Sourced from click's releases.

8.4.0

This is the Click 8.4.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecation, or introduce potentially breaking changes.

We encourage everyone to upgrade. You can read more about our Version Support Policy on our website.

PyPI: https://pypi.org/project/click/8.4.0/ Changes: https://click.palletsprojects.com/page/changes/#version-8-4-0 Milestone https://github.com/pallets/click/milestone/30

• ParamType typing improvements. #3371

  • :class:ParamType is now a generic abstract base class, parameterized by its converted value type.
  • :meth:~ParamType.convert return types are narrowed on all concrete types (str for :class:STRING, int for :class:INT, etc.).
  • :meth:~ParamType.to_info_dict returns specific :class:~typing.TypedDict subclasses instead of dict[str, Any].
  • :class:CompositeParamType and the number-range base are now generic with abstract methods.

• Refactor convert_type to extract type inference into a private _guess_type helper, and add :func:typing.overload signatures. #3372

• Parameter typing improvements. #2805

  • :class:Parameter is now an abstract base class, making explicit that it cannot be instantiated directly.
  • :attr:Parameter.name is now str instead of str | None. When expose_value=False, the name is set to "" instead of None.
  • The ctx parameter of :meth:Parameter.get_error_hint is now typed as Context | None, matching the runtime behavior.

• Split string values from default_map for parameters with nargs > 1 or :class:Tuple type, matching environment variable behavior. #2745 #3364

• Auto-detect type=UNPROCESSED for flag_value of non-basic types (not str, int, float, or bool), so programmer-provided Python objects like classes and enum members are passed through unchanged instead of being stringified. Previously type=click.UNPROCESSED had to be set explicitly. #2012 #3363

• The error hint now uses Command.get_help_option_names to pick non-shadowed help option names, so Try '... -h' no longer points to a subcommand option that shadows -h. All surviving names are shown (-h/--help). #2790 #3208

• Fix readline functionality on non-Windows platforms. Prompt text is now passed directly to readline instead of being printed separately, allowing proper backspace, line editing, and line wrapping behavior. #2968

... (truncated)

Sourced from click's changelog.

Version 8.4.0

Released 2026-05-17

• :class:ParamType typing improvements. :pr:3371

  • :class:ParamType is now a generic abstract base class, parameterized by its converted value type.
  • :meth:~ParamType.convert return types are narrowed on all concrete types (str for :class:STRING, int for :class:INT, etc.).
  • :meth:~ParamType.to_info_dict returns specific :class:~typing.TypedDict subclasses instead of dict[str, Any].
  • :class:CompositeParamType and the number-range base are now generic with abstract methods.

• Refactor convert_type to extract type inference into a private _guess_type helper, and add :func:typing.overload signatures. :pr:3372

• :class:Parameter typing improvements. :pr:2805

  • :class:Parameter is now an abstract base class, making explicit that it cannot be instantiated directly.
  • :attr:Parameter.name is now str instead of str | None. When expose_value=False, the name is set to "" instead of None.
  • The ctx parameter of :meth:Parameter.get_error_hint is now typed as Context | None, matching the runtime behavior.

• Split string values from default_map for parameters with nargs > 1 or :class:Tuple type, matching environment variable behavior. :issue:2745 :pr:3364

• Auto-detect type=UNPROCESSED for flag_value of non-basic types (not str, int, float, or bool), so programmer-provided Python objects like classes and enum members are passed through unchanged instead of being stringified. Previously type=click.UNPROCESSED had to be set explicitly. :issue:2012 :pr:3363

• The error hint now uses :meth:Command.get_help_option_names to pick non-shadowed help option names, so Try '... -h' no longer points to a subcommand option that shadows -h. All surviving names are shown (-h/--help). :issue:2790 :pr:3208

• Fix readline functionality on non-Windows platforms. Prompt text is now passed directly to readline instead of being printed separately, allowing proper backspace, line editing, and line wrapping behavior. :issue:2968 :pr:2969

• Use :func:os.startfile on Windows to open URLs in :func:open_url, replacing the start built-in which cannot be invoked without shell=True. :issue:3164 :pr:3186

• Fix Fish shell completion errors when option help text contains newlines. :issue:3043 :pr:3126

... (truncated)

• 41f410f Release 8.4.0
• e3e69e3 Add type annotations for instance attributes in utils (#3422)
• 3bb230d WIP: Fix HelpFormatter.write_usage producing spurious characters (#3434)
• 63274a7 click.get_pager_file: add tests (#1572 followup) (#3405)
• 0551bf5 Fix HelpFormatter.write_usage producing spurious characters
• fc41aa1 Apply class-body annotations to KeepOpenFile for consistency
• b761eda Skip some tests on Windows
• 98302ac Check PAGER usage, color preservation and edge-cases
• dbdae17 Fix documentation
• 1aa2d53 Redesigned tests and get_pager_file branching to be more clear and not set color
• Additional commits viewable in compare view

Sourced from myst-parser's releases.

v5.1.0

✨ New Features

• ✨ Add "alert" syntax extension for GFM alerts (e.g. > [!NOTE]), see docs by @​chrisjsewell in #1128
• ✨ Add "gfm_autolink" syntax extension for GFM autolinks, see docs by @​chrisjsewell in #1128
• ✨ Add myst_strikethrough_single_tilde config option to allow single tilde (~) for strikethrough by @​chrisjsewell in #1128
• ✨ Add myst_colon_fence_exact_match config option to require the closing colon fence to have exactly the same number of colons as the opening, see docs by @​chrisjsewell in #1128

👌 Improvements

• 👌 Update myst_gfm_only mode to use the unified gfm_plugin, which now includes GFM autolinks, alerts, and improved strikethrough/tasklist handling by @​chrisjsewell in #1128
• 👌 Improve MathJax 4 compatibility for Sphinx 9 by @​chrisjsewell in #1110
• 👌 Stop directive-option parsing at colon fences, fixing nested colon fence directives by @​chrisjsewell in #1133

🐛 Bug Fixes

• 🐛 Use docname instead of source path in warning locations by @​chrisjsewell in #1114
• 🐛 Correctly encode & in Markdown URLs by not HTML-escaping refuri by @​chrisjsewell in #1126
• 🐛 Fix RemovedInSphinx10Warning for inventory item iteration by @​chrisjsewell in #1129
• 🐛 Pin mdit-py-plugins>=0.6.1 for nested field list fix by @​chrisjsewell in #1134

⬆️ Dependency Upgrades

• ⬆️ Upgrade to markdown-it-py~=4.2 and mdit-py-plugins~=0.6 by @​chrisjsewell in #1128
• ⬆️ Update pygments requirement from <2.20 to <2.21 by @​chrisjsewell in #1117

New Contributors

• @​mb made their first contribution in executablebooks/MyST-Parser#1126
• @​Bizordec made their first contribution in executablebooks/MyST-Parser#1114
• @​ilia-kats made their first contribution in executablebooks/MyST-Parser#1110

Full Changelog: executablebooks/MyST-Parser@v5.0.0...v5.1.0

Sourced from myst-parser's changelog.

5.1.0 - 2026-05-13

✨ New Features

• ✨ Add "alert" syntax extension for GFM alerts (e.g. > [!NOTE]), see by gh-user:chrisjsewell in gh-pr:1128
• ✨ Add "gfm_autolink" syntax extension for GFM autolinks, see by gh-user:chrisjsewell in gh-pr:1128
• ✨ Add myst_strikethrough_single_tilde config option to allow single tilde (~) for strikethrough by gh-user:chrisjsewell in gh-pr:1128
• ✨ Add myst_colon_fence_exact_match config option to require the closing colon fence to have exactly the same number of colons as the opening, see by gh-user:chrisjsewell in gh-pr:1128

👌 Improvements

• 👌 Update myst_gfm_only mode to use the unified gfm_plugin, which now includes GFM autolinks, alerts, and improved strikethrough/tasklist handling by gh-user:chrisjsewell in gh-pr:1128
• 👌 Improve MathJax 4 compatibility for Sphinx 9 by gh-user:chrisjsewell in gh-pr:1110
• 👌 Stop directive-option parsing at colon fences, fixing nested colon fence directives by gh-user:chrisjsewell in gh-pr:1133

🐛 Bug Fixes

• 🐛 Use docname instead of source path in warning locations by gh-user:chrisjsewell in gh-pr:1114
• 🐛 Correctly encode & in Markdown URLs by not HTML-escaping refuri by gh-user:chrisjsewell in gh-pr:1126
• 🐛 Fix RemovedInSphinx10Warning for inventory item iteration by gh-user:chrisjsewell in gh-pr:1129
• 🐛 Pin mdit-py-plugins>=0.6.1 for nested field list fix by gh-user:chrisjsewell in gh-pr:1134

⬆️ Dependency Upgrades

• ⬆️ Upgrade to markdown-it-py~=4.2 and mdit-py-plugins~=0.6 by gh-user:chrisjsewell in gh-pr:1128
• ⬆️ Update pygments requirement from <2.20 to <2.21 by gh-user:chrisjsewell in gh-pr:1117

Full Changelog: v5.0.0...v5.1.0

5.0.0 - 2026-01-15

This release significantly bumps the supported versions of core dependencies:

‼️ Breaking Changes

This release updates the minimum supported versions:

• Python: >=3.11 (dropped Python 3.10, tests up to 3.14)
• Sphinx: >=8,<10 (dropped Sphinx 7, added Sphinx 9)
• Docutils: >=0.20,<0.23 (dropped docutils 0.19, added docutils 0.22)
• markdown-it-py: ~=4.0 (upgraded from v3)

⬆️ Dependency Upgrades

• ⬆️ Upgrade to markdown-it-py v4 by gh-user:chrisjsewell in gh-pr:1060
• ⬆️ Drop Python 3.10 and Sphinx 7 by gh-user:chrisjsewell in gh-pr:1059
• ⬆️ Drop docutils 0.19 by gh-user:chrisjsewell in gh-pr:1061
• ⬆️ Add support for Python 3.14 by gh-user:chrisjsewell in gh-pr:1075
• ⬆️ Support Sphinx v9 by gh-user:chrisjsewell in gh-pr:1076
• ⬆️ Allow docutils 0.22 by gh-user:chrisjsewell in gh-pr:1084

... (truncated)

• 2871eb9 🚀 Release v5.1.0 (#1135)
• cc5db37 🐛 FIX: Pin mdit-py-plugins>=0.6.1 for nested field list fix (#1134)
• 4ce57f9 👌 Stop directive-option parsing at colon fences (#1133)
• cfcc327 ⬆️ Bump mypy from 2.0.0 to 2.1.0 (#1131)
• 691738c ⬆️ Bump ruff from 0.15.10 to 0.15.12 (#1132)
• 0fb1ae9 👌 IMPROVE: MathJax 4 compatibility (Sphinx 9) (#1110)
• f153b4b ⬆️ Bump actions/setup-python from 5 to 6 (#1092)
• 93acf8d [pre-commit.ci] pre-commit autoupdate (#1095)
• a5f1d69 ⬆️ Update pygments requirement from <2.20 to <2.21 (#1117)
• 8381296 🐛 FIX: Use docname instead of source path in warning locations (#1114)
• Additional commits viewable in compare view

Sourced from requests's releases.

v2.34.2

2.34.2 (2026-05-14)

• Moved headers input type back to Mapping to avoid invariance issues with MutableMapping and inferred dict types. Users calling Request.headers.update() may need to narrow typing in their code. (#7441)

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14

Sourced from requests's changelog.

2.34.2 (2026-05-14)

• Moved headers input type back to Mapping to avoid invariance issues with MutableMapping and inferred dict types. Users calling Request.headers.update() may need to narrow typing in their code. (#7441)

2.34.1 (2026-05-13)

Bugfixes

• Widened json input type from dict and list to Mapping and Sequence. (#7436)
• Changed headers input type to MutableMapping and removed None from Request.headers typing to improve handling for users. (#7431)
• Response.reason moved from str | None to str to improve handling for users. (#7437)
• Fixed a bug where some bodies with custom __getattr__ implementations weren't being properly detected as Iterables. (#7433)

2.34.0 (2026-05-11)

Announcements

• Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue.

  Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for helping review and test the types ahead of the release. (#7272)

Improvements

• Digest Auth hashing algorithms have added usedforsecurity=False to clarify security considerations. (#7310)
• Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. (#7422)
• Requests added support for Python 3.14t. (#7419)

Bugfixes

• Response.history no longer contains a reference to itself, preventing accidental looping when traversing the history list. (#7328)
• Requests no longer performs greedy matching on no_proxy domains. The proxy_bypass implementation has been updated with CPython's fix from bpo-39057. (#7427)
• Requests no longer incorrectly strips duplicate leading slashes in URI paths. This should address user issues with specific presigned URLs. Note the full fix requires urllib3 2.7.0+. (#7315)

... (truncated)

• 6e83187 v2.34.2
• 84d10f0 Move Request.headers back to Mapping (#7441)
• b7b549b v2.34.1
• e511bc7 Fix mutability issues with headers input types (#7431)
• 5691f59 Update JsonType containers to read-based collections (#7436)
• 2144213 Constrain Response.reason to str (#7437)
• 6404f34 Fix prepare_body stream detection for __getattr__-based file wrappers (#7...
• See full diff in compare view

Sourced from uv-build's releases.

0.11.15

Release Notes

Released on 2026-05-18.

Security

• Fix a TAR parser differential, see GHSA-3cv2-h65g-fgmm (#19463)
• Enforce that entry points cannot escape in the scripts directory, see GHSA-4gg8-gxpx-9rph (#19464)

Enhancements

• Add TOML v1.1 -> v1.0 backwards compatibility for source distributions (#18741)
• Add support for Azure request signing (#19421)
• Apply stricter validation to all wheel filename segments (#19364)
• Reject empty strings as an invalid package name (#19435)
• Use structured errors for signing authentication failures (#19422)

Preview

• uv audit: Add JSON output (#19305)

Configuration

• Respect required-environments in uv pip compile (#19378)

Performance

• Avoid parsing JSON manifest when local Python is available (#19398)
• Avoid walking nested directories in linker conflict registration (#19382)
• Optimize async wheel ZIP writing (#19383)
• Fix dead "already trimmed" fast-path in Version::only_release_trimmed (#19425)

Bug fixes

• Apply workspace-member [tool.uv.sources] credentials under uv sync --frozen (#19423)
• Skip empty directories in uv build outputs (#19437)
• Fix Git submodule handling when using relative paths (#12156)
• Fix line number reporting in netrc parsing (#19452)

Documentation

• Move Bazel auth helper setup into integration guide (#19392)

Install uv 0.11.15

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.15/uv-installer.sh | sh
</tr></table> 

... (truncated)

Sourced from uv-build's changelog.

0.11.15

Released on 2026-05-18.

Security

• Fix a TAR parser differential, see GHSA-3cv2-h65g-fgmm (#19463)
• Enforce that entry points cannot escape in the scripts directory, see GHSA-4gg8-gxpx-9rph (#19464)

Enhancements

• Add TOML v1.1 -> v1.0 backwards compatibility for source distributions (#18741)
• Add support for Azure request signing (#19421)
• Apply stricter validation to all wheel filename segments (#19364)
• Reject empty strings as an invalid package name (#19435)
• Use structured errors for signing authentication failures (#19422)

Preview

• uv audit: Add JSON output (#19305)

Configuration

• Respect required-environments in uv pip compile (#19378)

Performance

• Avoid parsing JSON manifest when local Python is available (#19398)
• Avoid walking nested directories in linker conflict registration (#19382)
• Optimize async wheel ZIP writing (#19383)
• Fix dead "already trimmed" fast-path in Version::only_release_trimmed (#19425)

Bug fixes

• Apply workspace-member [tool.uv.sources] credentials under uv sync --frozen (#19423)
• Skip empty directories in uv build outputs (#19437)
• Fix Git submodule handling when using relative paths (#12156)
• Fix line number reporting in netrc parsing (#19452)

Documentation

• Move Bazel auth helper setup into integration guide (#19392)

0.11.14

Released on 2026-05-12.

Enhancements

• Add Astral mirror URL override (#19206)

... (truncated)

• 3cffe97 Fix crates.io publish script lockfile (#19473)
• de16a7b Bump version to 0.11.15 (#19472)
• cf826cc Disable test_simultaneous_create_set_then_move on Linux (#19469)
• 2d566bc Allow retry of custom-publish-crates separately from announce (#19470)
• 0588b8f Run release builds on maturin version bumps in CI (#19466)
• 9a65753 Enforce that entry points cannot escape in the scripts directory (#19464)
• d77d849 Revert "Update maturin to v1.13.2 (#19445)" (#19465)
• 5373e96 Update Rust crate rustls to v0.23.40 (#19250)
• fb8d3d4 Update Rust crate rustls-pki-types to v1.14.1 (#19251)
• 078480d Configure maturin and uv so uv run can be used to work on uv itself (#19461)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions