Sourced from elasticsearch's releases.

8.5.2

• Client is compatible with Elasticsearch 8.5.2

8.5.1

• Client is compatible with Elasticsearch 8.5.1

8.5.0

Indices

• Added the experimental indices.downsample API.

Rollup

• Removed the deprecated rollup.rollup API.

Snapshot

• Added the index_names parameter to the snapshot.get API.

Machine Learning

• Added the beta ml.clear_trained_model_deployment_cache API.
• Changed the ml.put_trained_model_definition_part API from experimental to stable.
• Changed the ml.put_trained_model_vocabulary API from experimental to stable.
• Changed the ml.start_trained_model_deployment API from experimental to stable.
• Changed the ml.stop_trained_model_deployment API from experimental to stable.

Security

• Added the with_limited_by parameter to the get_api_key API.
• Added the with_limited_by parameter to the query_api_keys API.
• Added the with_profile_uid parameter to the get_user API.
• Changed the security.activate_user_profile API from beta to stable.
• Changed the security.disable_user_profile API from beta to stable.
• Changed the security.enable_user_profile API from beta to stable.
• Changed the security.get_user_profile API from beta to stable.
• Changed the security.suggest_user_profiles API from beta to stable.
• Changed the security.update_user_profile_data API from beta to stable.
• Changed the security.has_privileges_user_profile API from experimental to stable.

8.4.3

• Client is compatible with Elasticsearch 8.4.3

8.4.2

Documents

• Added the error_trace, filter_path, human and pretty parameters to the get_source API.
• Added the ext parameter to the search API.

Async Search

• Added the ext parameter to the async_search.submit API.

Fleet

• Added the ext parameter to the fleet.search API.

8.4.1

• Client is compatible with Elasticsearch 8.4.1

8.4.0

Documents

• Added the knn parameter to the search API.
• Added the knn parameter to the async_search.submit API.

... (truncated)

• 1e4e2e8 Revert "Skip mypy type checking for 8.5 branch temporarily"
• 03e16d8 Skip mypy type checking for 8.5 branch temporarily
• e91647a Bumps 8.5 to 8.5.2
• fd310bf Add release notes for 8.5.0
• 1d1b312 Bumps 8.5 to 8.5.1
• a9bbab7 Update APIs for 8.5-SNAPSHOT
• 8896e5b update APIs to main
• 27f5887 Add release notes for 8.4.1
• 372de1e Add release notes for 8.4.0
• e4d17d5 Update Jenkins jobs
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from elasticsearch's releases.

8.5.1

• Client is compatible with Elasticsearch 8.5.1

8.5.0

Indices

• Added the experimental indices.downsample API.

Rollup

• Removed the deprecated rollup.rollup API.

Snapshot

• Added the index_names parameter to the snapshot.get API.

Machine Learning

• Added the beta ml.clear_trained_model_deployment_cache API.
• Changed the ml.put_trained_model_definition_part API from experimental to stable.
• Changed the ml.put_trained_model_vocabulary API from experimental to stable.
• Changed the ml.start_trained_model_deployment API from experimental to stable.
• Changed the ml.stop_trained_model_deployment API from experimental to stable.

Security

• Added the with_limited_by parameter to the get_api_key API.
• Added the with_limited_by parameter to the query_api_keys API.
• Added the with_profile_uid parameter to the get_user API.
• Changed the security.activate_user_profile API from beta to stable.
• Changed the security.disable_user_profile API from beta to stable.
• Changed the security.enable_user_profile API from beta to stable.
• Changed the security.get_user_profile API from beta to stable.
• Changed the security.suggest_user_profiles API from beta to stable.
• Changed the security.update_user_profile_data API from beta to stable.
• Changed the security.has_privileges_user_profile API from experimental to stable.

8.4.3

• Client is compatible with Elasticsearch 8.4.3

8.4.2

Documents

• Added the error_trace, filter_path, human and pretty parameters to the get_source API.
• Added the ext parameter to the search API.

Async Search

• Added the ext parameter to the async_search.submit API.

Fleet

• Added the ext parameter to the fleet.search API.

8.4.1

• Client is compatible with Elasticsearch 8.4.1

8.4.0

Documents

• Added the knn parameter to the search API.
• Added the knn parameter to the async_search.submit API.

Machine Learning

• Added the cache_size parameter to the ml.start_trained_model_deployment API.

Security

... (truncated)

• fd310bf Add release notes for 8.5.0
• 1d1b312 Bumps 8.5 to 8.5.1
• a9bbab7 Update APIs for 8.5-SNAPSHOT
• 8896e5b update APIs to main
• 27f5887 Add release notes for 8.4.1
• 372de1e Add release notes for 8.4.0
• e4d17d5 Update Jenkins jobs
• 5c820f2 Update API to 8.5
• c65fa8f update api to main
• 2b6d2bc update api to main
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from sqlalchemy's releases.

1.4.44

Released: November 12, 2022

sql

• [sql] [bug] Fixed critical memory issue identified in cache key generation, where for very large and complex ORM statements that make use of lots of ORM aliases with subqueries, cache key generation could produce excessively large keys that were orders of magnitude bigger than the statement itself. Much thanks to Rollo Konig Brock for their very patient, long term help in finally identifying this issue.

  References: #8790

postgresql

• [postgresql] [bug] [mssql] For the PostgreSQL and SQL Server dialects only, adjusted the compiler so that when rendering column expressions in the RETURNING clause, the "non anon" label that's used in SELECT statements is suggested for SQL expression elements that generate a label; the primary example is a SQL function that may be emitting as part of the column's type, where the label name should match the column's name by default. This restores a not-well defined behavior that had changed in version 1.4.21 due to #6718, #6710. The Oracle dialect has a different RETURNING implementation and was not affected by this issue. Version 2.0 features an across the board change for its widely expanded support of RETURNING on other backends.

  References: #8770

oracle

• [oracle] [bug] Fixed issue in the Oracle dialect where an INSERT statement that used insert(some_table).values(...).returning(some_table) against a full Table object at once would fail to execute, raising an exception.

tests

• [tests] [bug] Fixed issue where the --disable-asyncio parameter to the test suite would fail to not actually run greenlet tests and would also not prevent the suite from using a "wrapping" greenlet for the whole suite. This parameter now ensures that no greenlet or asyncio use will occur within the entire run when set.

  References: #8793

... (truncated)

• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from sqlalchemy's releases.

1.4.43

Released: November 4, 2022

orm

• [orm] [bug] Fixed issue in joined eager loading where an assertion fail would occur with a particular combination of outer/inner joined eager loads, when eager loading across three mappers where the middle mapper was an inherited subclass mapper.

  References: #8738

• [orm] [bug] Fixed bug involving Select constructs, where combinations of Select.select_from() with Select.join(), as well as when using Select.join_from(), would cause the _orm.with_loader_criteria() feature as well as the IN criteria needed for single-table inheritance queries to not render, in cases where the columns clause of the query did not explicitly include the left-hand side entity of the JOIN. The correct entity is now transferred to the Join object that's generated internally, so that the criteria against the left side entity is correctly added.

  References: #8721

• [orm] [bug] An informative exception is now raised when the _orm.with_loader_criteria() option is used as a loader option added to a specific "loader path", such as when using it within Load.options(). This use is not supported as _orm.with_loader_criteria() is only intended to be used as a top level loader option. Previously, an internal error would be generated.

  References: #8711

• [orm] [bug] Improved "dictionary mode" for _orm.Session.get() so that synonym names which refer to primary key attribute names may be indicated in the named dictionary.

  References: #8753

• [orm] [bug] Fixed issue where "selectin_polymorphic" loading for inheritance mappers would not function correctly if the _orm.Mapper.polymorphic_on parameter referred to a SQL expression that was not directly mapped on the class.

  References: #8704

• [orm] [bug] Fixed issue where the underlying DBAPI cursor would not be closed when using the _orm.Query object as an iterator, if a user-defined exception

... (truncated)

• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from cryptography's changelog.

38.0.3 - 2022-11-01

* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.7,
  which resolves *CVE-2022-3602* and *CVE-2022-3786*.
.. _v38-0-2:
38.0.2 - 2022-10-11 (YANKED)

.. attention::

This release was subsequently yanked from PyPI due to a regression in OpenSSL.

• Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.6.

.. _v38-0-1:

38.0.1 - 2022-09-07

* Fixed parsing TLVs in ASN.1 with length greater than 65535 bytes (typically
  seen in large CRLs).
.. _v38-0-0:
38.0.0 - 2022-09-06

• Final deprecation of OpenSSL 1.1.0. The next release of cryptography will drop support.
• We no longer ship manylinux2010 wheels. Users should upgrade to the latest pip to ensure this doesn't cause issues downloading wheels on their platform. We now ship manylinux_2_28 wheels for users on new enough platforms.
• Updated the minimum supported Rust version (MSRV) to 1.48.0, from 1.41.0. Users with the latest pip will typically get a wheel and not need Rust installed, but check :doc:/installation for documentation on installing a newer rustc if required.
• :meth:~cryptography.fernet.Fernet.decrypt and related methods now accept both str and bytes tokens.
• Parsing CertificateSigningRequest restores the behavior of enforcing that the Extension critical field must be correctly encoded DER. See the issue <https://github.com/pyca/cryptography/issues/6368>_ for complete details.
• Added two new OpenSSL functions to the bindings to support an upcoming pyOpenSSL release.
• When parsing :class:~cryptography.x509.CertificateRevocationList and

... (truncated)

• 7d9c6c3 Bump for 38.0.3 release (#7761)
• 39f8011 attempt to workaround downstream package testing situation (#7725) (#7757)
• 5b12ac8 Use PyPy binaries from manylinux image instead of our own (#7678) (#7693)
• 277ee0d 38.0.2 release (#7691)
• ce119b8 version properly in the changelog (#7578)
• 3ff5218 Backport tlv fix, 38.0.1 bump (#7576)
• 52d6f1a version bump for 38 release (#7567)
• 8c687e6 Bump rust-asn1 to 0.12.1 (#7564)
• aca4b10 Bump rust-asn1 to 0.12.0 (#7563)
• 1742975 support setting more PKCS12 serialization encryption options (#7560)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from elasticsearch's releases.

8.5.0

Rollup

• Removed the deprecated rollup.rollup API

Snapshot

• Added the index_names parameter to the snapshot.get API.

Machine Learning

• Changed the ml.put_trained_model_definition_part API from experimental to stable
• Changed the ml.put_trained_model_vocabulary API from experimental to stable
• Changed the ml.start_trained_model_deployment API from experimental to stable
• Changed the ml.stop_trained_model_deployment API from experimental to stable

Security

• Changed the security.activate_user_profile API from beta to stable
• Changed the security.disable_user_profile API from beta to stable
• Changed the security.enable_user_profile API from beta to stable
• Changed the security.get_user_profile API from beta to stable
• Changed the security.suggest_user_profiles API from beta to stable
• Changed the security.update_user_profile_data API from beta to stable
• Changed the security.has_privileges_user_profile API from experimental to stable

8.4.3

• Client is compatible with Elasticsearch 8.4.3

8.4.2

Documents

• Added the error_trace, filter_path, human and pretty parameters to the get_source API.
• Added the ext parameter to the search API.

Async Search

• Added the ext parameter to the async_search.submit API.

Fleet

• Added the ext parameter to the fleet.search API.

8.4.1

• Client is compatible with Elasticsearch 8.4.1

8.4.0

Documents

• Added the knn parameter to the search API.
• Added the knn parameter to the async_search.submit API.

Machine Learning

• Added the cache_size parameter to the ml.start_trained_model_deployment API.

Security

• Added the security.update_api_key API.

8.3.3

• Client is compatible with Elasticsearch 8.3.3

8.3.2

Security

... (truncated)

• a9bbab7 Update APIs for 8.5-SNAPSHOT
• 8896e5b update APIs to main
• 27f5887 Add release notes for 8.4.1
• 372de1e Add release notes for 8.4.0
• e4d17d5 Update Jenkins jobs
• 5c820f2 Update API to 8.5
• c65fa8f update api to main
• 2b6d2bc update api to main
• 9e963d9 Add release notes for 8.3.2 and 8.3.3
• 6c48b55 Bumps to version 8.5.0
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from sqlalchemy's releases.

1.4.42

Released: October 16, 2022

orm

• [orm] [bug] The _orm.Session.execute.bind_arguments dictionary is no longer mutated when passed to _orm.Session.execute() and similar; instead, it's copied to an internal dictionary for state changes. Among other things, this fixes and issue where the "clause" passed to the _orm.Session.get_bind() method would be incorrectly referring to the _sql.Select construct used for the "fetch" synchronization strategy, when the actual query being emitted was a _dml.Delete or _dml.Update. This would interfere with recipes for "routing sessions".

  References: #8614

• [orm] [bug] A warning is emitted in ORM configurations when an explicit _orm.remote() annotation is applied to columns that are local to the immediate mapped class, when the referenced class does not include any of the same table columns. Ideally this would raise an error at some point as it's not correct from a mapping point of view.

  References: #7094

• [orm] [bug] A warning is emitted when attempting to configure a mapped class within an inheritance hierarchy where the mapper is not given any polymorphic identity, however there is a polymorphic discriminator column assigned. Such classes should be abstract if they never intend to load directly.

  References: #7545

• [orm] [bug] [regression] Fixed regression for 1.4 in _orm.contains_eager() where the "wrap in subquery" logic of _orm.joinedload() would be inadvertently triggered for use of the _orm.contains_eager() function with similar statements (e.g. those that use distinct(), limit() or offset()), which would then lead to secondary issues with queries that used some combinations of SQL label names and aliasing. This "wrapping" is not appropriate for _orm.contains_eager() which has always had the contract that the user-defined SQL statement is unmodified with the exception of adding the appropriate columns to be fetched.

  References: #8569

• [orm] [bug] [regression] Fixed regression where using ORM update() with synchronize_session='fetch' would fail due to the use of evaluators that are now used to determine the in-Python value for expressions in the the SET clause when refreshing objects; if the evaluators make use of math operators against non-numeric

... (truncated)

• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from cryptography's changelog.

38.0.2 - 2022-10-11

* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.6.
.. _v38-0-1:
38.0.1 - 2022-09-07

• Fixed parsing TLVs in ASN.1 with length greater than 65535 bytes (typically seen in large CRLs).

.. _v38-0-0:

38.0.0 - 2022-09-06

* Final deprecation of OpenSSL 1.1.0. The next release of ``cryptography``
  will drop support.
* We no longer ship ``manylinux2010`` wheels. Users should upgrade to the
  latest ``pip`` to ensure this doesn't cause issues downloading wheels on
  their platform. We now ship ``manylinux_2_28`` wheels for users on new
  enough platforms.
* Updated the minimum supported Rust version (MSRV) to 1.48.0, from 1.41.0.
  Users with the latest ``pip`` will typically get a wheel and not need Rust
  installed, but check :doc:`/installation` for documentation on installing a
  newer ``rustc`` if required.
* :meth:`~cryptography.fernet.Fernet.decrypt` and related methods now accept
  both ``str`` and ``bytes`` tokens.
* Parsing ``CertificateSigningRequest`` restores the behavior of enforcing
  that the ``Extension`` ``critical`` field must be correctly encoded DER. See
  `the issue <https://github.com/pyca/cryptography/issues/6368>`_ for complete
  details.
* Added two new OpenSSL functions to the bindings to support an upcoming
  ``pyOpenSSL`` release.
* When parsing :class:`~cryptography.x509.CertificateRevocationList` and
  :class:`~cryptography.x509.CertificateSigningRequest` values, it is now
  enforced that the ``version`` value in the input must be valid according to
  the rules of :rfc:`2986` and :rfc:`5280`.
* Using MD5 or SHA1 in :class:`~cryptography.x509.CertificateBuilder` and
  other X.509 builders is deprecated and support will be removed in the next
  version.
* Added additional APIs to
  :class:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp`, including
  :attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.signature_hash_algorithm`,
  :attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.signature_algorithm`,
  :attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.signature`, and
  :attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.extension_bytes`.
</tr></table> 

... (truncated)

• 277ee0d 38.0.2 release (#7691)
• ce119b8 version properly in the changelog (#7578)
• 3ff5218 Backport tlv fix, 38.0.1 bump (#7576)
• 52d6f1a version bump for 38 release (#7567)
• 8c687e6 Bump rust-asn1 to 0.12.1 (#7564)
• aca4b10 Bump rust-asn1 to 0.12.0 (#7563)
• 1742975 support setting more PKCS12 serialization encryption options (#7560)
• abb1f54 Bump once_cell from 1.13.1 to 1.14.0 in /src/rust (#7559)
• 01a0e3b Bump BoringSSL version to 8462a367bb57e9524c3d8eca9c62733c63a63cf4 (#7558)
• 35a965f Bump ouroboros from 0.15.3 to 0.15.4 in /src/rust (#7557)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from elasticsearch's releases.

8.4.3

• Client is compatible with Elasticsearch 8.4.3

8.4.2

Documents

• Added the error_trace, filter_path, human and pretty parameters to the get_source API.
• Added the ext parameter to the search API.

Async Search

• Added the ext parameter to the async_search.submit API.

Fleet

• Added the ext parameter to the fleet.search API.

8.4.1

• Client is compatible with Elasticsearch 8.4.1

8.4.0

Documents

• Added the knn parameter to the search API.
• Added the knn parameter to the async_search.submit API.

Machine Learning

• Added the cache_size parameter to the ml.start_trained_model_deployment API.

Security

• Added the security.update_api_key API.

8.3.3

• Client is compatible with Elasticsearch 8.3.3

8.3.2

Security

• Added the refresh parameter to the security.create_service_token API.

8.3.1

Security

• Added the experimental security.has_privileges_user_profile API
• Added the hint parameter to the experimental security.suggest_user_profiles API

8.3.0

• Client is compatible with Elasticsearch 8.3.0

8.2.3

Documents

• Added the routing parameter to the msearch API.

CAT

• Added the cat.component_templates API.

Ingest

• Added the if_version parameter to the ingest.put_pipeline API.

Security

... (truncated)

• 0350d8d [8.4] Add release notes for 8.4.2
• a734880 Bumps to version 8.4.3
• ed38768 Update APIs to 8.4
• ce42d68 Add release notes for 8.4.1
• 77b4674 [8.4] Add release notes for 8.4.0
• 1f7d69c Bumps to version 8.4.2
• 0a729e4 Bumps to version 8.4.1
• 78841af Update API to 8.4
• 58c7ce7 update api to 8.4
• 54cd023 update api to 8.4
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from sqlalchemy's releases.

1.4.46

Released: January 3, 2023

general

• [general] [change] A new deprecation "uber warning" is now emitted at runtime the first time any SQLAlchemy 2.0 deprecation warning would normally be emitted, but the SQLALCHEMY_WARN_20 environment variable is not set. The warning emits only once at most, before setting a boolean to prevent it from emitting a second time.

  This deprecation warning intends to notify users who may not have set an appropriate constraint in their requirements files to block against a surprise SQLAlchemy 2.0 upgrade and also alert that the SQLAlchemy 2.0 upgrade process is available, as the first full 2.0 release is expected very soon. The deprecation warning can be silenced by setting the environment variable SQLALCHEMY_SILENCE_UBER_WARNING to "1".

  References: #8983

• [general] [bug] Fixed regression where the base compat module was calling upon platform.architecture() in order to detect some system properties, which results in an over-broad system call against the system-level file call that is unavailable under some circumstances, including within some secure environment configurations.

  References: #8995

orm

• [orm] [bug] Fixed issue in the internal SQL traversal for DML statements like _dml.Update and _dml.Delete which would cause among other potential issues, a specific issue using lambda statements with the ORM update/delete feature.

  References: #9033

engine

• [engine] [bug] Fixed a long-standing race condition in the connection pool which could occur under eventlet/gevent monkeypatching schemes in conjunction with the use of eventlet/gevent Timeout conditions, where a connection pool checkout that's interrupted due to the timeout would fail to clean up the failed state, causing the underlying connection record and sometimes the database connection itself to "leak", leaving the pool in an invalid state with unreachable entries. This issue was first identified and fixed in

... (truncated)

• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from rich's releases.

Dropped Python3.6 support

Some relatively minor fixes and improvements. The most significant update (and the reason for the major version bump) is that Rich has dropped Python3.6 support.

If you are a Python3.6 user and can't upgrade for whatever reason, pin to version 12.6.0.

[13.0.0] - 2022-12-30

Fixed

• Reversed pre and code tags in base HTML format Textualize/rich#2642
• Improved detection of attrs library, that isn't confused by the presence of the attr library.
• Fixed issue with locals_max_length parameter not being respected in Traceback Textualize/rich#2649
• Handling of broken fileno made more robust. Fixes Textualize/rich#2645
• Fixed missing fileno on FileProxy

Changed

• Bumped minimum Python version to 3.7 Textualize/rich#2567
• Pretty-printing of "tagged" __repr__ results is now greedy when matching tags Textualize/rich#2565
• progress.track now supports deriving total from __length_hint__

Added

• Add type annotation for key_separator of pretty.Node Textualize/rich#2625

The FORCE_COLOR edition

NOTE: 12.6.0 may be the last version to support Python3.6. The next version will be 13.0.0, and will be Python3.7+

[12.6.0] - 2022-10-02

Added

• Parse ANSI escape sequences in pretty repr Textualize/rich#2470
• Add support for FORCE_COLOR env var Textualize/rich#2449
• Allow a max_depth argument to be passed to the install() hook Textualize/rich#2486
• Document using None as name in __rich_repr__ for tuple positional args Textualize/rich#2379
• Add font_aspect_ratio parameter in SVG export Textualize/rich#2539
• Added Table.add_section method. Textualize/rich#2544

Fixed

• Handle stdout/stderr being null Textualize/rich#2513
• Fix NO_COLOR support on legacy Windows Textualize/rich#2458
• Fix pretty printer handling of cyclic references Textualize/rich#2524
• Fix missing mode property on file wrapper breaking uploads via requests Textualize/rich#2495
• Fix mismatching default value of parameter ensure_ascii Textualize/rich#2538
• Remove unused height parameter in Layout class Textualize/rich#2540
• Fixed exception in Syntax.rich_measure for empty files

... (truncated)

Sourced from rich's changelog.

[13.0.0] - 2022-12-30

Fixed

• Reversed pre and code tags in base HTML format Textualize/rich#2642
• Improved detection of attrs library, that isn't confused by the presence of the attr library.
• Fixed issue with locals_max_length parameter not being respected in Traceback Textualize/rich#2649
• Handling of broken fileno made more robust. Fixes Textualize/rich#2645
• Fixed missing fileno on FileProxy

Changed

• Bumped minimum Python version to 3.7 Textualize/rich#2567
• Pretty-printing of "tagged" __repr__ results is now greedy when matching tags Textualize/rich#2565
• progress.track now supports deriving total from __length_hint__

Added

• Add type annotation for key_separator of pretty.Node Textualize/rich#2625

[12.6.0] - 2022-10-02

Added

• Parse ANSI escape sequences in pretty repr Textualize/rich#2470
• Add support for FORCE_COLOR env var Textualize/rich#2449
• Allow a max_depth argument to be passed to the install() hook Textualize/rich#2486
• Document using None as name in __rich_repr__ for tuple positional args Textualize/rich#2379
• Add font_aspect_ratio parameter in SVG export Textualize/rich#2539
• Added Table.add_section method. Textualize/rich#2544

Fixed

• Handle stdout/stderr being null Textualize/rich#2513
• Fix NO_COLOR support on legacy Windows Textualize/rich#2458
• Fix pretty printer handling of cyclic references Textualize/rich#2524
• Fix missing mode property on file wrapper breaking uploads via requests Textualize/rich#2495
• Fix mismatching default value of parameter ensure_ascii Textualize/rich#2538
• Remove unused height parameter in Layout class Textualize/rich#2540
• Fixed exception in Syntax.rich_measure for empty files

Changed

• Removed border from code blocks in Markdown

[12.5.2] - 2022-07-18

Added

... (truncated)

• d14b304 Merge pull request #2727 from Textualize/v13.0.0
• 7cf0797 changelog
• 245c737 release in changelog
• b2fa5f1 changelog
• 7601290 Merge pull request #2715 from Textualize/win-batch
• e833da9 don't reraise
• b66f1f0 comment
• c8c116c fix typing
• 1f3f18c try new poetry
• 497177f better batching
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from cryptography's changelog.

39.0.0 - 2023-01-01

* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL 1.1.0 has been removed.
  Users on older version of OpenSSL will need to upgrade.
* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 3.5. The new
  minimum LibreSSL version is 3.5.0. Going forward our policy is to support
  versions of LibreSSL that are available in versions of OpenBSD that are
  still receiving security support.
* **BACKWARDS INCOMPATIBLE:** Removed the ``encode_point`` and
  ``from_encoded_point`` methods on
  :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers`,
  which had been deprecated for several years.
  :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.public_bytes`
  and
  :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.from_encoded_point`
  should be used instead.
* **BACKWARDS INCOMPATIBLE:** Support for using MD5 or SHA1 in
  :class:`~cryptography.x509.CertificateBuilder`, other X.509 builders, and
  PKCS7 has been removed.
* **BACKWARDS INCOMPATIBLE:** Dropped support for macOS 10.10 and 10.11, macOS
  users must upgrade to 10.12 or newer.
* **ANNOUNCEMENT:** The next version of ``cryptography`` (40.0) will change
  the way we link OpenSSL. This will only impact users who build
  ``cryptography`` from source (i.e., not from a ``wheel``), and specify their
  own version of OpenSSL. For those users, the ``CFLAGS``, ``LDFLAGS``,
  ``INCLUDE``, ``LIB``, and ``CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS`` environment
  variables will no longer be respected. Instead, users will need to
  configure their builds `as documented here`_.
* Added support for
  :ref:`disabling the legacy provider in OpenSSL 3.0.x<legacy-provider>`.
* Added support for disabling RSA key validation checks when loading RSA
  keys via
  :func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key`,
  :func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`,
  and
  :meth:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateNumbers.private_key`.
  This speeds up key loading but is :term:`unsafe` if you are loading potentially
  attacker supplied keys.
* Significantly improved performance for
  :class:`~cryptography.hazmat.primitives.ciphers.aead.ChaCha20Poly1305`
  when repeatedly calling ``encrypt`` or ``decrypt`` with the same key.
* Added support for creating OCSP requests with precomputed hashes using
  :meth:`~cryptography.x509.ocsp.OCSPRequestBuilder.add_certificate_by_hash`.
* Added support for loading multiple PEM-encoded X.509 certificates from
  a single input via :func:`~cryptography.x509.load_pem_x509_certificates`.
.. _v38-0-4:
38.0.4 - 2022-11-27
</tr></table>

... (truncated)

• 338a65a 39.0.0 version bump (#7954)
• 84a3cd7 automatically download and upload circleci wheels (#7949)
• 525c0b3 Type annotate release.py (#7951)
• 46d2a94 Use the latest 3.10 release when wheel building (#7953)
• f150dc1 fix CI to work with ubuntu 22.04 (#7950)
• 8867724 fix README for python3 (#7947)
• 4de6304 Bump BoringSSL and/or OpenSSL in CI (#7946)
• 0a02a7d Replace more deprecated abstractproperty (#7944)
• c28bfb3 src/_cffi_src/openssl/evp.py: export EVP_PKEY_set_alias_type in FUNCTIONS (#7...
• 438f781 Typo fixes (#7942)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from elasticsearch's releases.

8.5.3

• Client is compatible with Elasticsearch 8.5.3

8.5.2

• Client is compatible with Elasticsearch 8.5.2

8.5.1

• Client is compatible with Elasticsearch 8.5.1

8.5.0

Indices

• Added the experimental indices.downsample API.

Rollup

• Removed the deprecated rollup.rollup API.

Snapshot

• Added the index_names parameter to the snapshot.get API.

Machine Learning

• Added the beta ml.clear_trained_model_deployment_cache API.
• Changed the ml.put_trained_model_definition_part API from experimental to stable.
• Changed the ml.put_trained_model_vocabulary API from experimental to stable.
• Changed the ml.start_trained_model_deployment API from experimental to stable.
• Changed the ml.stop_trained_model_deployment API from experimental to stable.

Security

• Added the with_limited_by parameter to the get_api_key API.
• Added the with_limited_by parameter to the query_api_keys API.
• Added the with_profile_uid parameter to the get_user API.
• Changed the security.activate_user_profile API from beta to stable.
• Changed the security.disable_user_profile API from beta to stable.
• Changed the security.enable_user_profile API from beta to stable.
• Changed the security.get_user_profile API from beta to stable.
• Changed the security.suggest_user_profiles API from beta to stable.
• Changed the security.update_user_profile_data API from beta to stable.
• Changed the security.has_privileges_user_profile API from experimental to stable.

8.4.3

• Client is compatible with Elasticsearch 8.4.3

8.4.2

Documents

• Added the error_trace, filter_path, human and pretty parameters to the get_source API.
• Added the ext parameter to the search API.

Async Search

• Added the ext parameter to the async_search.submit API.

Fleet

• Added the ext parameter to the fleet.search API.

8.4.1

• Client is compatible with Elasticsearch 8.4.1

8.4.0

... (truncated)

• 14fcea0 Bumps 8.5 to 8.5.3
• adc3f00 [8.5] add release notes for 8.5.1
• 2b3d6c5 [8.5] Upgrade actions/checkout to v3
• 1e4e2e8 Revert "Skip mypy type checking for 8.5 branch temporarily"
• 03e16d8 Skip mypy type checking for 8.5 branch temporarily
• e91647a Bumps 8.5 to 8.5.2
• fd310bf Add release notes for 8.5.0
• 1d1b312 Bumps 8.5 to 8.5.1
• a9bbab7 Update APIs for 8.5-SNAPSHOT
• 8896e5b update APIs to main
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)