Bump vcrpy from 8.1.1 to 8.2.1 in /samples/langgraph-sql-agent

[dependabot]

Bumps vcrpy from 8.1.1 to 8.2.1.

Release notes

Sourced from vcrpy's releases.

v8.2.1

What's Changed

• SECURITY: Cassettes are now loaded with a safe YAML loader, preventing arbitrary code execution when a cassette from an untrusted source is loaded. Previously a crafted cassette containing a Python object tag (e.g. !!python/object/apply:os.system) would execute code on load, including via the normal vcr.use_cassette() path. Existing cassettes (including file-upload/streaming bodies) continue to load. Advisory: GHSA-rpj2-4hq8-938g — thanks @​RamiAltai and @​EQSTLab for the reports.
• Validate record_mode and raise a clear error on an invalid value (#208)
• Recommend pytest-recording over the unmaintained pytest-vcr in the docs (#986)

Full Changelog: kevin1024/vcrpy@v8.2.0...v8.2.1

v8.2.0

What's Changed

• Add support for httpx 2.x (#993) - thanks @​dsfaccini
• Patch httpx transports instead of httpcore (#972) - thanks @​seowalex
• Fix aiohttp 3.14 compatibility: AsyncStreamReaderMixin removed and ClientResponse now requires stream_writer (#995) - thanks @​dsfaccini
• Account for modified requests when storing played cassettes, so drop_unused_requests honours before_record_request filtering (#962) - thanks @​jamesbraza
• Make the request URL available on VCRHTTPResponse (#976) - thanks @​dAnjou
• Improve error message when a matching request has already been consumed (#985) - thanks @​Polandia94
• Fix body check in convert_body_to_unicode to use an explicit type check (#982) - thanks @​Polandia94
• Add env proxy cassette regression test (#994) - thanks @​tine1117
• Remove milestone references from docs (#984) - thanks @​Polandia94
• CI: bump sphinx-rtd-theme from 3.0.2 to 3.1.0 (#973)

Full Changelog: kevin1024/vcrpy@v8.1.1...v8.2.0

Changelog

Sourced from vcrpy's changelog.

Changelog

All help in providing PRs to close out bug issues is appreciated. Even if that is providing a repo that fully replicates issues. We have very generous contributors that have added these to bug issues which meant another contributor picked up the bug and closed it out.

• 8.2.1

  • SECURITY: Load cassettes with a safe YAML loader, preventing arbitrary code execution when a cassette from an untrusted source is loaded (GHSA-rpj2-4hq8-938g) - thanks @​RamiAltai and @​EQSTLab
  • Validate record_mode and raise a clear error on an invalid value (#208)
  • Recommend pytest-recording over the unmaintained pytest-vcr in the docs (#986)

• 8.2.0

  • Add support for httpx 2.x (#993) - thanks @​dsfaccini
  • Patch httpx transports instead of httpcore (#972) - thanks @​seowalex
  • Fix aiohttp 3.14 compatibility: AsyncStreamReaderMixin removed and ClientResponse now requires stream_writer (#995) - thanks @​dsfaccini
  • Account for modified requests when storing played cassettes, so drop_unused_requests honours before_record_request filtering (#962) - thanks @​jamesbraza
  • Make the request URL available on VCRHTTPResponse (#976) - thanks @​dAnjou
  • Improve error message when a matching request has already been consumed (#985) - thanks @​Polandia94
  • Fix body check in convert_body_to_unicode to use an explicit type check (#982) - thanks @​Polandia94
  • Add env proxy cassette regression test (#994) - thanks @​tine1117
  • Remove milestone references from docs (#984) - thanks @​Polandia94
  • CI: bump sphinx-rtd-theme from 3.0.2 to 3.1.0 (#973)

• 8.1.1

  • Fix sync requests in async contexts for HTTPX (#965) - thanks @​seowalex
  • CI: bump peter-evans/create-pull-request from 7 to 8 (#969)

• 8.1.0

  • Enable brotli decompression if available (via brotli, brotlipy or brotlicffi) (#620) - thanks @​immerrr
  • Fix aiohttp allowing both data and json arguments when one is None (#624) - thanks @​leorochael
  • Fix usage of io-like interface with VCR.py (#906) - thanks @​tito and @​kevdevg
  • Migrate to declarative Python package config (#767) - thanks @​deronnax
  • Various linting fixes - thanks @​jairhenrique
  • CI: bump actions/checkout from 5 to 6 (#955)

• 8.0.0

  • BREAKING: Drop support for Python 3.9 (major version bump) - thanks @​jairhenrique
  • BREAKING: Drop support for urllib3 < 2 - fixes CVE warnings from urllib3 1.x (#926, #880) - thanks @​jairhenrique
  • New feature: drop_unused_requests option to remove unused interactions from cassettes (#763) - thanks @​danielnsilva
  • Rewrite httpx support to patch httpcore instead of httpx (#943) - thanks @​seowalex
    • Fixes httpx.ResponseNotRead exceptions (#832, #834)
    • Fixes KeyError: 'follow_redirects' (#945)
    • Adds support for custom httpx transports
  • Fix HTTPS proxy handling - proxy address no longer ends up in cassette URIs (#809, #914) - thanks @​alga
  • Fix iscoroutinefunction deprecation warning on Python 3.14 - thanks @​kloczek
  • Only log message if response is appended - thanks @​talfus-laddus
  • Optimize urllib.parse calls - thanks @​Martin-Brunthaler
  • Fix CI for Ubuntu 24.04 - thanks @​hartwork
  • Various CI improvements: migrate to uv, update GitHub Actions - thanks @​jairhenrique
  • Various linting and test improvements - thanks @​jairhenrique and @​hartwork

... (truncated)

Commits

• 8531203 Release v8.2.1
• 045acb1 Use a safe YAML loader for cassettes to prevent code execution
• de43f46 Fix lint failures from merged PRs (codespell + ruff UP032)
• 514c374 Validate record_mode and raise a clear error on invalid values
• b736cad docs: recommend pytest-recording over unmaintained pytest-vcr
• 06758c9 Release v8.2.0
• 6554837 Add env proxy cassette regression test (#994)
• 62cf5e1 Accounting for modified requests when storing played cassettes, with a test (...
• 13f201a make url available in VCRHTTPResponse (#976)
• d57b553 improve error message on repeated requestt (#985)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.