From 01f3b36e41cdafe91b254da8b1f872bb572cb41e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Jun 2026 07:05:13 +0000 Subject: [PATCH 1/5] Bump virtualenv from 21.4.1 to 21.4.2 (#12760) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [virtualenv](https://github.com/pypa/virtualenv) from 21.4.1 to 21.4.2.
Release notes

Sourced from virtualenv's releases.

21.4.2

What's Changed

Full Changelog: https://github.com/pypa/virtualenv/compare/21.4.1...21.4.2

Changelog

Sourced from virtualenv's changelog.

Bugfixes - 21.4.2

v21.4.1 (2026-05-28)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=virtualenv&package-manager=pip&previous-version=21.4.1&new-version=21.4.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 3 ++- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 3d4a5dfb551..70dd2b25a15 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -328,7 +328,7 @@ uvloop==0.22.1 ; platform_system != "Windows" # -r requirements/lint.in valkey==6.1.1 # via -r requirements/lint.in -virtualenv==21.4.1 +virtualenv==21.4.2 # via pre-commit wait-for-it==2.3.0 # via -r requirements/test-common-base.in diff --git a/requirements/dev.txt b/requirements/dev.txt index e6797209cc7..e6f8aea05e6 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -318,7 +318,7 @@ uvloop==0.22.1 ; platform_system != "Windows" and implementation_name == "cpytho # -r requirements/lint.in valkey==6.1.1 # via -r requirements/lint.in -virtualenv==21.4.1 +virtualenv==21.4.2 # via pre-commit wait-for-it==2.3.0 # via -r requirements/test-common-base.in diff --git a/requirements/lint.txt b/requirements/lint.txt index 59052523927..198f532bfa7 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -146,6 +146,7 @@ trustme==1.2.1 # via -r requirements/lint.in typing-extensions==4.15.0 # via + # aiohttp # aiosignal # cryptography # exceptiongroup @@ -163,7 +164,7 @@ uvloop==0.22.1 ; platform_system != "Windows" # via -r requirements/lint.in valkey==6.1.1 # via -r requirements/lint.in -virtualenv==21.4.1 +virtualenv==21.4.2 # via pre-commit yarl==1.24.2 # via aiohttp From 87c19225176cdd74da8395af3bc17fcba4ddc67c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Jun 2026 07:26:29 +0000 Subject: [PATCH 2/5] Bump pygments from 2.19.2 to 2.20.0 (#12762) Bumps [pygments](https://github.com/pygments/pygments) from 2.19.2 to 2.20.0.
Release notes

Sourced from pygments's releases.

2.20.0

  • New lexers:

  • Updated lexers:

    • archetype: Fix catastrophic backtracking in GUID and ID patterns (#3064)
    • ASN.1: Recognize minus sign and fix range operator (#3014, #3060)
    • C++: Add C++26 keywords (#2955), add integer literal suffixes (#2966)
    • ComponentPascal: Fix analyse_text (#3028, #3032)
    • Coq renamed to Rocq (#2883, #2908)
    • Cython: Various improvements (#2932, #2933)
    • Debian control: Improve architecture parsing (#3052)
    • Devicetree: Add support for overlay/fragments (#3021), add bytestring support (#3022), fix catastrophic backtracking (#3057)
    • Fennel: Various improvements (#2911)
    • Haskell: Handle escape sequences in character literals (#3069, #1795)
    • Java: Add module keywords (#2955)
    • Lean4: Add operators ]', ]?, ]! (#2946)
    • LESS: Support single-line comments (#3005)
    • LilyPond: Update to 2.25.29 (#2974)
    • LLVM: Support C-style comments (#3023, #2978)
    • Lua(u): Fix catastrophic backtracking (#3047)
    • Macaulay2: Update to 1.25.05 (#2893), 1.25.11 (#2988)
    • Mathematica: Various improvements (#2957)
    • meson: Add additional operators (#2919)
    • MySQL: Update keywords (#2970)
    • org-Mode: Support both schedule and deadline (#2899)
    • PHP: Add __PROPERTY__ magic constant (#2924), add reserved keywords (#3002)
    • PostgreSQL: Add more keywords (#2985)
    • protobuf: Fix namespace tokenization (#2929)
    • Python: Add t-string support (#2973, #3009, #3010)
    • Tablegen: Fix infinite loop (#2972, #2940)
    • Tera Term macro: Add commands introduced in v5.3 through v5.6 (#2951)
    • TOML: Support TOML 1.1.0 (#3026, #3027)
    • Turtle: Allow empty comment lines (#2980)
    • XML: Added .xbrl as file ending (#2890, #2891)

  • Drop Python 3.8, and add Python 3.14 as a supported version (#2987, #3012)

  • Various improvements to autopygmentize (#2894)

  • Update onedark style to support more token types (#2977)

  • Update rtt style to support more token types (#2895)

  • Cache entry points to improve performance (#2979)

  • Fix xterm-256 color table (#3043)

  • Fix kwargs dictionary getting mutated on each call (#3044)

Changelog

Sourced from pygments's changelog.

Version 2.20.0

(released March 29th, 2026)

  • New lexers:

  • Updated lexers:

    • archetype: Fix catastrophic backtracking in GUID and ID patterns (#3064)
    • ASN.1: Recognize minus sign and fix range operator (#3014, #3060)
    • C++: Add C++26 keywords (#2955), add integer literal suffixes (#2966)
    • ComponentPascal: Fix analyse_text (#3028, #3032)
    • Coq renamed to Rocq (#2883, #2908)
    • Cython: Various improvements (#2932, #2933)
    • Debian control: Improve architecture parsing (#3052)
    • Devicetree: Add support for overlay/fragments (#3021), add bytestring support (#3022), fix catastrophic backtracking (#3057)
    • Fennel: Various improvements (#2911)
    • Haskell: Handle escape sequences in character literals (#3069, #1795)
    • Java: Add module keywords (#2955)
    • Lean4: Add operators ]', ]?, ]! (#2946)
    • LESS: Support single-line comments (#3005)
    • LilyPond: Update to 2.25.29 (#2974)
    • LLVM: Support C-style comments (#3023, #2978)
    • Lua(u): Fix catastrophic backtracking (#3047)
    • Macaulay2: Update to 1.25.05 (#2893), 1.25.11 (#2988)
    • Mathematica: Various improvements (#2957)
    • meson: Add additional operators (#2919)
    • MySQL: Update keywords (#2970)
    • org-Mode: Support both schedule and deadline (#2899)
    • PHP: Add __PROPERTY__ magic constant (#2924), add reserved keywords (#3002)
    • PostgreSQL: Add more keywords (#2985)
    • protobuf: Fix namespace tokenization (#2929)
    • Python: Add t-string support (#2973, #3009, #3010)
    • Tablegen: Fix infinite loop (#2972, #2940)
    • Tera Term macro: Add commands introduced in v5.3 through v5.6 (#2951)
    • TOML: Support TOML 1.1.0 (#3026, #3027)
    • Turtle: Allow empty comment lines (#2980)
    • XML: Added .xbrl as file ending (#2890, #2891)

  • Drop Python 3.8, and add Python 3.14 as a supported version (#2987, #3012)

  • Various improvements to autopygmentize (#2894)

  • Update onedark style to support more token types (#2977)

  • Update rtt style to support more token types (#2895)

  • Cache entry points to improve performance (#2979)

  • Fix xterm-256 color table (#3043)

  • Fix kwargs dictionary getting mutated on each call (#3044)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pygments&package-manager=pip&previous-version=2.19.2&new-version=2.20.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/test-common-base.txt | 23 +++++++------- requirements/test-common.txt | 1 + requirements/test-ft.txt | 1 + requirements/test-mobile.txt | 51 ++++++++++++++++--------------- requirements/test.txt | 1 + 5 files changed, 41 insertions(+), 36 deletions(-) diff --git a/requirements/test-common-base.txt b/requirements/test-common-base.txt index 52d78569cfa..f7457ef921b 100644 --- a/requirements/test-common-base.txt +++ b/requirements/test-common-base.txt @@ -21,7 +21,7 @@ coverage==7.14.1 exceptiongroup==1.3.1 # via pytest freezegun==1.5.5 - # via -r test-common-base.in + # via -r requirements/test-common-base.in frozenlist==1.8.0 # via # aiohttp @@ -37,7 +37,7 @@ multidict==6.7.1 packaging==26.0 # via pytest pkgconfig==1.6.0 - # via -r test-common-base.in + # via -r requirements/test-common-base.in pluggy==1.6.0 # via # pytest @@ -47,31 +47,31 @@ propcache==0.5.2 # aiohttp # yarl proxy-py==2.4.10 - # via -r test-common-base.in -pygments==2.19.2 + # via -r requirements/test-common-base.in +pygments==2.20.0 # via pytest pytest==9.0.3 # via - # -r test-common-base.in + # -r requirements/test-common-base.in # pytest-aiohttp # pytest-asyncio # pytest-cov # pytest-mock # pytest-timeout pytest-aiohttp==1.1.0 - # via -r test-common-base.in + # via -r requirements/test-common-base.in pytest-asyncio==1.3.0 # via pytest-aiohttp pytest-cov==7.0.0 - # via -r test-common-base.in + # via -r requirements/test-common-base.in pytest-mock==3.15.1 - # via -r test-common-base.in + # via -r requirements/test-common-base.in pytest-timeout==2.4.0 - # via -r test-common-base.in + # via -r requirements/test-common-base.in python-dateutil==2.9.0.post0 # via freezegun setuptools-git==1.2 - # via -r test-common-base.in + # via -r requirements/test-common-base.in six==1.17.0 # via python-dateutil tomli==2.4.1 @@ -80,12 +80,13 @@ tomli==2.4.1 # pytest typing-extensions==4.15.0 # via + # aiohttp # aiosignal # exceptiongroup # multidict # pytest-asyncio wait-for-it==2.3.0 - # via -r test-common-base.in + # via -r requirements/test-common-base.in yarl==1.24.2 # via aiohttp diff --git a/requirements/test-common.txt b/requirements/test-common.txt index cd82228ae08..205bf161ec0 100644 --- a/requirements/test-common.txt +++ b/requirements/test-common.txt @@ -133,6 +133,7 @@ trustme==1.2.1 ; platform_machine != "i686" # via -r requirements/test-common.in typing-extensions==4.15.0 # via + # aiohttp # aiosignal # cryptography # exceptiongroup diff --git a/requirements/test-ft.txt b/requirements/test-ft.txt index c89f4423c89..97aff3e0cd5 100644 --- a/requirements/test-ft.txt +++ b/requirements/test-ft.txt @@ -157,6 +157,7 @@ trustme==1.2.1 ; platform_machine != "i686" typing-extensions==4.15.0 ; python_version < "3.13" # via # -r requirements/runtime-deps.in + # aiohttp # aiosignal # cryptography # exceptiongroup diff --git a/requirements/test-mobile.txt b/requirements/test-mobile.txt index 77b08935af5..2cfbd3ec357 100644 --- a/requirements/test-mobile.txt +++ b/requirements/test-mobile.txt @@ -5,32 +5,32 @@ # pip-compile --output-file=requirements/test-mobile.txt --strip-extras --unsafe-package=aiohttp requirements/test-mobile.in # aiodns==4.0.4 ; sys_platform != "android" and sys_platform != "ios" - # via -r runtime-deps.in + # via -r requirements/runtime-deps.in aiohappyeyeballs==2.6.2 # via - # -r runtime-deps.in + # -r requirements/runtime-deps.in # aiohttp aiosignal==1.4.0 # via - # -r runtime-deps.in + # -r requirements/runtime-deps.in # aiohttp async-timeout==5.0.1 ; python_version < "3.11" # via - # -r runtime-deps.in + # -r requirements/runtime-deps.in # aiohttp attrs==26.1.0 # via aiohttp backports-asyncio-runner==1.2.0 ; python_version < "3.11" # via - # -r test-mobile.in + # -r requirements/test-mobile.in # pytest-asyncio backports-zstd==1.3.0 ; platform_python_implementation == "CPython" and python_version < "3.14" and sys_platform != "android" and sys_platform != "ios" - # via -r runtime-deps.in + # via -r requirements/runtime-deps.in brotli==1.2.0 ; platform_python_implementation == "CPython" and sys_platform != "android" and sys_platform != "ios" - # via -r runtime-deps.in + # via -r requirements/runtime-deps.in cffi==2.0.0 ; sys_platform != "android" and sys_platform != "ios" # via - # -r test-mobile.in + # -r requirements/test-mobile.in # pycares click==8.4.0 # via wait-for-it @@ -39,21 +39,21 @@ coverage==7.14.1 exceptiongroup==1.3.1 # via pytest freezegun==1.5.5 - # via -r test-common-base.in + # via -r requirements/test-common-base.in frozenlist==1.8.0 # via - # -r runtime-deps.in + # -r requirements/runtime-deps.in # aiohttp # aiosignal gunicorn==26.0.0 - # via -r base-ft.in + # via -r requirements/base-ft.in idna==3.17 # via yarl iniconfig==2.3.0 # via pytest multidict==6.7.1 # via - # -r runtime-deps.in + # -r requirements/runtime-deps.in # aiohttp # yarl packaging==26.2 @@ -61,21 +61,21 @@ packaging==26.2 # gunicorn # pytest pkgconfig==1.6.0 - # via -r test-common-base.in + # via -r requirements/test-common-base.in pluggy==1.6.0 # via # pytest # pytest-cov propcache==0.5.2 # via - # -r runtime-deps.in + # -r requirements/runtime-deps.in # aiohttp # yarl proxy-py==2.4.10 - # via -r test-common-base.in + # via -r requirements/test-common-base.in pycares==5.0.1 ; sys_platform != "android" and sys_platform != "ios" # via - # -r test-mobile.in + # -r requirements/test-mobile.in # aiodns pycparser==3.0 # via cffi @@ -83,26 +83,26 @@ pygments==2.20.0 # via pytest pytest==9.0.3 # via - # -r test-common-base.in + # -r requirements/test-common-base.in # pytest-aiohttp # pytest-asyncio # pytest-cov # pytest-mock # pytest-timeout pytest-aiohttp==1.1.0 - # via -r test-common-base.in + # via -r requirements/test-common-base.in pytest-asyncio==1.4.0a2 # via pytest-aiohttp pytest-cov==7.1.0 - # via -r test-common-base.in + # via -r requirements/test-common-base.in pytest-mock==3.15.1 - # via -r test-common-base.in + # via -r requirements/test-common-base.in pytest-timeout==2.4.0 - # via -r test-common-base.in + # via -r requirements/test-common-base.in python-dateutil==2.9.0.post0 # via freezegun setuptools-git==1.2 - # via -r test-common-base.in + # via -r requirements/test-common-base.in six==1.17.0 # via python-dateutil tomli==2.4.1 @@ -111,16 +111,17 @@ tomli==2.4.1 # pytest typing-extensions==4.15.0 ; python_version < "3.13" # via - # -r runtime-deps.in + # -r requirements/runtime-deps.in + # aiohttp # aiosignal # exceptiongroup # multidict # pytest-asyncio wait-for-it==2.3.0 - # via -r test-common-base.in + # via -r requirements/test-common-base.in yarl==1.24.2 # via - # -r runtime-deps.in + # -r requirements/runtime-deps.in # aiohttp # The following packages are considered to be unsafe in a requirements file: diff --git a/requirements/test.txt b/requirements/test.txt index 1a211be2a1e..3f524555daa 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -157,6 +157,7 @@ trustme==1.2.1 ; platform_machine != "i686" typing-extensions==4.15.0 ; python_version < "3.13" # via # -r requirements/runtime-deps.in + # aiohttp # aiosignal # cryptography # exceptiongroup From 98d8753946c732f37a447dd6bfd5d734f21e9444 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Jun 2026 08:41:12 +0000 Subject: [PATCH 3/5] Bump pip from 26.1.1 to 26.1.2 (#12770) Bumps [pip](https://github.com/pypa/pip) from 26.1.1 to 26.1.2.
Changelog

Sourced from pip's changelog.

26.1.2 (2026-05-31)

Bug Fixes

  • Reject console_scripts and gui_scripts entry points whose name would install a script outside the scripts directory. ([#14000](https://github.com/pypa/pip/issues/14000) <https://github.com/pypa/pip/issues/14000>_)
  • Fix installation incorrectly failing when the target path contains a doubled slash, such as with pip install --root //.... ([#14001](https://github.com/pypa/pip/issues/14001) <https://github.com/pypa/pip/issues/14001>_)
  • Send a consistent Accept-Encoding header to avoid a spurious Cache entry deserialization failed warning. ([#14012](https://github.com/pypa/pip/issues/14012) <https://github.com/pypa/pip/issues/14012>_)
Commits
  • 31d7d16 Bump for release
  • 79f348c Update AUTHORS.txt
  • 237a925 Merge pull request #14001 from notatallshaw/fix-is-within-directory
  • 34d0285 Merge pull request #14006 from laymonage/fix-requirements_from_scripts-space-...
  • 09d3e07 Merge pull request #14012 from notatallshaw/stable-accept-encoding
  • fa7854f Use is_within_directory for entry point check
  • d01b46c NEWS ENTRY
  • 7ff8bdd Fix is_within_directory for doubled-slash roots
  • 7ea3466 NEWS ENTRY
  • 85673ea Fix Accept-Encoding to gzip, deflate
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=26.1.1&new-version=26.1.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 70dd2b25a15..0106b800620 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -157,7 +157,7 @@ packaging==26.2 # wheel pathspec==1.1.1 # via mypy -pip==26.1.1 +pip==26.1.2 # via pip-tools pip-tools==7.5.3 # via -r requirements/dev.in diff --git a/requirements/dev.txt b/requirements/dev.txt index e6f8aea05e6..e95d8078492 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -154,7 +154,7 @@ packaging==26.2 # wheel pathspec==1.1.1 # via mypy -pip==26.1.1 +pip==26.1.2 # via pip-tools pip-tools==7.5.3 # via -r requirements/dev.in From 05f8f0788c756c831d5e63d9df318cb0acef058f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Jun 2026 09:54:03 +0000 Subject: [PATCH 4/5] Bump packaging from 26.0 to 26.2 (#12761) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [packaging](https://github.com/pypa/packaging) from 26.0 to 26.2.
Release notes

Sourced from packaging's releases.

26.2

What's Changed

Fixes:

Documentation:

Internal:

New Contributors

Full Changelog: https://github.com/pypa/packaging/compare/26.1...26.2

26.1

Features:

Behavior adaptations:

... (truncated)

Changelog

Sourced from packaging's changelog.

26.2 - 2026-04-24


Fixes:

    

  • Fix incorrect sysconfig var name for pyemscripten in
(:pull:1160)
    • 

  • Make Version, Specifier,
SpecifierSet, Tag, Marker, and
Requirement pickle-safe
    
and backward-compatible with pickles created in 25.0-26.1 (including
references to the removed
    
packaging._structures module) (:pull:1163,
:pull:1168, :pull:1170,
:pull:1171)
    • 

  • Re-export ExceptionGroup in metadata for now in
(:pull:1164)
    • 



Documentation:


    

  • Add errors section and fix missing details in
(:pull:1159)
    • 

  • Document our property-based test suite in
(:pull:1167)
    • 

  • Fix a DirectUrl typo in (:pull:1169)
    • 

  • Add example of is_unsatisfiable in
(:pull:1166)
    • 



Internal:


    

  • Enable the auditor persona on zizmor in
(:pull:1158)
    • 

  • Test new pickle guarantees in (:pull:1174)
    • 

  • Use new native ReadTheDocs uv integration in
(:pull:1175)
    • 



26.1 - 2026-04-14

Features:

  • PEP 783: add handling for Emscripten wheel tags in (:pull:804) (old name used in implementation, fixed in next release)
  • PEP 803: add handling for the abi3.abi3t free-threading tag in (:pull:1099)
  • PEP 723: add packaging.dependency_groups module, based on the dependency-groups package in (:pull:1065)
  • Add the packaging.direct_url module in (:pull:944)
  • Add the packaging.errors module in (:pull:1071)
  • Add SpecifierSet.is_unsatisfiable using ranges (new internals that will be expanded in future versions) in (:pull:1119)
  • Add create_compatible_tags_selector to select compatible tags in (:pull:1110)
  • Add a key argument to SpecifierSet.filter() in (:pull:1068)
  • Support & and | for Marker's in (:pull:1146)
  • Normalize Version.__replace__ and add Version.from_parts in (:pull:1078)
  • Add an option to validate compressed tag set sort order in parse_wheel_filename in (:pull:1150)

Behavior adaptations:

  • Narrow exclusion of pre-releases for <V.postN to match spec in (:pull:1140)
  • Narrow exclusion of post-releases for >V to match spec in (:pull:1141)
  • Rename format_full_version to _format_full_version to make it visibly private in (:pull:1125)
  • Restrict local version to ASCII in (:pull:1102)

Pylock (PEP 751) updates:

... (truncated)

Commits

Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/test-common-base.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements/test-common-base.txt b/requirements/test-common-base.txt index f7457ef921b..ae3ed0da85e 100644 --- a/requirements/test-common-base.txt +++ b/requirements/test-common-base.txt @@ -34,7 +34,7 @@ multidict==6.7.1 # via # aiohttp # yarl -packaging==26.0 +packaging==26.2 # via pytest pkgconfig==1.6.0 # via -r requirements/test-common-base.in From 41e0608afb935b229100abe1a12e4d18c4407661 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Jun 2026 10:10:21 +0000 Subject: [PATCH 5/5] Bump aiohttp from 3.13.5 to 3.14.0 (#12765) [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=aiohttp&package-manager=pip&previous-version=3.13.5&new-version=3.14.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 3 ++- requirements/dev.txt | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 0106b800620..01204e1ff22 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -307,6 +307,7 @@ trustme==1.2.1 ; platform_machine != "i686" typing-extensions==4.15.0 ; python_version < "3.13" # via # -r requirements/runtime-deps.in + # aiohttp # aiosignal # cryptography # exceptiongroup @@ -344,5 +345,5 @@ zlib-ng==1.0.0 # -r requirements/test-common.in # The following packages are considered to be unsafe in a requirements file: -aiohttp==3.13.5 +aiohttp==3.14.0 # via pytest-aiohttp diff --git a/requirements/dev.txt b/requirements/dev.txt index e95d8078492..bb5cab60d3f 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -297,6 +297,7 @@ trustme==1.2.1 ; platform_machine != "i686" typing-extensions==4.15.0 ; python_version < "3.13" # via # -r requirements/runtime-deps.in + # aiohttp # aiosignal # cryptography # exceptiongroup @@ -334,5 +335,5 @@ zlib-ng==1.0.0 # -r requirements/test-common.in # The following packages are considered to be unsafe in a requirements file: -aiohttp==3.13.5 +aiohttp==3.14.0 # via pytest-aiohttp