chore(wren-ai-service): bump the all group across 1 directory with 40 updates

[dependabot]

Bumps the all group with 40 updates in the /wren-ai-service directory:

Package	From	To
fastapi	0.121.1	0.135.1
uvicorn	0.29.0	0.42.0
python-dotenv	1.2.1	1.2.2
haystack-ai	2.7.0	2.25.2
openai	1.109.1	2.28.0
qdrant-haystack	7.0.0	10.2.1
tqdm	4.67.1	4.67.3
numpy	1.26.4	2.4.3
sqlparse	0.5.3	0.5.5
orjson	3.11.5	3.11.7
ollama-haystack	0.0.6	1.1.0
langfuse	2.60.10	4.0.0
ollama	0.2.1	0.6.1
cachetools	5.5.2	6.2.6
pydantic-settings	2.12.0	2.13.1
google-auth	2.43.0	2.49.1
tiktoken	0.8.0	0.12.0
jsonschema	4.25.1	4.26.0
litellm	1.79.3	1.82.2
boto3	1.40.72	1.42.68
qdrant-client	1.17.0	1.17.1
filelock	3.20.3	3.25.2
werkzeug	3.1.5	3.1.6
marshmallow	3.26.2	4.2.2
pre-commit	3.8.0	4.5.1
streamlit	1.51.0	1.55.0
watchdog	4.0.2	6.0.0
matplotlib	3.10.7	3.10.8
sseclient-py	1.8.0	1.9.0
dspy-ai	2.6.27	3.1.3
deepeval	3.8.8	3.8.9
tomlkit	0.13.3	0.14.0
gitpython	3.1.45	3.1.46
plotly	5.24.1	6.6.0
ipykernel	6.31.0	7.2.0
itables	2.5.2	2.7.1
gdown	5.2.0	5.2.1
locust	2.41.6	2.43.3
pytest-cov	6.3.0	7.0.0
pytest-asyncio	0.24.0	1.3.0

Updates fastapi from 0.121.1 to 0.135.1

Release notes

Sourced from fastapi's releases.

0.135.1

Fixes

• 🐛 Fix, avoid yield from a TaskGroup, only as an async context manager, closed in the request async exit stack. PR #15038 by @​tiangolo.

Docs

• ✏️ Fix typo in docs/en/docs/_llm-test.md. PR #15007 by @​adityagiri3600.
• 📝 Update Skill, optimize context, trim and refactor into references. PR #15031 by @​tiangolo.

Internal

• 👥 Update FastAPI People - Experts. PR #15037 by @​tiangolo.
• 👥 Update FastAPI People - Contributors and Translators. PR #15029 by @​tiangolo.
• 👥 Update FastAPI GitHub topic repositories. PR #15036 by @​tiangolo.

0.135.0

Features

• ✨ Add support for Server Sent Events. PR #15030 by @​tiangolo.
  • New docs: Server-Sent Events (SSE).

0.134.0

Features

• ✨ Add support for streaming JSON Lines and binary data with yield. PR #15022 by @​tiangolo.
  • This also upgrades Starlette from >=0.40.0 to >=0.46.0, as it's needed to properly unrwap and re-raise exceptions from exception groups.
  • New docs: Stream JSON Lines.
  • And new docs: Stream Data.

Docs

• 📝 Update Library Agent Skill with streaming responses. PR #15024 by @​tiangolo.
• 📝 Update docs for responses and new stream with yield. PR #15023 by @​tiangolo.
• 📝 Add await in StreamingResponse code example to allow cancellation. PR #14681 by @​casperdcl.
• 📝 Rename docs_src/websockets to docs_src/websockets_ to avoid import errors. PR #14979 by @​YuriiMotov.

Internal

• 🔨 Run tests with pytest-xdist and pytest-cov. PR #14992 by @​YuriiMotov.

0.133.1

Features

• 🔧 Add FastAPI Agent Skill. PR #14982 by @​tiangolo.
  • Read more about it in Library Agent Skills.

Internal

• ✅ Fix all tests are skipped on Windows. PR #14994 by @​YuriiMotov.

... (truncated)

Commits

• ca5f60e 🔖 Release version 0.135.1
• 87f75aa 📝 Update release notes
• 8a9258b 🐛 Fix, avoid yield from a TaskGroup, only as an async context manager, closed...
• 6038507 📝 Update release notes
• c796ba4 👥 Update FastAPI People - Experts (#15037)
• b24aa03 📝 Update release notes
• 2c61047 ✏️ Fix typo in docs/en/docs/_llm-test.md (#15007)
• e3bbeef 📝 Update release notes
• d726c8c 📝 Update release notes
• cf514e6 👥 Update FastAPI People - Contributors and Translators (#15029)
• Additional commits viewable in compare view

Updates uvicorn from 0.29.0 to 0.42.0

Release notes

Sourced from uvicorn's releases.

Version 0.42.0

Changed

• Use bytearray for request body accumulation to avoid O(n^2) allocation on fragmented bodies (#2845)

Fixed

• Escape brackets and backslash in httptools HEADER_RE regex (#2824)
• Fix multiple issues in websockets sans-io implementation (#2825)

---

New Contributors

• @​bysiber made their first contribution in Kludex/uvicorn#2825

---

Full Changelog: Kludex/uvicorn@0.41.0...0.42.0

Version 0.41.0

Added

• Add --limit-max-requests-jitter to stagger worker restarts (#2707)
• Add socket path to scope["server"] (#2561)

Changed

• Rename LifespanOn.error_occured to error_occurred (#2776)

Fixed

• Ignore permission denied errors in watchfiles reloader (#2817)
• Ensure lifespan shutdown runs when should_exit is set during startup (#2812)
• Reduce the log level of 'request limit exceeded' messages (#2788)

---

New Contributors

• @​t-kawasumi made their first contribution in Kludex/uvicorn#2776
• @​fardyn made their first contribution in Kludex/uvicorn#2800
• @​ewie made their first contribution in Kludex/uvicorn#2807
• @​shevron made their first contribution in Kludex/uvicorn#2788
• @​jonashaag made their first contribution in Kludex/uvicorn#2707

---

Full Changelog: Kludex/uvicorn@0.40.0...0.41.0

Version 0.40.0

What's Changed

... (truncated)

Changelog

Sourced from uvicorn's changelog.

0.42.0 (March 16, 2026)

Changed

• Use bytearray for request body accumulation to avoid O(n^2) allocation on fragmented bodies (#2845)

Fixed

• Escape brackets and backslash in httptools HEADER_RE regex (#2824)
• Fix multiple issues in websockets sans-io implementation (#2825)

0.41.0 (February 16, 2026)

Added

• Add --limit-max-requests-jitter to stagger worker restarts (#2707)
• Add socket path to scope["server"] (#2561)

Changed

• Rename LifespanOn.error_occured to error_occurred (#2776)

Fixed

• Ignore permission denied errors in watchfiles reloader (#2817)
• Ensure lifespan shutdown runs when should_exit is set during startup (#2812)
• Reduce the log level of 'request limit exceeded' messages (#2788)

0.40.0 (December 21, 2025)

Remove

• Drop support for Python 3.9 (#2772)

0.39.0 (December 21, 2025)

Fixed

• Send close frame on ASGI return for WebSockets (#2769)
• Explicitly start ASGI run with empty context (#2742)

0.38.0 (October 18, 2025)

Added

• Support Python 3.14 (#2723)

0.37.0 (September 23, 2025)

Added

... (truncated)

Commits

• 02bed6f Version 0.42.0 (#2852)
• d8f2501 chore: pre-create Config objects in benchmarks to measure protocol hot paths ...
• 9dbb783 Add WebSocket protocol benchmarks for wsproto and websockets-sansio (#2849)
• b3c69da Use bytearray for request body accumulation (#2845)
• 3f3ebee Disable pytest-xdist for CodSpeed benchmark runs (#2847)
• d072de7 Add fragmented body benchmark for chunked body accumulation (#2846)
• e300c2c Add CodSpeed benchmark suite for HTTP protocol hot paths (#2844)
• 1fa6976 Escape brackets and backslash in httptools HEADER_RE regex (#2824)
• 59ec1de Fix multiple issues in websockets sansio implementation (#2825)
• 2fc0efc Clarify Windows asyncio event loop selection in docs (#2843)
• Additional commits viewable in compare view

Updates python-dotenv from 1.2.1 to 1.2.2

Release notes

Sourced from python-dotenv's releases.

v1.2.2

Added

• Support for Python 3.14, including the free-threaded (3.14t) build. (#)

Changed

• The dotenv run command now forwards flags directly to the specified command by @​bbc2 in theskumar/python-dotenv#607
• Improved documentation clarity regarding override behavior and the reference page.
• Updated PyPy support to version 3.11.
• Documentation for FIFO file support.
• Support for Python 3.9.

Fixed

• Improved set_key and unset_key behavior when interacting with symlinks by @​bbc2 in #790c5
• Corrected the license specifier and added missing Python 3.14 classifiers in package metadata by @​JYOuyang in theskumar/python-dotenv#590

Breaking Changes

• dotenv.set_key and dotenv.unset_key used to follow symlinks in some situations. This is no longer the case. For that behavior to be restored in all cases, follow_symlinks=True should be used.

• In the CLI, set and unset used to follow symlinks in some situations. This is no longer the case.

• dotenv.set_key, dotenv.unset_key and the CLI commands set and unset used to reset the file mode of the modified .env file to 0o600 in some situations. This is no longer the case: The original mode of the file is now preserved. Is the file needed to be created or wasn't a regular file, mode 0o600 is used.

Misc

• skip 000 permission tests for root user by @​burnout-projects in theskumar/python-dotenv#561
• Bump actions/checkout from 5 to 6 in the github-actions group by @​dependabot[bot] in theskumar/python-dotenv#593
• Add Windows testing to CI by @​bbc2 in theskumar/python-dotenv#604
• Improve workflow efficiency with best practices by @​theskumar in theskumar/python-dotenv#609
• Remove the use of sh in tests by @​bbc2 in theskumar/python-dotenv#612

New Contributors

• @​JYOuyang made their first contribution in theskumar/python-dotenv#590
• @​burnout-projects made their first contribution in theskumar/python-dotenv#561
• @​cpackham-atlnz made their first contribution in theskumar/python-dotenv#597

Full Changelog: theskumar/python-dotenv@v1.2.1...v1.2.2

Changelog

Sourced from python-dotenv's changelog.

[1.2.2] - 2026-03-01

Added

• Support for Python 3.14, including the free-threaded (3.14t) build. (#588)

Changed

• The dotenv run command now forwards flags directly to the specified command by [@​bbc2] in #607
• Improved documentation clarity regarding override behavior and the reference page.
• Updated PyPy support to version 3.11.
• Documentation for FIFO file support.
• Dropped Support for Python 3.9.

Fixed

• Improved set_key and unset_key behavior when interacting with symlinks by [@​bbc2] in [790c5c0]
• Corrected the license specifier and added missing Python 3.14 classifiers in package metadata by [@​JYOuyang] in #590

Breaking Changes

• dotenv.set_key and dotenv.unset_key used to follow symlinks in some situations. This is no longer the case. For that behavior to be restored in all cases, follow_symlinks=True should be used.

• In the CLI, set and unset used to follow symlinks in some situations. This is no longer the case.

• dotenv.set_key, dotenv.unset_key and the CLI commands set and unset used to reset the file mode of the modified .env file to 0o600 in some situations. This is no longer the case: The original mode of the file is now preserved. Is the file needed to be created or wasn't a regular file, mode 0o600 is used.

Commits

• 36004e0 Bump version: 1.2.1 → 1.2.2
• eb20252 docs: update changelog for v1.2.2
• 790c5c0 Merge commit from fork
• 43340da Remove the use of sh in tests (#612)
• 09d7cee docs: clarify override behavior and document FIFO support (#610)
• c8de288 ci: improve workflow efficiency with best practices (#609)
• 7bd9e3d Add Windows testing to CI (#604)
• 1baaf04 Drop Python 3.9 support and update to PyPy 3.11 (#608)
• 4a22cf8 ci: enable testing on Python 3.14t (free-threaded) (#588)
• e2e8e77 Fix license specifier (#597)
• Additional commits viewable in compare view

Updates haystack-ai from 2.7.0 to 2.25.2

Release notes

Sourced from haystack-ai's releases.

v2.25.2

🐛 Bug Fixes

• Reverts the change that made Agent messages optional as it caused issues with pipeline execution. As a consequence, the LLM component now defaults to an empty messages list unless provided at runtime.

v2.25.2-rc1

No release notes provided.

v2.25.1

⚡️ Enhancement Notes

• Auto variadic sockets now also support Optional[list[...]] input types, in addition to plain list[...].

🐛 Bug Fixes

• Fixed smart connection logic to support connecting multiple outputs to a socket whose type is Optional[list[...]] (e.g. list[ChatMessage] | None). Previously, connecting two list[ChatMessage] outputs to Agent.messages would fail after its type was updated from list[ChatMessage] to list[ChatMessage] | None.

v2.25.1-rc1

No release notes provided.

v2.25.0

⭐️ Highlights

🛠️ Dynamic Tool Discovery with SearchableToolset

For applications with large tool catalogs, we’ve added the SearchableToolset. Instead of exposing all tools upfront, agents start with a single search_tools function and dynamically discover relevant tools using BM25-based keyword search.

This is particularly useful when connecting MCP servers via MCPToolset, where many tools may be available. By combining the two, agents can load only the tools they actually need at runtime, reducing context usage and improving tool selection.

from haystack.components.agents import Agent
from haystack.components.generators.chat import OpenAIChatGenerator
from haystack.dataclasses import ChatMessage
from haystack.tools import Tool, SearchableToolset
Create a catalog of tools
catalog = [
Tool(name="get_weather", description="Get weather for a city", ...),
Tool(name="search_web", description="Search the web", ...),
# ... 100s more tools
]
toolset = SearchableToolset(catalog=catalog)
agent = Agent(chat_generator=OpenAIChatGenerator(), tools=toolset)
The agent is initially provided only with the search_tools tool and will use it to find relevant tools.
result = agent.run(messages=[ChatMessage.from_user("What's the weather in Milan?")])

📝 Reusable Prompt Templates for Agents

Agents now natively support Jinja2-templated user prompts. By defining a user_prompt and required_variables during initialization or at runtime, you can easily invoke the Agent with dynamic variables without having to manually build ChatMessage objects for every invocation. Plus, you can seamlessly append rendered prompts directly to prior conversation messages.

... (truncated)

Commits

• c389195 bump version to 2.25.2
• 8f31223 bump version to 2.25.2-rc1
• 0034789 fix: require messages input parameter in Agent component (#10734)
• 9be588e bump version to 2.25.1
• 1833473 bump version to 2.25.1-rc1
• d9b1625 fix: Fix auto-variadic assignment (#10688)
• df89c7e Add manual trigger (#10684)
• 841f02f ci: use Hatch action (#10679)
• d74fd40 bump version to 2.25.0
• 69af72e bump version to 2.25.0-rc1
• Additional commits viewable in compare view

Updates openai from 1.109.1 to 2.28.0

Release notes

Sourced from openai's releases.

v2.28.0

2.28.0 (2026-03-13)

Full Changelog: v2.27.0...v2.28.0

Features

• api: custom voices (50dc060)

v2.27.0

2.27.0 (2026-03-13)

Full Changelog: v2.26.0...v2.27.0

Features

• api: api update (60ab24a)
• api: manual updates (b244b09)
• api: manual updates (d806635)
• api: sora api improvements: character api, video extensions/edits, higher resolution exports. (58b70d3)

Bug Fixes

• api: repair merged videos resource (742d8ee)

Chores

• internal: codegen related update (4e6498e)
• internal: codegen related update (93af129)
• match http protocol with ws protocol instead of wss (026f9de)
• use proper capitalization for WebSockets (a2f9b07)

v2.26.0

2.26.0 (2026-03-05)

Full Changelog: v2.25.0...v2.26.0

Features

• api: The GA ComputerTool now uses the CompuerTool class. The 'computer_use_preview' tool is moved to ComputerUsePreview (78f5b3c)

v2.25.0

2.25.0 (2026-03-05)

Full Changelog: v2.24.0...v2.25.0

Features

... (truncated)

Changelog

Sourced from openai's changelog.

2.28.0 (2026-03-13)

Full Changelog: v2.27.0...v2.28.0

Features

• api: custom voices (50dc060)

2.27.0 (2026-03-13)

Full Changelog: v2.26.0...v2.27.0

Features

• api: api update (60ab24a)
• api: manual updates (b244b09)
• api: manual updates (d806635)
• api: sora api improvements: character api, video extensions/edits, higher resolution exports. (58b70d3)

Bug Fixes

• api: repair merged videos resource (742d8ee)

Chores

• internal: codegen related update (4e6498e)
• internal: codegen related update (93af129)
• match http protocol with ws protocol instead of wss (026f9de)
• use proper capitalization for WebSockets (a2f9b07)

2.26.0 (2026-03-05)

Full Changelog: v2.25.0...v2.26.0

Features

• api: The GA ComputerTool now uses the CompuerTool class. The 'computer_use_preview' tool is moved to ComputerUsePreview (78f5b3c)

2.25.0 (2026-03-05)

Full Changelog: v2.24.0...v2.25.0

Features

• api: gpt-5.4, tool search tool, and new computer tool (6b2043f)
• api: remove prompt_cache_key param from responses, phase field from message types (44fb382)

... (truncated)

Commits

• fc7f598 release: 2.28.0
• c1a87d9 feat(api): custom voices
• 0a4ca53 release: 2.27.0 (#2938)
• 15afa21 release: 2.26.0 (#2932)
• 9b1bb6e release: 2.25.0 (#2891)
• 656e3ca release: 2.24.0 (#2890)
• 921c330 release: 2.23.0
• 650ccd9 codegen metadata
• 9e9a4f1 feat(api): add gpt-realtime-1.5 and gpt-audio-1.5 model options to realtime c...
• 588d239 chore(internal): make test_proxy_environment_variables more resilient
• Additional commits viewable in compare view

Updates qdrant-haystack from 7.0.0 to 10.2.1

Commits

• cda7e68 doc: fixing QdrantDocumentStore docstring parsing error (#2806)
• e1bec8f Update the changelog
• f706c17 count number of docs between deleted operation and return the difference afte...
• d87afdc Update the changelog
• 18e6d1e feat: adding count with filtering operations toQdrantDocumentStore (#2803)
• fe2dd54 Update the changelog
• 718165d feat: add SQLRetriever to ElasticsearchDocumentStore (#2801)
• 051ccb8 chore: exposing PineconeDocumentStore show_progress bar parameter and dis...
• 312e463 chore: disabling progress bar in QdrantDocumentStore tests (#2797)
• 66b8109 Update the changelog
• Additional commits viewable in compare view

Updates tqdm from 4.67.1 to 4.67.3

Release notes

Sourced from tqdm's releases.

tqdm v4.67.3 stable

• fix py3.7 dependencies (#1706 <- #1705)

tqdm v4.67.2 stable

• support pandas>=3 (#1703 <- #1701, #1650, #1700)
• fix format_interval for negative numbers (#1703)
• misc linting
• framework updates (#1704)
  • bump CI workflow & pre-commit dependencies
  • add pyupgrade
  • add py3.13 support
  • fix py3.7 tests
  • update setuptools-scm usage
  • support auto-dedented docstrings when building docs in py3.13
• tests: relax flaky benchmarks

Commits

• 75bdb6c fix py3.7 compat
• 09a863b bump version, merge pull request #1704 from tqdm/devel
• 33d24cd update pyproject syntax
• 70b9124 add py3.13 support
• a74d8f8 drop _dist_ver
• 14d72e2 Merge pull request #1703 from wingding12/fix-pandas-3.0-and-negative-interval
• a69dac8 fix dedented docstrings
• a986d22 tests: fix pandas deprecation warnings
• bb7aa4d tests: fix pandas deprecated applymap
• 0647db1 misc tidy
• Additional commits viewable in compare view

Updates numpy from 1.26.4 to 2.4.3

Release notes

Sourced from numpy's releases.

2.4.3 (Mar 9, 2026)

NumPy 2.4.3 Release Notes

The NumPy 2.4.3 is a patch release that fixes bugs discovered after the 2.4.2 release. The most user visible fix may be a threading fix for OpenBLAS on ARM, closing issue #30816.

This release supports Python versions 3.11-3.14

Contributors

A total of 11 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

• Antareep Sarkar +
• Charles Harris
• Joren Hammudoglu
• Matthieu Darbois
• Matti Picus
• Nathan Goldbaum
• Peter Hawkins
• Pieter Eendebak
• Sebastian Berg
• Warren Weckesser
• stratakis +

Pull requests merged

A total of 14 pull requests were merged for this release.

• #30759: MAINT: Prepare 2.4.x for further development
• #30827: BUG: Fix some leaks found via LeakSanitizer (#30756)
• #30841: MAINT: Synchronize 2.4.x submodules with main
• #30849: TYP: matlib: missing extended precision imports
• #30850: BUG: Fix weak hash function in np.isin(). (#30840)
• #30921: BUG: fix infinite recursion in np.ma.flatten_structured_array...
• #30922: BUG: Fix buffer overrun in CPU baseline validation (#30877)
• #30923: BUG: Fix busdaycalendar's handling of a bool array weekmask....
• #30924: BUG: Fix reference leaks and NULL pointer dereferences (#30908)
• #30925: MAINT: fix two minor issues noticed when touching the C API setup
• #30955: ENH: Test .kind not .char in np.testing.assert_equal (#30879)
• #30957: BUG: fix type issues in uses if PyDataType macros
• #30958: MAINT: Don't use vulture 2.15, it has false positives
• #30973: MAINT: update openblas (#30961)

2.4.2 (Feb 1, 2026)

NumPy 2.4.2 Release Notes

The NumPy 2.4.2 is a patch release that fixes bugs discovered after the 2.4.1 release. Highlights are:

... (truncated)

Changelog

Sourced from numpy's changelog.

This is a walkthrough of the NumPy 2.4.0 release on Linux, which will be the first feature release using the numpy/numpy-release <https://github.com/numpy/numpy-release>__ repository.

The commands can be copied into the command line, but be sure to replace 2.4.0 with the correct version. This should be read together with the :ref:general release guide <prepare_release>.

Facility preparation

Before beginning to make a release, use the requirements/*_requirements.txt files to ensure that you have the needed software. Most software can be installed with pip, but some will require apt-get, dnf, or whatever your system uses for software. You will also need a GitHub personal access token (PAT) to push the documentation. There are a few ways to streamline things:

• Git can be set up to use a keyring to store your GitHub personal access token. Search online for the details.

Prior to release

Add/drop Python versions

When adding or dropping Python versions, multiple config and CI files need to be edited in addition to changing the minimum version in pyproject.toml. Make these changes in an ordinary PR against main and backport if necessary. We currently release wheels for new Python versions after the first Python RC once manylinux and cibuildwheel support that new Python version.

Backport pull requests

Changes that have been marked for this release must be backported to the maintenance/2.4.x branch.

Update 2.4.0 milestones

Look at the issues/prs with 2.4.0 milestones and either push them off to a later version, or maybe remove the milestone. You may need to add a milestone.

Check the numpy-release repo

... (truncated)

Commits

• 8bcb2e7 Merge pull request #30974 from charris/prepare-2.4.3
• 9a2b5ee REL: Prepare for the NumPy 2.4.3 release
• a822ac2 Merge pull request #30973 from charris/backport-30961
• 039bf54 MAINT: update openblas (#30961)
• 254bafa Merge pull request #30955 from charris/backport-30879
• 0cc7d38 ENH: Test .kind not .char in np.testing.assert_equal (#30879)
• 9ee571d Merge pull request #30957 from charris/backport-30918
• f302a16 Merge pull request #30958 from charris/backport-30938
• d240a09 MAINT: Don't use vulture 2.15, it has false positives
• 4fc08e9 MAINT: Don't use vulture 2.15, it has false positives
• Additional commits viewable in compare view

Updates sqlparse from 0.5.3 to 0.5.5

Changelog

Sourced from sqlparse's changelog.

Release 0.5.5 (Dec 19, 2025)

Bug Fixes

• Fix DoS protection to raise SQLParseError instead of silently returning None when grouping limits are exceeded (issue827).
• Fix splitting of BEGIN TRANSACTION statements (issue826).

Release 0.5.4 (Nov 28, 2025)

Enhancements

• Add support for Python 3.14.
• Add type annotations to top-level API functions and include py.typed marker for PEP 561 compliance, enabling type checking with mypy and other tools (issue756).
• Add pre-commit hook support. sqlparse can now be used as a pre-commit hook to automatically format SQL files. The CLI now supports multiple files and an --in-place flag for in-place editing (issue537).
• Add ATTACH and DETACH to PostgreSQL keywords (pr808).
• Add INTERSECT to close keywords in WHERE clause (pr820).
• Support REGEXP BINARY comparison operator (pr817).

Bug Fixes

• Add additional protection against denial of service attacks when parsing very large lists of tuples. This enhances the existing recursion protections with configurable limits for token processing to prevent DoS through algorithmic complexity attacks. The new limits (MAX_GROUPING_DEPTH=100, MAX_GROUPING_TOKENS=10000) can be adjusted or disabled (by setting to None) if needed for legitimate large SQL statements.
• Remove shebang from cli.py and remove executable flag (pr818).
• Fix strip_comments not removing all comments when input contains only comments (issue801, pr803 by stropysh).
• Fix splitting statements with IF EXISTS/IF NOT EXISTS inside BEGIN...END blocks (issue812).
• Fix splitting on semicolons inside BEGIN...END blocks (issue809).

Commits

• 0d24023 Bump version to 0.5.5
• da67ac1 Enhance DoS protection by raising SQLParseError for exceeded grouping limits ...
• 5ca50a2 Fix splitting of BEGIN TRANSACTION statements (fixes #826).
• acd8e58 Back to development version.
• 14e300b Bump version.
• 96a67e2 Code cleanup.
• 1a3bfbd Fix handling of semicolons inside BEGIN...END blocks (fixes #809).
• e92a032 Fix handling of IF EXISTS statements in BEGIN...END blocks (fixes #812).
• 149bebf Update Changelog.
• 561a67e Update AUTHORS.
• Additional commits viewable in compare view

Updates orjson from 3.11.5 to 3.11.7

Release notes

Sourced from orjson's releases.

3.11.7

Changed

• Use a faster library to serialize float. Users with byte-exact regression tests should note positive exponents are now written using a +, e.g., 1.2e+30 instead of 1.2e30. Both formats are spec-compliant.
• ABI compatibility with CPython 3.15 alpha 5 free-threading.

3.11.6

Changed

• orjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).
• Drop support for Python 3.9.
• ABI compatibility with CPython 3.15 alpha 5.
• Build now depends on Rust 1.89 or later instead of 1.85.

Fixed

• Fix sporadic crash serializing deeply nested list of dict.

Changelog

Sourced from orjson's changelog.

3.11.7 - 2026-02-02

Changed

• Use a faster library to serialize float. Users with byte-exact regression tests should note positive exponents are now written using a +, e.g., 1.2e+30 instead of 1.2e30. Both formats are spec-compliant.
• ABI compatibility with CPython 3.15 alpha 5 free-threading.

3.11.6 - 2026-01-29

Changed

• orjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).
• Drop support for Python 3.9.
• ABI compatibility with CPython 3.15 alpha 5.
• Build now depends on Rust 1.89 or later instead of 1.85.

Fixed

• Fix sporadic crash serializing deeply nested list of dict.

Commits

• ec2b066 3.11.7
• 1ca01f7 zmij
• 1716a22 cargo update
• ec02024 3.11.6
• d581687 build, clippy misc
• 4105b29 writer::num
• 62bb185 Fix sporadic crash on serializing object close
• d860078 PyRef idiom refactors
• 343ae2f Deserializer, Utf8Buffer
• 7835f58 PyBytesRef and other input refactor
• Additional commits viewable in compare view

Updates ollama-haystack from 0.0.6 to 1.1.0

Commits

• bb949ef feat: Add Agent state-mapping parameters to MCPTool (#2501)
• dee4f0a docs: update changelog for integrations/anthropic (#2511)
• 28c8038 docs: update changelog for integrations/astra (#2512)
• 3b7497a docs: update changelog for integrations/azure_ai_search (#2513)
• 373b818 docs: update changelog for integrations/chroma (#2514)