chore(deps): update pip-requirements

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
PyMySQL (changelog)	==1.1.2 → ==1.1.3
ansible (source)	==13.5.0 → ==13.6.0
apprise	==1.9.9 → ==1.10.0
lxml (source, changelog)	==6.0.4 → ==6.1.0
psycopg (changelog)	==3.3.3 → ==3.3.4
pyOpenSSL (source)	==26.0.0 → ==26.2.0
uv (source, changelog)	==0.11.6 → ==0.11.11

---

Release Notes

PyMySQL/PyMySQL (PyMySQL)

v1.1.3

Compare Source

Release date: 2026-05-01

Security

• Fix Cursor.callproc() didn't escape procedure name. (#​1206)
  There was a possibility of SQL injection when calling a procedure with a string received from an untrusted source as the procedure name.

  NOTICE: This change may cause backward compatibility issues. If you specified a procedure name like "dbname.funcname", the previous version called CALL dbname.funcname, but from this version, it will call CALL `dbname.funcname` so you cannot specify procedure name with database name anymore.

ansible-community/ansible-build-data (ansible)

v13.6.0

Compare Source

caronc/apprise (apprise)

v1.10.0

Compare Source

What's Changed

The big wow factor of this release would be the huge effort put into Matrix E2EE built into Apprise without adding overhead to the plugin itself. Huge props to those that helped out. Other than that, a few more services have been added (137 supported now 🚀 ).

The official documentation website (https://appriseit.com) got a nice cleanup; the Service listings are now searchable; some nice tweaks to the URL Builder as well.

📣 New Notification Services:

• Opsgenie functionality ported to jira:// in #​1273
• Evolution API (WhatsApp) notification plugin by @​opastorello in #​1579
• Added blink(1) support in #​1578
• Exotel Support in #​782
• Added Octopush Support in #​622
• Added Postmark support in #​1590

🐞 Bugfixes

• ntfy:// tags= changed to xtags= in #​1555
  • this allows tags to work again correctly for those dependant on it; previously tags= conflicted with tags= in Apprise)
• XMPP server hostname can differentiate to what is found in JID in #​1560
• fixed issue with mailto:// when using yahoo.com in #​1561
• Fluxer time dependant unittest assertion optimized for slower systems in #​1566
• fixed templating references impacting url generation (on https://appriseit.com) in #​1582
• fixed KeyError Exception thrown when certain emoji's specified in #​1592

💡 Features

• Migrate the Dot. (Quote/0) plugin from API v1 to API v2 by @​HerbertGao in #​1512
  • Updated Dot. plugin to better align with Apprise in #​1588
• URLs that can not be loaded are more verbose for the reasoning in #​1568
• Webex wxteams:// Bot API Support in #​1567
• fixes parse_url() -> url() -> parse_url() inconsistency in #​1572
• Pushover Delivery Group Support in #​1563
• Matrix token template cleanup in #​1573
• fcm:// add apns-push-type header for reliable iOS delivery by @​AlbertoLanaro in #​1577
• Home Assistant "Service' Notification Support Added (extension to what was already there) in #​1294
• Added attachment support to Mattermost in #​1583
• 🔥 Matrix E2EE Support in #​1574
• Matrix Hookshot support added in #​1586
• Mastodon supports hashtag/user references in #​1587
• PushPlus refactored to support more options in #​1589
• Inproved azure:// error handling and message responses in #​1499

❤️ Life-Cycle Support

• Update LoC badge by @​github-actions[bot] in #​1554
• Memory-Optimized Plugin Management in #​1557
• Ruff linter configuration updated and applied to entire codebase in #​1562
• i18n(pt_BR): add Brazilian Portuguese translation by @​opastorello in #​1580
• i18n(es): add Spanish translation by @​opastorello in #​1581

Installation

Apprise is available on PyPI through pip:

# Install Apprise v1.10.0 from PyPI
pip install apprise==1.10.0

New Contributors

• @​AlbertoLanaro made their first contribution in #​1577
• @​opastorello made their first contribution in #​1579

Full Changelog: caronc/apprise@v1.9.9...v1.10.0

lxml/lxml (lxml)

v6.1.0

Compare Source

==================

This release fixes a possible external entity injection (XXE) vulnerability in
iterparse() and the ETCompatXMLParser.

Features added

• GH#486: The HTML ARIA accessibility attributes were added to the set of safe attributes
  in lxml.html.defs. This allows lxml_html_clean to pass them through.
  Patch by oomsveta.

• The default chunk size for reading from file-likes in iterparse() is now configurable
  with a new chunk_size argument.

Bugs fixed

• LP#2146291: The resolve_entities option was still set to True for
  iterparse and ETCompatXMLParser, allowing for external entity injection (XXE)
  when using these parsers without setting this option explicitly.
  The default was now changed to 'internal' only (as for the normal XML and HTML parsers
  since lxml 5.0).
  Issue found by Sihao Qiu as CVE-2026-41066.

psycopg/psycopg (psycopg)

v3.3.4

Compare Source

pyca/pyopenssl (pyOpenSSL)

v26.2.0

Compare Source

Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Removed deprecated OpenSSL.crypto.X509Extension, OpenSSL.crypto.X509Req.add_extension, OpenSSL.crypto.X509Req.get_extensions, OpenSSL.crypto.X509.add_extension, OpenSSL.crypto.X509.get_extensions. cryptography.x509 should be used instead.
• It is now an error to calling any mutating method on OpenSSL.SSL.Context after it has been used to create a Connection. This was previously deprecated and has always been unsafe.

Deprecations:
^^^^^^^^^^^^^

Changes:
^^^^^^^^

• Maximum supported cryptography version is now 48.x.
• Added OpenSSL.SSL.Connection.set_options to set options on a per-connection basis.

v26.1.0

Compare Source

Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Deprecations:
^^^^^^^^^^^^^

Changes:
^^^^^^^^

• Maximum supported cryptography version is now 47.x.
• Fixed X509Name field setters to correctly pass the value length to OpenSSL. Previously, values containing NUL bytes would be silently truncated, causing a divergence between the stored ASN.1 value and the value visible from Python. Credit to BudongJW for reporting the issue. CVE-2026-40475

astral-sh/uv (uv)

v0.11.11

Compare Source

Released on 2026-05-06.

Bug fixes

• Accept legacy ID format from pre-0.11.9 cache entries (#​19301)

v0.11.10

Compare Source

Released on 2026-05-05.

Bug fixes

• Allow pre-release Python requests with non-zero patch versions (#​19286)

v0.11.9

Compare Source

Released on 2026-05-04.

This release includes a special release candidate for the next Python 3.14 patch release. Python 3.14 included a new garbage collection implementation, which reduced pause times but caused significant unexpected memory pressure in production environments. In 3.14.5 and 3.15, the previous garbage collection implementation will be restored.

We would greatly appreciate if you tested the 3.14.5rc1 version included in this release. The stable version is expected to be released soon and any feedback on potential issues would be helpful to the Python development team.

For more context, see the announcement, issue, and pull request.

Issues with the new release can be reported in the uv or CPython issue trackers.

Python

• Upgrade PyPy to v7.3.22
• Add CPython 3.14.5rc1
• On macOS, CPython statically links libpython to match Linux

Enhancements

• Omit compatible release desugaring for pre-release hints (#​19267)
• Fix file locks on Android (#​18323)

Preview

• uv audit add reporting for adverse project statuses (#​19128)

Bug fixes

• Discover versioned Python executables when requires-python pins a version (#​18700)
• Fix URL prefix matching to require path boundaries (#​19154)
• Fix transitive Git path dependencies in lockfiles (#​19269)
• Handle incorrect unlock error in LockedFile::drop on Wine (#​19229)
• Prevent uninstalling site-packages for empty top_level.txt in .egg-info (#​19114)
• Use symlinks instead of junctions on Wine (#​19213)
• Fix floating-point environment handling on ARMv7 (#​19157)
• Redact credentials from remote requirements URL in offline errors (#​19216)
• Windows tramplolines no longer set PYTHONHOME and only set __PYVENV_LAUNCHER__ for virtual environments (#​19199)

Documentation

• Mark --native-tls and UV_NATIVE_TLS as deprecated (#​18705)
• Re-add pytorch-triton-rocm to PyTorch ROCm docs (#​19241)
• Tweak changelog entries for 0.11.8 (#​19188)
• Add 'Exporting lockfiles' to the Concepts->Projects index (#​19209)
• Clarify that uv init creates git files / folders in the projects guide (#​19183)

v0.11.8

Compare Source

Released on 2026-04-27.

Enhancements

• Add --python-downloads-json-url to python pin (#​19092)
• Fetch uv from Astral mirror during self-update (#​18682)
• Support pip uninstall -y (#​19082)
• Add UV_PYTHON_NO_REGISTRY (#​19035)
• Allow exclude-newer to be missing from the lockfile when exclude-newer-span is present (#​19024)
• Only show the version number in uv self version --short (#​19019)
• Silence warnings on empty SSL_CERT_DIR directory (#​19018)
• Use a sentinel timestamp for relative exclude-newer and exclude-newer-package values in lockfiles (#​19022, #​19101)

Configuration

• Add an environment variable for UV_NO_PROJECT (#​19052)
• Expose UV_PYTHON_SEARCH_PATH for Python discovery PATH overrides (#​19034)

Bug fixes

• Add rust-toolchain.toml to uv-build sdist (#​19131)
• Ensure uv invocations of git do not inherit repository location environment variables (#​19088)
• Redact pre-signed upload URLs in verbose output (#​19146)
• Handle transitive URL dependencies in PEP 517 build requirements (#​19076, #​19086)
• Support uv lock on a pyproject.toml that only contains dependency-groups (#​19087)
• Disable transparent Python upgrades in projects when a patch version is requested via .python-version (#​19102)
• Fix Python variant tagging in the Windows registry (#​19012)
• Use a single codepath for extracting a .tar.zst wheel, disallowing external symlinks (#​19144)

Documentation

• Bump astral-sh/setup-uv version in docs (#​19030)
• Update PyTorch documentation for PyTorch 2.11 (#​19095)
• Remove deprecated license classifiers from uv-build and add Python 3.14 classifier (#​19130)

v0.11.7

Compare Source

Released on 2026-04-15.

Python

• Upgrade CPython build to 2026041 including an OpenSSL security upgrade (#​19004)

Enhancements

• Elevate configuration errors to required-version mismatches (#​18977)
• Further improve TLS certificate validation messages (#​18933)
• Improve --exclude-newer hints (#​18952)

Preview features

• Fix --script handling in uv audit (#​18970)
• Fix traversal of extras in uv audit (#​18970)

Bug fixes

• De-quote workspace metadata in linehaul data (#​18966)
• Avoid installing tool workspace member dependencies as editable (#​18891)
• Emit JSON report for uv sync --check failures (#​18976)
• Filter and warn on invalid TLS certificates (#​18951)
• Fix equality comparisons for version specifiers with ~= operators (#​18960)
• Fix stale Python upgrade preview feature check in project environment construction (#​18961)
• Improve Windows path normalization (#​18945)

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.