chore(deps): bump the gha group across 1 directory with 9 updates

[dependabot]

Bumps the gha group with 6 updates in the /packages/opentelemetry-instrumentation-replicate directory:

Package	From	To
opentelemetry-api	1.39.1	1.42.1
replicate	0.26.1	1.0.7
pytest-sugar	1.0.0	1.1.1
pytest	8.4.2	9.1.0
ruff	0.14.11	0.15.17
vcrpy	8.1.1	8.2.1

Updates opentelemetry-api from 1.39.1 to 1.42.1

Changelog

Sourced from opentelemetry-api's changelog.

Version 1.42.1/0.63b1 (2026-05-21)

Fixed

• Preserve the random trace ID flag when creating child spans instead of always setting the random trace id bit depending on the available trace id generator. (#5241)

Version 1.42.0/0.63b0 (2026-05-19)

Added

• opentelemetry-api, opentelemetry-sdk: add support for 'random-trace-id' flags in W3C traceparent header trace flags. Implementations of IdGenerator that do randomly generate the 56 least significant bits, should also implement a is_trace_id_random methods that returns True. (#4854)
• logs: add exception support to Logger emit and LogRecord attributes (#4908)
• opentelemetry-exporter-otlp-proto-grpc: make retryable gRPC error codes configurable for gRPC exporters (#4917)
• opentelemetry-sdk: Add create_logger_provider/configure_logger_provider to declarative file configuration, enabling LoggerProvider instantiation from config files without reading env vars (#4990)
• opentelemetry-exporter-otlp-json-common: add 'opentelemetry-exporter-otlp-json-common' package for OTLP JSON exporters (#4996)
• opentelemetry-sdk: Add service resource detector support to declarative file configuration via detection_development.detectors[].service (#5003)
• opentelemetry-docker-tests: add docker-tests coverage of opentelemetry-exporter-otlp-proto-grpc and opentelemetry-exporter-otlp-proto-http metrics export (#5030)
• Add registry keyword argument to PrometheusMetricReader to allow passing a custom Prometheus registry (#5055)
• Add WeaverLiveCheck test util (#5088)
• opentelemetry-sdk: add load_entry_point shared utility to declarative file configuration for loading plugins via entry points; refactor propagator loading to use it (#5093)
• opentelemetry-sdk: add sampler plugin loading to declarative file configuration via the opentelemetry_sampler entry point group, matching the spec's PluginComponentProvider mechanism (#5095)

... (truncated)

Commits

• 367e14d Prepare release 1.42.1/0.63b1 (#5243)
• fd8e504 Preserve random trace ID flag for child spans (#5241) (#5242)
• 013045e [release/v1.42.x-0.63bx] Prepare release 1.42.0/0.63b0 (#5225)
• 1731583 ci: Enable GitHub Merge Queue support (#5209)
• 7fab34d fix(config): allow deflate for OTLP HTTP exporters (#5075)
• 0b690d2 ci: validate changelog fragment filenames (#5212)
• d4fabb4 feat(config): exporter plugin loading via entry points for declarative config...
• e19d346 feat(config): generic resource detector plugin loading for declarative config...
• 1d69bd2 sdk/metrics: copy attributes dict to prevent post-recording mutation (#5106)
• 990a611 feat(config): propagator plugin loading via entry points for declarative conf...
• Additional commits viewable in compare view

Updates opentelemetry-instrumentation from 0.60b1 to 0.63b1

Release notes

Sourced from opentelemetry-instrumentation's releases.

opentelemetry-instrumentation-openai-v2 2.4b0

• Migrate experimental path from deprecated LLMInvocation to InferenceInvocation, using handler.start_inference() and invocation.stop()/invocation.fail() directly (#4502)
• Use create_duration_histogram and create_token_histogram from opentelemetry-util-genai instead of defining bucket boundaries locally (#4501)
• Import OTEL_INSTRUMENTATION_GENAI_CAPTURE_MESSAGE_CONTENT from opentelemetry.util.genai.environment_variables instead of re-defining it locally, making opentelemetry-util-genai the single source of truth for this constant. (#4455)
• Fix compatibility with wrapt 2.x by using positional arguments in wrap_function_wrapper() calls (#4445)
• Fix ChoiceBuffer crash on streaming tool-call deltas with arguments=None (#4350)
• Fix StreamWrapper missing .headers and other attributes when using with_raw_response streaming (#4113)
• Add opt-in support for latest experimental semantic conventions (v1.37.0). Set OTEL_SEMCONV_STABILITY_OPT_IN to gen_ai_latest_experimental to enable. Add dependency on opentelemetry-util-genai pypi package. (#3715)
• Add wrappers for OpenAI Responses API streams and response stream managers (#4280)
• Add async wrappers for OpenAI Responses API streams and response stream managers (#4325)
• Add strongly typed Responses API extractors with validation and content extraction improvements (#4337)
• Add completion hook support. (#4315)
• Fix response_format handling: map json_object/json_schema to json output type. (#4315)
• Skip attribute values with openai.Omit value. (#4315)
• Default empty string for gen_ai.request.model attribute on missing model. (#4494)

opentelemetry-instrumentation-openai-v2 2.3b0

• Fix AttributeError when handling LegacyAPIResponse (from with_raw_response) (#4017)
• Add support for chat completions choice count and stop sequences span attributes (#4028)
• Fix crash with streaming with_raw_response (#4033)
• Bump to 1.30.0 semconv schema: gen_ai.request.seed instead of gen_ai.openai.request.seed (#4036)

opentelemetry-instrumentation-openai-v2 2.2b0

• Fix service tier attribute names: use GEN_AI_OPENAI_REQUEST_SERVICE_TIER for request attributes and GEN_AI_OPENAI_RESPONSE_SERVICE_TIER for response attributes. (#3920)
• Added support for OpenAI embeddings instrumentation (#3461)
• Record prompt and completion events regardless of span sampling decision. (#3226)
• Filter out attributes with the value of NotGiven instances (#3760)
• Migrate off the deprecated events API to use the logs API (#3625)

opentelemetry-instrumentation-openai-agents-v2 0.1.0

• Initial barebones package skeleton: minimal instrumentor stub, version module, and packaging metadata/entry point. (#3805)
• Implement OpenAI Agents span processing aligned with GenAI semantic conventions. (#3817)
• Input and output according to GenAI spec. (#3824)

opentelemetry-instrumentation-openai-v2 2.1b0

• Coerce openai response_format to semconv format (#3073)
• Add example to opentelemetry-instrumentation-openai-v2 (#3006)
• Support for AsyncOpenAI/AsyncCompletions (#2984)
• Add metrics (#3180)

opentelemetry-instrumentation-openai-v2 2.0b0

• Use generic OTEL_INSTRUMENTATION_GENAI_CAPTURE_MESSAGE_CONTENT environment variable to control if content of prompt, completion, and other messages is captured. (#2947)

... (truncated)

Changelog

Sourced from opentelemetry-instrumentation's changelog.

Version 1.42.1/0.63b1 (2026-05-21)

No significant changes.

Version 1.42.0/0.63b0 (2026-05-19)

Added

• opentelemetry-exporter-richconsole: Add support for suppressing resource information (#3898)
• opentelemetry-instrumentation: Add experimental metrics attributes Labeler utility (#4288)
• opentelemetry-instrumentation-logging: Add OTEL_PYTHON_LOG_HANDLER_LEVEL and OTEL_PYTHON_LOG_FORMAT environment variables to configure the log level and formatter of the auto-instrumented LoggingHandler. (#4298)
• opentelemetry-instrumentation-sqlite3: Add uninstrument, error status, suppress, and no-op tests (#4335)
• Add BaggageLogProcessor to opentelemetry-processor-baggage (#4371)
• opentelemetry-instrumentation-system-metrics: Add support for process.disk.io metric in system-metrics instrumentation (#4397)
• opentelemetry-instrumentation: Register OTEL_SEMCONV_STABILITY_OPT_IN in environment_variables.py so opentelemetry-instrument exposes a --semconv_stability_opt_in CLI argument (#4438)
• Expand AGENTS.md with instrumentation/GenAI guidance and add PR review instructions. (#4457)
• opentelemetry-instrumentation: update auto-instrumentation to re-inject instrumentation path after init (#4469)
• opentelemetry-instrumentation-dbapi: Add Database client operation duration and returned rows metrics (#4481)

Changed

• Remove redundant pylint: disable=attribute-defined-outside-init comments and add rule to global .pylintrc disable list (#3839)
• Bump pylint to 4.0.5 (#4244)
• opentelemetry-instrumentation-logging: Use LogRecord.getMessage() to format and extract each log record's body text to more closely match the expected usage of the logging system. As a result, all OTel log record bodies

... (truncated)

Commits

• See full diff in compare view

Updates opentelemetry-semantic-conventions from 0.60b1 to 0.63b1

Changelog

Sourced from opentelemetry-semantic-conventions's changelog.

Version 1.42.1/0.63b1 (2026-05-21)

Fixed

• Preserve the random trace ID flag when creating child spans instead of always setting the random trace id bit depending on the available trace id generator. (#5241)

Version 1.42.0/0.63b0 (2026-05-19)

Added

• opentelemetry-api, opentelemetry-sdk: add support for 'random-trace-id' flags in W3C traceparent header trace flags. Implementations of IdGenerator that do randomly generate the 56 least significant bits, should also implement a is_trace_id_random methods that returns True. (#4854)
• logs: add exception support to Logger emit and LogRecord attributes (#4908)
• opentelemetry-exporter-otlp-proto-grpc: make retryable gRPC error codes configurable for gRPC exporters (#4917)
• opentelemetry-sdk: Add create_logger_provider/configure_logger_provider to declarative file configuration, enabling LoggerProvider instantiation from config files without reading env vars (#4990)
• opentelemetry-exporter-otlp-json-common: add 'opentelemetry-exporter-otlp-json-common' package for OTLP JSON exporters (#4996)
• opentelemetry-sdk: Add service resource detector support to declarative file configuration via detection_development.detectors[].service (#5003)
• opentelemetry-docker-tests: add docker-tests coverage of opentelemetry-exporter-otlp-proto-grpc and opentelemetry-exporter-otlp-proto-http metrics export (#5030)
• Add registry keyword argument to PrometheusMetricReader to allow passing a custom Prometheus registry (#5055)
• Add WeaverLiveCheck test util (#5088)
• opentelemetry-sdk: add load_entry_point shared utility to declarative file configuration for loading plugins via entry points; refactor propagator loading to use it (#5093)
• opentelemetry-sdk: add sampler plugin loading to declarative file configuration via the opentelemetry_sampler entry point group, matching the spec's PluginComponentProvider mechanism (#5095)

... (truncated)

Commits

• See full diff in compare view

Updates replicate from 0.26.1 to 1.0.7

Release notes

Sourced from replicate's releases.

1.0.7

What's Changed

If you run replicate-python within a cog model running cog 0.14.11 or later, it is now possible to pass a REPLICATE_API_TOKEN via the context as part of a prediction request.

The Replicate() constructor will now use this context when available. This grants cog models the ability to use the Replicate client libraries, scoped to a user on a per request basis.

Full Changelog: replicate/replicate-python@1.0.6...1.0.7

1.0.6

Full Changelog: replicate/replicate-python@1.0.4...1.0.6

There was no 1.0.5 release, the release system failed and we chose not to re-use the identifier.

1.0.4

What's Changed

• Fix two bugs in the base64 file_encoding_strategy by @​aron in replicate/replicate-python#398
  • replicate.run() now correctly converts the file provided into a valid base64 encoded data URL.
  • replicate.async_run() now respects the file_encoding_strategy flag.

Full Changelog: replicate/replicate-python@1.0.3...1.0.4

1.0.3

What's Changed

• Fix a bug where replicate.run would swallow tokens (or files) at the start of a prediction's output. Thanks to @​aron in replicate/replicate-python#383

Full Changelog: replicate/replicate-python@1.0.2...1.0.3

1.0.2

What's Changed

• Configure read timeout based on wait parameter by @​aron in replicate/replicate-python#373

Full Changelog: replicate/replicate-python@1.0.1...1.0.2

1.0.1

What's Changed

• 1.0.1 candidate by @​zeke in replicate/replicate-python#368

Full Changelog: replicate/replicate-python@1.0.0...1.0.1

1.0.0

[!WARNING] Breaking changes

This 1.0.0 latest release of replicate contains breaking changes. The replicate.run() method will now return FileObjects rather than URL strings by default for models that output files.

The FileObject implements an iterable object similar to httpx.Response to make it easier to work with files and ensures that Replicate can deliver file data to the client in the most efficient manner possible.

... (truncated)

Commits

• 42ba2f7 Release 1.0.7
• 36c95a8 format and lint
• 48acf51 Update replicate/client.py
• 68551cf Linting
• 302f5da Make scope lookup case insensitive
• 52c373c Document alternative authentication
• ab9982f Support getting REPLICATE_API_TOKEN from cog context
• 9f8d753 bump to 1.0.6
• f5d53cd bump patch to 1.0.5
• 804fd1d fix(package): include py.typed marker file
• Additional commits viewable in compare view

Updates pytest-sugar from 1.0.0 to 1.1.1

Release notes

Sourced from pytest-sugar's releases.

pytest-sugar 1.1.1

Adjust signature of SugarTerminalReporter to avoid conflicts with other pytest plugins (#297 by @​TolstochenkoDaniil)

pytest-sugar 1.1.0

Add Playwright trace file detection and display support for failed tests (#296 by @​kiebak3r)

This enhancement automatically detects and displays Playwright trace.zip files with viewing commands when tests fail, making debugging easier for Playwright users.

New command-line options:

• --sugar-trace-dir: Configure the directory name for Playwright trace files (default: test-results)
• --sugar-no-trace: Disable Playwright trace file detection and display

Changelog

Sourced from pytest-sugar's changelog.

1.1.1 - 2025-08-23 ^^^^^^^^^^^^^^^^^^

Adjust signature of SugarTerminalReporter to avoid conflicts with other pytest plugins

Contributed by Daniil via [PR #297](Teemu/pytest-sugar#297)

1.1.0 - 2025-08-16 ^^^^^^^^^^^^^^^^^^

Add Playwright trace file detection and display support for failed tests. This enhancement automatically detects and displays Playwright trace.zip files with viewing commands when tests fail, making debugging easier for Playwright users.

New command-line options:

• --sugar-trace-dir: Configure the directory name for Playwright trace files (default: test-results)
• --sugar-no-trace: Disable Playwright trace file detection and display

Contributed by kie via [PR #296](Teemu/pytest-sugar#296)

Commits

• 8133503 Release pytest-sugar 1.1.1
• 6798042 Fix conflict with other Pytest plugins (#297)
• 43bbdd0 Release pytest-sugar 1.1.0
• 855d661 Feature - Playwright Support for Trace Zip Mapping (#296)
• 2a5862a Merge pull request #293 from cgoldberg/add-py313
• ca26d98 Add support for Python 3.13
• 69989eb Clarify license as BSD 3-Clause License
• 3c86a5c Merge pull request #289 from deronnax/remove-packaging-dep
• c123be0 remove 'packaging' package
• efafd9c Merge pull request #282 from penguinpee/main
• Additional commits viewable in compare view

Updates pytest from 8.4.2 to 9.1.0

Release notes

Sourced from pytest's releases.

9.1.0

pytest 9.1.0 (2026-06-13)

Removals and backward incompatible breaking changes

• #14533: When using --doctest-modules, autouse fixtures with module, package or session scope that are defined inline in Python test modules (not plugins or conftests) will now possibly execute twice.

  If this is undesirable, move the fixture definition to a conftest.py file if possible.

  Technical explanation for those interested: When using --doctest-modules, pytest possibly collects Python modules twice, once as pytest.Module and once as a DoctestModule (depending on the configuration). Due to improvements in pytest's fixture implementation, if e.g. the DoctestModule collects a fixture, it is now visible to it only, and not to the Module. This means that both need to register the fixtures independently.

Deprecations (removal in next major release)

• #10819: Added a deprecation warning for class-scoped fixtures defined as instance methods (without @classmethod). Such fixtures set attributes on a different instance than the test methods use, leading to unexpected behavior. Use @classmethod decorator instead -- by yastcher.

  See 10819 and 14011.

• #12882: Calling request.getfixturevalue() <pytest.FixtureRequest.getfixturevalue> during teardown to request a fixture that was not already requested is now deprecated and will become an error in pytest 10.

  See dynamic-fixture-request-during-teardown for details.

• #13409: Using non-~collections.abc.Collection iterables (such as generators, iterators, or custom iterable objects) for the argvalues parameter in @pytest.mark.parametrize <pytest.mark.parametrize ref> and metafunc.parametrize <pytest.Metafunc.parametrize> is now deprecated.

  These iterables get exhausted after the first iteration, leading to tests getting unexpectedly skipped in cases such as running pytest.main() multiple times, using class-level parametrize decorators, or collecting tests multiple times.

  See parametrize-iterators for details and suggestions.

• #13946: The private config.inicfg attribute is now deprecated. Use config.getini() <pytest.Config.getini> to access configuration values instead.

  See config-inicfg for more details.

• #14004: Passing baseid to ~pytest.FixtureDef or nodeid strings to fixture registration APIs is now deprecated. These are internal pytest APIs that are used by some plugins.

  Use the node parameter instead for fixture scoping. This enables more robust node-based matching instead of string prefix matching. If you've used nodeid=None, pass node=session instead.

  This will be removed in pytest 10.

• #14335: The method of configuring hooks using markers, deprecated since pytest 7.2, is now scheduled to be removed in pytest 10. See hook-markers for more details.

• #14434: The --pastebin option is now deprecated.

... (truncated)

Commits

• b2522cf Prepare release version 9.1.0
• 368d2fc [refactor] Tighten SetComparisonFunction to Iterator[str] (#14587)
• ff77cd8 [refactor] Make base assertion comparisons return an iterator instead of a li...
• 0d8491a build(deps): Bump actions/stale from 10.2.0 to 10.3.0
• 4a809d9 Merge pull request #14568 from pytest-dev/register-fixture
• 5dfa385 Fix recursion traceback test to cover all styles (#14582)
• f52ff0c Add pytest.register_fixture
• a8ac094 Merge pull request #14567 from pytest-dev/more-visibility-deprecate
• e5620cd [pre-commit.ci] pre-commit autoupdate (#14577)
• 2ce9c6d Merge pull request #14540 from minbang930/fix-14533-doctest-module-fixtures
• Additional commits viewable in compare view

Updates ruff from 0.14.11 to 0.15.17

Release notes

Sourced from ruff's releases.

0.15.17

Release Notes

Released on 2026-06-11.

Preview features

• Allow human-readable names in suppression comments (#25614)
• Fix handling of ignore comments within a disable/enable pair (#25845)
• Prioritize human-readable names in CLI output (#25869)
• Respect diagnostic start and parent ranges and trailing comments in ruff:ignore suppressions (#25673)
• [flake8-async] Add trio.as_safe_channel to safe decorators (ASYNC119) (#25775)
• [flake8-pytest-style] Also check pytest_asyncio fixtures (#25375)
• [ruff] Ban pytest autouse fixtures (RUF076) (#25477)
• [pyupgrade] Add from __future__ import annotations automatically (UP007, UP045) (#23259)

Bug fixes

• Fix diagnostic when ruff:enable or ruff:disable appears where ruff:ignore is expected (#25700)
• [pyupgrade] Preserve leading empty literals to avoid syntax errors (UP032) (#25491)

Rule changes

• [flake8-pytest-style] Clarify diagnostic message for single parameters (PT007) (#25592)
• [numpy] Drop autofix for np.in1d (NPY201) (#25612)
• [pylint] Exempt Python version comparisons (PLR2004) (#25743)

Performance

• Reserve AST Vecs with correct capacity for common cases (#25451)

Formatter

• Preserve whitespace for Quarto cell option comments (#25641)

CLI

• Allow rule names in ruff rule (#25640)

Other changes

• Fix playground diagnostics scrollbars (#25642)

Contributors

• @​SuryanshSS1011
• @​anishgirianish
• @​romero-deshaw
• @​karlhillx
• @​carljm

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.17

Released on 2026-06-11.

Preview features

• Allow human-readable names in suppression comments (#25614)
• Fix handling of ignore comments within a disable/enable pair (#25845)
• Prioritize human-readable names in CLI output (#25869)
• Respect diagnostic start and parent ranges and trailing comments in ruff:ignore suppressions (#25673)
• [flake8-async] Add trio.as_safe_channel to safe decorators (ASYNC119) (#25775)
• [flake8-pytest-style] Also check pytest_asyncio fixtures (#25375)
• [ruff] Ban pytest autouse fixtures (RUF076) (#25477)
• [pyupgrade] Add from __future__ import annotations automatically (UP007, UP045) (#23259)

Bug fixes

• Fix diagnostic when ruff:enable or ruff:disable appears where ruff:ignore is expected (#25700)
• [pyupgrade] Preserve leading empty literals to avoid syntax errors (UP032) (#25491)

Rule changes

• [flake8-pytest-style] Clarify diagnostic message for single parameters (PT007) (#25592)
• [numpy] Drop autofix for np.in1d (NPY201) (#25612)
• [pylint] Exempt Python version comparisons (PLR2004) (#25743)

Performance

• Reserve AST Vecs with correct capacity for common cases (#25451)

Formatter

• Preserve whitespace for Quarto cell option comments (#25641)

CLI

• Allow rule names in ruff rule (#25640)

Other changes

• Fix playground diagnostics scrollbars (#25642)

Contributors

• @​SuryanshSS1011
• @​anishgirianish
• @​romero-deshaw
• @​karlhillx
• @​carljm
• @​ntBre

... (truncated)

Commits

• 7c645a9 Bump 0.15.17 (#25872)
• f381eb1 Prioritize human-readable names in CLI output (#25869)
• b9b4546 Minor workflow simplification (#25870)
• 1e77ba0 [ty] Move PreformattedBlockScanner to format-agnostic location. (#25856)
• 6f2b772 [ty] Preserve nominal type of enum.property instances (#25849)
• be4777c [ty] Fix site-package error when multiple versions of pythons are installed i...
• 53f6ff7 Allow human-readable names in suppression comments (#25614)
• 6740325 [ty] Restrict uncached raw signature access (#25866)
• 970b1bf Auto-update snapshots when syncing typeshed (#25841)
• 0785793 Fix handling of ignore comments within a disable/enable pair (#25845)
• Additional commits viewable in compare view

Updates opentelemetry-sdk from 1.39.1 to 1.42.1

Changelog

Sourced from opentelemetry-sdk's changelog.

Version 1.42.1/0.63b1 (2026-05-21)

Fixed

• Preserve the random trace ID flag when creating child spans instead of always setting the random trace id bit depending on the available trace id generator. (#5241)

Version 1.42.0/0.63b0 (2026-05-19)

Added

• opentelemetry-api, opentelemetry-sdk: add support for 'random-trace-id' flags in W3C traceparent header trace flags. Implementations of IdGenerator that do randomly generate the 56 least significant bits, should also implement a is_trace_id_random methods that returns True. (#4854)
• logs: add exception support to Logger emit and LogRecord attributes (#4908)
• opentelemetry-exporter-otlp-proto-grpc: make retryable gRPC error codes configurable for gRPC exporters (#4917)
• opentelemetry-sdk: Add create_logger_provider/configure_logger_provider to declarative file configuration, enabling LoggerProvider instantiation from config files without reading env vars (#4990)
• opentelemetry-exporter-otlp-json-common: add 'opentelemetry-exporter-otlp-json-common' package for OTLP JSON exporters (#4996)
• opentelemetry-sdk: Add service resource detector support to declarative file configuration via detection_development.detectors[].service (#5003)
• opentelemetry-docker-tests: add docker-tests coverage of opentelemetry-exporter-otlp-proto-grpc and opentelemetry-exporter-otlp-proto-http metrics export (#5030)
• Add registry keyword argument to PrometheusMetricReader to allow passing a custom Prometheus registry (#5055)
• Add WeaverLiveCheck test util (#5088)
• opentelemetry-sdk: add load_entry_point shared utility to declarative file configuration for loading plugins via entry points; refactor propagator loading to use it (#5093)
• opentelemetry-sdk: add sampler plugin loading to declarative file configuration via the opentelemetry_sampler entry point group, matching the spec's PluginComponentProvider mechanism (#5095)

... (truncated)

Commits

• 367e14d Prepare release 1.42.1/0.63b1 (#5243)
• fd8e504 Preserve random trace ID flag for child spans (#5241) (#5242)
• 013045e [release/v1.42.x-0.63bx] Prepare release 1.42.0/0.63b0 (#5225)
• 1731583 ci: Enable GitHub Merge Queue support (#5209)
• 7fab34d fix(config): allow deflate for OTLP HTTP exporters (#5075)
• 0b690d2 ci: validate changelog fragment filenames (#5212)
• d4fabb4 feat(config): exporter plugin loading via entry points for declarative config...
• e19d346 feat(config): generic resource detector plugin loading for declarative config...
• 1d69bd2 sdk/metrics: copy attributes dict to prevent post-recording mutation (#5106)
• 990a611 feat(config): propagator plugin loading via entry points for declarative conf...
• Additional commits viewable in compare view

Updates vcrpy from 8.1.1 to 8.2.1

Release notes

Sourced from vcrpy's releases.

v8.2.1

What's Changed

• SECURITY: Cassettes are now loaded with a safe YAML loader, preventing arbitrary code execution when a cassette from an untrusted source is loaded. Previously a crafted cassette containing a Python object tag (e.g. !!python/object/apply:os.system) would execute code on load, including via the normal vcr.use_cassette() path. Existing cassettes (including file-upload/streaming bodies) continue to load. Advisory: GHSA-rpj2-4hq8-938g — thanks @​RamiAltai and @​EQSTLab for the reports.
• Validate record_mode and raise a clear error on an invalid value (#208)
• Recommend pytest-recording over the unmaintained pytest-vcr in the docs (#986)

Full Changelog: kevin1024/vcrpy@v8.2.0...v8.2.1

v8.2.0

What's Changed

• Add support for httpx 2.x (#993) - thanks @​dsfaccini
• Patch httpx transports instead of httpcore (#972) - thanks @​seowalex
• Fix aiohttp 3.14 compatibility: AsyncStreamReaderMixin removed and ClientResponse now requires stream_writer (#995) - thanks @​dsfaccini
• Account for modified requests when storing played cassettes, so drop_unused_requests honours before_record_request filtering (#962) - thanks @​jamesbraza
• Make the request URL available on VCRHTTPResponse (#976) - thanks @​dAnjou
• Improve error message when a matching request has already been consumed (#985) - thanks @​Polandia94
• Fix body check in convert_body_to_unicode to use an explicit type check (#982) - thanks @​Polandia94
• Add env proxy cassette regression test (#994) - thanks @​tine1117
• Remove milestone references from docs (#984) - thanks @​Polandia94
• CI: bump sphinx-rtd-theme from 3.0.2 to 3.1.0 (#973)

Full Changelog: kevin1024/vcrpy@v8.1.1...v8.2.0

Changelog

Sourced from vcrpy's changelog.

Changelog

All help in providing PRs to close out bug issues is appreciated. Even if that is providing a repo that fully replicates issues. We have very generous contributors that have added these to bug issues which meant another contributor picked up the bug and closed it out.

• 8.2.1

  • SECURITY: Load cassettes with a safe YAML loader, preventing arbitrary code execution when a cassette from an untrusted source is loaded (GHSA-rpj2-4hq8-938g) - thanks @​RamiAltai and @​EQSTLab
  • Validate record_mode and raise a clear error on an invalid value (#208)
  • Recommend pytest-recording over the unmaintained pytest-vcr in the docs (#986)

• 8.2.0

  • Add support for httpx 2.x (#993) - thanks @​dsfaccini
  • Patch httpx transports instead of httpcore (#972) - thanks @​seowalex
  • Fix aiohttp 3.14 compatibility: AsyncStreamReaderMixin removed and ClientResponse now requires stream_writer (#995) - thanks @​dsfaccini
  • Account for modified requests when storing played cassettes, so drop_unused_requests honours before_record_request filtering (#962) - thanks @​jamesbraza
  • Make the request URL available on VCRHTTPResponse (#976) - thanks @​dAnjou
  • Improve error message when a matching request has already been consumed (#985) - thanks @​Polandia94
  • Fix body check in convert_body_to_unicode to use an explicit type check (#982) - thanks @​Polandia94
  • Add env proxy cassette regression test (#994) - thanks @​tine1117
  • Remove milestone references from docs (#984) - thanks @​Polandia94
  • CI: bump sphinx-rtd-theme from 3.0.2 to 3.1.0 (#973)

• 8.1.1

  • Fix sync requests in async contexts for HTTPX (#965) - thanks @​seowalex
  • CI: bump peter-evans/create-pull-request from 7 to 8 (#969)

• 8.1.0

  • Enable brotli decompression if available (via brotliDescription has been truncated