Bump the all-pip-updates group across 3 directories with 32 updates

[dependabot]

Updates the requirements on pip, pytest, certifi, cryptography, jaraco-functools, jaraco-context, msgpack, multidict, opentelemetry-api, opentelemetry-sdk, opentelemetry-exporter-otlp-proto-http, opentelemetry-exporter-prometheus, xxhash, psutil, pyopenssl, requests, tornado, truststore, virtualenv, filelock, zipp, setuptools-scm, build, pylint, boto3, botocore, pynacl, vcert, xmldiff, pygit2, ansible and python-telegram-bot to permit the latest version.
Updates pip from 25.2 to 26.1.2

Changelog

Sourced from pip's changelog.

26.1.2 (2026-05-31)

Bug Fixes

• Reject console_scripts and gui_scripts entry points whose name would install a script outside the scripts directory. ([#14000](https://github.com/pypa/pip/issues/14000) <https://github.com/pypa/pip/issues/14000>_)
• Fix installation incorrectly failing when the target path contains a doubled slash, such as with pip install --root //.... ([#14001](https://github.com/pypa/pip/issues/14001) <https://github.com/pypa/pip/issues/14001>_)
• Send a consistent Accept-Encoding header to avoid a spurious Cache entry deserialization failed warning. ([#14012](https://github.com/pypa/pip/issues/14012) <https://github.com/pypa/pip/issues/14012>_)

26.1.1 (2026-05-04)

Bug Fixes

• Fix issue where uninstallation left behind empty directories. Revert the removal of the adjacent __pycache__ directory when a .py file is removed. ([#13973](https://github.com/pypa/pip/issues/13973) <https://github.com/pypa/pip/issues/13973>_)

26.1 (2026-04-26)

Deprecations and Removals

• Drop support for Python 3.9. ([#13795](https://github.com/pypa/pip/issues/13795) <https://github.com/pypa/pip/issues/13795>_)

Features

• Add experimental support to read requirements from standardized pylock.toml files (-r pylock.toml). ([#13876](https://github.com/pypa/pip/issues/13876) <https://github.com/pypa/pip/issues/13876>_)
• Allow --uploaded-prior-to to accept a duration in days (e.g., P3D for 3 days ago). ([#13674](https://github.com/pypa/pip/issues/13674) <https://github.com/pypa/pip/issues/13674>_)

Enhancements

• Speed up dependency resolution when there are complex conflicts. ([#13859](https://github.com/pypa/pip/issues/13859) <https://github.com/pypa/pip/issues/13859>_)
• Reduce memory usage when resolving large dependency trees. ([#13843](https://github.com/pypa/pip/issues/13843) <https://github.com/pypa/pip/issues/13843>_)
• Emit a deprecation warning when pip imports an unexpected module after installation of a distribution has started. ([#13912](https://github.com/pypa/pip/issues/13912) <https://github.com/pypa/pip/issues/13912>_)
• Allow URL constraints to apply to requirements with extras. ([#12018](https://github.com/pypa/pip/issues/12018) <https://github.com/pypa/pip/issues/12018>_)
• Allow unpinned requirements to use hashes from constraints. Constraints like {name}=={version} --hash=... feeds into hash verification for a corresponding requirement. ([#9243](https://github.com/pypa/pip/issues/9243) <https://github.com/pypa/pip/issues/9243>_)
• Improve conflict reports that involve direct URLs. ([#13932](https://github.com/pypa/pip/issues/13932) <https://github.com/pypa/pip/issues/13932>_)
• Show all errors instead of first error for faulty dependency_groups definitions. ([#13917](https://github.com/pypa/pip/issues/13917) <https://github.com/pypa/pip/issues/13917>_)

... (truncated)

Commits

• 31d7d16 Bump for release
• 79f348c Update AUTHORS.txt
• 237a925 Merge pull request #14001 from notatallshaw/fix-is-within-directory
• 34d0285 Merge pull request #14006 from laymonage/fix-requirements_from_scripts-space-...
• 09d3e07 Merge pull request #14012 from notatallshaw/stable-accept-encoding
• fa7854f Use is_within_directory for entry point check
• d01b46c NEWS ENTRY
• 7ff8bdd Fix is_within_directory for doubled-slash roots
• 7ea3466 NEWS ENTRY
• 85673ea Fix Accept-Encoding to gzip, deflate
• Additional commits viewable in compare view

Updates pytest to 9.1.1

Release notes

Sourced from pytest's releases.

9.1.1

pytest 9.1.1 (2026-06-19)

Bug fixes

• #14220: Fixed a logic bug in pytest.RaisesGroup which would might cause it to display incorrect "It matches FooError() which was paired with BarError" messages.
• #14591: Fixed a regression in pytest 9.1.0 which caused overriding a parametrized fixture with an indirect @​pytest.mark.parametrize to fail with "duplicate parametrization of '<fixture name>'".
• #14606: Fixed list-item typing errors from mypy in @pytest.mark.parametrize <pytest.mark.parametrize ref> argvalues parameter.
• #14608: Fixed a regression in pytest 9.1.0 where conftest.py files located in <invocation dir>/test* were no longer loaded as initial conftests when invoked without arguments. This could cause certain hooks (like pytest_addoption) in these files to not fire.

Commits

• cf470ec Prepare release version 9.1.1
• e0c8ce6 Merge pull request #14625 from pytest-dev/patchback/backports/9.1.x/a07c31a97...
• 1b82d16 Merge pull request #14624 from pytest-dev/patchback/backports/9.1.x/b375b79ec...
• 501c4bc Merge pull request #14596 from bluetech/doc-classmethod
• b61f588 Merge pull request #14622 from chrisburr/fix-14608-initial-conftest-test-subdir
• 9a567e0 [automated] Update plugin list (#14617) (#14618)
• ef8b299 Merge pull request #14620 from pytest-dev/patchback/backports/9.1.x/680f9f3ed...
• 66abd07 Merge pull request #14220 from bysiber/fix-stale-iexp-raisesgroup
• 79fbf93 Merge pull request #14612 from pytest-dev/patchback/backports/9.1.x/974ed48b6...
• 0d312eb Merge pull request #14611 from bluetech/parametrize-argvalues-typing
• Additional commits viewable in compare view

Updates certifi to 2026.6.17

Commits

• d0ac52f 2026.06.17 (#418)
• d46de62 Bump actions/checkout from 6.0.2 to 6.0.3 (#417)
• 6c183ec fix: update Requests docs link to canonical URL (#415)
• 36e3568 Bump dessant/lock-threads from 6.0.0 to 6.0.2
• See full diff in compare view

Updates cryptography to 49.0.0

Changelog

Sourced from cryptography's changelog.

49.0.0 - 2026-06-12

* **BACKWARDS INCOMPATIBLE:** Support for ``x86_64`` macOS has been removed.
  We now only publish ``arm64`` wheels for macOS.
* **BACKWARDS INCOMPATIBLE:** Support for 32-bit Windows has been removed.
  Users should move to a 64-bit Python installation.
* **BACKWARDS INCOMPATIBLE:** Removed the deprecated
  ``PUBLIC_KEY_TYPES``, ``PRIVATE_KEY_TYPES``,
  ``CERTIFICATE_PRIVATE_KEY_TYPES``, ``CERTIFICATE_ISSUER_PUBLIC_KEY_TYPES``,
  and ``CERTIFICATE_PUBLIC_KEY_TYPES`` type aliases. Use
  ``PublicKeyTypes``, ``PrivateKeyTypes``, ``CertificateIssuerPrivateKeyTypes``,
  ``CertificateIssuerPublicKeyTypes``, and ``CertificatePublicKeyTypes``
  instead. These were deprecated in version 40.0.
* **BACKWARDS INCOMPATIBLE:** :class:`~cryptography.hazmat.primitives.ciphers.algorithms.ChaCha20`
  now treats the first 4 bytes of the ``nonce`` as a 32-bit little-endian block
  counter (as defined in :rfc:`7539`) and tracks the number of bytes processed.
  Attempting to encrypt or decrypt more data than the counter allows before it
  would overflow now raises a :class:`ValueError` rather than silently diverging
  from RFC 7539. Setting the counter portion of the ``nonce`` to zero allows
  encrypting up to 256 GiB with a given nonce.
* **BACKWARDS INCOMPATIBLE:** Loading an X.509 certificate whose ECDSA or DSA
  signature ``AlgorithmIdentifier`` contains encoded NULL parameters now raises
  a :class:`ValueError`. Such certificates are invalid, but older versions of
  Java emitted them; previously they loaded with a deprecation warning.
* Fixed cross-compilation of the CFFI bindings when ``PYO3_CROSS_LIB_DIR``
  is set. The build now derives the Python include directory from
  ``PYO3_CROSS_LIB_DIR`` instead of querying the host interpreter, which
  previously caused the build to fail during cross-compilations for embedded
  systems, on hosts which have same-version Python development headers
  installed as the target Python.
* Added support for signing and verifying X.509 certificates, certificate
  signing requests, and certificate revocation lists with
  :doc:`/hazmat/primitives/asymmetric/mldsa` keys, as well as loading
  certificates that contain ML-DSA public keys.
* Added :meth:`~cryptography.hazmat.primitives.hpke.KEM.enc_length` to
  :class:`~cryptography.hazmat.primitives.hpke.KEM` so callers can split the
  encapsulated key from the ciphertext returned by
  :meth:`~cryptography.hazmat.primitives.hpke.Suite.encrypt`.
* :meth:`~cryptography.x509.verification.ExtensionPolicy.require_present`,
  :meth:`~cryptography.x509.verification.ExtensionPolicy.may_be_present`, and
  :meth:`~cryptography.x509.verification.ExtensionPolicy.require_not_present`
  now accept any extension type. Previously only a fixed set of extension
  types was supported, which made it impossible to account for otherwise
  unrecognized critical extensions during path validation.
* Added support for using :class:`~cryptography.x509.Certificate`,
  :class:`~cryptography.x509.CertificateSigningRequest`, and
  :class:`~cryptography.x509.CertificateRevocationList` as field types in
  :doc:`/hazmat/asn1/index` structures.
* Added :func:`~cryptography.hazmat.asn1.value_set`, a class decorator that
</tr></table> 

... (truncated)

Commits

• e300bbe bump version and changelog for 49.0.0 (#15030)
• fa74cd8 Add external mu (message representative) support for ML-DSA (#14979)
• f594db3 chore(deps): bump openssl from 0.10.80 to 0.10.81 (#15029)
• 608e011 chore(deps): bump openssl-sys from 0.9.116 to 0.9.117 (#15028)
• a322bc4 chore(deps): bump cc from 1.2.63 to 1.2.64 (#15027)
• 33181a7 Reject critical nameConstraints extensions containing directoryName constrain...
• 6080dc7 Bump dependencies that dependabot isn't (#15026)
• 121faa3 chore(deps): bump virtualenv from 21.4.2 to 21.4.3 (#15023)
• 829520b Add more robust processing for DH parameters. (#15016)
• 0f05001 Bump downstream dependencies in CI (#15025)
• Additional commits viewable in compare view

Updates jaraco-functools to 4.5.0

Changelog

Sourced from jaraco-functools's changelog.

v4.5.0

Features

• bypass_when and bypass_unless now accept callable checks and evaluate them on each invocation instead of binding only at decoration time. (#36)

v4.4.0

Features

• Add noop.

v4.3.0

Features

• Add none_as function.

v4.2.1

No significant changes.

v4.2.0

Features

• Add 'passthrough' function.

Bugfixes

• Added missing splat in stubs -- by :user:Avasam (#29)

v4.1.0

... (truncated)

Commits

• 0e89d96 Finalize
• 4df0abd Merge pull request #36 from jaraco/copilot/enhance-bypass-decorators-callables
• e3ad23e 👹 Feed the hobgoblins (delint).
• 9ed118e Merge branch 'main' into copilot/enhance-bypass-decorators-callables
• d3cdfdf 👹 Feed the hobgoblins (delint).
• dfc27da Merge https://github.com/jaraco/skeleton
• dc2a6a5 Rename towncrier fragment to PR number
• a993528 Add feature news fragment for callable bypass checks
• 2257f0e Inline bypass check normalization call
• 4d5cf8b Drop redundant bypass unit tests
• Additional commits viewable in compare view

Updates jaraco-context to 6.1.2

Changelog

Sourced from jaraco-context's changelog.

v6.1.2

No significant changes.

v6.1.1

No significant changes.

v6.1.0

Features

• In tarfile.context, ensure that the default filter honors the data filter to avoid path traversal vulnerabilities.

v6.0.2

No significant changes.

v6.0.1

Bugfixes

• Removed type declarations as suggested by Gemini. (#13)

v6.0.0

Bugfixes

• Fixed bug in repo_context where standard output from git would not be hidden (because git emits standard output on the stderr stream).

Deprecations and Removals

• Removed deprecated 'tarball_context', 'infer_compression', and 'null' contexts.

... (truncated)

Commits

• 098f39c Finalize
• 926a20e Fix condition for skipping safety test on Python 3.12 (#20)
• 19f1cbb Strict type checking and re-enable mypy (#16)
• 256995f Suppress coverage errors.
• 0190667 Suppress type errors in test_safety.
• bc0dc8a Suppress type errors with new property.
• 8eee4d0 Modernize with ruff
• 8251716 Merge branch 'main' into Strict-type-checking-and-re-enable-mypy
• 7df1443 Restore expression algebra.
• 616e2d6 Merge https://github.com/jaraco/skeleton
• Additional commits viewable in compare view

Updates msgpack to 1.2.1

Release notes

Sourced from msgpack's releases.

v1.2.1

What's Changed

• Bump pypa/cibuildwheel from 4.0.0 to 4.1.0 in the all-dependencies group by @​dependabot[bot] in msgpack/msgpack-python#694
• release v1.2.1 by @​methane in msgpack/msgpack-python#698

Full Changelog: msgpack/msgpack-python@v1.2.0...v1.2.1

Changelog

Sourced from msgpack's changelog.

1.2.1

Release Date: 2026-06-19

Fix a segfault when calling Unpacker.unpack() or Unpacker.skip() after an unpacking failure. But note that reusing the same Unpacker instance after an unpacking failure is not supported. Please create a new Unpacker instance instead. GHSA-6v7p-g79w-8964

1.2.0

Release Date: 2026-06-11

• Support free threaded Python. #654, #686
• Dropped support for Python 3.9. #656
• Fix missing error checks in C code. #665, #666, #667, #672
• Fix strict_map_key option didn't work for object_pairs_hook. #673
• Increase DEFAULT_RECURSE_LIMIT of Unpacker to 1024. #676
• Fix memory leak when Unpacker returns error for invalid input. #671
• Fix Packer.pack_ext_type() ignored autoreset option. #663
• Fix Timestamp.from_datetime() returning wrong value for pre-epoch datetimes. #662
• Fix use-after-free in unpackb() and Unpacker.unpack() for non-contiguous input. #677
• Fix possible memory leak when calling Unpacker.__init__() several times. #687

1.1.2

Release Date: 2025-10-08

This release does not change source code. It updates only building wheels:

• Update Cython to v3.1.4
• Update cibuildwheel to v3.2.0
• Drop Python 3.8
• Add Python 3.14
• Add windows-arm

1.1.1

Release Date: 2025-06-13

• No change from 1.1.1rc1.

1.1.1rc1

Release Date: 2025-06-06

• Update Cython to 3.1.1 and cibuildwheel to 2.23.3.

... (truncated)

Commits

• 448d43f release v1.2.1 (#698)
• 2c56ddb Merge commit from fork
• 0f4f350 Bump pypa/cibuildwheel from 4.0.0 to 4.1.0 in the all-dependencies group (#694)
• 11ed0a5 release v1.2.0 (#692)
• c410a38 Bump pypa/cibuildwheel from 3.4.1 to 4.0.0 (#691)
• 97ba6ca skip ci: remove unneeded CIBW_SKIP option
• cdde1b0 Wheels CI hangs for MacOS Intel (#689)
• 5eb57e1 release v1.2.0rc1 (#681)
• 77395c1 Harden Unpacker.__init__ re-entry cleanup to prevent buffer/context leaks (...
• 7df7136 Guard Packer buffer protocol hooks with Cython critical sections (#686)
• Additional commits viewable in compare view

Updates multidict to 6.7.1

Release notes

Sourced from multidict's releases.

6.7.1

Bug fixes

• Fixed slow memory leak caused by identity by adding Py_DECREF to identity value before leaving md_pop_one on success -- by :user:Vizonex.

  Related issues and pull requests on GitHub: #1284.

---

Changelog

Sourced from multidict's changelog.

6.7.1

(2026-01-25)

Bug fixes

• Fixed slow memory leak caused by identity by adding Py_DECREF to identity value before leaving md_pop_one on success -- by :user:Vizonex.

  Related issues and pull requests on GitHub: :issue:1284.

---

6.7.0

(2025-10-05)

Contributor-facing changes

• Updated tests and added CI for CPython 3.14 -- by :user:kumaraditya303.

  Related issues and pull requests on GitHub: :issue:1235.

---

6.6.4

(2025-08-11)

Bug fixes

• Fixed MutliDict & CIMultiDict memory leak when deleting values or clearing them -- by :user:Vizonex

  Related issues and pull requests on GitHub:

... (truncated)

Commits

• 39d3c32 Release 6.7.1 (#1289)
• 77bb95e Fix memory leak caused by identity when default value is inplace (#1284)
• 87dd4a4 Bump dependabot/fetch-metadata from 2.4.0 to 2.5.0 (#1287)
• 6c76412 Bump actions/cache from 4 to 5 (#1275)
• b91a033 Bump actions/upload-artifact from 4 to 6 (#1277)
• 84bf82c Bump psutil from 7.1.3 to 7.2.1 (#1279)
• 3f7b3ce Bump pypa/cibuildwheel from 3.3.0 to 3.3.1 (#1280)
• bbae902 Bump sigstore/gh-action-sigstore-python from 3.1.0 to 3.2.0 (#1274)
• 000b5b0 Remove follow_untyped_imports for mypy-sphinx (#1286)
• 3d2d630 Bump actions/download-artifact from 6 to 7 (#1276)
• Additional commits viewable in compare view

Updates opentelemetry-api to 1.43.0

Changelog

Sourced from opentelemetry-api's changelog.

Version 1.43.0/0.64b0 (2026-06-24)

Added

• opentelemetry-sdk: add add_metric_reader / remove_metric_reader public APIs to register / unregister metric readers at runtime. (#4863)
• opentelemetry-exporter-prometheus: add support for configuring metric scope labels (#5123)
• opentelemetry-exporter-otlp-proto-grpc: Add grpc error details to the log message that's written when the grpc call fails. (#5143)
• opentelemetry-exporter-http-transport: add 'opentelemetry-exporter-http-transport' package for HTTP exporters (#5194)
• opentelemetry-sdk: Add composite/development samplers support to declarative file configuration (#5201)
• opentelemetry-exporter-otlp-json-file: Add OTLP JSON File exporter implementation (#5207)
• opentelemetry-sdk: add _resolve_component shared utility for declarative config plugin loading, reducing boilerplate in exporter factory functions (#5215)
• opentelemetry-sdk: add pull metric reader support to declarative file configuration, including Prometheus metric reader via the prometheus_development config field (#5216)
• opentelemetry-proto-json: update to use opentelemetry-proto v1.10.0 (#5224)
• opentelemetry-proto: bump maximum supported protobuf version to 7.x.x (#5251)
• opentelemetry-sdk: add ServiceInstanceIdResourceDetector for populating service.instance.id (#5259)
• opentelemetry-sdk: declarative config loader now recursively converts parsed dicts into typed dataclass instances, including nested dataclasses, lists of dataclasses, and enum values. End-to-end YAML/JSON → SDK configuration now works via the factory functions. (#5269)
• opentelemetry-sdk: add configure_sdk(config) to the declarative configuration API. Single entry point that takes a parsed OpenTelemetryConfiguration, builds the resource, and applies the tracer/meter/logger providers and propagator globally. Honors the top-level disabled flag. (#5270)
• opentelemetry-sdk: the SDK configurator now honors the OTEL_CONFIG_FILE environment variable. When set, the SDK loads and applies the referenced declarative configuration file (YAML or JSON) in place of the env-var-based

... (truncated)

Commits

• fcbbeb8 [release/v1.43.x-0.64bx] Prepare release 1.43.0/0.64b0 (#5349)
• b40dcbc opentelemetry-exporter-http-transport: enable entry-point loading of transpor...
• 10e8577 update to Sphinx to 8.1.3 in order to support Python 3.14 (#5278)
• 6ac6895 docs: add declarative configuration guide and example (#5309)
• 13ad4d5 opentelemetry-api: normalize empty environment propagation names to "_" in En...
• 6a0ab84 opentelemetry-sdk: merge doesn't need a copy, dict already does this (#5326)
• ac7a3df feat(config): support OTEL_CONFIG_FILE in the SDK configurator (#5271)
• fa75422 Add support for composite samplers in declarative config (#5201)
• 43f079f Update json and proto encoder to always accept None type, cleanup code / test...
• 53c9d96 chore: cleanup typo found in test (#5324)
• Additional commits viewable in compare view

Updates opentelemetry-sdk to 1.43.0

Changelog

Sourced from opentelemetry-sdk's changelog.

Version 1.43.0/0.64b0 (2026-06-24)

Added

• opentelemetry-sdk: add add_metric_reader / remove_metric_reader public APIs to register / unregister metric readers at runtime. (#4863)
• opentelemetry-exporter-prometheus: add support for configuring metric scope labels (#5123)
• opentelemetry-exporter-otlp-proto-grpc: Add grpc error details to the log message that's written when the grpc call fails. (#5143)
• opentelemetry-exporter-http-transport: add 'opentelemetry-exporter-http-transport' package for HTTP exporters (#5194)
• opentelemetry-sdk: Add composite/development samplers support to declarative file configuration (#5201)
• opentelemetry-exporter-otlp-json-file: Add OTLP JSON File exporter implementation (#5207)
• opentelemetry-sdk: add _resolve_component shared utility for declarative config plugin loading, reducing boilerplate in exporter factory functions (#5215)
• opentelemetry-sdk: add pull metric reader support to declarative file configuration, including Prometheus metric reader via the prometheus_development config field (#5216)
• opentelemetry-proto-json: update to use opentelemetry-proto v1.10.0 (#5224)
• opentelemetry-proto: bump maximum supported protobuf version to 7.x.x (#5251)
• opentelemetry-sdk: add ServiceInstanceIdResourceDetector for populating service.instance.id (#5259)
• opentelemetry-sdk: declarative config loader now recursively converts parsed dicts into typed dataclass instances, including nested dataclasses, lists of dataclasses, and enum values. End-to-end YAML/JSON → SDK configuration now works via the factory functions. (#5269)
• opentelemetry-sdk: add configure_sdk(config) to the declarative configuration API. Single entry point that takes a parsed OpenTelemetryConfiguration, builds the resource, and applies the tracer/meter/logger providers and propagator globally. Honors the top-level disabled flag. (#5270)
• opentelemetry-sdk: the SDK configurator now honors the OTEL_CONFIG_FILE environment variable. When set, the SDK loads and applies the referenced declarative configuration file (YAML or JSON) in place of the env-var-based

... (truncated)

Commits

• fcbbeb8 [release/v1.43.x-0.64bx] Prepare release 1.43.0/0.64b0 (#5349)
• b40dcbc opentelemetry-exporter-http-transport: enable entry-point loading of transpor...
• 10e8577 update to Sphinx to 8.1.3 in order to support Python 3.14 (#5278)
• 6ac6895 docs: add declarative configuration guide and example (#5309)
• 13ad4d5 opentelemetry-api: normalize empty environment propagation names to "_" in En...
• 6a0ab84 opentelemetry-sdk: merge doesn't need a copy, dict already does this (#5326)
• ac7a3df feat(config): support OTEL_CONFIG_FILE in the SDK configurator (#5271)
• fa75422 Add support for composite samplers in declarative config (#5201)
• 43f079f Update json and proto encoder to always accept None type, cleanup code / test...
• 53c9d96 chore: cleanup typo found in test (#5324)
• Additional commits viewable in compare view

Updates opentelemetry-exporter-otlp-proto-http to 1.43.0

Changelog

Sourced from opentelemetry-exporter-otlp-proto-http's changelog.

Version 1.43.0/0.64b0 (2026-06-24)

Added

• opentelemetry-sdk: add add_metric_reader / remove_metric_reader public APIs to register / unregister metric readers at runtime. (#4863)
• opentelemetry-exporter-prometheus: add support for configuring metric scope labels (#5123)
• opentelemetry-exporter-otlp-proto-grpc: Add grpc error details to the log message that's written when the grpc call fails. (#5143)
• opentelemetry-exporter-http-transport: add 'opentelemetry-exporter-http-transport' package for HTTP exporters (#5194)
• opentelemetry-sdk: Add composite/development samplers support to declarative file configuration (#5201)
• opentelemetry-exporter-otlp-json-file: Add OTLP JSON File exporter implementation (#5207)
• opentelemetry-sdk: add _resolve_component shared utility for declarative config plugin loading, reducing boilerplate in exporter factory functions (#5215)
• opentelemetry-sdk: add pull metric reader support to declarative file configuration, including Prometheus metric reader via the prometheus_development config field (#5216)
• opentelemetry-proto-json: update to use opentelemetry-proto v1.10.0 (#5224)
• opentelemetry-proto: bump maximum supported protobuf version to 7.x.x (#5251)
• opentelemetry-sdk: add ServiceInstanceIdResourceDetector for populating service.instance.id (#5259)
• opentelemetry-sdk: declarative config loader now recursively converts parsed dicts into typed dataclass instances, including nested dataclasses, lists of dataclasses, and enum values. End-to-end YAML/JSON → SDK configuration now works via the factory functions. (#5269)
• opentelemetry-sdk: add configure_sdk(config) to the declarative configuration API. Single entry point that takes a parsed OpenTelemetryConfiguration, builds the resource, and applies the tracer/meter/logger providers and propagator globally. Honors the top-level disabled flag. (#5270)
• opentelemetry-sdk: the SDK configurator now honors the OTEL_CONFIG_FILE environment variable. When set, the SDK loads and applies the referenced declarative configuration file (YAML or JSON) in place of the env-var-based

... (truncated)

Commits

• fcbbeb8 [release/v1.43.x-0.64bx] Prepare release 1.43.0/0.64b0 (#5349)
• b40dcbc opentelemetry-exporter-http-transport: enable entry-point loading of transpor...
• 10e8577 update to Sphinx to 8.1.3 in order to support Python 3.14 (#5278)
• 6ac6895 docs: add declarative configuration guide and example (#5309)
• 13ad4d5 opentelemetry-api: normalize empty environment propagation names to "_" in En...
• 6a0ab84 opentelemetry-sdk: merge doesn't need a copy, dict already does this (#5326)
• ac7a3df feat(config): support OTEL_CONFIG_FILE in the SDK configurator (#5271)
• fa75422 Add support for composite samplers in declarative config (#5201)
• 43f079f Update json and proto encoder to always accept None type, cleanup code / test...
• 53c9d96 chore: cleanup typo found in test (#5324)
• Additional commits viewable in compare view

Updates opentelemetry-exporter-prometheus to 0.64b0

Changelog

Sourced from opentelemetry-exporter-prometheus's changelog.

Version 1.43.0/0.64b0 (2026-06-24)

Added

• opentelemetry-sdk: add add_metric_reader / remove_metric_reader public APIs to register / unregister metric readers at runtime. (#4863)
• opentelemetry-exporter-prometheus: add support for configuring metric scope labels (#5123)
• opentelemetry-exporter-otlp-proto-grpc: Add grpc error details to the log message that's written when the grpc call fails. (#5143)
• opentelemetry-exporter-http-transport: add 'opentelemetry-exporter-http-transport' package for HTTP exporters (#5194)
• opentelemetry-sdk: Add composite/development samplers support to declarative file configuration (#5201)
• opentelemetry-exporter-otlp-json-file: Add OTLP JSON File exporter implementation (#5207)
• opentelemetry-sdk: add _resolve_component shared utility for declarative config plugin loading, reducing boilerplate in exporter factory functions (#5215)
• opentelemetry-sdk: add pull metric reader support to declarative file configuration, including Prometheus metric reader via the prometheus_development config field (#5216)
• opentelemetry-proto-json: update to use opentelemetry-proto v1.10.0 (#5224)
• opentelemetry-proto: bump maximum supported protobuf version to 7.x.x (#5251)
• opentelemetry-sdk: add ServiceInstanceIdResourceDetector for populating service.instance.id (#5259)
• opentelemetry-sdk: declarative config loader now recursively converts parsed dicts into typed dataclass instances, including nested dataclasses, lists of dataclasses, and enum values. End-to-end YAML/JSON → SDK configuration now works via the factory functions. (#5269)
• opentelemetry-sdk: add configure_sdk(config) to the declarative configuration API. Single entry point that takes a parsed OpenTelemetryConfiguration, builds the resource, and applies the tracer/meter/logger providers and propagator globally. Honors the top-level disabled flag. (#5270)
• opentelemetry-sdk: the SDK configurator now honors the OTEL_CONFIG_FILE environment variable. When set, the SDK loads and applies the referenced declarative configuration file (YAML or JSON) in place of the env-var-based

... (truncated)

Commits

• See full diff in compare view

Updates xxhash to 3.8.0

Release notes

Sourced from xxhash's releases.

v3.8.0

• Speed up module-level one-shot digest(), intdigest(), and hexdigest() functions by switching them to METH_FASTCALL.
• Keep one-shot argument handling consistent with hash constructors, including positional and keyword input/seed arguments, duplicate argument errors, and oversized seed wrapping.
• Fix error handling in the xxh3_128 integer digest path so allocation failures are reported cleanly.
• Fix Python 3.8 builds by adding a PyModule_AddType compatibility fallback with correct reference counting.
• Correct type stubs for xxh64_digest(), xxh64_hexdigest(), and xxh64_intdigest(), they were incorrectly aliased to xxh3_64 functions.

---

Full list of changes: ifduyue/python-xxhash@v3.7.1...v3.8.0

Changelog

Sourced from xxhash's changelog.

v3.8.0 2026-06-27

- Speed up module-level one-shot ``digest()``, ``intdigest()``, and
  ``hexdigest()`` functions by switching them to ``METH_FASTCALL``.
- Keep one-shot argument handling consistent with hash constructors, including
  positional and keyword ``input``/``seed`` arguments, duplicate argument
  errors, and oversized seed wrapping.
- Fix error handling in the ``xxh3_128`` integer digest path so allocation
  failures are reported cleanly.
- Fix Python 3.8 builds by adding a ``PyModule_AddType`` compatibility
  fallback with correct reference counting.
- Correct type stubs for ``xxh64_digest()``, ``xxh64_hexdigest()``, and
  ``xxh64_intdigest()``, they were incorrectly aliased to xxh3_64 functions.
v3.7.1 2026-06-24

• Fix memory leak in copy() and new() when memory allocation fails (rare edge case)
• Fix seed/reset state initialization in xxh32 and xxh64 (unlikely to affect normal usage)
• Replace Py_BuildValue with PyLong_FromUnsignedLong/LongLong for performance
• Update README examples to use bytes literals
• Add CodSpeed performance benchmarks and CI workflow
• Build aarch64/armv7l on native Arm runners; test against Python 3.15.0-beta.2

v3.7.0 2025-04-25

- Drop support for Python 3.7
- Build armv7l manylinux/musllinux wheels
- Build riscv64 manylinux/musllinux wheels
- Build android and ios wheels
v3.6.0 2025-10-02

• Build wheels for Python 3.14
• Python free-threading support
• Typing: Use Buffer type stubs
• Deprecate xxhash.VERSION_TUPLE, it will be removed in the next major release

v3.5.0 2024-08-17

...
Description has been truncated