Skip to content

Bump streamlink from 7.3.0 to 8.4.0#60

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/streamlink-8.4.0
Open

Bump streamlink from 7.3.0 to 8.4.0#60
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/streamlink-8.4.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 11, 2026

Bumps streamlink from 7.3.0 to 8.4.0.

Release notes

Sourced from streamlink's releases.

Streamlink 8.4.0

  • SECURITY: fixed arbitrary local file read via file:// URI in HLS and DASH (CVE-2026-44353 / GHSA-hgqw-6m45-hw5f)
  • Added: --stream-passthrough-encrypted for passing through encrypted HLS/DASH segments to the output stream without any checks (#6896)
  • Fixed: --interface selection by name on macOS (#6908)
  • Fixed: --interface not being applied to adapters mounted after session init (#6915)
  • Updated plugins:
    • goltelevision: rewritten and fixed plugin (#6916)
    • twitcasting: improved ad segment filtering (#6910)

📦 Download and Installation

Please see the installation instructions for a list of available install methods and packages on the supported operating systems.

⚙️ Configuration and Usage

Please see the CLI documentation for how to configure and use Streamlink.

❤️ Support

If you think that Streamlink is useful and if you want to keep the project alive, then please consider supporting its maintainers by sending a small and optionally recurring tip via the available options.
Your support is very much appreciated, thank you!

🙏 Contributors

🗒️ Full changelog

3l3m3nt <jordan@dalleyfamily.net> (1):
      stream: add --stream-passthrough-encrypted

bastimeyer <mail@bastimeyer.de> (26):

tools: bump ty to 0.0.30 and fix issues

tools: bump mypy to 1.20.1

tools: bump ruff to 0.15.10

tests: add --stream-passthrough-encrypted tests

cli.argparser: fix type of session-option mapping

docs: fix sidebar-brand anchor color

ci.readthedocs: bump python to 3.14

tools: set ty.environment.python-platform to "all"

ci.github: add macos-latest runners

ci.github: update temp-dependencies install script

compat: add more OS-check constants

tests: add linux_only and darwin_only markers

session.http: fix set_interface on macOS

session.http: patch urllib3's set_socket_options

plugins.twitcasting: filter preroll on segment map

</tr></table>

... (truncated)

Changelog

Sourced from streamlink's changelog.

streamlink 8.4.0 (2026-05-06)

  • SECURITY: fixed arbitrary local file read via file:// URI in HLS and DASH (CVE-2026-44353 / GHSA-hgqw-6m45-hw5f)
  • Added: --stream-passthrough-encrypted for passing through encrypted HLS/DASH segments to the output stream without any checks (#6896)
  • Fixed: --interface selection by name on macOS (#6908)
  • Fixed: --interface not being applied to adapters mounted after session init (#6915)
  • Updated plugins:
    • goltelevision: rewritten and fixed plugin (#6916)
    • twitcasting: improved ad segment filtering (#6910)

Full changelog

streamlink 8.3.0 (2026-04-10)

  • Added: support for choosing the --interface by name on non-Windows systems, with optional prefixes, similar to curl (#6862)
  • Added: support for also checking stream segments in HLSStream.parse_variant_playlist() by setting check_streams="segments" (#6878)
  • Fixed: stdout/stderr streams in ProcessOutput not being fully line-buffered (#6868)
  • Updated plugins:
    • cdnbg: rewritten and fixed plugin (#6890)
    • nicolive: added websocket reconnect attempts on HLS decryption key retrieval failure (#6871)
    • soop: migrated to sooplive.com (#6876)
    • telefe: rewritten and fixed plugin (#6891)

Full changelog

streamlink 8.2.1 (2026-03-05)

  • Changed: HLS stream names using the "pixels" format to include framerate data, if available (#6848)
  • Deprecated: imports of re-exported attributes from streamlink.stream (#6821)
  • Fixed: plugin-related typing issues and missing typing annotations (#6822)
  • Updated plugins:
    • ceskatelevize: fixed sports streams (#6826)
    • nrk: updated to tv-player v9 (#6841)
    • pluto: updated to v2 API (#6851)
    • twitch: switched to Usher v2 API endpoints (#6840, #6847)
    • youtube: updated API clientVersion (#6853)

Full changelog

streamlink 8.2.0 (2026-02-09)

  • Added: --http-cookies-file CLI argument and http-cookies-files session option (#6796)
  • Changed: PluginError to also be raised when setting a plugin's url attribute to a value that doesn't match any of its URL matchers, not just when initializing the plugin class (#6810)
  • Deprecated: imports of re-exported module attributes from streamlink.utils (#6819)
  • Fixed: LogRecord missing the function name and stack info (#6788)
  • Fixed: custom network interface being reset when disabling Diffie-Hellman key exchange (#6795)
  • Fixed: broken logic when unsetting ipv4/ipv6 session options (#6795)

... (truncated)

Commits
  • a0cd8f7 release: 8.4.0
  • c9f3f0d stream.dash: check BaseURL and segment URI scheme
  • 805abf6 tests.stream.hls: decryption key w/ custom adapter
  • ef56b4f stream.hls: check segment/map/key/plist URI scheme
  • 0542a25 utils.url: add is_insecure_scheme
  • e110e03 docs: update Ubuntu package URL to Ubuntu 26.04
  • 0bffcf8 plugins.goltelevision: rewrite and fix plugin
  • 6e36892 session.http: also set interface on adapter mount
  • 6794b9d session.http_useragents: update useragents
  • ece43d0 tools: bump mypy to 1.20.2
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump streamlink from 7.3.0 to 8.4.0
557572e 
Bumps [streamlink](https://github.com/streamlink/streamlink) from 7.3.0 to 8.4.0.
- [Release notes](https://github.com/streamlink/streamlink/releases)
- [Changelog](https://github.com/streamlink/streamlink/blob/master/CHANGELOG.md)
- [Commits](streamlink/streamlink@7.3.0...8.4.0)

---
updated-dependencies:
- dependency-name: streamlink
  dependency-version: 8.4.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels May 11, 2026
@github-actions github-actions Bot requested a review from tomfaulhaber May 11, 2026 14:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tomfaulhaber tomfaulhaber Awaiting requested review from tomfaulhaber

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants