062)
• 17a35e3 Update jiter to v0.14.0 (#13064)
• feea402 Use simulation mode in Codspeed CI (#13063)
• 671c9b0 Add basic benchmarks for model equality (#13061)
• d17d71e Bump cryptography from 46.0.6 to 46.0.7 (#13056)
• 919d61a 👥 Update Pydantic People (#13059)
• e7cf5dc Fix people workflow (#13047)
• 2a806ad Add regression test for MISSING sentinel serialization with subclasses (#13...
• Additional commits viewable in compare view

Updates pymongo from 4.10.1 to 4.16.0

Release notes

Sourced from pymongo's releases.

PyMongo 4.16.0

Community notes:

PyMongo 4.15.5

Community notes: https://www.mongodb.com/community/forums/t/pymongo-4-15-5-released/332185

PyMongo 4.15.4

Community notes: https://www.mongodb.com/community/forums/t/pymongo-4-15-4-released/331292

PyMongo 4.15.3

Community notes: https://www.mongodb.com/community/forums/t/pymongo-4-15-3-released/329778

PyMongo 4.15.2

Community notes: https://www.mongodb.com/community/forums/t/pymongo-4-15-2-released/329543

PyMongo 4.15.1

Community notes: https://www.mongodb.com/community/forums/t/pymongo-4-15-1-released/328837

PyMongo 4.15.0

Community notes: https://www.mongodb.com/community/forums/t/pymongo-4-15-released/328574

PyMongo 4.14.1

Community notes: https://www.mongodb.com/community/forums/t/pymongo-4-14-1-released/327511

PyMongo 4.14.0

Community notes: https://www.mongodb.com/community/forums/t/pymongo-4-14-released/326906

PyMongo 4.13.2

Community notes: https://www.mongodb.com/community/forums/t/pymongo-4-13-2-released/323705

PyMongo 4.13.1

Community notes: https://www.mongodb.com/community/forums/t/pymongo-4-13-1-released/323356

PyMongo 4.13.0

Community notes: https://www.mongodb.com/community/forums/t/pymongo-4-13-0-released/321391.

PyMongo 4.12.1

Community notes: https://www.mongodb.com/community/forums/t/pymongo-4-12-1-released/320326

What's Changed

• PYTHON-5288: [v4.12] SRV hostname validation fails when resolver and resolved hostnames are identical with three domain levels by @​blink1073 in mongodb/mongo-python-driver#2276
• PYTHON-5297 [v4.12] AsyncMongoClient connection error causes UnboundLocalError by @​blink1073 in mongodb/mongo-python-driver#2277
• PYTHON-5295 [v4.12] Update lockfile for compat with older versions of uv by @​blink1073 in mongodb/mongo-python-driver#2278
• PYTHON-5310 [v4.12] Fix uri_parser AttributeError when used directly (#2283) by @​ShaneHarvey in mongodb/mongo-python-driver#2302
• PYTHON-5314 [v4.12] Fix default imports for modules that worked in v4.8 (#2300) by @​ShaneHarvey in mongodb/mongo-python-driver#2303
• PYTHON-5348 Fix CodeQL Scanning for GitHub Actions (#2308) [v4.12] by @​mongodb-drivers-pr-bot in mongodb/mongo-python-driver#2310
• PYTHON-5212 [v4.12] Do not hold Topology lock while resetting pool by @​blink1073 in mongodb/mongo-python-driver#2307
• PYTHON-5346: [v4.12] test_init_disconnected_with_srv cannot run against sharded Topologies (#2304) by @​NoahStapp in mongodb/mongo-python-driver#2309
• PYTHON-5306: [v4.12] - Fix use of public MongoClient attributes before connection (#2285) by @​NoahStapp in mongodb/mongo-python-driver#2311
• PYTHON-5336 Added VECTOR_SUBTYPE line to API docs (#2313) [v4.12] by @​mongodb-drivers-pr-bot in mongodb/mongo-python-driver#2314

... (truncated)

Changelog

Sourced from pymongo's changelog.

Changes in Version 4.16.0 (2026/01/07)

PyMongo 4.16 brings a number of changes including:

• Removed invalid documents from :class:bson.errors.InvalidDocument error messages as doing so may leak sensitive user data. Instead, invalid documents are stored in :attr:bson.errors.InvalidDocument.document.
• PyMongo now requires dnspython>=2.6.1, since dnspython 1.0 is no longer maintained. The minimum version is 2.6.1 to account for CVE-2023-29483 <https://www.cve.org/CVERecord?id=CVE-2023-29483>_.
• Removed support for Eventlet. Eventlet is actively being sunset by its maintainers and has compatibility issues with PyMongo's dnspython dependency.
• Use Zstandard support from the standard library for Python 3.14+, and use backports.zstd for older versions.
• Fixed return type annotation for find_one_and_* methods on :class:~pymongo.asynchronous.collection.AsyncCollection and :class:~pymongo.synchronous.collection.Collection to include None.
• Added support for NumPy 1D-arrays in :class:bson.binary.BinaryVector.
• Prevented :class:~pymongo.encryption.ClientEncryption from loading the crypt shared library to fix "MongoCryptError: An existing crypt_shared library is loaded by the application" unless the linked library search path is set.

Changes in Version 4.15.5 (2025/12/02)

Version 4.15.5 is a bug fix release.

• Fixed a bug that could cause AutoReconnect("connection pool paused") errors when cursors fetched more documents from the database after SDAM heartbeat failures.

Changes in Version 4.15.4 (2025/10/21)

Version 4.15.4 is a bug fix release.

• Relaxed the callback type of :meth:~pymongo.asynchronous.client_session.AsyncClientSession.with_transaction to allow the broader Awaitable type rather than only Coroutine objects.
• Added the missing Python 3.14 trove classifier to the package metadata.

Issues Resolved ...............

See the PyMongo 4.15.4 release notes in JIRA_ for the list of resolved issues in this release.

.. _PyMongo 4.15.4 release notes in JIRA: https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004&version=47237

Changes in Version 4.15.3 (2025/10/07)

Version 4.15.3 is a bug fix release.

• Fixed a memory leak when raising :class:bson.errors.InvalidDocument with C extensions.
• Fixed the return type of the :meth:~pymongo.asynchronous.collection.AsyncCollection.distinct,

... (truncated)

Commits

• 3290101 Prepare 4.16.0 release (#2672)
• 1be94d2 PYTHON-5685 Fix unified spec sync metadata for csot and sessions tests (#2669)
• 6585d9c PYTHON-2442: Refactor: use _asdict() in _options_dict() (#2670)
• fdb1f7e PYTHON-5677 Prevent ClientEncryption from loading crypt shared library (#2659)
• 0cd9763 Bump zizmorcore/zizmor-action from cb3d8e846e148d1111d90b03375b9c03deceda37 t...
• 2f263d4 PYTHON-5680 Fix handling of expectedDocuments in Unified Test Runner (#2665)
• e9658b2 Add 4.15.5 release date to changelog (#2666)
• 10dd204 Update coverage[toml] requirement from <=7.10.6,>=5 to >=5,<=7.10.7 (#2662)
• 1300677 [Spec Resync] 12-22-2025 (#2663)
• 18c1f14 PYTHON-5529 Introduce optin setting to await for MinPoolSize population (#2664)
• Additional commits viewable in compare view

Updates paramiko from 3.5.1 to 4.0.0

Commits

• aad0370 Cut 4.0.0 in changelog
• 76f2406 Speling
• 8c4277c Fix syntax-warning-throwing unittest method call
• d3a9617 Test existence of root module dunder version
• 9579700 Nuke mentions of specific Python 3.x versions from docs etc
• dbfd52c Administrivia update: Python>=3.9, pyproject.toml, etc
• c2ba378 Remove outdated version check in GSS module
• 2af0dd7 I'm good at my job, honest
• e534b1a Fixes #973: remove DSA/DSS support
• 3523feb Tweak .gitignore to more safely ignore top level docs/
• See full diff in compare view

Updates boto3 from 1.42.46 to 1.42.89

Commits

• 54a9dc1 Merge branch 'release-1.42.89'
• 730d84c Bumping version to 1.42.89
• 6b65768 Add changelog entries from botocore
• f92a06c Merge branch 'release-1.42.88'
• 5da0f6a Merge branch 'release-1.42.88' into develop
• 9bdec29 Bumping version to 1.42.88
• d880788 Add changelog entries from botocore
• 39a4122 chore: add additional text to CONTRIBUTING.rst (#4749)
• 8d65320 Merge branch 'release-1.42.87'
• fdcbb88 Merge branch 'release-1.42.87' into develop
• Additional commits viewable in compare view

Updates memray from 1.19.2 to 1.19.3

Release notes

Sourced from memray's releases.

v1.19.3

What's Changed

• Fix list leak in Py_GetNativeStackFrame by @​devdanzin in bloomberg/memray#895
• Fix GIL double-release in SocketSource constructor by @​devdanzin in bloomberg/memray#894
• Set LZ4 include directory in CPPFLAGS, not CFLAGS by @​godlygeek in bloomberg/memray#902
• Account for huge page allocations on Linux by @​pablogsal in bloomberg/memray#898
• Remove broken link in tutorial by @​aliev in bloomberg/memray#891
• ci: Switch to Trusted Publishing by @​godlygeek in bloomberg/memray#903

New Contributors

• @​devdanzin made their first contribution in bloomberg/memray#895
• @​aliev made their first contribution in bloomberg/memray#891

Full Changelog: bloomberg/memray@v1.19.2...v1.19.3

Changelog

Sourced from memray's changelog.

memray 1.19.3 (2026-04-07)

Bug Fixes

- Include Linux HugeTLB memory in memray's RSS snapshots by adding ``HugetlbPages`` from ``/proc/<pid>/status`` to ``VmRSS``. This makes resident-memory graphs and memory snapshot records account for huge pages that the kernel reports separately from normal RSS.
- Fix a broken link in the tutorial documentation. ([#891](https://github.com/bloomberg/memray/issues/891))
- Fix a bug that would result in a crash if DNS resolution failed while setting up live mode tracking. ([#894](https://github.com/bloomberg/memray/issues/894))
- Fix a bug that could result in a list getting leaked if we ran out of memory while reporting allocations. ([#895](https://github.com/bloomberg/memray/issues/895))
Miscellaneous

• Add a KEYS file to the repo documenting the PGP public keys of the maintainers who will tag new Memray releases and upload them to PyPI.
• Enable PyPI Trusted Publishing for Memray releases, rather than using long-lived secrets.

Commits

• 1952221 Prepare for 1.19.3 release
• 2f83784 ci: Switch to Trusted Publishing
• 9303254 docs: Remove broken link in tutorial
• 8ed3279 Include HugeTLB pages in Linux RSS snapshots
• 99db37a Set LZ4 include directory in CPPFLAGS, not CFLAGS
• 00d4ad4 build(deps): bump codecov/codecov-action from 5 to 6
• c3dd05a build(deps-dev): bump lodash from 4.17.23 to 4.18.1
• 6574bd7 Fix GIL double-release in DNS resolution error path
• f552b35 build(deps): bump @​tootallnate/once and jest
• f55b768 build(deps): bump pypa/cibuildwheel from 3.4.0 to 3.4.1
• Additional commits viewable in compare view

Updates azure-storage-blob from 12.27.1 to 12.28.0

Commits

• b3301ac STG 100 GA Release Date for 2026-01-06
• beb8dfa [Storage][STG 100] Prepare branch for GA + cherry-pick block size change (#44...
• 874cfcf [Storage] Update Swagger and Release Date (#44243)
• 4aca0cc Fix perf tests on Python 3.14 + Storage change (#44230)
• cd5ecc5 [Storage] Fix 100 Live Tests (#44108)
• 1cd78b1 [Storage] Added support for Python 3.14 + update 100 release date (#44224)
• 471cda1 [Storage] Add Blob download perf test that uses HTTP library directly (#44111)
• 9e53510 [Storage] Decompression for Binary Response in Download APIs (#43587)
• 68b646b Removed create file with data and file semantics features (#43978)
• 09f0066 [Storage] Added Support for UseDevelopmentStorage=true; for Connection Stri...
• Additional commits viewable in compare view

Updates azure-identity from 1.25.2 to 1.25.3

Release notes

Sourced from azure-identity's releases.

azure-identity_1.25.3

1.25.3 (2026-03-12)

Bugs Fixed

• Fixed an issue where an expired token could skip refresh when a recent token request was made, due to the retry delay taking precedence over expiration. (#45496)

Other Changes

• Bumped minimum dependency on msal to >=1.35.1.

Commits

• a989ea4 [Identity] Prep patch release
• 7972883 [Identity] Adjust refresh logic (#45496)
• 04764a9 add psscript to convert apiview json files to md (#45589)
• 50e0165 Sync eng/common directory with azure-sdk-tools for PR 14461 (#45646)
• 5333117 Add Bo to /sdk/ai/azure-ai-projects owner list (#45664)
• 775d694 Doc and automation updates for .github sync directory changes (#45630)
• c6e48b5 [Core] Prepare release (#45656)
• ae769c4 Fix custom Memory Stores LRO poller operation (#45662)
• 6074492 Add asset id none check in dt (#45618)
• e1a986a Bump tar from 7.5.10 to 7.5.11 in /eng/common/tsp-client (#45640)
• Additional commits viewable in compare view

Updates moto from 5.1.21 to 5.1.22

Changelog

Sourced from moto's changelog.

5.1.22

Docker Digest for 5.1.22: sha256:1e3802c95726373544967b428201c548f0247c15b00db2d96a5ba0a77d8643b8

New Methods:
    * APIGateway:
        * delete_model()
* Athena:
    * tag_resource()
    * untag_resource()


Pipes:

list_tags_for_resource()



OSIS:

delete_resource_policy()
get_resource_policy()
put_resource_policy()



RDS:

copy_db_cluster_parameter_group()



STS:

get_access_key_info()



Transfer:

list_servers()





Miscellaneous:

* CloudFormation now supports the creation/update/deletion of AWS::CloudWatch::Dashboard resources

* CloudFormation now supports the creation/update/deletion of AWS::KMS::Alias resources

* CloudFormation now supports the creation/update/deletion of AWS::SSM::Document resources

* EC2: create_fleet() now supports the parameters DryRun and LaunchTemplateConfigs.Overrides

* EC2: describe_network_interfaces() now supports the 'attachment.attachment-id'-filter

* EC2: Instances created from a LaunchTemplate now have the 'aws:ec2launchtemplate:id' and 'aws:ec2launchtemplate:version' tags

* RDS: create_db_cluster_parameter_group() now validates the provided group name/description/familiy

* RDS: delete_db_cluster_parameter_group() now validates that the provided group exists

* S3: delete_object() now supports IfMatch

* SecretsManager: create-secret() now throw ResourceExistsException for duplicate requests with different token (broken since 5.1.11)

* SQS: send_message() now returns the SequenceNumber-attribute

* VPCLattice: list_access_log_subscriptions() now also supports arns as resourceIdentifiers

Commits

• 28d5ca8 Pre-Release: Up Version Number
• f58dc18 Prep release 5.1.22 (#9824)
• 84cbb40 chore: update SSM default parameters (#9828)
• 2f32dc1 chore: update EC2 Instance Types (#9827)
• 2a1c7ca chore: update EC2 Instance Offerings (#9826)
• e063c5a chore: update EMR Instance Types (#9825)
• 681b47a API Gateway: implement DeleteModel operation (#9823)
• d652e4a STS: implement GetAccessKeyInfo operation (#9822)
• 40a6520 Implement Athena TagResource and UntagResource (#9796)
• dc425e8 Modernize Java tests (#9817)
• Additional commits viewable in compare view

Updates responses from 0.21.0 to 0.26.0

Release notes

Sourced from responses's releases.

0.26.0

• When using assert_all_requests_are_fired=True, assertions about unfired requests are now raised even when an exception occurs in the context manager or decorated function. Previously, these assertions were suppressed when exceptions occurred. This new behavior provides valuable debugging context about which mocked requests were or weren't called.
• Consider the Retry-After header when handling retries

0.25.8

• Fix bug where the content type is always recorded as either text/plain or application/json. See #770
• Allow asserts on add_callback() matches. See #727

0.25.7

• Added support for python 3.13

0.25.6

No release notes provided.

0.25.5

No release notes provided.

0.25.3

• Fixed recorder not saving and loading response headers with yaml files. See #715

0.25.2

• Mulligan on 0.25.1 to run release pipeline correctly.
• Added matchers.body_matcher for matching string request bodies. See #717

Responses 0.25.1

What's Changed

• Use pytest.mark.asyncio by @​markstory in getsentry/responses#707
• fix mocked HEAD response when content-length header is present by @​ddarricau in getsentry/responses#712
• fix(matchers): Don't sort failed matches when printing error message by @​mgaligniana in getsentry/responses#711

New Contributors

• @​ddarricau made their first contribution in getsentry/responses#712
• @​mgaligniana made their first contribution in getsentry/responses#711

Full Changelog: getsentry/responses@0.25.0...0.25.1

0.25.0

• Added support for Python 3.12
• Fixed matchers.header_matcher not failing when a matched header is missing from the request. See #702

0.24.1

• Reverted overloads removal
• Added typing to Call attributes.
• Fix socket issues (see #693)

0.24.0

... (truncated)

Changelog

Sourced from responses's changelog.

0.26.0

• When using assert_all_requests_are_fired=True, assertions about unfired requests are now raised even when an exception occurs in the context manager or decorated function. Previously, these assertions were suppressed when exceptions occurred. This new behavior provides valuable debugging context about which mocked requests were or weren't called.
• Consider the Retry-After header when handling retries

0.25.8

• Fix bug where the content type is always recorded as either text/plain or application/json. See #770
• Allow asserts on add_callback() matches. See #727

0.25.7

• Added support for python 3.13

0.25.6

• Added py.typed to package_data

0.25.5

• Fix readme issue that prevented 0.25.4 from being published to pypi.

0.25.4

• Responses can now match requests that use data with file-like objects. Files will be read as bytes and stored in the request mock. See #736
• RequestsMock.matchers was added. This property is an alias to responses.matchers. See #739
• Removed tests from packaged wheels. See #746
• Improved recorder API to ease use in REPL environments. See #745

0.25.3

• Fixed recorder not saving and loading response headers with yaml files. See #715

0.25.2

• Mulligan on 0.25.1 to run release pipeline correctly.

... (truncated)

Commits

• 94913d0 release: 0.26.0
• 051b79e Make assert_all_requests_are_fired always assert on exception (#782)
• 0905cb8 Fix query_param_matcher not matching empty query parameter values (#787)
• e0c6faa ci(release): Switch from action-prepare-release to Craft (#785)
• 1be3a73 fix: Consider the Retry-After header when handling retries (#784)
• c6730fb Merge branch 'release/0.25.8'
• cdd104d release: 0.25.8
• f940dc7 Allow asserts on add_callback() matches (#774)
• 9485a01 Fix mypy errors in master (#776)
• 1532e9e 🔧 chore: update return type of RequestsMock.exit (#769)
• Additional commits viewable in compare view

Updates mkdocs-material from 9.7.1 to 9.7.6

Release notes

Sourced from mkdocs-material's releases.

mkdocs-material-9.7.6

[!WARNING]

Material for MkDocs is in maintenance mode

Going forward, the Material for MkDocs team focuses on Zensical, a next-gen static site generator built from first principles. We will provide critical bug fixes and security updates for Material for MkDocs until November 2026.

Read the full announcement on our blog

Changes

• Automatically disable MkDocs 2.0 warning for forks of MkDocs

mkdocs-material-9.7.5

[!WARNING]

Material for MkDocs is in maintenance mode

Going forward, the Material for MkDocs team focuses on Zensical, a next-gen static site generator built from first principles. We will provide critical bug fixes and security updates for Material for MkDocs until November 2026.

Read the full announcement on our blog

Changes

• Limited version range of mkdocs to <2
• Updated MkDocs 2.0 incompatibility warning (clarify relation with MkDocs)

mkdocs-material-9.7.4

[!WARNING]

Material for MkDocs is in maintenance mode

Going forward, the Material for MkDocs team focuses on Zensical, a next-gen static site generator built from first principles. We will provide critical bug fixes and security updates for Material for MkDocs until November 2026.

Read the full announcement on our blog

Changes

• Hardened social cards plugin by switching to sandboxed environment (recommended by @​caveeroo)
• Updated MkDocs 2.0 incompatibility warning

... (truncated)

Changelog

Sourced from mkdocs-material's changelog.

mkdocs-material-9.7.6 (2026-03-19)

• Automatically disable MkDocs 2.0 warning for forks of MkDocs

mkdocs-material-9.7.5 (2026-03-10)

• Limited version range of mkdocs to <2
• Updated MkDocs 2.0 incompatibility warning (clarify relation with MkDocs)

mkdocs-material-9.7.4 (2026-03-03)

• Hardened social cards plugin by switching to sandboxed environment
• Updated MkDocs 2.0 incompatibility warning

mkdocs-material-9.7.3 (2026-02-24)

• Fixed #8567: Print MkDocs 2.0 incompatibility warning to stderr

mkdocs-material-9.7.2 (2026-02-18)

• Opened up version ranges of optional dependencies for forward-compatibility
• Added warning to 'mkdocs build' about impending MkDocs 2.0 incompatibility

mkdocs-material-9.7.1 (2025-12-18)

• Updated requests to 2.30+ to mitigate CVE in urllib
• Fixed privacy plugin not picking up protocol-relative URLs
• Fixed #8542: false positives and negatives captured in privacy plugin

mkdocs-material-9.7.0 (2025-11-11)

⚠️ Material for MkDocs is now in maintenance mode

This is the last release of Material for MkDocs that will receive new features. Going forward, the Material for MkDocs team focuses on Zensical, a next-gen static site generator built from first principles. We will provide critical bug fixes and security updates for Material for MkDocs for 12 months at least.

Read the full announcement on our blog: https://squidfunk.github.io/mkdocs-material/blog/2025/11/05/zensical/

This release includes all features that were previously exclusive to the Insiders edition. These features are now freely available to everyone.

Note on deprecated plugins: The projects and typeset plugins are included in this release, but must be considered deprecated. Both plugins proved unsustainable to maintain and represent architectural dead ends. They are provided as-is without ongoing support.

Changes:

... (truncated)

Commits

• 6c52ed6 Prepare 9.7.6 release
• 51d9b76 Automatically disable MkDocs 2.0 warning for forks of MkDocs
• 6f9a48b Updated links
• 00b9933 Prepare 9.7.5 release
• 37683d1 Updated blog post on MkDocs 2.0
• 199e315 Updated warning message to clarify relation to MkDocs
• 1025833 Limited version range of mkdocs to <2
• 1532f52 Added update log to blog post
• d0c8b28 Updated dependencies to fix vulnerabilities
• 71d4869 Updated blog post on MkDocs 2.0
• Additional commits viewable in compare view

Updates attrs from 25.4.0 to 26.1.0

Release notes

Sourced from attrs's releases.

26.1.0

Highlights

The main outward change here only affects people using field transformers, but it should be a nice quality of life improvement!

Full changelog below!

Special Thanks

This release would not be possible without my generous sponsors! Thank you to all of you making sustainable maintenance possible! If you would like to join them, go to https://github.com/sponsors/hynek and check out the sweet perks!

Above and Beyond

Variomedia AG (@variomedia), Tidelift (@tidelift), Kraken Tech (@kraken-tech), Privacy Solutions GmbH (@privacy-solutions), FilePreviews (@filepreviews), Ecosystems (@ecosyste-ms), TestMu AI Open Source Office (Formerly LambdaTest) (@LambdaTest-Inc), Doist (@Doist), Daniel Fortunov (@asqui), and Kevin P. Fleming (@kpfleming).

Maintenance Sustainers

Buttondown (@buttondown), Christopher Dignam (@chdsbd), Magnus Watn (@magnuswatn), David Cramer (@dcramer), Rivo Laks (@rivol), Polar (@polarsource), Mike Fiedler (@miketheman), Duncan Hill (@cricalix), Colin Marquardt (@cmarqu), Pieter Swinkels (@swinkels), Nick Libertini (@libertininick), Brian M. Dennis (@crossjam), Celebrity News AG (@celebritynewsag), The Westervelt Company (@westerveltco), Sławomir Ehlert (@slafs), Mostafa Khalil (@khadrawy), Filip Mularczyk (@mukiblejlok), Thomas Klinger (@thmsklngr), Andreas Poehlmann (@ap--), August Trapper Bigelow (@atbigelow), Carlton Gibson (@carltongibson), and Roboflow (@roboflow).

Full Changelog

Backwards-incompatible Changes

• Field aliases are now resolved before callin...

  Description has been truncated

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml