fix(deps): update all non-major dependencies

[a-klos]

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update	Pending
authlib	1.6.12 -> 1.7.2			dependencies	minor
azure-core (source)	1.38.0 -> 1.41.0			dependencies	minor
boto3	1.42.49 -> 1.43.18			dependencies	minor	1.43.24 (+5)
boto3	1.42.44 -> 1.43.18			dependencies	minor	1.43.24 (+5)
botocore	1.42.49 -> 1.43.18			dependencies	minor	1.43.24 (+5)
conventional-changelog-conventionalcommits (source)	9.1.0 -> 9.3.1			devDependencies	minor
coverage	7.13.4 -> 7.14.1			test	minor
coverage	7.11.3 -> 7.14.1			test	minor
datasets	4.5.0 -> 4.8.5			dependencies	minor
debugpy (source)	1.8.17 -> 1.8.20			dev	patch	1.8.21
dependency-injector	4.48.3 -> 4.49.0			dependencies	minor
docling (changelog)	2.95.0 -> 2.96.0			dependencies	minor	2.97.0 (+1)
fastmcp	3.2.0 -> 3.3.1			dependencies	minor	3.4.2 (+2)
filelock	3.20.3 -> 3.29.0			dependencies	minor	3.29.1
flake8-pyproject (changelog)	1.2.3 -> 1.2.4			lint	patch
langchain (changelog)	1.2.9 -> 1.3.2			dependencies	minor	1.3.4 (+1)
langchain-community (source)	0.4.1 -> 0.4.2			dependencies	patch
langchain-experimental (changelog)	0.4.1 -> 0.4.2			dependencies	patch
langchain-ollama (changelog)	1.0.1 -> 1.1.0			dependencies	minor
langfuse	3.14.1 -> 3.15.0			dependencies	minor
langfuse (source)	1.5.31 -> 1.5.32				patch	1.5.33
langfuse/langfuse	3.175.0 -> 3.176.0				minor	3.178.0 (+2)
langgraph (source, changelog)	1.1.10 -> 1.2.2			dependencies	minor	1.2.4
lxml (source, changelog)	6.1.0 -> 6.1.1			dependencies	patch
mammoth	1.11.0 -> 1.12.0			dependencies	minor
markitdown	0.1.4 -> 0.1.6			dependencies	patch
numpy (changelog)	2.3.5 -> 2.4.6			dependencies	minor
poetry (changelog)	2.3.4 -> 2.4.1			dependencies	minor
protobuf	6.33.5 -> 6.33.6			dependencies	patch
pydantic (changelog)	2.12.5 -> 2.13.4			dependencies	minor
pydantic-settings (changelog)	2.12.0 -> 2.14.1			dependencies	minor
pypandoc	1.16.2 -> 1.17			dependencies	minor
pypandoc-binary	1.16.2 -> 1.17			dependencies	minor
pypandoc_binary	1.16.2 -> 1.17			dependencies	minor
pytest-asyncio (changelog)	1.3.0 -> 1.4.0			test	minor
qdrant-client	1.16.2 -> 1.18.0			dependencies	minor
stackit (source)	~> 0.96.0 -> ~> 0.97.0			required_provider	minor	0.98.0
tesserocr	2.9.2 -> 2.10.0			dependencies	minor
torch	2.10.0+cpu -> 2.12.0+cpu			dependencies	minor
torchvision	^0.25.0 -> ^0.27.0			dependencies	minor
unstructured	0.18.31 -> 0.22.31			dependencies	minor
uvicorn (changelog)	^0.47.0 -> ^0.48.0			dependencies	minor	0.49.0

---

Release Notes

authlib/authlib (authlib)

v1.7.2

Compare Source

What's Changed

• Fix the readme links by @​azmeuk in #​886
• Allow non-recommended algorithms in ClientSecretJWT and PrivateKey by @​azmeuk in #​887
• Validate BCP47 language tags with a regex by @​azmeuk in #​873
• Fix RFC7523 signing with non RSA keys by @​azmeuk in #​884

Full Changelog: authlib/authlib@v1.7.1...v1.7.2

v1.7.1

Compare Source

What's Changed

• Fix authlib.jose deprecation warning poping from _joserfc_helpers by @​azmeuk in #​881
• Fix redirecting to unvalidated redirect_uri on InvalidScopeError in OpenIDImplicitGrant and OpenIDHybridGrant.

Full Changelog: authlib/authlib@v1.7.0...v1.7.1

v1.7.0

Compare Source

What's Changed

• Authorization and token endpoints request empty scope parameter management by @​azmeuk in #​847
• Support from Python 3.10 to 3.14 by @​azmeuk in #​850
• Allow composition of AuthorizationServerMetadata by @​azmeuk in #​853
• Make require_oauth parenthesis optional by @​azmeuk in #​855
• Fix expires_at behavior when its value is 0 by @​azmeuk in #​854
• Migration to joserfc by @​lepture in #​852
• RP-initiated logout by @​frohrlich in #​849
• Fix get_jwt_config by @​lepture in #​858
• chore(ci): Update PyPy version from 3.10 to 3.11 by @​cclauss in #​863
• fix: remove "none" from default authlib.jose.jwt algorithms by @​lepture in #​860
• fix: normalize resolve_client_public_key method by @​lepture in #​861
• Implement rfc9700 PKCE downgrade countermeasure by @​azmeuk in #​864
• Use correct syntax for tox.requires in tox.ini by @​alex-ball in #​868
• Set client session User-Agent when fetching server metadata and JWKs by @​alex-ball in #​867
• fix: use the real application object for Flask by @​nblock in #​869
• Accept the issuer URL as a valid audience by @​azmeuk in #​865
• Don't nest InvalidTokenError extra attribute by @​azmeuk in #​872
• Documentation overhaul by @​azmeuk in #​875
• Update README.md docs.authlib.org/en/latest => docs.authlib.org/en/stable by @​guillett in #​876
• Merge release/1.6 branch by @​lepture in #​877

New Contributors

• @​frohrlich made their first contribution in #​849
• @​cclauss made their first contribution in #​863
• @​alex-ball made their first contribution in #​868
• @​nblock made their first contribution in #​869
• @​guillett made their first contribution in #​876

Full Changelog: authlib/authlib@v1.6.10...v1.7.0

Azure/azure-sdk-for-python (azure-core)

v1.41.0

Compare Source

Features Added

• AZURE_LOG_LEVEL now accepts VERBOSE (case-insensitive) as an alias for DEBUG. #​46668

Other Changes

• Invalid values for the AZURE_LOG_LEVEL, AZURE_TRACING_ENABLED, and AZURE_SDK_TRACING_IMPLEMENTATION environment variables no longer raise errors. Instead, a warning is logged and the default value is used (INFO for AZURE_LOG_LEVEL). #​46668

v1.40.0

Compare Source

Features Added

• Added support for per-operation http_logging_level overrides in HttpLoggingPolicy. #​44115
• Introduced the keyword argument additional_allowed_query_params to DistributedTracingPolicy and HttpLoggingPolicy to allow users to specify additional URL query parameters that should not be redacted in span attributes or logs. #​46482
  • Users can specify this at the SDK client level by passing additional_allowed_query_params to the client constructor. For example: client = ServiceClient(..., additional_allowed_query_params={"custom_param"}). This will apply to all operations performed by the client.

Other Changes

• URL attributes in HTTP tracing spans will now have query parameters sanitized by default. To add additional query parameters that should not be redacted, use the additional_allowed_query_params argument in your client constructor. #​46482
• Python 3.9 is no longer supported. Please use Python version 3.10 or later.

v1.39.0

Compare Source

Breaking Changes

• Changed the previously undocumented azure_cloud setting environment variable from AZURE_CLOUD to AZURE_SDK_CLOUD_CONF.

v1.38.3

Compare Source

Bugs Fixed

• Fixed PipelineClient.format_url to preserve trailing slash in the base URL when the URL template is query-string-only (e.g., ?key=value). #​45365
• Fixed SensitiveHeaderCleanupPolicy to persist the insecure_domain_change flag across retries after a cross-domain redirect. #​45518

Other Changes

• Added jitter to token refresh timing in BearerTokenCredentialPolicy and AsyncBearerTokenCredentialPolicy to prevent simultaneous token refresh attempts across multiple processes. This helps mitigate the thundering herd problem during token refresh operations. #​43720

v1.38.2

Compare Source

Bugs Fixed

• Fixed PipelineClient.format_url to preserve the leading slash when the URL template starts with /?. #​45218

v1.38.1

Compare Source

Bugs Fixed

• Fixed PipelineClient.format_url to avoid adding trailing slashes when the URL template contains only query parameters. #​45044

boto/boto3 (boto3)

v1.43.18

Compare Source

=======

• api-change:bedrock: [botocore] Automated Reasoning checks - Added two build workflows for policies. Iterative Refine Policy uses AI to update policy definitions based on test results and feedback. Resolve Policy Ambiguities consolidates ambiguous variables in Automated Reasoning policies, a common source of ambiguous validation.
• api-change:bedrock-agentcore-control: [botocore] Reference your own AWS Secrets Manager secrets when configuring credential providers, giving you control over encryption, rotation, and access policies instead of using service-managed secrets.
• api-change:groundstation: [botocore] Adds support for Alpha-5 satellite number encoding in the Two-Line Element ephemeris format.
• api-change:omics: [botocore] Add engineSettings to StartRun and GetRun. Add profiles and profileParameterTemplates to GetWorkflow and GetWorkflowVersion.
• api-change:quicksight: [botocore] Adds support for creating, updating, describing, listing, and deleting an OAuthClientApplication resource, a new quicksight resource that allows customers to store OAuth configurations to connect to their databases via 3 Legged OAuth.
• api-change:rds-data: [botocore] RDS Data API arrays (longValues, doubleValues, stringValues, booleanValues) in ExecuteStatement responses now correctly support null elements. Runtime change for JS v3 and .NET. Compile-time change for C plus plus, .NET, Kotlin, Rust. No impact for Java, Python, Ruby, PHP, Go.
• api-change:route53resolver: [botocore] Added BatchCreateFirewallRule, BatchUpdateFirewallRule, BatchDeleteFirewallRule, and ListFirewallRuleTypes APIs. Added FirewallRuleType support to Firewall Rule APIs.
• api-change:sesv2: [botocore] This release introduces support for Tenant Suppression Lists

v1.43.17

Compare Source

=======

• api-change:appstream: [botocore] Amazon WorkSpaces Applications now supports BYOL (Bring Your Own License). This enables customers to import their own WorkSpaces images and use them in WorkSpaces Applications.
• api-change:bedrock: [botocore] Add support for ModelPackageArn in Bedrock's CreateCustomModel API
• api-change:bedrock-agentcore: [botocore] Added Harness support for LiteLLM model configuration for third-party model providers. Added S3 and Git skill source types. Added Responses API format for OpenAI and Bedrock models. Added runtimeUserId and runtimeClientError to InvokeHarness.
• api-change:bedrock-agentcore-control: [botocore] Added Harness support for LiteLLM model configuration for third-party model providers. Added S3 and Git skill source types. Added Responses API format for OpenAI and Bedrock models. Added runtimeUserId parameter to InvokeHarness for end-user identification.
• api-change:bedrock-runtime: [botocore] Support system role in message
• api-change:controlcatalog: [botocore] AWS Control Catalog - Added GovernedProviders response field and inclusion filter to GetControl and ListControls APIs to identify and filter by cloud provider. Added ParameterRequirementSummary response field indicating parameter requirements.
• api-change:customer-profiles: [botocore] BatchPutProfileObject API adds multiple profile objects to a domain of a given ObjectType in a single API call.
• api-change:deadline: [botocore] Added support for persistent storage on Service-Managed Fleets, allowing customers to configure persistent storage that preserves data across worker sessions which reduces job startup times for workloads with large software installations or asset caches.
• api-change:endpoint-rules: [botocore] Update endpoint-rules client to latest version
• api-change:iot: [botocore] Adds new connectivity-related fields to Fleet Indexing API requests and responses.
• api-change:iot-data: [botocore] Adding GetConnection, ListSubscriptions, and SendDirectMessage APIs to IoT Data Plane
• api-change:opensearchserverless: [botocore] Adds support for deletion protection on collections, ability to create NEXTGEN collection groups and autoscaling visibility for NEXTGEN collection groups
• api-change:pcs: [botocore] This release adds support for configuring scaleDownIdleTimeInSeconds at the compute node group level, allowing customers to set different idle timeouts per node group. Previously this setting was only available at the cluster level.
• api-change:resiliencehubv2: [botocore] This is the initial SDK release for the next generation of Resilience Hub.
• api-change:s3control: [botocore] Update the minimum value of MinStorageBytesPercentage in StorageLensPrefixLevel.SelectionCriteria from 0.1 to 1, aligning the model with the documented contract.

v1.43.16

Compare Source

=======

• api-change:bedrock-data-automation: [botocore] Matcher Fallback extends the CustomOutputConfiguration for the Document modality in DataAutomationProjects, enabling a fallback blueprint when no match is found. A FALLBACK match status is returned, improving the matching experience and guaranteeing customers always receive CustomOutputResults.
• api-change:ecs: [botocore] Add support for Neuron device resource requirements for Amazon ECS
• api-change:elementalinference: [botocore] Added support for smart subtitles in Elemental Inference, enabling automatic generation of subtitles for media content. Available in English, Spanish, French, German, Italian, and Portuguese.
• api-change:medialive: [botocore] AWS Elemental MediaLive now supports Smart Subtitles, a new caption source that uses AWS Elemental Inference to automatically generate WebVTT and TTML captions from source audio. Available in English, Spanish, French, German, Italian, and Portuguese.
• api-change:opensearch: [botocore] OpenSearch will now support multi-segment paths in JWKS URLs.
• api-change:organizations: [botocore] AWS Organizations now emits CloudTrail events (AccountJoinedOrganization, AccountDepartedOrganization) to the management account for membership changes, including join and departure method and timestamp.
• api-change:sagemaker: [botocore] Adds shared environment support for Restricted Instance Groups (RIGs) on SageMaker HyperPod, enabling cross-RIG workload scheduling and FSx sharing. This unlocks shared CPU-GPU environments needed for cost-efficient RL training (e.g., Nova Forge). Adds p6 instance support for recommendation jobs

v1.43.15

Compare Source

=======

• api-change:backup: [botocore] Launching S3 PITR malware scanning support for AWS Backup
• api-change:batch: [botocore] Increase the maximum value of jobExecutionTimeoutMinutes to support longer job timeouts during compute environment infrastructure updates.
• api-change:budgets: [botocore] AWS Budget Name Validation Documentation Updates.
• api-change:datazone: [botocore] Added resourceConfigurations and allowUserProvidedConfigurations fields to environment blueprint configuration APIs, enabling customers who migrated from V1 to V2 domains to update resource configurations (such as lineage schedules) programmatically via the SDK.
• api-change:guardduty: [botocore] Add malware scan support for Continuous Backups, also known as Point-In-Time Recovery Points (PITR).
• api-change:resourcegroupstaggingapi: [botocore] The GetResources API now returns MissingTagKeys in ComplianceDetails, listing tag keys defined as required in the ReportRequiredTagBlock block of the effective tag policy that are absent from the resource.

v1.43.14

Compare Source

=======

• api-change:datazone: [botocore] Add support for VPC connection
• api-change:ec2: [botocore] The ModifyInstanceAttribute API now supports modification of EnclaveOptions for the instance as a typed parameter.
• api-change:gameliftstreams: [botocore] Added new Gen6 stream classes based on the EC2 G6e instance family. These classes are designed for streaming high-fidelity, graphically demanding games and applications that benefit from additional GPU memory and performance.
• api-change:invoicing: [botocore] Adds support for idempotency with a new ClientToken field for the CreateInvoiceUnit, DeleteInvoiceUnit, UpdateInvoiceUnit, DeleteProcurementPortalPreference, PutProcurementPortalPreference, and UpdateProcurementPortalPreferenceStatus APIs.
• api-change:pi: [botocore] Added ListPerformanceAnalysisReportRecommendations API to retrieve recommendations for a performance analysis report. Added analysis configuration support to CreatePerformanceAnalysisReport for enhanced analysis types such as vacuum analysis.
• api-change:qconnect: [botocore] Added guardrail assessment results to inference spans in the ListSpans API. You can now see which AI Guardrail policies were evaluated, whether content was blocked or masked, and per-policy details for each Bedrock Converse call
• api-change:securityagent: [botocore] Adds support for verification scripts on penetration test findings. Customers can now download executable scripts to independently reproduce confirmed vulnerabilities, with instructions and required environment variables provided for each finding.
• enhancement:s3: [botocore] Improve caching of S3 endpoints, which should improve performance when working with multiple keys in the same bucket

v1.43.13

Compare Source

=======

• api-change:batch: [botocore] Clarified CreateComputeEnvironment parameter requirements - serviceRole is required for UNMANAGED compute environments, allocationStrategy is required for EKS compute environments, and compute environments must be created in the ENABLED state.
• api-change:bedrock-agentcore-control: [botocore] Adds dataset management APIs for creating, versioning, and managing evaluation datasets.
• api-change:cleanrooms: [botocore] Collaboration creators can update payment configurations without recreating the collaboration. When multiple payer candidates are configured for a cost type, analysis runners can specify the actual payer at submission time, providing granular control over billing.
• api-change:cleanroomsml: [botocore] Collaboration creators can update payment configurations without recreating the collaboration. When multiple payer candidates are configured for a cost type, analysis runners can specify the actual payer at submission time, providing granular control over billing.
• api-change:evs: [botocore] A new GetDepotUrl API has been added to retrieve a URL for accessing Amazon EVS custom addon packages. Customers can use this URL to configure vSphere Lifecycle Manager (vLCM) as an online depot source, enabling upgrades of addon components across ESXi hosts.
• api-change:mediaconnect: [botocore] Adds support for controlling the timecode source of NDI flow outputs.
• api-change:sagemaker: [botocore] Add support for disabling home EFS file system creation on SageMaker domains.
• api-change:verifiedpermissions: [botocore] Support hard deleting policy store aliases. Users can now delete an alias and immediately reassign it to a different policy store without waiting for the soft-delete retention period.

v1.43.12

Compare Source

=======

• api-change:bedrock-runtime: [botocore] Supporting Request Metadata for Invoke Model and Invoke Model with Response Stream
• api-change:customer-profiles: [botocore] Amazon Connect Customer Profiles adds support for item catalog columns in RecommenderSchema, ExcludedColumns in Create and Update Recommender to specify columns to exclude from training, and the ability to disable automatic retraining by setting TrainingFrequency to 0.
• api-change:kms: [botocore] AWS KMS now supports creating grants for AWS service principals using new GranteeServicePrincipal and RetiringServicePrincipal parameters. This release adds SourceArn grant constraint and three condition keys for controlling CreateGrant access. For more information, see Grants in AWS KMS.
• api-change:mwaa: [botocore] Updated API documentation to describe the PublicAndPrivate webserver access mode.
• api-change:payment-cryptography-data: [botocore] GenerateAuthRequestCryptogram API launch.

v1.43.11

Compare Source

=======

• api-change:bedrock-agentcore: [botocore] Add RetryableConflictException (HTTP 409) to InvokeAgentRuntime and StopRuntimeSession to prevent orphaned VMs during concurrent session access. The SDK automatically retries this exception with backoff. Enforcement is not yet active and will be enabled in a future service update.
• api-change:devops-agent: [botocore] Added a new serviceType mcpserversigv4 service and association. This provides feature to register MCP sigv4 authorization based MCPs
• api-change:grafana: [botocore] Introduce degraded workspace status as a possible Amazon Managed Grafana workspace status, and a new field named degraded workspace reason which informs customers why the workspace is degraded in the DescribeWorkspace API response.
• api-change:guardduty: [botocore] Adding support for exposure and vulnerability context from AWS Security Hub in GuardDuty Extended Threat Detection attack sequence findings.
• api-change:rtbfabric: [botocore] This release is to deprecate 'inboundLinksCount' field in GetResponderGateway response and introduce the new field 'linksRequestedCount' to replace it.
• api-change:sagemaker: [botocore] Add support for ml.p5.4xlarge and ml.p5en.48xlarge instances on SageMaker Notebook Instances Platform.

v1.43.10

Compare Source

=======

• api-change:accessanalyzer: [botocore] Services manage service-linked analyzers through dedicated APIs - CreateServiceLinkedAnalyzer and DeleteServiceLinkedAnalyzer that separate service-linked specific operations from customer-managed operations. It also shows up in ListAnalyzers and GetAnalyzer responses.
• api-change:connect: [botocore] Amazon Connect Cases now supports SLA durations of up to 2 years (1,051,200 minutes), increased from the previous maximum of 90 days (129,600 minutes). This enables you to track long-running service level agreements for cases that require extended resolution timelines.
• api-change:ec2: [botocore] Amazon VPC IP Address Manager (IPAM) now supports tags on IPAM pool allocations, enabling all standard tagging features for allocations including tag-on-create.
• api-change:ecs: [botocore] Amazon ECS now supports Pause lifecycle hooks for service deployments, allowing customers to automatically pause deployments at specified stages and use the new ContinueServiceDeployment API to continue or roll back with confidence.
• api-change:evs: [botocore] Amazon EVS now supports up to 32 hosts per EVS environment, increasing the previous host limit to allow a larger scale of VMware workload deployments and reduce operational overhead.
• api-change:ivs: [botocore] Adds support for up to 3 mediaTailorPlaybackConfiguration objects in an ad configuration resource
• api-change:quicksight: [botocore] Support for dataset enrichment and geo spatial in new data preparation experience

v1.43.9

Compare Source

======

• api-change:logs: [botocore] Updating the max limit for start query api parameter.
• api-change:mediapackagev2: [botocore] This release adds support for AvailabilityStartTimeConfiguration in MediaPackageV2 DASH manifests
• api-change:partnercentral-selling: [botocore] Enable TCV intake on Opportunity to improve Opportunities Hygiene and downstream revenue attribution.

v1.43.8

Compare Source

======

• api-change:bedrock: [botocore] Advanced Prompt Optimization (AdvPO) allows you to optimize and migrate your prompts for any model on Bedrock by automatically evaluating responses and rewriting prompts to improve performance. This release provides a programmatic way to create, get, list, stop, and delete AdvPO jobs.
• api-change:cloudfront: [botocore] Adding a new boolean for OCSP Revocations in Viewer mTLS Create and Update APIs, and adding a new 'Passthrough' option for TrustStore modes
• api-change:datazone: [botocore] Adds support for SageMaker Unified Studio notebook operations, including notebook import and export
• api-change:dms: [botocore] Add 9 SDK waiters for DMS Schema Conversion async operations. Eliminates manual polling for import, assessment, conversion, export, and creation jobs.
• api-change:glue: [botocore] Release --has-databases parameter for AWS Glue get-catalogs API, which filters catalog responses to include only those capable of containing databases, excluding parent catalogs that hold only other catalogs. Remove model-level validation on partition index list size for AWS Glue tables.
• api-change:grafana: [botocore] Adds support for dual-stack (IPv4 and IPv6) connectivity to Amazon Managed Grafana workspaces. Customers can configure the ipAddressType parameter when creating or updating a workspace to choose between IPv4-only or dual-stack (IPv4 and IPv6) access.
• api-change:mgn: [botocore] Introducing new option for security groups mapping - with MAP-DHCP the service translates security rules from your source environment with DHCP compatibility.
• api-change:qconnect: [botocore] ListModels is an API that returns the available AI models for a Connect Assistant based on its region and AI prompt type.

v1.43.7

Compare Source

======

• api-change:arc-region-switch: [botocore] Adds support for enabling and disabling Lambda event source mappings in Region switch plans.
• api-change:batch: [botocore] Adds a billing callout to docs regarding using the CE Scale Down Delay feature
• api-change:bedrock-agentcore-control: [botocore] Adds support for read-only summary APIs for Policy Engine, Policy, and Policy Generation resources, enabling metadata retrieval without KMS decryption for AWS Config integration.
• api-change:billingconductor: [botocore] Add ConflictException to UpdateCustomLineItem operation.
• api-change:connect: [botocore] This change added three new EventSourceName for schedule notification feature
• api-change:connectcampaignsv2: [botocore] This release added support for Outbound Campaign timezone detection using all available contact methods
• api-change:connectcases: [botocore] Amazon Connect Cases now supports SLA durations of up to 2 years (1,051,200 minutes), increased from the previous maximum of 90 days (129,600 minutes). This enables you to track long-running service level agreements for cases that require extended resolution timelines.
• api-change:dsql: [botocore] Added support for Amazon Aurora DSQL change data capture (CDC) streams that deliver row-level database changes to Amazon Kinesis in JSON format. Includes CreateStream, GetStream, ListStreams, and DeleteStream operations.
• api-change:ec2: [botocore] Include length limits in the SDK and documentation for text fields in Image (AMI) APIs such as the image name and description
• api-change:endpoint-rules: [botocore] Update endpoint-rules client to latest version
• api-change:es: [botocore] Adds support for AutomatedSnapshotPauseOptions.
• api-change:glue: [botocore] AWS Glue now defaults the job timeout to 480 minutes for Glue version 5.0 and later when no timeout value is specified. The default remains 2,880 minutes for Glue version 4.0 and earlier.
• api-change:lightsail: [botocore] Added OriginIpAddressTypeEnum (ipv4, ipv6, dualstack) and ipAddressType field to Origin and InputOrigin structures for Lightsail CDN distributions. Allows customers to specify how the distribution connects to origins, using IPv4, IPv6, or dualstack networking
• api-change:opensearch: [botocore] Adds support for AutomatedSnapshotPauseOptions.
• api-change:partnercentral-account: [botocore] Added ServiceQuotaExceededExceptions for Profile operations
• api-change:pcs: [botocore] Add support for Amazon EC2 Interruptible-ODCR
• api-change:quicksight: [botocore] Adds five new custom permission option for Quick Apps so that these capabilities can be controlled by public SDK and CLI.
• api-change:redshift: [botocore] Added rg.xlarge and rg.4xlarge to valid NodeType values and updated documentation for CreateCluster, ModifyCluster, ResizeCluster, and RestoreFromClusterSnapshot APIs to reflect RG node type support.
• api-change:rtbfabric: [botocore] Customers can now configure custom domain names for their RTB Fabric gateways. This enables partners to use their own branded domain for RTB traffic instead of the default rtbfabric endpoint
• api-change:sagemaker: [botocore] Adds execution role session name mode to reflect user identity in Studio. Adds Flexible Training Plans on Studio apps. Adds restricted model packages to control access to proprietary model artifacts via IAM. Fixed instance type parity between inference endpoints and managed shadow tests.
• api-change:securityagent: [botocore] Add support for code reviews, a new resource type that enables automated security-focused static analysis of source code repositories.
• api-change:socialmessaging: [botocore] Adds parameters to call the GetWhatsAppMessageTemplate and UpdateWhatsAppMessageTemplate APIs with a template name and language code in place of the template ID. Linked WhatsApp accounts also describe whether the WABA is onboarded to Meta's Marketing Messages API.
• api-change:stepfunctions: [botocore] Updated default SDK endpoints for AWS Step Functions in AWS GovCloud (US) regions. The default Dual-Stack endpoints now resolve to "states-fips" prefixed hostnames. There are no changes to service behavior. No customer action is required.

v1.43.6

Compare Source

======

• api-change:bcm-data-exports: [botocore] With this release, customers can configure their data exports to generate additional integration artifacts for Athena and Redshift.
• api-change:bedrock-agentcore: [botocore] Launching AgentCore payments - a capability that provides secure, instant microtransaction payments for AI agents to access paid APIs, MCP servers, and content. It handles payment processing for x402 protocol, payment limits, and 3P wallet integrations with Coinbase CDP and Stripe (Privy).
• api-change:bedrock-agentcore-control: [botocore] Launching AgentCore payments - a capability that provides secure, instant microtransaction payments for AI agents to access paid APIs, MCP servers, and content. It handles payment processing for x402 protocol, payment limits, and 3P wallet integrations with Coinbase CDP and Stripe (Privy).
• api-change:ec2: [botocore] DescribeInstanceTypes now accepts an IncludeUnsupportedInRegion parameter. When set, the response also lists instance types that are not available in the current Region. Each instance type includes a SupportedInRegion field indicating its regional availability.
• api-change:guardduty: [botocore] This is a documentation update
• api-change:invoicing: [botocore] Updated ListInvoiceSummaries API to add new ReceiverRole filter in Request and Response
• api-change:route53resolver: [botocore] Adds supports for DNS64 on inbound endpoints and IPv6 forwarding through the internet gateway (IGW) on outbound endpoints, making it easier to manage hybrid DNS across IPv4 and IPv6 networks.

v1.43.5

Compare Source

======

• api-change:bedrock-agentcore-control: [botocore] Adds support for bring-your-own file system in AgentCore Runtime. Developers can mount Amazon S3 Files and Amazon EFS access points directly into agent sessions using filesystemConfigurations.
• api-change:endpoint-rules: [botocore] Update endpoint-rules client to latest version
• api-change:glue: [botocore] Adds support for a CustomLogGroupPrefix parameter in StartDataQualityRulesetEvaluationRun to specify custom CloudWatch log group paths, and a RulesetName filter in ListDataQualityRulesetEvaluationRuns to filter evaluation runs by ruleset name.
• api-change:imagebuilder: [botocore] The ImportDiskImage API now enforces a maximum character limit of 128 characters on the image name field.
• api-change:lexv2-models: [botocore] Amazon Lex V2 introduces audio filler support for speech-to-speech bots. Configure melody or typing sounds that play during backend processing to reduce perceived latency and maintain a natural conversational experience for callers.
• api-change:mwaa: [botocore] Amazon MWAA now supports a PublicAndPrivate webserver access mode. The Airflow web server is accessible over both public and private endpoints, enabling workers in VPCs without internet access to reach the Task API privately while retaining public access to the Airflow UI.
• api-change:s3: [botocore] Validate outpost access point resource name
• api-cha

---

Configuration

📅 Schedule: Branch creation - "before 4am" in timezone UTC, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[a-klos]

⚠️ Artifact update problem

Renovate failed to update artifacts related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: libs/extractor-api-lib/poetry.lock

Updating dependencies
Resolving dependencies...


Because no versions of langfuse match >3.10.1,<3.10.2 || >3.10.2,<3.10.3 || >3.10.3,<3.10.4 || >3.10.4,<3.10.5 || >3.10.5,<3.10.6 || >3.10.6,<3.10.7 || >3.10.7,<3.11.0 || >3.11.0,<3.11.1 || >3.11.1,<3.11.2 || >3.11.2,<3.12.0 || >3.12.0,<3.12.1 || >3.12.1,<3.13.0 || >3.13.0,<3.14.0 || >3.14.0,<3.14.1 || >3.14.1,<3.14.2 || >3.14.2,<3.14.3 || >3.14.3,<3.14.4 || >3.14.4,<3.14.5 || >3.14.5,<3.14.6 || >3.14.6,<3.15.0 || >3.15.0,<4.0.0
 and langfuse (3.10.1) depends on wrapt (>=1.14,<2.0), langfuse (>=3.10.1,<3.10.2 || >3.10.2,<3.10.3 || >3.10.3,<3.10.4 || >3.10.4,<3.10.5 || >3.10.5,<3.10.6 || >3.10.6,<3.10.7 || >3.10.7,<3.11.0 || >3.11.0,<3.11.1 || >3.11.1,<3.11.2 || >3.11.2,<3.12.0 || >3.12.0,<3.12.1 || >3.12.1,<3.13.0 || >3.13.0,<3.14.0 || >3.14.0,<3.14.1 || >3.14.1,<3.14.2 || >3.14.2,<3.14.3 || >3.14.3,<3.14.4 || >3.14.4,<3.14.5 || >3.14.5,<3.14.6 || >3.14.6,<3.15.0 || >3.15.0,<4.0.0) requires wrapt (>=1.14,<2.0).
And because langfuse (3.10.2) depends on wrapt (>=1.14,<2.0)
 and langfuse (3.10.3) depends on wrapt (>=1.14,<2.0), langfuse (>=3.10.1,<3.10.4 || >3.10.4,<3.10.5 || >3.10.5,<3.10.6 || >3.10.6,<3.10.7 || >3.10.7,<3.11.0 || >3.11.0,<3.11.1 || >3.11.1,<3.11.2 || >3.11.2,<3.12.0 || >3.12.0,<3.12.1 || >3.12.1,<3.13.0 || >3.13.0,<3.14.0 || >3.14.0,<3.14.1 || >3.14.1,<3.14.2 || >3.14.2,<3.14.3 || >3.14.3,<3.14.4 || >3.14.4,<3.14.5 || >3.14.5,<3.14.6 || >3.14.6,<3.15.0 || >3.15.0,<4.0.0) requires wrapt (>=1.14,<2.0).
And because langfuse (3.10.4) depends on wrapt (>=1.14,<2.0)
 and langfuse (3.10.5) depends on wrapt (>=1.14,<2.0), langfuse (>=3.10.1,<3.10.6 || >3.10.6,<3.10.7 || >3.10.7,<3.11.0 || >3.11.0,<3.11.1 || >3.11.1,<3.11.2 || >3.11.2,<3.12.0 || >3.12.0,<3.12.1 || >3.12.1,<3.13.0 || >3.13.0,<3.14.0 || >3.14.0,<3.14.1 || >3.14.1,<3.14.2 || >3.14.2,<3.14.3 || >3.14.3,<3.14.4 || >3.14.4,<3.14.5 || >3.14.5,<3.14.6 || >3.14.6,<3.15.0 || >3.15.0,<4.0.0) requires wrapt (>=1.14,<2.0).
And because langfuse (3.10.6) depends on wrapt (>=1.14,<2.0)
 and langfuse (3.10.7) depends on wrapt (>=1.14,<2.0), langfuse (>=3.10.1,<3.11.0 || >3.11.0,<3.11.1 || >3.11.1,<3.11.2 || >3.11.2,<3.12.0 || >3.12.0,<3.12.1 || >3.12.1,<3.13.0 || >3.13.0,<3.14.0 || >3.14.0,<3.14.1 || >3.14.1,<3.14.2 || >3.14.2,<3.14.3 || >3.14.3,<3.14.4 || >3.14.4,<3.14.5 || >3.14.5,<3.14.6 || >3.14.6,<3.15.0 || >3.15.0,<4.0.0) requires wrapt (>=1.14,<2.0).
And because langfuse (3.11.0) depends on wrapt (>=1.14,<2.0)
 and langfuse (3.11.1) depends on wrapt (>=1.14,<2.0), langfuse (>=3.10.1,<3.11.2 || >3.11.2,<3.12.0 || >3.12.0,<3.12.1 || >3.12.1,<3.13.0 || >3.13.0,<3.14.0 || >3.14.0,<3.14.1 || >3.14.1,<3.14.2 || >3.14.2,<3.14.3 || >3.14.3,<3.14.4 || >3.14.4,<3.14.5 || >3.14.5,<3.14.6 || >3.14.6,<3.15.0 || >3.15.0,<4.0.0) requires wrapt (>=1.14,<2.0).
And because langfuse (3.11.2) depends on wrapt (>=1.14,<2.0)
 and langfuse (3.12.0) depends on wrapt (>=1.14,<2.0), langfuse (>=3.10.1,<3.12.1 || >3.12.1,<3.13.0 || >3.13.0,<3.14.0 || >3.14.0,<3.14.1 || >3.14.1,<3.14.2 || >3.14.2,<3.14.3 || >3.14.3,<3.14.4 || >3.14.4,<3.14.5 || >3.14.5,<3.14.6 || >3.14.6,<3.15.0 || >3.15.0,<4.0.0) requires wrapt (>=1.14,<2.0).
And because langfuse (3.13.0) depends on wrapt (>=1.14,<2.0)
 and langfuse (3.14.0) depends on wrapt (>=1.14,<2.0), langfuse (>=3.10.1,<3.12.1 || >3.12.1,<3.14.1 || >3.14.1,<3.14.2 || >3.14.2,<3.14.3 || >3.14.3,<3.14.4 || >3.14.4,<3.14.5 || >3.14.5,<3.14.6 || >3.14.6,<3.15.0 || >3.15.0,<4.0.0) requires wrapt (>=1.14,<2.0).
And because langfuse (3.14.1) depends on wrapt (>=1.14,<2.0)
 and langfuse (3.14.2) depends on wrapt (>=1.14,<2.0), langfuse (>=3.10.1,<3.12.1 || >3.12.1,<3.14.3 || >3.14.3,<3.14.4 || >3.14.4,<3.14.5 || >3.14.5,<3.14.6 || >3.14.6,<3.15.0 || >3.15.0,<4.0.0) requires wrapt (>=1.14,<2.0).
And because langfuse (3.14.3) depends on wrapt (>=1.14,<2.0)
 and langfuse (3.14.4) depends on wrapt (>=1.14,<2.0), langfuse (>=3.10.1,<3.12.1 || >3.12.1,<3.14.5 || >3.14.5,<3.14.6 || >3.14.6,<3.15.0 || >3.15.0,<4.0.0) requires wrapt (>=1.14,<2.0).
And because langfuse (3.14.5) depends on wrapt (>=1.14,<2.0)
 and langfuse (3.14.6) depends on wrapt (>=1.14,<2.0), langfuse (>=3.10.1,<3.12.1 || >3.12.1,<3.15.0 || >3.15.0,<4.0.0) requires wrapt (>=1.14,<2.0).
And because langfuse (3.15.0) depends on wrapt (>=1.14,<2.0)
 and langfuse (3.12.1) depends on wrapt (>=1.14,<2.0), langfuse (>=3.10.1,<4.0.0) requires wrapt (>=1.14,<2.0).
And because unstructured[docx,pptx] (0.22.31) depends on wrapt (>=2.1.1,<3.0.0)
 and rag-core-lib (4.2.0) depends on langfuse (>=3.10.1,<4.0.0), unstructured[docx,pptx] (0.22.31) is incompatible with rag-core-lib (4.2.0).
So, because extractor-api-lib depends on both rag-core-lib (==4.2.0) and unstructured[docx,pptx] (0.22.31), version solving failed.

File name: services/document-extractor/poetry.lock

Updating dependencies
Resolving dependencies...


Because extractor-server depends on extractor-api-lib (4.2.0) @ file:///tmp/renovate/repos/github/stackitcloud/rag-template/libs/extractor-api-lib which depends on torchvision (0.25.0+cpu), torchvision is required.
So, because extractor-server depends on torchvision (^0.27.0), version solving failed.