chore(deps): bump the deps group with 7 updates

[dependabot]

Bumps the deps group with 7 updates:

Package	From	To
certifi	2025.1.31	2025.4.26
h11	0.14.0	0.16.0
httpcore	1.0.8	1.0.9
openai	1.75.0	1.76.0
protobuf	5.29.4	6.30.2
pydantic-core	2.33.1	2.34.1
structlog	25.2.0	25.3.0

Updates certifi from 2025.1.31 to 2025.4.26

Commits

• 275c9eb 2025.04.26 (#347)
• 3788331 Bump actions/setup-python from 5.4.0 to 5.5.0 (#346)
• 9d1f1b7 Bump actions/download-artifact from 4.1.9 to 4.2.1 (#344)
• 96b97a5 Bump actions/upload-artifact from 4.6.1 to 4.6.2 (#343)
• c054ed3 Bump peter-evans/create-pull-request from 7.0.7 to 7.0.8 (#342)
• 44547fc Bump actions/download-artifact from 4.1.8 to 4.1.9 (#341)
• 5ea5124 Bump actions/upload-artifact from 4.6.0 to 4.6.1 (#340)
• 2f142b7 Bump peter-evans/create-pull-request from 7.0.6 to 7.0.7 (#339)
• 80d2ebd Bump actions/setup-python from 5.3.0 to 5.4.0 (#337)
• See full diff in compare view

Updates h11 from 0.14.0 to 0.16.0

Commits

• 1c5b075 this time for surer
• d9c3699 this time for sure...
• d91b9dd blacken
• 5a4683c Soothe mypy
• 9c9567f Bump version to 0.16.0
• 114803a Merge commit from fork
• 9462006 Bump version to 0.15.0
• 70a96be Merge pull request #181 from Julien00859/Julien00859/get_int_max_str_digits
• 60782ad Reject Content-Length longer 1 billion TB
• dff7cc3 Validate Chunked-Encoding chunk footer
• Additional commits viewable in compare view

Updates httpcore from 1.0.8 to 1.0.9

Release notes

Sourced from httpcore's releases.

Version 1.0.9 (April 24th, 2025)

• Resolve GHSA-vqfr-h8mv-ghfj with h11 dependency update. (#1008)

Changelog

Sourced from httpcore's changelog.

Version 1.0.9 (April 24th, 2025)

• Resolve GHSA-vqfr-h8mv-ghfj with h11 dependency update. (#1008)

Commits

• 9820975 Version 1.0.9 (#1011)
• d1e17c5 Update h11 dependency, resolving security fix. (#1008)
• See full diff in compare view

Updates openai from 1.75.0 to 1.76.0

Release notes

Sourced from openai's releases.

v1.76.0

1.76.0 (2025-04-23)

Full Changelog: v1.75.0...v1.76.0

Features

• api: adding new image model support (74d7692)

Bug Fixes

• pydantic v1: more robust ModelField.annotation check (#2163) (7351b12)
• pydantic v1: more robust ModelField.annotation check (eba7856)

Chores

• ci: add timeout thresholds for CI jobs (0997211)
• internal: fix list file params (da2113c)
• internal: import reformatting (b425fb9)
• internal: minor formatting changes (aed1d76)
• internal: refactor retries to not use recursion (8cb8cfa)
• internal: update models test (870ad4e)
• update completion parse signature (a44016c)

Changelog

Sourced from openai's changelog.

1.76.0 (2025-04-23)

Full Changelog: v1.75.0...v1.76.0

Features

• api: adding new image model support (74d7692)

Bug Fixes

• pydantic v1: more robust ModelField.annotation check (#2163) (7351b12)
• pydantic v1: more robust ModelField.annotation check (eba7856)

Chores

• ci: add timeout thresholds for CI jobs (0997211)
• internal: fix list file params (da2113c)
• internal: import reformatting (b425fb9)
• internal: minor formatting changes (aed1d76)
• internal: refactor retries to not use recursion (8cb8cfa)
• internal: update models test (870ad4e)
• update completion parse signature (a44016c)

Commits

• 8e1a1cd release: 1.76.0
• 6321004 feat(api): adding new image model support
• 1c1d144 chore(internal): minor formatting changes
• 8830a6c fix(pydantic v1): more robust ModelField.annotation check
• 6a2dfbb fix(pydantic v1): more robust ModelField.annotation check (#2163)
• 7de6c5c chore(internal): refactor retries to not use recursion
• 1e7dea2 chore(internal): fix list file params
• 1157528 chore(internal): import reformatting
• 271d979 chore(ci): add timeout thresholds for CI jobs
• 15902dc chore: update completion parse signature
• Additional commits viewable in compare view

Updates protobuf from 5.29.4 to 6.30.2

Commits

• 43e1626 Updating version.json and repo version numbers to: 30.2
• 7a4c63b Fix lite classes in the protobuf-java Maven release to be JDK8 compatible. (#...
• 7831669 Remove dllexport attribute on variable definition. (#20833)
• da9cadc Restore JDK8 compatibility in Bazel for libraries with dependencies from Mave...
• 09b5078 Add protobuf_maven artifacts to protobuf_maven_dev as well so they can still ...
• b7f06f1 Add volatile to featuresResolved (#20766)
• b69f653 Restore generator headers in cmake install until the next breaking C++ releas...
• f4b0a79 Restore custom protobuf maven namespaces to avoid polluting main maven namesp...
• 2dc9f35 Fix Java concurrency issue in feature resolution for old <=3.25.x gencode usi...
• 221b2a0 Change how we decide which empty string implementation to use. (#20708)
• Additional commits viewable in compare view

Updates pydantic-core from 2.33.1 to 2.34.1

Release notes

Sourced from pydantic-core's releases.

v2.34.1

No release notes provided.

v2.34.0 2025-04-17

What's Changed

• fix clippy lints for Rust 1.86 by @​davidhewitt in pydantic/pydantic-core#1682
• Bump uuid from 1.15.1 to 1.16.0 by @​dependabot in pydantic/pydantic-core#1678
• Bump serde_json from 1.0.138 to 1.0.140 by @​dependabot in pydantic/pydantic-core#1679
• Bump pyo3 from 0.24.0 to 0.24.1 by @​dependabot in pydantic/pydantic-core#1677
• Allow JSON BigInt to validate against float schema by @​Viicos in pydantic/pydantic-core#1685
• Ensure ValidationInfo.field_name is correct on validator reuse by @​DouweM in pydantic/pydantic-core#1692
• Bump version to v2.34.0 by @​Viicos in pydantic/pydantic-core#1694
• Fix CI condition for release job by @​Viicos in pydantic/pydantic-core#1695
• Fix CI condition for release job x2 by @​Viicos in pydantic/pydantic-core#1696

New Contributors

• @​DouweM made their first contribution in pydantic/pydantic-core#1692

Full Changelog: pydantic/pydantic-core@v2.33.1...v2.34.0

v2.33.2 2025-04-23

What's Changed

• fix clippy lints for Rust 1.86 by @​davidhewitt in pydantic/pydantic-core#1682
• Bump uuid from 1.15.1 to 1.16.0 by @​dependabot in pydantic/pydantic-core#1678
• Bump serde_json from 1.0.138 to 1.0.140 by @​dependabot in pydantic/pydantic-core#1679
• Bump pyo3 from 0.24.0 to 0.24.1 by @​dependabot in pydantic/pydantic-core#1677
• Do not reuse validator and serializer when unpickling by @​Viicos in pydantic/pydantic-core#1693
• Bump version to v2.33.2 by @​Viicos in pydantic/pydantic-core#1702

Full Changelog: pydantic/pydantic-core@v2.33.1...v2.33.2

Commits

• 3414703 Bump version to v2.34.1 (#1698)
• 5bb2d62 Mark some tests as xfailing on free-threaded (#1697)
• 2bcce9f Fix CI condition for release job x2 (#1696)
• 0d03450 Fix CI condition for release job (#1695)
• 60bccf1 Bump version to v2.34.0 (#1694)
• 4760f38 Ensure ValidationInfo.field_name is correct on validator reuse (#1692)
• 9a25aa6 Allow JSON BigInt to validate against float schema (#1685)
• 0a5bbfc Bump pyo3 from 0.24.0 to 0.24.1 (#1677)
• 59e655e Bump serde_json from 1.0.138 to 1.0.140 (#1679)
• 5a32b4f Bump uuid from 1.15.1 to 1.16.0 (#1678)
• Additional commits viewable in compare view

Updates structlog from 25.2.0 to 25.3.0

Release notes

Sourced from structlog's releases.

25.3.0

Highlights

This fixes a rather ugly bug where seemingly UTC timestamps in TimeStamper had the timestamp from the local timezone when passing utc=True.

Special Thanks

This release would not be possible without my generous sponsors! Thank you to all of you making sustainable maintenance possible! If you would like to join them, go to https://github.com/sponsors/hynek and check out the sweet perks!

Above and Beyond

Variomedia AG (@variomedia), Tidelift (@tidelift), Klaviyo (@klaviyo), Privacy Solutions GmbH (@privacy-solutions), Andreas Jung (@zopyx), Ecosystems (@ecosyste-ms), FilePreviews (@filepreviews), Daniel Fortunov (@asqui), and Kevin P. Fleming (@kpfleming).

Maintenance Sustainers

Buttondown (@buttondown), Christopher Dignam (@chdsbd), Magnus Watn (@magnuswatn), David Cramer (@dcramer), Jesse Snyder (@jessesnyder), Rivo Laks (@rivol), Polar (@polarsource), Mike Fiedler (@miketheman), Duncan Hill (@cricalix), Colin Marquardt (@cmarqu), Pieter Swinkels (@swinkels), Nick Libertini (@libertininick), Brian M. Dennis (@crossjam), Moving Content AG (@moving-content), ProteinQure (@ProteinQure), The Westervelt Company (@westerveltco), Sławomir Ehlert (@slafs), Mostafa Khalil (@khadrawy), Filip Mularczyk (@mukiblejlok), Thomas Klinger (@thmsklngr), Andreas Poehlmann (@ap--), August Trapper Bigelow (@atbigelow), Carlton Gibson (@carltongibson), and Roboflow (@roboflow).

Not to forget 15 more amazing humans who chose to be generous but anonymous!

Full Changelog

Fixed

• structlog.processors.TimeStamper now again uses timestamps using UTC for custom format strings when utc=True. #713

---

This release contains contributions from @​hynek, and @​m-endra.

Artifact Attestations

You can verify this release's artifact attestions using GitHub's CLI tool by downloading the sdist and wheel from PyPI and running:

$ gh attestation verify --owner hynek structlog-25.3.0.tar.gz

and

$ gh attestation verify --owner hynek structlog-25.3.0-py3-none-any.whl

Changelog

Sourced from structlog's changelog.

25.3.0 - 2025-04-25

Fixed

• structlog.processors.TimeStamper now again uses timestamps using UTC for custom format strings when utc=True. #713

Commits

• edfa953 Prepare 25.3.0
• 637dce6 update ruff
• 4c844e8 docs: polish changelog
• 1b8680e TimeStamper now returns UTC timezone for custom format string. (#713)
• 414047d update Ruff
• 244fde4 Start new development cycle
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions