Skip to content

Bump the dependencies group with 11 updates #686

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 6, 2025
Merged

Bump the dependencies group with 11 updates #686

merged 1 commit into from
Sep 6, 2025

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 1, 2025

Bumps the dependencies group with 11 updates:

Package From To
cryptography 45.0.5 45.0.6
coverage[toml] 7.10.1 7.10.6
typing-extensions 4.14.1 4.15.0
certifi 2025.7.14 2025.8.3
charset-normalizer 3.4.2 3.4.3
requests 2.32.4 2.32.5
filelock 3.18.0 3.19.1
platformdirs 4.3.8 4.4.0
types-cffi 1.17.0.20250523 1.17.0.20250822
types-setuptools 80.9.0.20250529 80.9.0.20250822
virtualenv 20.32.0 20.34.0

Updates cryptography from 45.0.5 to 45.0.6

Changelog

Sourced from cryptography's changelog.

45.0.6 - 2025-08-05


* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.2.

.. _v45-0-5:

Commits

Updates coverage[toml] from 7.10.1 to 7.10.6

Release notes

Sourced from coverage[toml]'s releases.

7.10.6

Version 7.10.6 — 2025-08-29

  • Fix: source directories were not properly communicated to subprocesses that ran in different directories, as reported in issue 1499. This is now fixed.
  • Performance: Alex Gaynor continues fine-tuning the speed of combination, especially with many contexts.

➡️  PyPI page: coverage 7.10.6. :arrow_right:  To install: python3 -m pip install coverage==7.10.6

7.10.5

Version 7.10.5 — 2025-08-23

  • Big speed improvements for coverage combine: it’s now about twice as fast! Huge thanks to Alex Gaynor for pull requests 2032, 2033, and 2034.

➡️  PyPI page: coverage 7.10.5. :arrow_right:  To install: python3 -m pip install coverage==7.10.5

7.10.4

Version 7.10.4 — 2025-08-16

  • Added patch = fork for times when the built-in forking support is insufficient.
  • Fix: patch = execv also inherits the entire coverage configuration now.

➡️  PyPI page: coverage 7.10.4. :arrow_right:  To install: python3 -m pip install coverage==7.10.4

7.10.3

Version 7.10.3 — 2025-08-10

  • Fixes for patch = subprocess:
    • If subprocesses spawned yet more subprocesses simultaneously, some coverage could be missed. This is now fixed, closing issue 2024.
    • If subprocesses were created in other directories, their data files were stranded there and not combined into the totals, as described in issue 2025. This is now fixed.
    • On Windows (or maybe only some Windows?) the patch would fail with a ModuleNotFound error trying to import coverage. This is now fixed, closing issue 2022.
    • Originally only options set in the coverage configuration file would apply to subprocesses. Options set on the coverage run command line (such as --branch) wouldn’t be communicated to the subprocesses. This could lead to combining failures, as described in issue 2021. Now the entire configuration is used in subprocesses, regardless of its origin.
    • Added debug=patch to help diagnose problems.
  • Fix: really close all SQLite databases, even in-memory ones. Closes issue 2017.

➡️  PyPI page: coverage 7.10.3. :arrow_right:  To install: python3 -m pip install coverage==7.10.3

7.10.2

Version 7.10.2 — 2025-08-03

  • Fix: some code with NOP bytecodes could report missing branches that are actually executed. This is now fixed, closing issue 1999. Python 3.9 still shows the problem.

➡️  PyPI page: coverage 7.10.2. :arrow_right:  To install: python3 -m pip install coverage==7.10.2

Changelog

Sourced from coverage[toml]'s changelog.

Version 7.10.6 — 2025-08-29

  • Fix: source directories were not properly communicated to subprocesses that ran in different directories, as reported in issue 1499_. This is now fixed.

  • Performance: Alex Gaynor continues fine-tuning <pull 2038_>_ the speed of combination, especially with many contexts.

.. _issue 1499: nedbat/coveragepy#1499 .. _pull 2038: nedbat/coveragepy#2038

.. _changes_7-10-5:

Version 7.10.5 — 2025-08-23

  • Big speed improvements for coverage combine: it's now about twice as fast! Huge thanks to Alex Gaynor for pull requests 2032 <pull 2032_>, 2033 <pull 2033_>, and 2034 <pull 2034_>_.

.. _pull 2032: nedbat/coveragepy#2032 .. _pull 2033: nedbat/coveragepy#2033 .. _pull 2034: nedbat/coveragepy#2034

.. _changes_7-10-4:

Version 7.10.4 — 2025-08-16

  • Added patch = fork for times when the built-in forking support is insufficient.

  • Fix: patch = execv also inherits the entire coverage configuration now.

.. _changes_7-10-3:

Version 7.10.3 — 2025-08-10

  • Fixes for patch = subprocess:

    • If subprocesses spawned yet more subprocesses simultaneously, some coverage could be missed. This is now fixed, closing issue 2024_.

    • If subprocesses were created in other directories, their data files were

... (truncated)

Commits
  • 88c55ff docs: sample HTML for 7.10.6
  • 01d8995 docs: prep for 7.10.6
  • 9b0c24f docs: thanks Alex #2038
  • 66d6910 fix: make source paths absolute where they exist. #1499
  • bb3382f build: no need for the combine/html times now
  • 9ea349a lab: warn_executed.py
  • 808c9b4 build: changing metacov.ini should trigger metacov
  • 384f5f2 build: oops, some 'if's are really line pragmas
  • a7224af perf: pre-compute the mapping between other_db.context and main.context (#2038)
  • 5c00c5b chore: bump the action-dependencies group with 3 updates (#2039)
  • Additional commits viewable in compare view

Updates typing-extensions from 4.14.1 to 4.15.0

Release notes

Sourced from typing-extensions's releases.

4.15.0

No user-facing changes since 4.15.0rc1.

New features since 4.14.1:

  • Add the @typing_extensions.disjoint_base decorator, as specified in PEP 800. Patch by Jelle Zijlstra.
  • Add typing_extensions.type_repr, a backport of annotationlib.type_repr, introduced in Python 3.14 (CPython PR #124551, originally by Jelle Zijlstra). Patch by Semyon Moroz.
  • Fix behavior of type params in typing_extensions.evaluate_forward_ref. Backport of CPython PR #137227 by Jelle Zijlstra.

4.15.0rc1

  • Add the @typing_extensions.disjoint_base decorator, as specified in PEP 800. Patch by Jelle Zijlstra.
  • Add typing_extensions.type_repr, a backport of annotationlib.type_repr, introduced in Python 3.14 (CPython PR #124551, originally by Jelle Zijlstra). Patch by Semyon Moroz.
  • Fix behavior of type params in typing_extensions.evaluate_forward_ref. Backport of CPython PR #137227 by Jelle Zijlstra.
Changelog

Sourced from typing-extensions's changelog.

Release 4.15.0 (August 25, 2025)

No user-facing changes since 4.15.0rc1.

Release 4.15.0rc1 (August 18, 2025)

  • Add the @typing_extensions.disjoint_base decorator, as specified in PEP 800. Patch by Jelle Zijlstra.
  • Add typing_extensions.type_repr, a backport of annotationlib.type_repr, introduced in Python 3.14 (CPython PR #124551, originally by Jelle Zijlstra). Patch by Semyon Moroz.
  • Fix behavior of type params in typing_extensions.evaluate_forward_ref. Backport of CPython PR #137227 by Jelle Zijlstra.
Commits

Updates certifi from 2025.7.14 to 2025.8.3

Commits

Updates charset-normalizer from 3.4.2 to 3.4.3

Release notes

Sourced from charset-normalizer's releases.

Version 3.4.3

3.4.3 (2025-08-09)

Changed

  • mypy(c) is no longer a required dependency at build time if CHARSET_NORMALIZER_USE_MYPYC isn't set to 1. (#595) (#583)
  • automatically lower confidence on small bytes samples that are not Unicode in detect output legacy function. (#391)

Added

  • Custom build backend to overcome inability to mark mypy as an optional dependency in the build phase.
  • Support for Python 3.14

Fixed

  • sdist archive contained useless directories.
  • automatically fallback on valid UTF-16 or UTF-32 even if the md says it's noisy. (#633)

Misc

  • SBOM are automatically published to the relevant GitHub release to comply with regulatory changes. Each published wheel comes with its SBOM. We choose CycloneDX as the format.
  • Prebuilt optimized wheel are no longer distributed by default for CPython 3.7 due to a change in cibuildwheel.
Changelog

Sourced from charset-normalizer's changelog.

3.4.3 (2025-08-09)

Changed

  • mypy(c) is no longer a required dependency at build time if CHARSET_NORMALIZER_USE_MYPYC isn't set to 1. (#595) (#583)
  • automatically lower confidence on small bytes samples that are not Unicode in detect output legacy function. (#391)

Added

  • Custom build backend to overcome inability to mark mypy as an optional dependency in the build phase.
  • Support for Python 3.14

Fixed

  • sdist archive contained useless directories.
  • automatically fallback on valid UTF-16 or UTF-32 even if the md says it's noisy. (#633)

Misc

  • SBOM are automatically published to the relevant GitHub release to comply with regulatory changes. Each published wheel comes with its SBOM. We choose CycloneDX as the format.
  • Prebuilt optimized wheel are no longer distributed by default for CPython 3.7 due to a change in cibuildwheel.
Commits
  • 46f662d Release 3.4.3 (#638)
  • 1a059b2 🔧 skip building on freethreaded as we're not confident it is stable
  • 2275e3d 📝 final note in CHANGELOG.md
  • c96acdf 📝 update release date on CHANGELOG.md
  • 43e5460 📝 update README.md
  • f277074 🔧 automatically lower confidence on small bytes str on non Unicode res...
  • 15ae241 🐛 automatically fallback on valid UTF-16 or UTF-32 even if the md says it...
  • 37397c1 🔧 enable 3.14 in nox test_mypyc session
  • cb82537 ⏪ revert license due to compat python 3.7 issue setuptools
  • 6a2efeb 🎨 fix linter errors
  • Additional commits viewable in compare view

Updates requests from 2.32.4 to 2.32.5

Release notes

Sourced from requests's releases.

v2.32.5

2.32.5 (2025-08-18)

Bugfixes

  • The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

  • Added support for Python 3.14.
  • Dropped support for Python 3.8 following its end of support.
Changelog

Sourced from requests's changelog.

2.32.5 (2025-08-18)

Bugfixes

  • The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

  • Added support for Python 3.14.
  • Dropped support for Python 3.8 following its end of support.
Commits
  • b25c87d v2.32.5
  • 131e506 Merge pull request #7010 from psf/dependabot/github_actions/actions/checkout-...
  • b336cb2 Bump actions/checkout from 4.2.0 to 5.0.0
  • 46e939b Update publish workflow to use artifact-id instead of name
  • 4b9c546 Merge pull request #6999 from psf/dependabot/github_actions/step-security/har...
  • 7618dbe Bump step-security/harden-runner from 2.12.0 to 2.13.0
  • 2edca11 Add support for Python 3.14 and drop support for Python 3.8 (#6993)
  • fec96cd Update Makefile rules (#6996)
  • d58d8aa docs: clarify timeout parameter uses seconds in Session.request (#6994)
  • 91a3eab Bump github/codeql-action from 3.28.5 to 3.29.0
  • Additional commits viewable in compare view

Updates filelock from 3.18.0 to 3.19.1

Release notes

Sourced from filelock's releases.

3.19.1

What's Changed

New Contributors

Full Changelog: tox-dev/filelock@3.19.0...3.19.1

3.19.0

What's Changed

Full Changelog: tox-dev/filelock@3.18.0...3.19.0

Commits

Updates platformdirs from 4.3.8 to 4.4.0

Release notes

Sourced from platformdirs's releases.

4.4.0

What's Changed

New Contributors

Full Changelog: tox-dev/platformdirs@4.3.8...4.4.0

Commits
  • c945a28 feat: improve homebrew path detection (#370)
  • 9f616e9 [pre-commit.ci] pre-commit autoupdate (#372)
  • 5720f26 [pre-commit.ci] pre-commit autoupdate (#367)
  • 848924d [pre-commit.ci] pre-commit autoupdate (#365)
  • df2e678 Bump actions/checkout from 4 to 5 in the all group (#366)
  • 009a3f8 Bump actions/download-artifact from 4 to 5 in the all group (#364)
  • 3d194ee [pre-commit.ci] pre-commit autoupdate (#363)
  • 6046533 [pre-commit.ci] pre-commit autoupdate (#362)
  • 88389ce [pre-commit.ci] pre-commit autoupdate (#361)
  • 82763ff [pre-commit.ci] pre-commit autoupdate (#360)
  • Additional commits viewable in compare view

Updates types-cffi from 1.17.0.20250523 to 1.17.0.20250822

Commits

Updates types-setuptools from 80.9.0.20250529 to 80.9.0.20250822

Commits

Updates virtualenv from 20.32.0 to 20.34.0

Release notes

Sourced from virtualenv's releases.

20.34.0

What's Changed

Full Changelog: pypa/virtualenv@20.33.1...20.34.0

20.33.1

What's Changed

Full Changelog: pypa/virtualenv@20.33.0...20.33.1

20.33.0

What's Changed

... (truncated)

Changelog

Sourced from virtualenv's changelog.

v20.34.0 (2025-08-13)

Features - 20.34.0

- Abstract out caching in discovery - by :user:`esafak`.
  Decouple `FileCache` from `py_info` (discovery) - by :user:`esafak`.
  Remove references to py_info in FileCache - by :user:`esafak`.
  Decouple discovery from creator plugins - by :user:`esafak`.
  Decouple discovery by duplicating info utils - by :user:`esafak`. (:issue:`2074`)
- Add PyPy 3.11 support. Contributed by :user:`esafak`. (:issue:`2932`)

Bugfixes - 20.34.0

  • Upgrade embedded wheel pip to 25.2 from 25.1.1 - by :user:gaborbernat. (:issue:2333)
  • Accept RuntimeError in test_too_many_open_files, by :user:esafak (:issue:2935)
  • Python in PATH takes precedence over uv-managed python. Contributed by :user:edgarrmondragon. (:issue:2952)

v20.33.1 (2025-08-05)

Bugfixes - 20.33.1

- Correctly unpack _get_tcl_tk_libs() response in PythonInfo.
  Contributed by :user:`esafak`. (:issue:`2930`)
- Restore `py_info.py` timestamp in `test_py_info_cache_invalidation_on_py_info_change`
  Contributed by :user:`esafak`. (:issue:`2933`)

v20.33.0 (2025-08-03)


Features - 20.33.0

  • Added support for Tcl and Tkinter. You're welcome. Contributed by :user:esafak. (:issue:425)

Bugfixes - 20.33.0

- Prevent logging setup when --help is passed, fixing a flaky test.
  Contributed by :user:`esafak`. (:issue:`u`)
- Fix cache invalidation for PythonInfo by hashing `py_info.py`.
  Contributed by :user:`esafak`. (:issue:`2467`)
- When no discovery plugins are found, the application would crash with a StopIteration.
  This change catches the StopIteration and raises a RuntimeError with a more informative message.
  Contributed by :user:`esafak`. (:issue:`2493`)
- Stop `--try-first-with` overriding absolute `--python` paths.
  Contributed by :user:`esafak`. (:issue:`2659`)
- Force UTF-8 encoding for pip download
  Contributed by :user:`esafak`. (:issue:`2780`)
- Creating a virtual environment on a filesystem without symlink-support would fail even with `--copies`
</tr></table>

... (truncated)

Commits

Most Recent Ignore Conditions Applied to This Pull Request
Dependency Name Ignore Conditions
certifi [< 2023, > 2022.6.15]
cryptography [< 38.1, > 38.0.0]
typing-extensions [< 4.7, > 4.6.0]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the dependencies group with 11 updates
d581c1d 
Bumps the dependencies group with 11 updates:

| Package | From | To |
| --- | --- | --- |
| [cryptography](https://github.com/pyca/cryptography) | `45.0.5` | `45.0.6` |
| [coverage[toml]](https://github.com/nedbat/coveragepy) | `7.10.1` | `7.10.6` |
| [typing-extensions](https://github.com/python/typing_extensions) | `4.14.1` | `4.15.0` |
| [certifi](https://github.com/certifi/python-certifi) | `2025.7.14` | `2025.8.3` |
| [charset-normalizer](https://github.com/jawah/charset_normalizer) | `3.4.2` | `3.4.3` |
| [requests](https://github.com/psf/requests) | `2.32.4` | `2.32.5` |
| [filelock](https://github.com/tox-dev/py-filelock) | `3.18.0` | `3.19.1` |
| [platformdirs](https://github.com/tox-dev/platformdirs) | `4.3.8` | `4.4.0` |
| [types-cffi](https://github.com/typeshed-internal/stub_uploader) | `1.17.0.20250523` | `1.17.0.20250822` |
| [types-setuptools](https://github.com/typeshed-internal/stub_uploader) | `80.9.0.20250529` | `80.9.0.20250822` |
| [virtualenv](https://github.com/pypa/virtualenv) | `20.32.0` | `20.34.0` |


Updates `cryptography` from 45.0.5 to 45.0.6
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@45.0.5...45.0.6)

Updates `coverage[toml]` from 7.10.1 to 7.10.6
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](nedbat/coveragepy@7.10.1...7.10.6)

Updates `typing-extensions` from 4.14.1 to 4.15.0
- [Release notes](https://github.com/python/typing_extensions/releases)
- [Changelog](https://github.com/python/typing_extensions/blob/main/CHANGELOG.md)
- [Commits](python/typing_extensions@4.14.1...4.15.0)

Updates `certifi` from 2025.7.14 to 2025.8.3
- [Commits](certifi/python-certifi@2025.07.14...2025.08.03)

Updates `charset-normalizer` from 3.4.2 to 3.4.3
- [Release notes](https://github.com/jawah/charset_normalizer/releases)
- [Changelog](https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md)
- [Commits](jawah/charset_normalizer@3.4.2...3.4.3)

Updates `requests` from 2.32.4 to 2.32.5
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.32.4...v2.32.5)

Updates `filelock` from 3.18.0 to 3.19.1
- [Release notes](https://github.com/tox-dev/py-filelock/releases)
- [Changelog](https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst)
- [Commits](tox-dev/filelock@3.18.0...3.19.1)

Updates `platformdirs` from 4.3.8 to 4.4.0
- [Release notes](https://github.com/tox-dev/platformdirs/releases)
- [Changelog](https://github.com/tox-dev/platformdirs/blob/main/CHANGES.rst)
- [Commits](tox-dev/platformdirs@4.3.8...4.4.0)

Updates `types-cffi` from 1.17.0.20250523 to 1.17.0.20250822
- [Commits](https://github.com/typeshed-internal/stub_uploader/commits)

Updates `types-setuptools` from 80.9.0.20250529 to 80.9.0.20250822
- [Commits](https://github.com/typeshed-internal/stub_uploader/commits)

Updates `virtualenv` from 20.32.0 to 20.34.0
- [Release notes](https://github.com/pypa/virtualenv/releases)
- [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst)
- [Commits](pypa/virtualenv@20.32.0...20.34.0)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-version: 45.0.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: coverage[toml]
  dependency-version: 7.10.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: typing-extensions
  dependency-version: 4.15.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: certifi
  dependency-version: 2025.8.3
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: charset-normalizer
  dependency-version: 3.4.3
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: requests
  dependency-version: 2.32.5
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: filelock
  dependency-version: 3.19.1
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: platformdirs
  dependency-version: 4.4.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: types-cffi
  dependency-version: 1.17.0.20250822
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: types-setuptools
  dependency-version: 80.9.0.20250822
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: virtualenv
  dependency-version: 20.34.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Sep 1, 2025
@A5rocks A5rocks merged commit 0455ca6 into main Sep 6, 2025
19 checks passed
@A5rocks A5rocks deleted the dependabot/pip/dependencies-712c234b13 branch September 6, 2025 23:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@A5rocks