Bump the production-dependencies group across 1 directory with 21 updates

[dependabot]

Bumps the production-dependencies group with 21 updates in the / directory:

Package	From	To
flask	3.1.1	3.1.3
google-cloud-datastore	2.20.2	2.21.0
grpcio	1.71.0	1.78.0
gunicorn	23.0.0	25.1.0
pyyaml	6.0.2	6.0.3
requests	2.32.4	2.32.5
structlog	25.2.0	25.5.0
boto3	1.37.23	1.42.73
humanize	4.12.2	4.15.0
marshmallow	3.26.1	4.2.2
google-cloud-storage	3.1.0	3.10.1
jsonpointer	3.0.0	3.1.0
redis	7.1.0	7.3.0
flask-compress	1.17	1.23
uwsgi	2.0.28	2.0.31
email-validator	2.2.0	2.3.0
google-cloud-pubsub	2.29.0	2.36.0
google-cloud-tasks	2.19.2	2.21.0
simplejson	3.20.1	3.20.2
markupsafe	3.0.2	3.0.3
cachetools	6.2.2	7.0.5

Updates flask from 3.1.1 to 3.1.3

Release notes

Sourced from flask's releases.

3.1.3

This is the Flask 3.1.3 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Flask/3.1.3/ Changes: https://flask.palletsprojects.com/page/changes/#version-3-1-3

• The session is marked as accessed for operations that only access the keys but not the values, such as in and len. GHSA-68rp-wp8r-4726

3.1.2

This is the Flask 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Flask/3.1.2/ Changes: https://flask.palletsprojects.com/page/changes/#version-3-1-2 Milestone: https://github.com/pallets/flask/milestone/38?closed=1

• stream_with_context does not fail inside async views. #5774
• When using follow_redirects in the test client, the final state of session is correct. #5786
• Relax type hint for passing bytes IO to send_file. #5776

Changelog

Sourced from flask's changelog.

Version 3.1.3

Released 2026-02-18

• The session is marked as accessed for operations that only access the keys but not the values, such as in and len. :ghsa:68rp-wp8r-4726

Version 3.1.2

Released 2025-08-19

• stream_with_context does not fail inside async views. :issue:5774
• When using follow_redirects in the test client, the final state of session is correct. :issue:5786
• Relax type hint for passing bytes IO to send_file. :issue:5776

Commits

• 22d9247 release version 3.1.3
• 089cb86 Merge commit from fork
• c17f379 request context tracks session access
• 27be933 start version 3.1.3
• 4e652d3 Abort if the instance folder cannot be created (#5903)
• 3d03098 Abort if the instance folder cannot be created
• 407eb76 document using gevent for async (#5900)
• ac5664d document using gevent for async
• 4f79d5b Increase required flit_core version to 3.11 (#5865)
• fe3b215 Increase required flit_core version to 3.11
• Additional commits viewable in compare view

Updates google-cloud-datastore from 2.20.2 to 2.21.0

Release notes

Sourced from google-cloud-datastore's releases.

v2.21.0

2.21.0 (2025-04-10)

Features

• Add REST Interceptors which support reading metadata (7be9c4c)
• Add support for opt-in debug logging (7be9c4c)

Bug Fixes

• Allow protobuf 6.x (#598) (7c1171b)
• Backwards-compatibility for previous meaning format (#603) (ed92e8e)
• Fix typing issue with gRPC metadata when key ends in -bin (7be9c4c)

Changelog

Sourced from google-cloud-datastore's changelog.

2.21.0 (2025-04-10)

Features

• Add REST Interceptors which support reading metadata (7be9c4c)
• Add support for opt-in debug logging (7be9c4c)

Bug Fixes

• Allow protobuf 6.x (#598) (7c1171b)
• Backwards-compatibility for previous meaning format (#603) (ed92e8e)
• Fix typing issue with gRPC metadata when key ends in -bin (7be9c4c)

Commits

• 1dafc68 chore(main): release 2.21.0 (#595)
• d391911 chore(python): remove CONTRIBUTING.rst from templates (#605)
• 16b9c73 chore(python): fix incorrect import statement in README (#604)
• ed92e8e fix: backwards-compatibility for previous meaning format (#603)
• a7df080 chore: Update gapic-generator-python to 1.23.6 (#602)
• 7c1171b fix: Allow protobuf 6.x (#598)
• 7be9c4c chore: Update gapic-generator-python to v1.23.2 (#569)
• 9f83d17 chore(python): conditionally load credentials in .kokoro/build.sh (#594)
• 14a0f96 chore: update protoplus for python 3.13 (#579)
• 59bf5f9 chore(python): Update the python version in docs presubmit to use 3.10 (#584)
• See full diff in compare view

Updates grpcio from 1.71.0 to 1.78.0

Release notes

Sourced from grpcio's releases.

Release v1.78.0

This is release 1.78.0 (gutsy) of gRPC Core.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes, with highlights listed below.

C++

• adding address_sorting dep in naming test build. (#41045)

Objective-C

• [Backport][v1.78.x][Fix][Compiler] Plugins fall back to the edition 2023 for older protobuf. (#41358)

Python

• [python] aio: fix race condition causing asyncio.run() to hang forever during the shutdown process. (#40989)
• [Python] Migrate to pyproject.toml build system from setup.py builds. (#40833)
• [Python] Log error details when ExecuteBatchError occurs (at DEBUG level). (#40921)
• [Python] Update setuptools min version to 77.0.1 . (#40931)

Ruby

• [ruby] Fix version comparison for the ruby_abi_version symbol for ruby 4 compatibility. (#41061)

Release v1.78.0-pre2

This is a prerelease of gRPC Core 1.78.0 (gutsy).

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This prerelease contains refinements, improvements, and bug fixes.

Release v1.78.0-pre1

This is a prerelease of gRPC Core 1.78.0 (gutsy).

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This prerelease contains refinements, improvements, and bug fixes.

Release v1.76.0

This is release 1.76.0 (genuine) of gRPC Core.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

... (truncated)

Commits

• 5e6ba94 [build] add missing includes (backport to 1.78.x) (#41518)
• e364c5c [PHP] ignore PHPUnit security advisory in Mac build (backport to 1.78.x) (#41...
• ea4d627 [Release] Bump version to 1.78.0 (on v1.78.x branch) (#41489)
• 9840ecd [Release] Bump version to 1.78.0-pre2 (on v1.78.x branch) (#41397)
• ea1d162 [Backport][v1.78.x][Fix][Compiler] Plugins fall back to the edition 2023 for ...
• 818a08f [Backport][v1.78.x][PHP] Fix runtime error with PHp8.5 alpha because zend_exc...
• f7f1302 [Backport][v1.78.x][Fix][Build] Move xds-protos templates to the new path (#4...
• a382034 [Release] Bump version to 1.78.0-pre1 (on v1.78.x branch) (#41290)
• 8d22d62 [Release] Bump core version to 52.0.0 for upcoming release (#41288)
• ad19eab [PH2][Settings][Security]
• Additional commits viewable in compare view

Updates gunicorn from 23.0.0 to 25.1.0

Release notes

Sourced from gunicorn's releases.

Gunicorn 25.1.0

New Features

• Control Interface (gunicornc): Add interactive control interface for managing running Gunicorn instances, similar to birdc for BIRD routing daemon ([PR #3505](benoitc/gunicorn#3505))

  • Unix socket-based communication with JSON protocol
  • Interactive mode with readline support and command history
  • Commands: show all/workers/dirty/config/stats/listeners
  • Worker management: worker add/remove/kill, dirty add/remove
  • Server control: reload, reopen, shutdown
  • New settings: --control-socket, --control-socket-mode, --no-control-socket
  • New CLI tool: gunicornc for connecting to control socket
  • See Control Interface Guide for details

• Dirty Stash: Add global shared state between workers via dirty.stash ([PR #3503](benoitc/gunicorn#3503))

  • In-memory key-value store accessible by all workers
  • Supports get, set, delete, clear, keys, and has operations
  • Useful for sharing state like feature flags, rate limits, or cached data

• Dirty Binary Protocol: Implement efficient binary protocol for dirty arbiter IPC using TLV (Type-Length-Value) encoding ([PR #3500](benoitc/gunicorn#3500))

  • More efficient than JSON for binary data
  • Supports all Python types: str, bytes, int, float, bool, None, list, dict
  • Better performance for large payloads

• Dirty TTIN/TTOU Signals: Add dynamic worker scaling for dirty arbiters ([PR #3504](benoitc/gunicorn#3504))

  • Send SIGTTIN to increase dirty workers
  • Send SIGTTOU to decrease dirty workers
  • Respects minimum worker constraints from app configurations

Changes

• ASGI Worker: Promoted from beta to stable
• Dirty Arbiters: Now marked as beta feature

Documentation

• Fix Markdown formatting in /configure documentation

25.0.3

What's Changed

Bug Fixes

• Fix RuntimeError when StopIteration raised in ASGI coroutine (#3484)
• Fix passing maxsplit in re.split() as positional argument (deprecated in Python 3.13)

... (truncated)

Commits

• 2d43101 docs: merge gunicornc into 25.1.0 release
• bf4ad8d docs: update 25.1.0 release date to 2026-02-13
• 730350e Merge pull request #3505 from benoitc/feature/gunicornc-control-interface
• 63df19b fix(tests): use process groups for reliable signal handling in PyPy
• cd77bcc fix(tests): increase wait time for all server tests
• 02ea985 fix(tests): improve server test reliability on FreeBSD
• 6d81c9e fix: resolve pylint warnings
• 7486baa fix: remove unused imports
• 3e60d29 docs: add gunicornc control interface guide
• e05e40d feat(ctl): add message-based dirty worker management
• Additional commits viewable in compare view

Updates pyyaml from 6.0.2 to 6.0.3

Release notes

Sourced from pyyaml's releases.

6.0.3

What's Changed

• Support for Python 3.14 and free-threading (experimental).

Full Changelog: yaml/pyyaml@6.0.2...6.0.3

Changelog

Sourced from pyyaml's changelog.

6.0.3 (2025-09-25)

• yaml/pyyaml#864 -- Support for Python 3.14 and free-threading (experimental)

Commits

• 49790e7 Release 6.0.3 (#889)
• See full diff in compare view

Updates requests from 2.32.4 to 2.32.5

Release notes

Sourced from requests's releases.

v2.32.5

2.32.5 (2025-08-18)

Bugfixes

• The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

• Added support for Python 3.14.
• Dropped support for Python 3.8 following its end of support.

Changelog

Sourced from requests's changelog.

2.32.5 (2025-08-18)

Bugfixes

• The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

• Added support for Python 3.14.
• Dropped support for Python 3.8 following its end of support.

Commits

• b25c87d v2.32.5
• 131e506 Merge pull request #7010 from psf/dependabot/github_actions/actions/checkout-...
• b336cb2 Bump actions/checkout from 4.2.0 to 5.0.0
• 46e939b Update publish workflow to use artifact-id instead of name
• 4b9c546 Merge pull request #6999 from psf/dependabot/github_actions/step-security/har...
• 7618dbe Bump step-security/harden-runner from 2.12.0 to 2.13.0
• 2edca11 Add support for Python 3.14 and drop support for Python 3.8 (#6993)
• fec96cd Update Makefile rules (#6996)
• d58d8aa docs: clarify timeout parameter uses seconds in Session.request (#6994)
• 91a3eab Bump github/codeql-action from 3.28.5 to 3.29.0
• Additional commits viewable in compare view

Updates structlog from 25.2.0 to 25.5.0

Release notes

Sourced from structlog's releases.

25.5.0

Highlights

Huge release! There's plenty of important little bug fixes and new features, but the headliner is definitely the improved ergonomics of structlog.dev.ConsoleRenderer. We have finally accepted that local development has different priorities than production and made it both mutable (with automatic re-configuration) and also easily retrievable (cr = ConsoleRenderer.get_active()). This allows you, for example, to disable Rich exception formatting as easily as structlog.dev.ConsoleRenderer.get_active().exception_formatter = structlog.dev.plain_traceback. Please check out the updated docs!

Full changelog below!

Special Thanks

This release would not be possible without my generous sponsors! Thank you to all of you making sustainable maintenance possible! If you would like to join them, go to https://github.com/sponsors/hynek and check out the sweet perks!

Above and Beyond

Variomedia AG (@variomedia), Tidelift (@tidelift), thanks.dev (@thnxdev), Privacy Solutions GmbH (@privacy-solutions), Quesma (@​QuesmaOrg), FilePreviews (@filepreviews), LambdaTest (@LambdaTest-Inc), Doist (@Doist), Daniel Fortunov (@asqui), and Kevin P. Fleming (@kpfleming).

Maintenance Sustainers

Buttondown (@buttondown), Jeff McCarrell (@jmccarrell), Christopher Dignam (@chdsbd), Magnus Watn (@magnuswatn), David Cramer (@dcramer), Jesse Snyder (@jessesnyder), Rivo Laks (@rivol), Polar (@polarsource), Mike Fiedler (@miketheman), Duncan Hill (@cricalix), Colin Marquardt (@cmarqu), Pieter Swinkels (@swinkels), Nick Libertini (@libertininick), Brian M. Dennis (@crossjam), Celebrity News AG (@celebritynewsag), The Westervelt Company (@westerveltco), Sławomir Ehlert (@slafs), Mostafa Khalil (@khadrawy), Filip Mularczyk (@mukiblejlok), Thomas Klinger (@thmsklngr), Andreas Poehlmann (@ap--), August Trapper Bigelow (@atbigelow), Carlton Gibson (@carltongibson), Roboflow (@roboflow), and Jeff McCarrell (@jmccarrell).

Full Changelog

Deprecated

• structlog.dev.ConsoleRenderer()'s pad_event argument has been renamed to pad_event_to to differentiate it from the boolean pad_level argument. pad_event is now deprecated.

Added

• Added structlog.dev.ConsoleRenderer.get_active() that returns the currently active structlog.dev.ConsoleRenderer(). #749

• structlog.dev.ConsoleRenderer() now supports setting the exception_formatter attribute.

  You can now disable the pretty-printing of exceptions by setting it to structlog.dev.plain_traceback:

  cr = structlog.dev.ConsoleRenderer.get_active()
  cr.exception_formatter = structlog.dev.plain_traceback

  Same goes for sort_keys, columns, colors, force_colors, level_styles, pad_event_to, event_key, timestamp_key, and repr_native_str.

  #749 #756 #757 #759

• Added structlog.dev.ConsoleRenderer.get_default_column_styles() for reuse the default column styles. #741

• structlog.testing.capture_logs() now optionally accepts processors to apply before capture. #728

... (truncated)

Changelog

Sourced from structlog's changelog.

25.5.0 - 2025-10-27

Deprecated

• structlog.dev.ConsoleRenderer()'s pad_event argument has been renamed to pad_event_to to differentiate it from the boolean pad_level argument. pad_event is now deprecated.

Added

• Added structlog.dev.ConsoleRenderer.get_active() that returns the currently active structlog.dev.ConsoleRenderer(). #749

• structlog.dev.ConsoleRenderer() now supports setting the exception_formatter attribute.

  You can now disable the pretty-printing of exceptions by setting it to structlog.dev.plain_traceback:

  cr = structlog.dev.ConsoleRenderer.get_active()
  cr.exception_formatter = structlog.dev.plain_traceback

  Same goes for sort_keys, columns, colors, force_colors, level_styles, pad_event_to, event_key, timestamp_key, and repr_native_str.

  #749 #756 #757 #759

• Added structlog.dev.ConsoleRenderer.get_default_column_styles() for reuse the default column styles. #741

• structlog.testing.capture_logs() now optionally accepts processors to apply before capture. #728

• structlog.dev.RichTracebackFormatter now exposes the upstream code_width parameter. Default width is now None for full terminal width. Full terminal width is now handled by Rich itself, bringing support for reflow and COLUMN environment variable. Passing -1 for width is now deprecated and automatically replaced by None. #717

• Native loggers now allow the passing of a dictionary for dictionary-based interpolation log.info("hello %(name)s!", {"name": "world"}). #748

• On Python 3.11+, structlog.processors.CallsiteParameterAdder now supports CallsiteParameter.QUAL_NAME that adds the qualified name of the callsite, including scope and class names. This is only available for structlog-originated events since the standard library has no equivalent.

• structlog.stdlib.LoggerFactory now supports the stacklevel parameter. #763

... (truncated)

Commits

• c0ef9e0 Prepare 25.5.0
• 9cb662f docs: nit
• 5400612 docs/stdlib: add warning about ProcessorFormatter
• 1c2c19a Try validating pyproject.toml
• aca10f2 Drop pretend dependency (#766)
• 3800d40 docs: use native
• ecaa15a stdlib: add support for stacklevel (#763)
• 7f7a221 update dev (#765)
• 5acfc85 docs: 5% bigger still
• c102862 docs: bigger font
• Additional commits viewable in compare view

Updates boto3 from 1.37.23 to 1.42.73

Commits

• 3a06d63 Merge branch 'release-1.42.73'
• ca7b043 Bumping version to 1.42.73
• ef6697c Add changelog entries from botocore
• 3c02c15 Merge branch 'release-1.42.72'
• b7e01e9 Merge branch 'release-1.42.72' into develop
• fcc3fe3 Bumping version to 1.42.72
• 9d3625e Add changelog entries from botocore
• dd8d8d6 Merge branch 'release-1.42.71'
• 0d4401e Merge branch 'release-1.42.71' into develop
• 45318a5 Bumping version to 1.42.71
• Additional commits viewable in compare view

Updates humanize from 4.12.2 to 4.15.0

Release notes

Sourced from humanize's releases.

4.15.0

Added

• Add locale support for decimal separator in intword (#287) @​hugovk
• Add support for Python 3.15 (#275) @​hugovk

Changed

• Replace pre-commit with prek (#276) @​hugovk

Fixed

• naturaldelta: round the value to nearest unit that makes sense (#272) @​dangillet
• Fix plural form for intword and improve performance (#273) @​dangillet
• Replace Exception with more specific FileNotFoundError (#286) @​hugovk

4.14.0

Added

• Add Uzbek language (#264) @​sSimuSs

Changed

• Drop support for Python 3.9 (#268) @​hugovk

4.13.0

Changed

• Optimise naturalsize algorithm by using math.log (#253) @​Zaczero

Fixed

• Fix precisedelta rounding (#254) @​dangillet

4.12.3

Fixed

• Fix regression in naturalsize for float and str (#250) @​loicleyendecker
• Improvements for French translation (#248) @​merwok

Commits

• 2ddb590 Replace Exception with more specific FileNotFoundError (#286)
• e87f2e2 Add locale support for decimal separator in intword (#287)
• 7175184 Add locale support for decimal separator in intword
• 2526999 Update config (#285)
• ba532d9 Replace Exception with more specific FileNotFoundError
• bdc49ea Don't ignore UP038, it's been removed from Ruff
• 86f116b Add seven-day cooldown to Renovate
• e3f7116 No need for setup-python with prek-action
• 3dca143 naturaldelta: round the value to nearest unit that makes sense (#272)
• bac6f26 Apply suggestion from @​hugovk
• Additional commits viewable in compare view

Updates marshmallow from 3.26.1 to 4.2.2

Changelog

Sourced from marshmallow's changelog.

4.2.2 (2026-02-04)

Bug fixes:

• Fix behavior of fields.Contant(None) (:issue:2868). Thanks :user:T90REAL for reporting and emmanuel-ferdman for the fix.

4.2.1 (2026-01-23)

Bug fixes:

• Fix validation of URLs beginning with uppercare FILE (:issue:2891). Thanks :user:thanhlecongg for reporting and fixing.

4.2.0 (2026-01-04)

Other changes:

• many argument of Nested properly overrides schema instance value (:pr:2854). Thanks :user:jafournier for the PR.

4.1.2 (2025-12-19)

Bug fixes:

• :cve:2025-68480: Merge error store messages without rebuilding collections. Thanks 카푸치노 for reporting and :user:deckar01 for the fix.

4.1.1 (2025-11-05)

Bug fixes:

• Ensure URL validator is case-insensitive when using custom schemes (:pr:2874). Thanks :user:T90REAL for the PR.

4.1.0 (2025-11-01)

Other changes:

• Add __len__ implementation to missing so that it can be used with validate.Length <marshmallow.validate.Length> (:pr:2861). Thanks :user:agentgodzilla for the PR.
• Drop support for Python 3.9 (:pr:2363).

... (truncated)

Commits

• 2a3812d Bump version and update changelog
• 19ca8dc Fix Constant field rejecting None values during load (#2894)
• 213ee3a [pre-commit.ci] pre-commit autoupdate (#2896)
• ba8b512 Update AUTHORS.rst
• 40105ad Bump version and update changelog
• 39e7c83 Merge pull request #2892 from thanhlecongg/fix-2891
• 78a94ea Fix docstring typo
• 8dc078e fix issue #2891
• c62b911 add tests for issue #2891
• d07bf5e [pre-commit.ci] pre-commit autoupdate (#2887)
• Additional commits viewable in compare view

Updates google-cloud-storage from 3.1.0 to 3.10.1

Release notes

Sourced from google-cloud-storage's releases.

google-cloud-storage: v3.10.1

3.10.1 (2026-03-23)

Bug Fixes

• raise ValueError if api_endpoint is unset when using AnonymousCredentials in AsyncGrpcClient. (#1778) (17828ea3)

google-cloud-storage: v3.10.0

3.10.0 (2026-03-18)

Features

• [Bucket Encryption Enforcement] add support for bucket encryption enforcement config (#1742) (2a6e8b00e4e6ff57460373f8e628fd363be47811)

Perf Improvments

• [Rapid Buckets Reads] Use raw proto access for read resumption strategy (#1764) (14cfd61ce35365a409650981239ef742cdf375fb)
• [Rapid Buckets Benchmarks] init mp pool & grpc client once, use os.sched_setaffinity (#1751) (a9eb82c1b9b3c6ae5717d47b76284ed0deb5f769)
• [Rapid Buckets Writes] don't flush at every append, results in bad perf (#1746) (ab62d728ac7d7be3c4fe9a99d72e35ead310805a)

Bug Fixes

• [Windows] skip downloading blobs whose name contain ":" eg: C: D: etc when application runs in Windows. (#1774) (558198823ed51918db9c0137715d1e7f5b593975)
• [Path Traversal] Prevent path traversal in download_many_to_path (#1768) (700fec3bf7aa37bd5ea4b163cc3f9e8e6892bd5a)
• [Rapid Buckets] pass token correctly, '&' instead of ',' (#1756) (d8dd1e074d2431de9b45e0103181dce749a447a0)

google-cloud-storage 3.9.0

3.9.0 (2026-02-02)

Features

• update generation for MRD (#1730) (08bc7082)

• add get_object method for async grpc client (#1735) (0e5ec29b)

• Add micro-benchmarks for reads comparing standard (regional) vs rapid (zonal) buckets. (#1697) (1917649f)

• Add support for opening via write_handle and fix write_handle type (#1715) (2bc15fa5)

• add samples for appendable objects writes and reads (2e1a1eb5)

• add samples for appendable objects writes and reads (#1705) (2e1a1eb5)

• add context manager to mrd (#1724) (5ac2808a)

• Move Zonal Buckets features of _experimental (#1728) (74c9ecc5)

• add default user agent for grpc (#1726) (7b319469)

... (truncated)

Changelog

Sourced from google-cloud-storage's changelog.

3.10.1 (2026-03-23)

Bug Fixes

• raise ValueError if api_endpoint is unset when using AnonymousCredentials in AsyncGrpcClient. (#1778) (17828ea316872938a98a6360b10a2495c54bbbcb)

3.10.0 (2026-03-18)

Features

• [Bucket Encryption Enforcement] add support for bucket encryption enforcement config (#1742) (2a6e8b00e4e6ff57460373f8e628fd363be47811)

Perf Improvments

• [Rapid Buckets Reads] Use raw proto access for read resumption strategy (#1764) (14cfd61ce35365a409650981239ef742cdf375fb)
• [Rapid Buckets Benchmarks] init mp pool & grpc client once, use os.sched_setaffinity (#1751) (a9eb82c1b9b3c6ae5717d47b76284ed0deb5f769)
• [Rapid Buckets Writes] don't flush at every append, results in bad perf (#1746) (ab62d728ac7d7be3c4fe9a99d72e35ead310805a)

Bug Fixes

• [Windows] skip downloading blobs whose name contain ":" eg: C: D: etc when application runs in Windows. (#1774) (558198823ed51918db9c0137715d1e7f5b593975)
• [Path Traversal] Prevent path traversal in download_many_to_path (#1768) (700fec3bf7aa37bd5ea4b163cc3f9e8e6892bd5a)
• [Rapid Buckets] pass token correctly, '&' instead of ',' (#1756) (d8dd1e074d2431de9b45e0103181dce749a447a0)

3.9.0 (2026-02-02)

Features

• add get_object method for async grpc client (#1735) (0e5ec29bc6a31b77bcfba4254cef5bffb199095c)
• expose DELETE_OBJECT in AsyncGrpcClient (#1718) (c8dd7a0b124c395b7b60189ee78f47aba8d51f7d)
• update generation for MRD (#1730) (08bc7082db7392f13bc8c51511b4afa9c7b157c9)
• Move Zonal Buckets features of _experimental (#1728) (74c9ecc54173420bfcd48498a8956088a035af50)
• add default user agent for grpc (#1726) (7b319469d2e495ea0bf7367f3949190e8f5d9fff)
• expose finalized_time in blob.py applicable for GET_OBJECT in ZB (#1719) (8e21a7fe54d0a043f31937671003630a1985a5d2)
• add context manager to mrd (#1724) (5ac2808a69195c688ed42c3604d4bfadbb602a66)
• integrate writes strategy and appendable object writer (#1695) (dbd162b3583e32e6f705a51f5c3fef333a9b89d0)
• Add support for opening via write_handle and fix write_handle type (#1715) (2bc15fa570683ba584230c51b439d189dbdcd580)
• Add micro-benchmarks for writes comparing standard (regional) vs rapid (zonal) buckets. (#1707) (dbe9d8b89d975dfbed8c830a5687ccfafea51d5f)
• Add micro-benchmarks for reads comparing standard (regional) vs rapid (zonal) buckets. (#1697) (1917649fac41481da1adea6c2a9f4ab1298a34c4)
• send user_agent to grpc channel (#1712) (cdb2486bb051dcbfbffc2510aff6aacede5e54d3)
• add samples for appendable objects writes and reads (#1705) (2e1a1eb5cbe1c909f1f892a0cc74fe63c8ef36ff)
• add samples for appendable objects writes and reads (2e1a1eb5cbe1c909f1f892a0cc74fe63c8ef36ff)
• add support for Description has been truncated

[ons-eq-team]

Benchmark Results

Percentile Averages:
50th: 88ms
90th: 303ms
95th: 497ms
99th: 977ms
99.9th: 1706ms
GETs (99th): 1137ms
POSTs (99th): 793ms

PDF: 9300ms
Session: 8100ms

Total Requests: 64,465
Total Failures: 0
Error Percentage: 0.0%

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.