chore(deps): bump the pip group across 5 directories with 6 updates

[dependabot]

Bumps the pip group with 1 update in the /backend/python/openvoice directory: gradio.
Bumps the pip group with 2 updates in the /examples/chainlit directory: llama-index and requests.
Bumps the pip group with 1 update in the /examples/functions directory: langchain.
Bumps the pip group with 2 updates in the /examples/langchain-chroma directory: llama-index and langchain.
Bumps the pip group with 4 updates in the /examples/langchain/langchainpy-localai-example directory: requests, langchain, certifi and urllib3.

Updates gradio from 3.48.0 to 4.37.1

Release notes

Sourced from gradio's releases.

@​gradio/lite@​4.37.1

Dependency updates

• [email protected]

[email protected]

Fixes

• #8610 9204d86 - Add guide on cleaning up state and file resources. Thanks @​freddyaboulton!

[email protected]

Features

• #8491 ffd53fa - Remove broken guide redirect. Thanks @​aliabd!
• #8499 c5f6e77 - Cache break themes on change. Thanks @​aliabid94!

Fixes

• #8504 2a59bab - Fixes TabbedInterface bug where only first interface events get triggered. Thanks @​freddyaboulton!

@​gradio/lite@​4.36.1

Dependency updates

• [email protected]

Changelog

Sourced from gradio's changelog.

4.37.1

Fixes

• #8610 9204d86 - Add guide on cleaning up state and file resources. Thanks @​freddyaboulton!

4.37.0

Features

• #8131 bb504b4 - Gradio components in gr.Chatbot(). Thanks @​dawoodkhan82!
• #8489 c2a0d05 - Control Display of Error, Info, Warning. Thanks @​freddyaboulton!
• #8571 a77877f - First time loading performance optimization. Thanks @​baojianting!
• #8607 c7cd0a0 - Ensure chatbot background is consistent with other components. Thanks @​pngwn!
• #8555 7fc7455 - support html in chatbot. Thanks @​pngwn!
• #8590 65afffd - Fix multimodal chat look. Thanks @​aliabid94!
• #8603 affce4c - Fix resizer on altair. Thanks @​aliabid94!
• #8580 797621b - Improved plot rendering to thematically match. Thanks @​aliabid94!/n highlight:Expect visual changes in gr.Plot, gr.BarPlot, gr.LinePlot, gr.ScatterPlot, including changes to color and width sizing.
• #8520 595ecf3 - Add build target option to the custom component gradio.config.js file. Thanks @​pngwn!
• #8593 d35c290 - Adding more docs for using components in chatbot. Thanks @​abidlabs!
• #8609 36b2af9 - Changed gradio version check from print statement to warning. Thanks @​gdevakumar!
• #8600 7289c4b - Add credentials: include and Cookie header to prevent 401 error. Thanks @​yinkiu602!
• #8488 b03da67 - Minor changes to monitoring. Thanks @​freddyaboulton!
• #8569 6f99a02 - Upgrade pyodide 0.26. Thanks @​whitphx!
• #8565 fd5aab1 - Remove duplicated code in routes.py. Thanks @​sadra-barikbin!
• #8529 d43d696 - feat: exception handling about file_count params of File component. Thanks @​young-hun-jo!
• #8528 2b0c157 - Added an optional height and overflow scrollbar for the Markdown Component. Thanks @​ShruAgarwal!
• #8516 de6aa2b - Add helper classes to docs. Thanks @​aliabd!
• #8522 bdaa678 - add handle_file docs. Thanks @​pngwn!

Fixes

• #8599 ca125b7 - Fix reload mode for jupyter notebook and stateful demos. Thanks @​freddyaboulton!
• #8521 900cf25 - Ensure frontend functions work when they don't return a value. Thanks @​pngwn!
• #8594 530f8a0 - chatbot component tweaks. Thanks @​pngwn!
• #8530 d429690 - Fix request serialization for fastapi /docs. Thanks @​zhzLuke96!
• #8589 34430b9 - Handle GIFs correct in gr.Image preprocessing. Thanks @​abidlabs!
• #8506 7c5fec3 - Use root url for monitoring url. Thanks @​abidlabs!
• #8524 546d14e - add test + demo. Thanks @​pngwn!
• #8588 1e61644 - move deploy_space_action.yaml to correct location. Thanks @​abidlabs!
• #8543 a4433be - Ability to disable orange progress animation for generators by setting show_progress='minimal' or show_progress='hidden' in the event definition. This is a small visual breaking change but it aligns better with the expected behavior of the show_progress parameter. Also added show_progress to gr.Interface and gr.ChatInterface. Thanks @​freddyaboulton!
• #8579 bc5fccf - Allow gr.load to work inside gr.Blocks automatically. Thanks @​abidlabs!
• #8573 56af40f - Fixes the favicon_path working error. Thanks @​ShruAgarwal!
• #8548 7fc0f51 - Fix reload mode by implementing close on the client. Thanks @​freddyaboulton!
• #8531 88de38e - Fix custom components on windows. Thanks @​freddyaboulton!
• #8581 a1c21cb - fix dataset update. Thanks @​abidlabs!
• #8537 81ae766 - Many small fixes to website and docs. Thanks @​aliabd!

4.36.1

... (truncated)

Commits

• 8d425ee chore: update versions (#8613)
• 4cfb6ee chore: update versions (#8523)
• 9204d86 Add guide on cleaning up state and file resources (#8610)
• affce4c Fix resizer on altair (#8603)
• 8aad678 Fix plotly version (#8606)
• 36b2af9 Changed gradio version check from print statement to warning (#8609)
• c7cd0a0 Ensure chatbot background is consistent with other components (#8607)
• fe83e64 Small fix to guide styling (#8605)
• ca125b7 Fix reload mode for jupyter notebook and stateful demos (#8599)
• 65afffd Fix multimodal chat look (#8590)
• Additional commits viewable in compare view

Updates llama-index from 0.8.55 to 0.10.13

Release notes

Sourced from llama-index's releases.

v0.10.13

New Features

• Added a llama-pack for KodaRetriever, for on-the-fly alpha tuning (#11311)
• Added support for mistral-large (#11398)
• Last token pooling mode for huggingface embeddings models like SFR-Embedding-Mistral (#11373)
• Added fsspec support to SimpleDirectoryReader (#11303)

Bug Fixes / Nits

• Fixed an issue with context window + prompt helper (#11379)
• Moved OpenSearch vector store to BasePydanticVectorStore (#11400)
• Fixed function calling in fireworks LLM (#11363)
• Made cohere embedding types more automatic (#11288)
• Improve function calling in react agent (#11280)
• Fixed MockLLM imports (#11376)

v0.10.12

No release notes provided.

v0.10.11

No release notes provided.

v0.10.10

No release notes provided.

v0.10.8

No release notes provided.

v0.10.7

New Features

• Added Self-Discover llamapack (#10951)

Bug Fixes / Nits

• Fixed linting in CICD (#10945)
• Fixed using remote graph stores (#10971)
• Added missing LLM kwarg in NoText response synthesizer (#10971)
• Fixed openai import in rankgpt (#10971)
• Fixed resolving model name to string in openai embeddings (#10971)
• Off by one error in sentence window node parser (#10971)

v0.10.6

[0.10.6] - 2024-02-17

First, apologies for missing the changelog the last few versions. Trying to figure out the best process with 400+ packages.

At some point, each package will have a dedicated changelog.

... (truncated)

Changelog

Sourced from llama-index's changelog.

[0.10.13] - 2024-02-26

New Features

• Added a llama-pack for KodaRetriever, for on-the-fly alpha tuning (#11311)
• Added support for mistral-large (#11398)
• Last token pooling mode for huggingface embeddings models like SFR-Embedding-Mistral (#11373)
• Added fsspec support to SimpleDirectoryReader (#11303)

Bug Fixes / Nits

• Fixed an issue with context window + prompt helper (#11379)
• Moved OpenSearch vector store to BasePydanticVectorStore (#11400)
• Fixed function calling in fireworks LLM (#11363)
• Made cohere embedding types more automatic (#11288)
• Improve function calling in react agent (#11280)
• Fixed MockLLM imports (#11376)

[0.10.12] - 2024-02-22

New Features

• Added llama-index-postprocessor-colbert-rerank package (#11057)
• MyMagicAI LLM (#11263)
• MariaTalk LLM (#10925)
• Add retries to github reader (#10980)
• Added FireworksAI embedding and LLM modules (#10959)

Bug Fixes / Nits

• Fixed string formatting in weaviate (#11294)
• Fixed off-by-one error in semantic splitter (#11295)
• Fixed download_llama_pack for multiple files (#11272)
• Removed BUILD files from packages (#11267)
• Loosened python version reqs for all packages (#11267)
• Fixed args issue with chromadb (#11104)

[0.10.11] - 2024-02-21

Bug Fixes / Nits

• Fixed multi-modal LLM for async acomplete (#11064)
• Fixed issue with llamaindex-cli imports (#11068)

[0.10.10] - 2024-02-20

I'm still a bit wonky with our publishing process -- apologies. This is just a version bump to ensure the changes that were supposed to happen in 0.10.9 actually did get published. (AF)

... (truncated)

Commits

• 6d642a0 Logan/release v0.10.13 (#11408)
• 78a4c9e fix prompt helper init (#11379)
• 52383c7 Update opensearch vectorstore to PydanticVectorStore class (#11400)
• 4077fee Astra DB Vector store, package rename for naming consistency (#11056)
• 65290f5 Alpha Tuning Llama Pack: KodaRetriever (#11311)
• 70d4a5c Only firefunction is function calling (#11363)
• 3a10235 Elastic Search retrieval : Bug Fix for Cases when No Relationships Detected (...
• 0b13b8d Add support for mistral-large (#11398)
• 1f48dd9 Astra DB clients identify themselves as coming through LlamaIndex usage (#11396)
• 6024956 Last token pooling for Huggingface models like SFR-Embedding-Mistral (#11373)
• Additional commits viewable in compare view

Updates requests from 2.31.0 to 2.32.2

Release notes

Sourced from requests's releases.

v2.32.2

2.32.2 (2024-05-21)

Deprecations

• To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

  A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

v2.32.1

2.32.1 (2024-05-20)

Bugfixes

• Add missing test certs to the sdist distributed on PyPI.

v2.32.0

2.32.0 (2024-05-20)

🐍 PYCON US 2024 EDITION 🐍

Security

• Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

• verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
• Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

Bugfixes

• Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (#6589)
• Fixed deserialization bug in JSONDecodeError. (#6629)
• Fixed bug where an extra leading / (path separator) could lead urllib3 to unnecessarily reparse the request URI. (#6644)

... (truncated)

Changelog

Sourced from requests's changelog.

2.32.2 (2024-05-21)

Deprecations

• To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

  A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

2.32.1 (2024-05-20)

Bugfixes

• Add missing test certs to the sdist distributed on PyPI.

2.32.0 (2024-05-20)

Security

• Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

• verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
• Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

Bugfixes

• Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (#6589)
• Fixed deserialization bug in JSONDecodeError. (#6629)
• Fixed bug where an extra leading / (path separator) could lead urllib3 to unnecessarily reparse the request URI. (#6644)

Deprecations

... (truncated)

Commits

• 88dce9d v2.32.2
• c98e4d1 Merge pull request #6710 from nateprewitt/api_rename
• 92075b3 Add deprecation warning
• aa1461b Move _get_connection to get_connection_with_tls_context
• 970e8ce v2.32.1
• d6ebc4a v2.32.0
• 9a40d12 Avoid reloading root certificates to improve concurrent performance (#6667)
• 0c030f7 Merge pull request #6702 from nateprewitt/no_char_detection
• 555b870 Allow character detection dependencies to be optional in post-packaging steps
• d6dded3 Merge pull request #6700 from franekmagiera/update-redirect-to-invalid-uri-test
• Additional commits viewable in compare view

Updates langchain from 0.1.0 to 0.2.3

Release notes

Sourced from langchain's releases.

langchain==0.2.3

Release langchain==0.2.3

Changes since langchain==0.2.2

langchain[patch]: Release 0.2.3 (#22644) multiple: get rid of pyproject extras (#22581) langchain[minor]: add universal init_model (#22039)

langchain-together==0.1.3

Release langchain-together==0.1.3

Changes since langchain-together==0.1.2

together: bump langchain-core (#22616) together[patch]: Release 0.1.3 (#22615) together, upstage: bump minimum langchain-openai version (#22505) infra: rm unused # noqa violations (#22049) partners: bump core in packages implementing ls_params (#21868) core, standard tests, partner packages: add test for model params (#21677)

langchain-community==0.2.3

Release langchain-community==0.2.3

Changes since langchain-community==0.2.2

community[patch]: Release 0.2.3 (#22562) community[patch]: improve test setup to accurately test filtering of labels in neo4j (#22531) community[minor]: Add support for metadata indexing policy in Cassandra vector store (#22548) community[minor]: add user agent for web scraping loaders (#22480) community[minor]: Add native async support to SQLChatMessageHistory (#22065) community[minor]: Improve InMemoryVectorStore with ability to persist to disk and filter on metadata. (#22186) community[patch]: add detailed paragraph and example for BaichuanTextEmbeddings (#22031) community[minor]: Added filter search for LanceDB (#22461) community: fix huggingface deprecations (#22522) community[minor]: Vectara Integration Update - Streaming, FCS, Chat, updates to documentation and example notebooks (#21334)

langchain-nomic==0.1.2

Release langchain-nomic==0.1.2

Changes since langchain-nomic==0.1.1

nomic[patch]: Release 0.1.2 (#22561) embeddings: nomic embed vision (#22482)

langchain-mongodb==0.1.6

Release langchain-mongodb==0.1.6

Changes since langchain-mongodb==0.1.5

mongodb[patch]: Release 0.1.6 (#22501) community, milvus, pinecone, qdrant, mongo: Broadcast operation failure while using simsimd beyond v3.7.7 (#22271) infra: rm unused # noqa violations (#22049)

langchain-milvus==0.1.1

... (truncated)

Commits

• fe2e5a3 langchain[patch]: Release 0.2.3 (#22644)
• a24a9c6 multiple: get rid of pyproject extras (#22581)
• 4367e89 core[patch]: Release 0.2.5 (#22642)
• 28f744c core[patch]: Correctly order parent ids in astream events (from root to immed...
• 8359261 updated oracleai_demo.ipynb (#22635)
• 035a9c9 core[minor]: Add parent_ids to astream_events API (#22563)
• 67e58fd docs[patch]: Fix diffbot docs (#22584)
• 6b8963a docs: Add information about run time binding values to tools (#22623)
• aa49163 docs[patch]: typo in AutoGPT example notebook (#22631)
• ffe75d1 docs: typo in dev container documentation (#22630)
• Additional commits viewable in compare view

Updates llama-index from 0.9.36 to 0.10.13

Release notes

Sourced from llama-index's releases.

v0.10.13

New Features

• Added a llama-pack for KodaRetriever, for on-the-fly alpha tuning (#11311)
• Added support for mistral-large (#11398)
• Last token pooling mode for huggingface embeddings models like SFR-Embedding-Mistral (#11373)
• Added fsspec support to SimpleDirectoryReader (#11303)

Bug Fixes / Nits

• Fixed an issue with context window + prompt helper (#11379)
• Moved OpenSearch vector store to BasePydanticVectorStore (#11400)
• Fixed function calling in fireworks LLM (#11363)
• Made cohere embedding types more automatic (#11288)
• Improve function calling in react agent (#11280)
• Fixed MockLLM imports (#11376)

v0.10.12

No release notes provided.

v0.10.11

No release notes provided.

v0.10.10

No release notes provided.

v0.10.8

No release notes provided.

v0.10.7

New Features

• Added Self-Discover llamapack (#10951)

Bug Fixes / Nits

• Fixed linting in CICD (#10945)
• Fixed using remote graph stores (#10971)
• Added missing LLM kwarg in NoText response synthesizer (#10971)
• Fixed openai import in rankgpt (#10971)
• Fixed resolving model name to string in openai embeddings (#10971)
• Off by one error in sentence window node parser (#10971)

v0.10.6

[0.10.6] - 2024-02-17

First, apologies for missing the changelog the last few versions. Trying to figure out the best process with 400+ packages.

At some point, each package will have a dedicated changelog.

... (truncated)

Changelog

Sourced from llama-index's changelog.

[0.10.13] - 2024-02-26

New Features

• Added a llama-pack for KodaRetriever, for on-the-fly alpha tuning (#11311)
• Added support for mistral-large (#11398)
• Last token pooling mode for huggingface embeddings models like SFR-Embedding-Mistral (#11373)
• Added fsspec support to SimpleDirectoryReader (#11303)

Bug Fixes / Nits

• Fixed an issue with context window + prompt helper (#11379)
• Moved OpenSearch vector store to BasePydanticVectorStore (#11400)
• Fixed function calling in fireworks LLM (#11363)
• Made cohere embedding types more automatic (#11288)
• Improve function calling in react agent (#11280)
• Fixed MockLLM imports (#11376)

[0.10.12] - 2024-02-22

New Features

• Added llama-index-postprocessor-colbert-rerank package (#11057)
• MyMagicAI LLM (#11263)
• MariaTalk LLM (#10925)
• Add retries to github reader (#10980)
• Added FireworksAI embedding and LLM modules (#10959)

Bug Fixes / Nits

• Fixed string formatting in weaviate (#11294)
• Fixed off-by-one error in semantic splitter (#11295)
• Fixed download_llama_pack for multiple files (#11272)
• Removed BUILD files from packages (#11267)
• Loosened python version reqs for all packages (#11267)
• Fixed args issue with chromadb (#11104)

[0.10.11] - 2024-02-21

Bug Fixes / Nits

• Fixed multi-modal LLM for async acomplete (#11064)
• Fixed issue with llamaindex-cli imports (#11068)

[0.10.10] - 2024-02-20

I'm still a bit wonky with our publishing process -- apologies. This is just a version bump to ensure the changes that were supposed to happen in 0.10.9 actually did get published. (AF)

... (truncated)

Commits

• 6d642a0 Logan/release v0.10.13 (#11408)
• 78a4c9e fix prompt helper init (#11379)
• 52383c7 Update opensearch vectorstore to PydanticVectorStore class (#11400)
• 4077fee Astra DB Vector store, package rename for naming consistency (#11056)
• 65290f5 Alpha Tuning Llama Pack: KodaRetriever (#11311)
• 70d4a5c Only firefunction is function calling (#11363)
• 3a10235 Elastic Search retrieval : Bug Fix for Cases when No Relationships Detected (...
• 0b13b8d Add support for mistral-large (#11398)
• 1f48dd9 Astra DB clients identify themselves as coming through LlamaIndex usage (#11396)
• 6024956 Last token pooling for Huggingface models like SFR-Embedding-Mistral (#11373)
• Additional commits viewable in compare view

Updates langchain from 0.1.0 to 0.2.3

Release notes

Sourced from langchain's releases.

langchain==0.2.3

Release langchain==0.2.3

Changes since langchain==0.2.2

langchain[patch]: Release 0.2.3 (#22644) multiple: get rid of pyproject extras (#22581) langchain[minor]: add universal init_model (#22039)

langchain-together==0.1.3

Release langchain-together==0.1.3

Changes since langchain-together==0.1.2

together: bump langchain-core (#22616) together[patch]: Release 0.1.3 (#22615) together, upstage: bump minimum langchain-openai version (#22505) infra: rm unused # noqa violations (#22049) partners: bump core in packages implementing ls_params (#21868) core, standard tests, partner packages: add test for model params (#21677)

langchain-community==0.2.3

Release langchain-community==0.2.3

Changes since langchain-community==0.2.2

community[patch]: Release 0.2.3 (#22562) community[patch]: improve test setup to accurately test filtering of labels in neo4j (#22531) community[minor]: Add support for metadata indexing policy in Cassandra vector store (#22548) community[minor]: add user agent for web scraping loaders (#22480) community[minor]: Add native async support to SQLChatMessageHistory (#22065) community[minor]: Improve InMemoryVectorStore with ability to persist to disk and filter on metadata. (#22186) community[patch]: add detailed paragraph and example for BaichuanTextEmbeddings (#22031) community[minor]: Added filter search for LanceDB (#22461) community: fix huggingface deprecations (#22522) community[minor]: Vectara Integration Update - Streaming, FCS, Chat, updates to documentation and example notebooks (#21334)

langchain-nomic==0.1.2

Release langchain-nomic==0.1.2

Changes since langchain-nomic==0.1.1

nomic[patch]: Release 0.1.2 (#22561) embeddings: nomic embed vision (#22482)

langchain-mongodb==0.1.6

Release langchain-mongodb==0.1.6

Changes since langchain-mongodb==0.1.5

mongodb[patch]: Release 0.1.6 (#22501) community, milvus, pinecone, qdrant, mongo: Broadcast operation failure while using simsimd beyond v3.7.7 (#22271) infra: rm unused # noqa violations (#22049)

langchain-milvus==0.1.1

... (truncated)

Commits

• fe2e5a3 langchain[patch]: Release 0.2.3 (#22644)
• a24a9c6 multiple: get rid of pyproject extras (#22581)
• 4367e89 core[patch]: Release 0.2.5 (#22642)
• 28f744c core[patch]: Correctly order parent ids in astream events (from root to immed...
• 8359261 updated oracleai_demo.ipynb (#22635)
• 035a9c9 core[minor]: Add parent_ids to astream_events API (#22563)
• 67e58fd docs[patch]: Fix diffbot docs (#22584)
• 6b8963a docs: Add information about run time binding values to tools (#22623)
• aa49163 docs[patch]: typo in AutoGPT example notebook (#22631)
• ffe75d1 docs: typo in dev container documentation (#22630)
• Additional commits viewable in compare view

Updates requests from 2.31.0 to 2.32.2

Release notes

Sourced from requests's releases.

v2.32.2

2.32.2 (2024-05-21)

Deprecations

• To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

  A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

v2.32.1

2.32.1 (2024-05-20)

Bugfixes

• Add missing test certs to the sdist distributed on PyPI.

v2.32.0

2.32.0 (2024-05-20)

🐍 PYCON US 2024 EDITION 🐍

Security

• Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

• verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
• Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

Bugfixes

• Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (#6589)
• Fixed deserialization bug in JSONDecodeError. (#6629)
• Fixed bug where an extra leading / (path separator) could lead urllib3 to unnecessarily reparse the request URI. (#6644)

... (truncated)

Changelog

Sourced from requests's changelog.

2.32.2 (2024-05-21)

Deprecations

• To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

  A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

2.32.1 (2024-05-20)

Bugfixes

• Add missing test certs to the sdist distributed on PyPI.

2.32.0 (2024-05-20)

Security

• Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (

[netlify]

✅ Deploy Preview for localai ready!

Name	Link
🔨 Latest commit	0c0d376
🔍 Latest deploy log	https://app.netlify.com/sites/localai/deploys/66916a3cd1f6b500081ba3da
😎 Deploy Preview	https://deploy-preview-2726--localai.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[dave-gray101]

@dependabot recreate

[dependabot]

The dependabot.yml entry that created this PR has been deleted so this PR can't be recreated. Please close the PR so Dependabot can create a new one with the current dependabot.yml.

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml