⬆️ Bump the pip group with 6 updates

[dependabot]

Bumps the pip group with 6 updates:

Package	From	To
boto3	1.40.11	1.40.16
boto3-stubs	1.40.11	1.40.16
flask	3.1.1	3.1.2
lazy-object-proxy	1.11.0	1.12.0
requests	2.32.4	2.32.5
botocore	1.40.11	1.40.16

Updates boto3 from 1.40.11 to 1.40.16

Commits

• fe7457e Merge branch 'release-1.40.16'
• 3930259 Bumping version to 1.40.16
• 0954e8f Add changelog entries from botocore
• 8836e33 Merge branch 'release-1.40.15'
• e1dfc5f Merge branch 'release-1.40.15' into develop
• 14dbc58 Bumping version to 1.40.15
• 679ec9a Add changelog entries from botocore
• 9e5b34a Merge branch 'release-1.40.14'
• e493970 Merge branch 'release-1.40.14' into develop
• 07e80dd Bumping version to 1.40.14
• Additional commits viewable in compare view

Updates boto3-stubs from 1.40.11 to 1.40.16

Release notes

Sourced from boto3-stubs's releases.

8.8.0 - Python 3.8 runtime is back

Changed

• [services] install_requires section is calculated based on dependencies in use, so typing-extensions version is set properly
• [all] Replaced typing imports with collections.abc with a fallback to typing for Python <3.9
• [all] Added aliases for builtins.list, builtins.set, builtins.dict, and builtins.type, so Python 3.8 runtime should work as expected again (reported by @​YHallouard in #340 and @​Omri-Ben-Yair in #336)
• [all] Unions use the same type annotations as the rest of the structures due to proper fallbacks

Fixed

• [services] Universal input/output shapes were not replaced properly in service subresources
• [docs] Simplified doc links rendering for services
• [services] Cleaned up unnecessary imports in client.pyi
• [builder] Import records with fallback are always rendered

Commits

• See full diff in compare view

Updates flask from 3.1.1 to 3.1.2

Release notes

Sourced from flask's releases.

3.1.2

This is the Flask 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Flask/3.1.2/ Changes: https://flask.palletsprojects.com/page/changes/#version-3-1-2 Milestone: https://github.com/pallets/flask/milestone/38?closed=1

• stream_with_context does not fail inside async views. #5774
• When using follow_redirects in the test client, the final state of session is correct. #5786
• Relax type hint for passing bytes IO to send_file. #5776

Changelog

Sourced from flask's changelog.

Version 3.1.2

Released 2025-08-19

• stream_with_context does not fail inside async views. :issue:5774
• When using follow_redirects in the test client, the final state of session is correct. :issue:5786
• Relax type hint for passing bytes IO to send_file. :issue:5776

Commits

• 2c1b30d release version 3.1.2
• 1292419 Update GitHub Actions workflow for artifact handling (#5795)
• 4dd52ca Update GitHub Actions workflow for artifact handling
• 55c6255 update dev dependencies
• d8259eb use Jinja name consistently
• 38b4c1e refactor stream_with_context for async views (#5799)
• 9822a03 refactor stream_with_context for async views
• 49b7e7b security docs for TRUSTED_HOSTS (#5798)
• b228ca3 security docs for TRUSTED_HOSTS
• ff64079 update flask-talisman link
• Additional commits viewable in compare view

Updates lazy-object-proxy from 1.11.0 to 1.12.0

Changelog

Sourced from lazy-object-proxy's changelog.

1.12.0 (2025-08-22)

• Fixed testing issues when C extensions are not desired. Contributed by Michał Górny in [#79](https://github.com/ionelmc/python-lazy-object-proxy/issues/79) <https://github.com/ionelmc/python-lazy-object-proxy/pull/79>_.
• Added support for GraalPy. Contributed by Michael Šimáček in [#87](https://github.com/ionelmc/python-lazy-object-proxy/issues/87) <https://github.com/ionelmc/python-lazy-object-proxy/pull/87>_.
• Fixed testing issues on Python 3.14. Contributed by Michał Górny in [#88](https://github.com/ionelmc/python-lazy-object-proxy/issues/88) <https://github.com/ionelmc/python-lazy-object-proxy/pull/88>_.
• Modernized packaging to have metadata in pyproject.toml.
• Added Python 3.14 wheels.

Commits

• 1b69498 Bump version: 1.11.0 → 1.12.0
• bea7762 Update changelog.
• 9faf21f Just include all the readme for now.
• 93f108e Add some constraints in here too (hopefully pyproject license parsing issues ...
• c6f1e42 Fix action.
• 79c9023 Bump CI deps.
• 7a12e79 Remove cover envs for mostly PITA platforms.
• 0582c41 Require build deps in env (to allow building inplace ext properly).
• b53add7 Try require newer setuptools.
• ec64b9e Let tox figure out graal bin.
• Additional commits viewable in compare view

Updates requests from 2.32.4 to 2.32.5

Release notes

Sourced from requests's releases.

v2.32.5

2.32.5 (2025-08-18)

Bugfixes

• The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

• Added support for Python 3.14.
• Dropped support for Python 3.8 following its end of support.

Changelog

Sourced from requests's changelog.

2.32.5 (2025-08-18)

Bugfixes

• The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

• Added support for Python 3.14.
• Dropped support for Python 3.8 following its end of support.

Commits

• b25c87d v2.32.5
• 131e506 Merge pull request #7010 from psf/dependabot/github_actions/actions/checkout-...
• b336cb2 Bump actions/checkout from 4.2.0 to 5.0.0
• 46e939b Update publish workflow to use artifact-id instead of name
• 4b9c546 Merge pull request #6999 from psf/dependabot/github_actions/step-security/har...
• 7618dbe Bump step-security/harden-runner from 2.12.0 to 2.13.0
• 2edca11 Add support for Python 3.14 and drop support for Python 3.8 (#6993)
• fec96cd Update Makefile rules (#6996)
• d58d8aa docs: clarify timeout parameter uses seconds in Session.request (#6994)
• 91a3eab Bump github/codeql-action from 3.28.5 to 3.29.0
• Additional commits viewable in compare view

Updates botocore from 1.40.11 to 1.40.16

Commits

• 56a479a Merge branch 'release-1.40.16'
• 7aa26bb Bumping version to 1.40.16
• cb07fe6 Update to latest models
• 2d3b8f9 Merge branch 'release-1.40.15'
• b341c8a Merge branch 'release-1.40.15' into develop
• 8bf6d3b Bumping version to 1.40.15
• ca2ef01 Update partitions file
• adc9312 Update endpoints model
• 3b27a77 Update to latest models
• d174054 Fix use_ssl parameter ignored when custom HTTPS endpoint_url provided (#3542)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions