deps(deps): bump the protocols group across 1 directory with 6 updates

[dependabot]

Warning

Dependabot will stop supporting python v3.9!

Please upgrade to one of the following versions: v3.9, v3.10, v3.11, v3.12, v3.13, or v3.14.

Bumps the protocols group with 6 updates in the / directory:

Package	From	To
websocket-client	1.8.0	1.9.0
websockets	12.0	15.0.1
paramiko	4.0.0	5.0.0
paho-mqtt	1.6.1	2.1.0
kafka-python	2.0.2	2.3.1
pika	1.3.2	1.4.1

Updates websocket-client from 1.8.0 to 1.9.0

Release notes

Sourced from websocket-client's releases.

v1.9.0

1.9.0

Changelog

Sourced from websocket-client's changelog.

• 1.9.0
  • Remove Python 3.8 support (EOL), add Python 3.13 (5f25030)
  • Remove localhost and 127.0.0.1 from default NO_PROXY list (#994)
  • Support IPv6 CIDRs in the no_proxy option (#1033)
  • Fix thread safety condition in teardown() to improve run_forever() (#1015)
  • Fix #1024 by chunking data, recursion in on_error callback, thread leak in _stop_ping_thread(), avoid implicit None in recv() (#1036)
  • Avoid bare except clauses for better error handling (#1036)
  • Fix async (#983)
  • Resolve mypy type errors (#996, #1006, 813d570)
  • Test coverage improvements (#1035, #1036)
  • flake8 linting improvements (#1034)

Commits

• e46a8fe 1.9.0
• ab81eab Bug fixes (#1036)
• 63058ab Run forever socket close fix (#1015)
• 6861ee4 Use ipaddress module for no_proxy parsing (#1033)
• 729bdb8 Coverage improvements (#1035)
• f22579a Linting improvements (#1034)
• 9564030 Change echo URL in docs
• c0fe0f7 apply black formatting
• 813d570 Resolve all mypy errors, with AI assistance
• 6020f37 black formatting fixes
• Additional commits viewable in compare view

Updates websockets from 12.0 to 15.0.1

Release notes

Sourced from websockets's releases.

15.0.1

See https://websockets.readthedocs.io/en/stable/project/changelog.html for details.

15.0

See https://websockets.readthedocs.io/en/stable/project/changelog.html for details.

14.2

See https://websockets.readthedocs.io/en/stable/project/changelog.html for details.

14.1

See https://websockets.readthedocs.io/en/stable/project/changelog.html for details.

14.0

See https://websockets.readthedocs.io/en/stable/project/changelog.html for details.

13.1

See https://websockets.readthedocs.io/en/stable/project/changelog.html for details.

13.0.1

See https://websockets.readthedocs.io/en/stable/project/changelog.html for details.

13.0

See https://websockets.readthedocs.io/en/stable/project/changelog.html for details.

Commits

• 37c9bc0 Release version 15.0.1.
• fce02ab Docs. Correct Producer pattern example.
• 5fa24bb Exit cleanly the interactive client on ^C.
• d0e60d3 Remove spurious PYTHONPATH declarations.
• d7dafcc Add test coverage for interactive client.
• 3c62503 Use entrypoint instead of runpy in docs.
• f4e4345 added entry point script for the cli client in the pyproject.toml
• 6f89bac Start version 15.1.
• 7ac73c6 Release version 15.0.
• a1ba01d Rewrite interactive client (again) without threads.
• Additional commits viewable in compare view

Updates paramiko from 4.0.0 to 5.0.0

Commits

• 710cc5c What's a few weeks between friends?
• ea93c59 Fix up Ed25519Key so it has non-erroring repr() during fatal errors
• 5b90ef9 ruff/isort
• f3864b6 Changelog fixes
• acd4bc1 Replace hardcoded PEM format in PKey.write* with new parameter
• 6fa1556 Bump group-exchange kex min_bits to 2048
• eb87ad3 Fix some tests that were incorrectly passing
• 1ecc933 Remove GSSAPI support :(
• 9bf5fca Remove SHA1-based (non-GSS) kex methods
• b8f75c7 Lintin' ain't easy
• Additional commits viewable in compare view

Updates paho-mqtt from 1.6.1 to 2.1.0

Release notes

Sourced from paho-mqtt's releases.

v2.1.0

• Make transition from 1.x to 2.x version smoother (Closes #831)
• Fix "protocol" property (Closes #820)
• Fix publish() a bytearray payload (Closes #833)
• Fix some type annotations (Closes #828)
• Fix loop_stop() not stopping thread when called from callback (Closes #809)
• Fix some documentation errors (Closes #817, #823, #832, #838)
• Add support for Unix socket (Closes #829)
• Fix flaky test (Closes #789)

v2.0.0

This release include breaking change. See https://eclipse.dev/paho/files/paho.mqtt.python/html/migrations.html for more details on how to upgrade.

This release also introduce new documentation available online at https://eclipse.dev/paho/files/paho.mqtt.python/html/index.html

• BREAKING Added callback_api_version. This break ALL users of paho-mqtt Client class. See migrations.rst for details on how to upgrade. tl; dr; add CallbackAPIVersion.VERSION1 to first argument of Client()
• BREAKING Drop support for Python 2.7, Python 3.5 and Python 3.6 Minimum tested version is Python 3.7 Python version up to Python 3.12 are tested.
• BREAKING connect_srv changed it signature to take an additional bind_port parameter. This is a breaking change, but in previous version connect_srv was broken anyway. Closes #493.
• BREAKING Remove some deprecated argument and method:
  • max_packets argument in loop(), loop_write() and loop_forever() is removed
  • force argument in loop_stop() is removed
  • method message_retry_set() is removed
• BREAKING Remove the base62, WebsocketWrapper and ConnectionState, as user shouldn't directly use them.
• Possible breaking change: Add properties to access most Client attribute. Closes #764. Since this add new properties like logger, if a sub-class defined logger, the two logger will conflict.
• Add version 2 of user-callback which allow to access MQTTv5 reason code & properties that were missing from on_publish callback. Also it's more consistent in parameter order or between MQTTv3 and MQTTv5.
• Add types to Client class, which caused few change which should be compatible. Known risk of breaking changes:
  • Use enum for returned error code (like MQTT_ERR_SUCCESS). It use an IntEnum which should be a drop-in replacement. Excepted if someone is doing "rc is 0" instead of "rc == 0".
  • reason in on_connect callback when using MQTTv5 is now always a ReasonCode object. It used to possibly be an integer with the value 132.
  • MQTTMessage field "dup" and "retain" used to be integer with value 0 and 1. They are now boolean.
• Add support for ALPN protocols on TLS connection. Closes #790 & #648.
• Add on_pre_connect() callback, which is called immediately before a connection attempt is made.
• Fix subscribe.simple with MQTTv5. Closes #707.
• Use better name for thread started by loop_start. Closes #617.
• Fix possible bug during disconnection where self._sock is unexpectedly None. Closes #686 & #505.
• Fix loading too weak TLS CA file but setting allowed ciphers before loading CA. Closes #676.
• Allow to manually ack QoS > 0 messages. Closes #753 & #348.

... (truncated)

Changelog

Sourced from paho-mqtt's changelog.

v2.1.0 - 2024-04-29

• Make transition from 1.x to 2.x version smoother (Closes #831)
• Fix "protocol" property (Closes #820)
• Fix publish() a bytearray payload (Closes #833)
• Fix some type annotations (Closes #828)
• Fix loop_stop() not stopping thread when called from callback (Closes #809)
• Fix some documentation errors (Closes #817, #823, #832, #838)
• Add support for Unix socket (Closes #829)
• Fix flaky test (Closes #789)

v2.0.0 - 2024-02-10

This release include breaking change. See migrations <https://eclipse.dev/paho/files/paho.mqtt.python/html/migrations.html>_ for more details on how to upgrade.

• BREAKING Added callback_api_version. This break ALL users of paho-mqtt Client class. See docs/migrations.rst or online version <https://eclipse.dev/paho/files/paho.mqtt.python/html/migrations.html>_ for details on how to upgrade. tl; dr; add CallbackAPIVersion.VERSION1 to first argument of Client()

• BREAKING Drop support for Python 2.7, Python 3.5 and Python 3.6 Minimum tested version is Python 3.7 Python version up to Python 3.12 are tested.

• BREAKING connect_srv changed it signature to take an additional bind_port parameter. This is a breaking change, but in previous version connect_srv was broken anyway. Closes #493.

• BREAKING Remove some deprecated argument and method:

  • max_packets argument in loop(), loop_write() and loop_forever() is removed
  • force argument in loop_stop() is removed
  • method message_retry_set() is removed

• BREAKING Remove the base62, WebsocketWrapper and ConnectionState, as user shouldn't directly use them.

• Possible breaking change: Add properties to access most Client attribute. Closes #764. Since this add new properties like logger, if a sub-class defined logger, the two logger will conflict.

• Add version 2 of user-callback which allow to access MQTTv5 reason code & properties that were missing from on_publish callback. Also it's more consistent in parameter order or between MQTTv3 and MQTTv5.

• Add types to Client class, which caused few change which should be compatible. Known risk of breaking changes:

  • Use enum for returned error code (like MQTT_ERR_SUCCESS). It use an IntEnum which should be a drop-in replacement. Excepted if someone is doing "rc is 0" instead of "rc == 0".
  • reason in on_connect callback when using MQTTv5 is now always a ReasonCode object. It used to possibly be an integer with the value 132.
  • MQTTMessage field "dup" and "retain" used to be integer with value 0 and 1. They are now boolean.

• Add support for ALPN protocols on TLS connection. Closes #790 & #648.

• Add on_pre_connect() callback, which is called immediately before a connection attempt is made.

... (truncated)

Commits

• af64a43 Bump version to 2.1.0
• 54e2e69 Update changelog
• 0776a00 Merge pull request #839 from eclipse/fix-bytearray-payload
• 7795dcd Fix publish() a bytearray payload
• 29c1d43 Merge pull request #838 from REX2626/master
• 27bbdc3 Merge pull request #829 from akrpic77/ak_add_unix_transport
• a0554dd Fix linter report
• 8503635 Merge pull request #832 from eclipse/fix-link-to-migrations
• e96ff75 Try to fix tests
• d4d0715 Fix tests with msg.retain value check
• Additional commits viewable in compare view

Updates kafka-python from 2.0.2 to 2.3.1

Release notes

Sourced from kafka-python's releases.

2.3.1 (Apr 9, 2026)

Fixes

• Fix TaggedFields value encoding; add test coverage (#2725)
• Fix zstd multi-frame decompression failure (#2717)
• Fix KeyError in KafkaConsumer.committed() (#2710)
• Fix VarInt/VarLong encoding; move tests to test/protocol/ (#2706)
• Fix Fetcher._fetch_offsets_by_times retry handling (#2833)
• Fixes to support integration testing with external KAFKA_URI (#2838)
• Minor py2 fixes: consumer integration test; dont pip install python-snappy

2.3.0 (Nov 20, 2025)

2.3.x will be the last release branch with python2 support!

CLI

• python -m cli interfaces for kafka.admin, kafka.consumer, kafka.producer (#2650)

Producer

• KIP-654: Abort transaction with pending data with TransactionAbortedError (#2662)
• KafkaProducer: Handle UnknownProducerIdError (#2663)
• KIP-467: Augment ProduceResponse error messaging for specific culprit records (#2661)

Consumer

• KIP-345: Consumer group static membership (#2625)
• KIP-207: Add ListOffsetsRequest v5 / handle OffsetNotAvailableError (#2657)
• Fetcher: Add missing argument in debug log (#2665)

AdminClient

• KIP-430: Return Authorized Operations in Describe Responses (#2656)
• Add send_request() and send_requests() to KafkaAdminClient (#2649)

Maintenance

• Remove old/unused kafka.protocol.pickle (#2653)
• Switch protocol code to getattr/setattr from dict (#2654)
• Drop unused imports (#2651)

Project Infra

• Bump github/codeql-action from 3 to 4 (#2678)
• Bump actions/setup-python from 5 to 6 (#2674)
• Bump actions/setup-java from 4 to 5 (#2673)
• Bump actions/checkout from 4 to 5 (#2669)
• Bump actions/checkout from 5 to 6 (#2694)

... (truncated)

Changelog

Sourced from kafka-python's changelog.

2.3.1 (Apr 9, 2026) ###################

Fixes

• Fix TaggedFields value encoding; add test coverage (#2725)
• Fix zstd multi-frame decompression failure (#2717)
• Fix KeyError in KafkaConsumer.committed() (#2710)
• Fix VarInt/VarLong encoding; move tests to test/protocol/ (#2706)
• Fix Fetcher._fetch_offsets_by_times retry handling (#2833)
• Fixes to support integration testing with external KAFKA_URI (#2838)
• Minor py2 fixes: consumer integration test; dont pip install python-snappy

2.3.0 (Nov 20, 2025) ####################

CLI

• python -m cli interfaces for kafka.admin, kafka.consumer, kafka.producer (#2650)

Producer

• KIP-654: Abort transaction with pending data with TransactionAbortedError (#2662)
• KafkaProducer: Handle UnknownProducerIdError (#2663)
• KIP-467: Augment ProduceResponse error messaging for specific culprit records (#2661)
• Add transactional_id to KafkaProducer Keyword Arguments docstring

Consumer

• KIP-345: Consumer group static membership (#2625)
• KIP-207: Add ListOffsetsRequest v5 / handle OffsetNotAvailableError (#2657)
• Fetcher: Add missing argument in debug log (#2665)

AdminClient

• KIP-430: Return Authorized Operations in Describe Responses (#2656)
• Add send_request() and send_requests() to KafkaAdminClient (#2649)

Maintenance

• Remove old/unused kafka.protocol.pickle (#2653)
• Switch protocol code to getattr/setattr from dict (#2654)
• Drop unused imports (#2651)

Project Infra

• Bump github/codeql-action from 3 to 4 (#2678)
• Bump actions/setup-python from 5 to 6 (#2674)
• Bump actions/setup-java from 4 to 5 (#2673)

... (truncated)

Commits

• 62feaab Patch Release 2.3.1
• 8037f81 Fixes to support integration testing with external KAFKA_URI (#2838)
• 3479de9 python-snappy py3 only
• 2c72167 Fix TaggedFields value encoding; add test coverage (#2725)
• e5146f3 Fix zstd multi-frame decompression failure (#2717)
• 29faf60 Fix KeyError in KafkaConsumer.committed() (#2710)
• d3f14f7 Fix VarInt/VarLong encoding; move tests to test/protocol/ (#2706)
• 901bb96 Fix Fetcher._fetch_offsets_by_times retry handling (#2833)
• aa5ce58 Minor py2 fix for consumer integration test
• b7ef5ad README / docs updates re compatibility and CLI release
• Additional commits viewable in compare view

Updates pika from 1.3.2 to 1.4.1

Release notes

Sourced from pika's releases.

1.4.1

https://pypi.org/project/pika/1.4.1/ | GitHub milestone

1.4.0

https://pypi.org/project/pika/1.4.0/ | GitHub milestone

What's Changed

• feat: add python3.10 support and make code python3.7+ by @​vinitkumar in pika/pika#1351
• Fix typo in example docstring by @​kinoute in pika/pika#1396
• Fixing pika v1.0.0 breaking change (order of parameters) for the `cha… by @​mprinc in pika/pika#1393
• Add Python 3.11 to various places by @​lukebakken in pika/pika#1399
• Documentation improvements by @​hcmturner in pika/pika#1403
• fix typo by @​khadkarajesh in pika/pika#1404
• Update example to use python3 syntax by @​AleksaC in pika/pika#1408
• Fix exchange type enum type by @​liortct in pika/pika#1410
• Add more connections to the adapters by @​dgoeries in pika/pika#1405
• fix typo by @​uwe in pika/pika#1414
• Feature #1363 -- Bump examples python version to 3 by @​alfawal in pika/pika#1416
• Attempt to re-enable GeventConnection on Windows by @​lukebakken in pika/pika#1417
• Add examples of using client_properties to URLParameters and ConnectionParameters by @​johanrhodin in pika/pika#1436
• Misc Windows CI updates by @​lukebakken in pika/pika#1438
• Use sys.platform instead of platform.system() by @​cvijdea-bd in pika/pika#1467
• List Python 3.12 as supported by @​lukebakken in pika/pika#1474
• Shrink the compatibility module and remove Python <3.7 support by @​alfawal in pika/pika#1441
• example: Remove unnecessary guard by @​jpmckinney in pika/pika#1435
• Differentiate release types by github.event.release.prerelease by @​lukebakken in pika/pika#1477
• Fix basic_consumer_threaded example by @​leogallot in pika/pika#1507
• Add description for the example blocking_consume_recover_multiple_hosts by @​federicsp in pika/pika#1512
• Fix tests with Python 3.14, except RuntimeError from asyncio.get_event_loop by @​hroncok in pika/pika#1524
• Update ConnectionParameters doc by @​ryoung9550 in pika/pika#1494
• Update versions by @​lukebakken in pika/pika#1514
• specify your own consumer_tag when using consume() method of BlockingChannel by @​ivan-eguidazu in pika/pika#1485
• removal of pika.compat.dictkeys() by @​a-detiste in pika/pika#1492
• Add all public APIs to __all__ by @​augustelalande in pika/pika#1476
• Convert utcnow() and utcfromtimestamp() by @​mh21 in pika/pika#1484
• Fix Issue # 1530: advertise exchange_exchange_bindings by @​kenliao94 in pika/pika#1540
• Jpaluska/add threadsafe publisher example by @​jpaluska in pika/pika#1546
• Add python 3.14 to CI and drop 3.9 by @​alonfaraj in pika/pika#1549
• fix: replace 3 bare except clauses with except Exception by @​haosenwang1018 in pika/pika#1545
• Bump the github-actions group with 4 updates by @​dependabot[bot] in pika/pika#1552
• Add ruff lint check to CI (GH-1371) by @​lukebakken in pika/pika#1551
• Remove dead Code Climate config files by @​lukebakken in pika/pika#1553
• Docs: Add return value documentation for Channel methods (#1522) by @​suchitd in pika/pika#1555
• Fix BlockingIOError from _read_interrupt on Windows (GH-1314) by @​lukebakken in pika/pika#1554
• Implement tests compatibility patch for RabbitMQ 4.3 by @​alonfaraj in pika/pika#1548
• Bump the github-actions group with 2 updates by @​dependabot[bot] in pika/pika#1557
• Migrate to pytest by @​alonfaraj in pika/pika#1550
• Fix asyncio.get_event_loop() deprecation in _AsyncioIOServicesAdapter by @​geomarceau in pika/pika#1544
• Drop more Python 2 compatibility code by @​lukebakken in pika/pika#1561
• Align Python versions metadata and docs by @​alonfaraj in pika/pika#1556

... (truncated)

Changelog

Sourced from pika's changelog.

1.4.1 (2026-05-22)

Merged pull requests:

• Fix Channel.close() for channels with multiple consumers #1596 (gbenson)

1.4.0 (2026-05-06)

Full Changelog

Implemented enhancements:

• Enforce yapf/google formatting in CI #1558
• Add Hatch dev environment and scripts #1579 (lukebakken)
• Drop more Python 2 compatibility code #1561 (lukebakken)

Closed issues:

• Add Hatch scripts to standardize developer commands #1578
• Fix outdated and broken documentation across the project #1568
• Update Codecov default branch and badge #1563
• GitHub actions workflows and test code need updates for RabbitMQ 4.3 #1547
• datetime.datetime.utcfromtimestamp() is deprecated #1539
• URLParameters这个类有bug #1533
• Custom transport #1532
• x-delay value is being returned in the header as a UINT64 and not a SINT16 #1531
• Pika should advertise the exchange_exchange_bindings client capability #1530
• Missing type annotations #1523
• There is no info about return type of queue_declare() method of pika.channel #1522
• Getting the user who sent the message #1510
• Where is examples/consume_recover_retry.py ? #1499
• Type Hint Issue with arguments parameter in queue_declare method of BlockingChannel Class - (expected "DeclareOk | None" [arg-type]) #1482
• queue_declare does not receive the callback at random times #1480
• There is no current event loop in thread #1479
• Cannot find reference 'exceptions' in '__init__.pyi' #1473
• Convert to pytest #1469
• Add a CI lint check using ruff and fix all findings #1371
• Add support for proxy configuration (Socks5) #1359
• BlockingIOError: [WinError 10035] A non-blocking socket operation could not be completed immediately #1314

Merged pull requests:

• Update outdated documentation across the pika project #1577 (suchitd)
• Fix TypeError in select_connection #1575 (suchitd)
• Support Python 3.7+ in CI and fix typing_extensions import #1574 (lukebakken)
• Add yapf formatter enforcement #1573 (alonfaraj)
• Replace PIKA_TEST_TLS env with pytest flag #1572 (alonfaraj)
• Fix field table type decoding to match RabbitMQ wire format #1566 (lukebakken)
• Legacy file fixes #1562 (alonfaraj)
• Add AGENTS.md with AI agent guidelines #1560 (lukebakken)

... (truncated)

Commits

• 5f0ba9e Merge pull request #1597 from pika/pika-1.4.1
• 31d80a9 pika 1.4.1
• b7af301 Merge pull request #1596 from gbenson/main
• 305fbe6 pika 1.4.0
• 9a3a6e5 Merge pull request #1577 from pika/doc/project-scope-update
• f750ce3 Merge branch 'main' into doc/project-scope-update
• ccfe924 Ensure that pip is run the same way in each workflow.
• 47129ca Caching pip artifacts actually does not accomplish anything.
• 0a721f7 Fix copyright year and document legacy-python.yaml workflow
• f7f51db Merge branch 'main' into doc/project-scope-update
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions