Skip to content

chore(deps): bump the dependencies group across 1 directory with 8 updates#35

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/dependencies-02e3619c09
Open

chore(deps): bump the dependencies group across 1 directory with 8 updates#35
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/dependencies-02e3619c09

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 13, 2026

Copy link
Copy Markdown
Contributor

Updates the requirements on opensearch-py, boto3, requests-aws4auth, aws-cdk-lib, constructs, beautifulsoup4, pandas and pyarrow to permit the latest version.
Updates opensearch-py from 3.1.0 to 3.2.0

Release notes

Sourced from opensearch-py's releases.

v3.2.0

What's Changed

New Contributors

Full Changelog: opensearch-project/opensearch-py@v3.1.0...v3.2.0

Changelog

Sourced from opensearch-py's changelog.

[3.2.0]

Added

  • Add dependency on opensearch-protobufs to provide client libraries for gRPC transport (#977)
  • Add ML Commons plugin documentation (#992)

Updated APIs

Changed

Deprecated

Removed

Fixed

  • Fixed AWSV4Signer.sign() not passing custom headers to AWSRequest, causing x-amz-* headers to be excluded from SigV4 signature (#1034)
  • Fixed AWSV4Signer.sign() not setting X-Amz-Content-SHA256 before SigV4Auth.add_auth(), causing the header to be absent from SignedHeaders in the Authorization header. The fix uses a guarded assignment that preserves caller-provided values (e.g., UNSIGNED-PAYLOAD, precomputed hashes) (#1038, #1039)
  • Fixed the linkchecker CI step (#987)

Security

Dependencies

  • Bump pytest-asyncio from <=1.2.0 to <=1.3.0 (#984)
  • Bump actions/checkout from 5 to 6 (#986)
  • Bump codecov/codecov-action from 4 to 5 (#985)
  • Bump actions/upload-artifact from 5 to 6 (#989)
  • Bump actions/download-artifact from 6 to 7 (#988)
  • Bump peter-evans/create-pull-request from 7 to 8 (#990)
  • Bump opensearch-protobufs from 0.19.0 to 1.2.0 (#1000)
Commits
  • 8991792 fix(signer): Include X-Amz-Content-SHA256 in SignedHeaders (#1038) (#1039)
  • d8a8c57 Fix AWSV4Signer.sign() not passing headers to AWSRequest (#1035)
  • 6551595 Bump opensearch protobufs - 1.2.0. (#1000)
  • 94ae310 Fix CI failures due to API spec updates (#1007)
  • 1ce5b46 fix(docs): use keyword arguments in security API examples (#1004)
  • 9b6d240 Bump peter-evans/create-pull-request from 7 to 8 (#990)
  • 02c5dcc Bump actions/download-artifact from 6 to 7 (#988)
  • fa8a862 Bump actions/upload-artifact from 5 to 6 (#989)
  • f5ef694 Updated opensearch-py to reflect the latest OpenSearch API spec (2026-01-22) ...
  • 10ab792 ci: fix mypy type ignore for untyped decorator in tests (#993)
  • Additional commits viewable in compare view

Updates boto3 from 1.42.84 to 1.43.46

Commits
  • c7888d6 Merge branch 'release-1.43.46'
  • 1479621 Bumping version to 1.43.46
  • 54abdb4 Add changelog entries from botocore
  • 75de637 Merge branch 'release-1.43.45'
  • d3449aa Merge branch 'release-1.43.45' into develop
  • 497253d Bumping version to 1.43.45
  • 5e9768e Add changelog entries from botocore
  • 19a915b Merge branch 'release-1.43.44'
  • 1b69a06 Merge branch 'release-1.43.44' into develop
  • b0e3f6a Bumping version to 1.43.44
  • Additional commits viewable in compare view

Updates requests-aws4auth from 1.3.1 to 1.3.2

Release notes

Sourced from requests-aws4auth's releases.

v1.3.2

What's Changed

Full Changelog: tedder/requests-aws4auth@v1.3.1...v1.3.2

Changelog

Sourced from requests-aws4auth's changelog.

1.3.2 (2026-05-01)

Changes

Commits
  • 3dda9dc history and version
  • c9cd06a update py versions; use session token for live tests
  • 6e58b3e fix additional deprecation warnings for UTC; ensure pre-py311 compat
  • b7acfe8 Fix Deprecated datetime.datetime.utcnow()
  • 89399ca update release instructions
  • See full diff in compare view

Updates aws-cdk-lib from 2.248.0 to 2.261.0

Release notes

Sourced from aws-cdk-lib's releases.

v2.261.0

⚠ BREAKING CHANGES

  • ** L1 resources are automatically generated from public CloudFormation Resource Schemas. They are built to closely reflect the real state of CloudFormation. Sometimes these updates can contain changes that are incompatible with previous types, but more accurately reflect reality. In this release we have changed:
  • aws-cloudwatch: AWS::CloudWatch::LogAlarm: QueryLanguage property has been removed from the ScheduledQueryConfiguration type.
  • aws-elasticloadbalancing: AWS::ElasticLoadBalancing::LoadBalancer: Id attribute has been removed and the primary identifier is now LoadBalancerName.

Features

  • update L1 CloudFormation resource definitions (#38189) (5aabd32)
  • core: add git source metadata to CloudFormation templates (#37368) (765271b)
  • rds: support native Secrets Manager integration for RDS Cluster and Instance (#35734) (07d5623), closes #29239

Bug Fixes


Alpha modules (2.261.0-alpha.0)

Features

  • metrics-facade-alpha: generate metrics facades (#37334) (aa9beb0)

v2.260.0

Features

Bug Fixes

  • bundling: docker build can be skipped if already performed (#38134) (2f9ae95)
  • core: stack traces contain decorator paths (#38130) (318f645)
  • core: weak cross-stack references fail for list attributes (#37948) (6bb9d75), closes #37910
  • lambda-nodejs: reuse posixShellEscape for Docker bundling file operations (#38133) (baa9e1d)

Alpha modules (2.260.0-alpha.0)

v2.259.0

⚠ BREAKING CHANGES

  • lambda: Runtime.NODEJS_LATEST now resolves to nodejs24.x in every region. Customers who pin to a concrete runtime (Runtime.NODEJS_22_X, useLatestRuntimeVersion: false in aws-lambda-nodejs.NodejsFunction) are unaffected. Existing AWS::Lambda::Function resources synthesized with NODEJS_LATEST will see Runtime: nodejs22.xRuntime: nodejs24.x on next deploy. Lambda accepts runtime updates in place.

    Customer-code compatibility — IMPORTANT: Node.js 24 removes support for callback-style asynchronous handlers ((event, context, callback) => {...}) per the launch blog. Customers whose Lambda code still uses callback-based handlers will see runtime errors after the bump. Customers should migrate to async (event, context) => {...} or pin to Runtime.NODEJS_22_X explicitly.

... (truncated)

Changelog

Sourced from aws-cdk-lib's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

2.261.0-alpha.0 (2026-07-02)

Features

  • metrics-facade-alpha: generate metrics facades (#37334) (aa9beb0)

2.260.0-alpha.0 (2026-06-16)

2.259.0-alpha.0 (2026-06-11)

2.258.1-alpha.0 (2026-06-08)

2.258.0-alpha.0 (2026-06-04)

Features

  • integ-tests-alpha: add option to set the provider log level (#38005) (c634a79)

Bug Fixes

  • custom-resource-handlers: deterministic asset hashes for generated lambdas (#37634) (6c3d5bc), closes #34307
  • glue-alpha: deprecate Ray Jobs (#38055) (3fa428b)
  • glue-alpha: restore notifyDelayAfter to PySpark and Scala Spark ETL jobs (#37815) (05be88a), closes #33839
  • integ-tests-alpha: assertion failures print too much unnecessary information (#37974) (bc0de1d)
  • mediapackagev2-alpha: cdnAuth on OriginEndpoint now generates the required policy (#38013) (1d56b46)

2.257.0-alpha.0 (2026-05-21)

2.256.1-alpha.0 (2026-05-20)

2.256.0-alpha.0 (2026-05-19)

2.255.0-alpha.0 (2026-05-18)

Features

  • bedrock-agentcore-alpha: Graduation of the library to stable. The Policy submodule is the only submodule that remains in alpha. All other constructs have graduated to stable in aws-cdk-lib/aws-bedrockagentcore and we recommend migrating to the stable versions (#37876) (00cf601)

2.254.0-alpha.0 (2026-05-13)

Features

... (truncated)

Commits
  • f3c62b6 chore(release): 2.261.0 (#38237)
  • 65fdd58 chore(release): document L1 breaking changes for 2.261.0
  • 1be62ae chore: update analytics metadata blueprints
  • ee07ddf chore(release): 2.261.0
  • a5da749 chore(aws-cdk-lib): remove unused table dependency (CVE-2026-13676) (#38235)
  • 5aabd32 feat: update L1 CloudFormation resource definitions (#38189)
  • ea153ff chore: refactor some integ tests to not use deprecated APIs (#38146)
  • 96508bd chore: update Contributors File (#38224)
  • 2c6988d chore(ec2): add g7e instance class (NVIDIA Blackwell B200) (#37971)
  • aa9beb0 feat(metrics-facade-alpha): generate metrics facades (#37334)
  • Additional commits viewable in compare view

Updates constructs to 10.6.0

Release notes

Sourced from constructs's releases.

v10.6.0

10.6.0 (2026-03-23)

Features

  • add stackTraceOverride option to MetadataOptions (#2853) (f1fd286)
Commits

Updates beautifulsoup4 from 4.14.3 to 4.15.0

Updates pandas to 3.0.3

Release notes

Sourced from pandas's releases.

pandas 3.0.3

We are pleased to announce the release of pandas 3.0.3. This is a patch release in the 3.0.x series and includes some regression fixes and bug fixes. We recommend that all users of the 3.0.x series upgrade to this version.

See the full whatsnew for a list of all the changes.

Pandas 3.0 supports Python 3.11 and higher. The release can be installed from PyPI:

python -m pip install --upgrade pandas==3.0.*

Or from conda-forge

conda install -c conda-forge pandas=3.0

Please report any issues with the release on the pandas issue tracker.

Thanks to all the contributors who made this release possible.

Commits
  • 72f2fea RLS: 3.0.3 (#65590)
  • 2897590 Backport PR #65436 on branch 3.0.x (Account for privatization of matplotlib `...
  • 49894b5 Backport PR #65499 on branch 3.0.x (BUG: fix check if pyarrow is installed in...
  • 1c6d1e3 [backport 3.0.x] PERF: remove special casing for zoneinfo in tz_localize_to_u...
  • 2a54711 Backport PR #64379 on branch 3.0.x (PERF: improve performance with ZoneInfo t...
  • 036bb7c Backport PR #65482 on branch 3.0.x (PERF: don't call unique on dtypes for che...
  • bf4c182 Backport PR #65410 on branch 3.0.x (TST: also convert str index to object in ...
  • dd02d75 [backport 3.0.x] BUG: keep fsspec OpenFile alive for chained URL reads (#6547...
  • aef3d0f [backport 3.0.x] CI: lowercase types-pymysql/types-pyyaml to fix mamba 2.6.0 ...
  • bb8e248 Backport PR #65399 on branch 3.0.x (DOC: fix source link for classes in the r...
  • Additional commits viewable in compare view

Updates pyarrow to 25.0.0

Release notes

Sourced from pyarrow's releases.

Apache Arrow 25.0.0

Release Notes URL: https://arrow.apache.org/release/25.0.0.html

Commits
  • 59bea6e MINOR: [Release] Update versions for 25.0.0
  • 381fab6 MINOR: [Release] Update .deb/.rpm changelogs for 25.0.0
  • 7f72d5b MINOR: [Release] Update CHANGELOG.md for 25.0.0
  • fe2f85c GH-50336: [Release][Archery] Fix archery GitHub integration for release scrip...
  • c658548 GH-50293: [CI] Run check-labels for all triggers to avoid cancelling further ...
  • f83c8ca GH-50330: [C++][R][Parquet] Add missing typename in RleBitPackedDecoderGetRun...
  • 35e0f63 GH-50318: [R][CI] Install missing libpng-dev for test-r-linux-as-cran (#50328)
  • 61ca7a9 GH-50295: [C++][R] #include <ranges> in vector_select_k.cc breaks macOS CRAN ...
  • 1b6edb8 GH-50291: [Python][Packaging] Stop using nightly build dependencies for build...
  • e183ea9 MINOR: [Docs] Add Timestamp With Offset to canonical extension types status (...
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…dates

Updates the requirements on [opensearch-py](https://github.com/opensearch-project/opensearch-py), [boto3](https://github.com/boto/boto3), [requests-aws4auth](https://github.com/tedder/requests-aws4auth), [aws-cdk-lib](https://github.com/aws/aws-cdk), [constructs](https://github.com/aws/constructs), [beautifulsoup4](https://www.crummy.com/software/BeautifulSoup/bs4/), [pandas](https://github.com/pandas-dev/pandas) and [pyarrow](https://github.com/apache/arrow) to permit the latest version.

Updates `opensearch-py` from 3.1.0 to 3.2.0
- [Release notes](https://github.com/opensearch-project/opensearch-py/releases)
- [Changelog](https://github.com/opensearch-project/opensearch-py/blob/main/CHANGELOG.md)
- [Commits](opensearch-project/opensearch-py@v3.1.0...v3.2.0)

Updates `boto3` from 1.42.84 to 1.43.46
- [Release notes](https://github.com/boto/boto3/releases)
- [Commits](boto/boto3@1.42.84...1.43.46)

Updates `requests-aws4auth` from 1.3.1 to 1.3.2
- [Release notes](https://github.com/tedder/requests-aws4auth/releases)
- [Changelog](https://github.com/tedder/requests-aws4auth/blob/main/HISTORY.md)
- [Commits](tedder/requests-aws4auth@v1.3.1...v1.3.2)

Updates `aws-cdk-lib` from 2.248.0 to 2.261.0
- [Release notes](https://github.com/aws/aws-cdk/releases)
- [Changelog](https://github.com/aws/aws-cdk/blob/main/CHANGELOG.v2.alpha.md)
- [Commits](aws/aws-cdk@v2.248.0...v2.261.0)

Updates `constructs` to 10.6.0
- [Release notes](https://github.com/aws/constructs/releases)
- [Commits](aws/constructs@v10.0.0...v10.6.0)

Updates `beautifulsoup4` from 4.14.3 to 4.15.0

Updates `pandas` to 3.0.3
- [Release notes](https://github.com/pandas-dev/pandas/releases)
- [Commits](pandas-dev/pandas@v2.0.0...v3.0.3)

Updates `pyarrow` to 25.0.0
- [Release notes](https://github.com/apache/arrow/releases)
- [Commits](apache/arrow@go/v14.0.0...apache-arrow-25.0.0)

---
updated-dependencies:
- dependency-name: opensearch-py
  dependency-version: 3.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: boto3
  dependency-version: 1.43.46
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: requests-aws4auth
  dependency-version: 1.3.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: aws-cdk-lib
  dependency-version: 2.261.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: constructs
  dependency-version: 10.6.0
  dependency-type: direct:production
  dependency-group: dependencies
- dependency-name: beautifulsoup4
  dependency-version: 4.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: pandas
  dependency-version: 3.0.3
  dependency-type: direct:production
  dependency-group: dependencies
- dependency-name: pyarrow
  dependency-version: 25.0.0
  dependency-type: direct:production
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jul 13, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: python. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants