chore(deps): update psycopg[binary,pool] requirement from >=3.2 to >=3.3.4 by dependabot[bot] · Pull Request #790 · lagowski/dap

dependabot · 2026-06-15T05:16:04Z

Updates the requirements on psycopg[binary,pool] to permit the latest version.

Changelog

Sourced from psycopg[binary,pool]'s changelog.

.. currentmodule:: psycopg

.. index:: single: Release notes single: News

psycopg release notes

Future releases

Psycopg 3.3.5 (unreleased) ^^^^^^^^^^^^^^^^^^^^^^^^^^

Discard prepared statements upon :sql:ALTER * or DISCARD * (:ticket:[#1307](https://github.com/psycopg/psycopg/issues/1307)).

Current release

Psycopg 3.3.4 ^^^^^^^^^^^^^

Fix possible spurious connection timeout in systems with very long uptimes in C extension (:ticket:[#1280](https://github.com/psycopg/psycopg/issues/1280)).

Fix client-side adaptation of enums whose name require quotes (:ticket:[#1298](https://github.com/psycopg/psycopg/issues/1298)).

Consistently populate ~Cursor.statusmessage after ~Cursor.executemany() (:ticket:[#1302](https://github.com/psycopg/psycopg/issues/1302)).

Psycopg 3.3.3 ^^^^^^^^^^^^^

Retain Error.pgconn when raising a single exception for multiple connection attempt errors (:ticket:[#1246](https://github.com/psycopg/psycopg/issues/1246)).

Return a proper error when server sends ErrorResponse for a Sync after a Parse (:ticket:[#1260](https://github.com/psycopg/psycopg/issues/1260)).

Psycopg 3.3.2 ^^^^^^^^^^^^^

Fix race condition in adapters at startup (:ticket:[#1230](https://github.com/psycopg/psycopg/issues/1230)).

Psycopg 3.3.1 ^^^^^^^^^^^^^

... (truncated)

Commits

83f1103 chore: bump psycopg_pool package version to 3.3.1
1828770 chore: bump psycopg package version to 3.3.4
8be14bb Merge pull request #1301 from oliverhaas/fix/sync-pool-open-race
aee0bf2 fix(pool): fix race in the construction of the sync ConnectionPool lock
bc4d303 chore(deps): bump the actions group across 1 directory with 4 updates
785379f fix: retain statusmessage after executemany with returning=False
8882a73 perf: do less if X in Y: return Y[X] for cache-like patterns
2f78539 Merge pull request #1299 from dvarrazzo/fix-camel-enum
37ef1dc test: skip test on crdb depending on precise regtype behaviour
7f2f1d1 fix: fix client-side representation of enums requiring quotes
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Updates the requirements on [psycopg[binary,pool]](https://github.com/psycopg/psycopg) to permit the latest version. - [Changelog](https://github.com/psycopg/psycopg/blob/master/docs/news.rst) - [Commits](psycopg/psycopg@3.2.0...3.3.4) --- updated-dependencies: - dependency-name: psycopg[binary,pool] dependency-version: 3.3.4 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>

Dependabot edited uv.lock to require psycopg>=3.3.4 but left pyproject.toml at >=3.2, so 'uv lock --check' failed in CI. This commit bumps the pyproject.toml constraint to match, matching dependabot's actual intent for the security/stability floor. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

…lear active CVEs (#791) * fix(security): floor cryptography / python-multipart / starlette to clear active CVEs Develop's Python deps CVE scan started failing after fresh advisories were published against transitive dependencies. None of these were explicitly pinned in apps/engine/pyproject.toml at versions above the patched floor, so 'uv lock' was happily resolving the vulnerable versions and the gate was blocking every Python PR (#789, #790, plus any future ones). Add explicit floors: - cryptography>=48.0.1 GHSA-537c-gmf6-5ccf - python-multipart>=0.0.31 CVE-2026-53538/53539/53540 - starlette>=1.3.1 CVE-2026-54282/54283 Resolution result (uv.lock): cryptography 48.0.0 -> 49.0.0 python-multipart 0.0.28 -> 0.0.32 starlette 1.1.0 -> 1.3.1 Smoke-test sweep on the bumped resolution passes the same set develop passes today — the two failures observed (test_assistant test_chat_returns_assistant_message and test_error_explainer test_explain_endpoint_ai_falls_back_to_deterministic_without_provider) also fail on develop verbatim, are unrelated to the bumps, and stem from a pre-existing GLM provider auto-detection bug. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * chore(types): wrap status-code range comparisons in bool() Starlette 1.3 ships stricter type stubs and httpx now returns ``Any`` for ``response.status_code`` in some contexts, so the ``return 200 <= response.status_code < 300`` pattern in the standalone JWT-login helpers trips mypy's ``no-any-return``. Explicit ``bool(...)`` keeps the semantics identical and gives mypy a concrete annotation without an ``# type: ignore`` escape hatch. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>

rafeekpro · 2026-06-17T10:02:40Z

@dependabot rebase

dependabot · 2026-06-17T10:02:44Z

Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!

If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

rafeekpro

Rebased on develop, CVE wall cleared via #791. All 15 checks green. Approving.

dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jun 15, 2026

rafeekpro mentioned this pull request Jun 17, 2026

fix(security): floor cryptography / python-multipart / starlette to clear active CVEs #791

Merged

5 tasks

Merge branch 'develop' into rebase-790

2dcc996

rlagowski approved these changes Jun 17, 2026

View reviewed changes

rafeekpro approved these changes Jun 17, 2026

View reviewed changes

rafeekpro merged commit 9586901 into develop Jun 17, 2026
16 checks passed

rafeekpro deleted the dependabot/uv/develop/psycopg-binarypool--gte-3.3.4 branch June 17, 2026 10:07

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update psycopg[binary,pool] requirement from >=3.2 to >=3.3.4#790

chore(deps): update psycopg[binary,pool] requirement from >=3.2 to >=3.3.4#790
rafeekpro merged 3 commits into
developfrom
dependabot/uv/develop/psycopg-binarypool--gte-3.3.4

dependabot Bot commented on behalf of github Jun 15, 2026

Uh oh!

rafeekpro commented Jun 17, 2026

Uh oh!

dependabot Bot commented on behalf of github Jun 17, 2026

Uh oh!

rafeekpro left a comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

dependabot Bot commented on behalf of github Jun 15, 2026

psycopg release notes

Future releases

Current release

Uh oh!

rafeekpro commented Jun 17, 2026

Uh oh!

dependabot Bot commented on behalf of github Jun 17, 2026

Uh oh!

rafeekpro left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

`psycopg` release notes