[pull] master from aio-libs:master by pull[bot] · Pull Request #604 · tj-python/aiohttp

pull · 2026-06-02T17:06:22Z

See Commits and Changes for more details.

Created by pull[bot] (v2.0.0-alpha.4)

Can you help keep this open source service alive? 💖 Please sponsor : )

Bumps [pypa/cibuildwheel](https://github.com/pypa/cibuildwheel) from 3.4.0 to 3.4.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pypa/cibuildwheel/releases">pypa/cibuildwheel's releases</a>.</em></p> <blockquote> <h2>v3.4.1</h2> <ul> <li>⚠️ Building for the experimental CPython 3.13 free-threading variant is now deprecated. That functionality will be removed in the next minor release. The <a href="https://cibuildwheel.pypa.io/en/stable/options/#enable"><code>enable</code></a> option <code>cpython-freethreading</code> is therefore also deprecated. Builds specifying <code>enable = "all"</code> no longer select <code>cpython-freethreading</code>. CPython 3.14 free-threading support remains available without the <code>enable</code> flag. (<a href="https://redirect.github.com/pypa/cibuildwheel/issues/2787">#2787</a>)</li> <li>🐛 iOS builds will no longer skip <code>repair-wheel-command</code> if it's defined in config (<a href="https://redirect.github.com/pypa/cibuildwheel/issues/2761">#2761</a>)</li> <li>🐛 Fix bug causing <code>uv</code> to fail when environments define PYTHON_VERSION or UV_PYTHON, conflicting with our venvs (<a href="https://redirect.github.com/pypa/cibuildwheel/issues/2795">#2795</a>)</li> <li>✨ cibuildwheel prints the selected build identifiers at the start of the build. (<a href="https://redirect.github.com/pypa/cibuildwheel/issues/2785">#2785</a>)</li> <li>🔐 The GitHub Action now references other actions with a full SHA (<a href="https://redirect.github.com/pypa/cibuildwheel/issues/2744">#2744</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/cibuildwheel/blob/main/docs/changelog.md">pypa/cibuildwheel's changelog</a>.</em></p> <blockquote> <h3>v3.4.1</h3> <p><em>2 April 2026</em></p> <ul> <li>⚠️ Building for the experimental CPython 3.13 free-threading variant is now deprecated. That functionality will be removed in the next minor release. The <a href="https://cibuildwheel.pypa.io/en/stable/options/#enable"><code>enable</code></a> option <code>cpython-freethreading</code> is therefore also deprecated. Builds specifying <code>enable = "all"</code> no longer select <code>cpython-freethreading</code>. CPython 3.14 free-threading support remains available without the <code>enable</code> flag. (<a href="https://redirect.github.com/pypa/cibuildwheel/issues/2787">#2787</a>)</li> <li>🐛 iOS builds will no longer skip <code>repair-wheel-command</code> if it's defined in config (<a href="https://redirect.github.com/pypa/cibuildwheel/issues/2761">#2761</a>)</li> <li>🐛 Fix bug causing <code>uv</code> to fail when environments define PYTHON_VERSION or UV_PYTHON, conflicting with our venvs (<a href="https://redirect.github.com/pypa/cibuildwheel/issues/2795">#2795</a>)</li> <li>✨ cibuildwheel prints the selected build identifiers at the start of the build. (<a href="https://redirect.github.com/pypa/cibuildwheel/issues/2785">#2785</a>)</li> <li>🔐 The GitHub Action now references other actions with a full SHA (<a href="https://redirect.github.com/pypa/cibuildwheel/issues/2744">#2744</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/cibuildwheel/commit/8d2b08b68458a16aeb24b64e68a09ab1c8e82084"><code>8d2b08b</code></a> Bump version: v3.4.1</li> <li><a href="https://github.com/pypa/cibuildwheel/commit/54b8a010d0e3b9d46d00af867716f4f8661b39ae"><code>54b8a01</code></a> deprecation: cp313t (<a href="https://redirect.github.com/pypa/cibuildwheel/issues/2787">#2787</a>)</li> <li><a href="https://github.com/pypa/cibuildwheel/commit/097806b6b1bd3cdd7b139ac63b20f85f76d72082"><code>097806b</code></a> tests: fully type the test suite (<a href="https://redirect.github.com/pypa/cibuildwheel/issues/2794">#2794</a>)</li> <li><a href="https://github.com/pypa/cibuildwheel/commit/643b30c796cbdb68e5364c4e6bdd210e836bda49"><code>643b30c</code></a> fix: avoid PYTHON_VERSION breaking uv if set (<a href="https://redirect.github.com/pypa/cibuildwheel/issues/2795">#2795</a>)</li> <li><a href="https://github.com/pypa/cibuildwheel/commit/fffe2ca07d4e0898a2b87bd9172a66dc0b3d3796"><code>fffe2ca</code></a> chore(deps): bump j178/prek-action from 1.1.1 to 2.0.0 in the actions group (...</li> <li><a href="https://github.com/pypa/cibuildwheel/commit/611194896a33e5c3b9f664e9c08336a24aed1dd0"><code>6111948</code></a> fix: zizmor "code injection via template expansion" (<a href="https://redirect.github.com/pypa/cibuildwheel/issues/2784">#2784</a>)</li> <li><a href="https://github.com/pypa/cibuildwheel/commit/e478767d76bd66b189a4c7be9b86b307d5db238f"><code>e478767</code></a> chore: remove some string types (<a href="https://redirect.github.com/pypa/cibuildwheel/issues/2798">#2798</a>)</li> <li><a href="https://github.com/pypa/cibuildwheel/commit/caf433b1371556dcd693666e03b28d8f3f2a1110"><code>caf433b</code></a> [Bot] Update dependencies (<a href="https://redirect.github.com/pypa/cibuildwheel/issues/2789">#2789</a>)</li> <li><a href="https://github.com/pypa/cibuildwheel/commit/a257a3f78932d0ef69997304a2840f3515c1a966"><code>a257a3f</code></a> chore: remove remaining future annotations (<a href="https://redirect.github.com/pypa/cibuildwheel/issues/2799">#2799</a>)</li> <li><a href="https://github.com/pypa/cibuildwheel/commit/6df84da3e7028a2cb008ae762b20ee9b481cf898"><code>6df84da</code></a> chore: some cleanup and checks (<a href="https://redirect.github.com/pypa/cibuildwheel/issues/2792">#2792</a>)</li> <li>Additional commits viewable in <a href="https://github.com/pypa/cibuildwheel/compare/v3.4.0...v3.4.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pypa/cibuildwheel&package-manager=github_actions&previous-version=3.4.0&new-version=3.4.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…s never retrieved" warning on disconnect during backpressure (#12326) **This is a backport of PR #12307 as merged into master (f4dc0de).** Co-authored-by: availov <51930102+availov@users.noreply.github.com>

…reset SIGCHLD handler (#12329) **This is a backport of PR #12328 as merged into master (522439a).** Co-authored-by: bahtyar <34988899+Bahtya@users.noreply.github.com>

…hmark tests (#12333) **This is a backport of PR #12330 as merged into master (fc67cfd).** Co-authored-by: Sam Bull <git@sambull.org>

**This is a backport of PR #12350 as merged into master (7eb0577).** Co-authored-by: Sam Bull <git@sambull.org>

**This is a backport of PR #12349 as merged into master (b5f1aa5).** Co-authored-by: Sam Bull <git@sambull.org>

…12355) (cherry picked from commit 0c7ce34)

(cherry picked from commit bec74bb)

…ost header (#12367) (cherry picked from commit af05010)

) **This is a backport of PR #12364 as merged into master (3f772cf).** Co-authored-by: Sam Bull <git@sambull.org>

…calization behavior (#12369) **This is a backport of PR #12202 as merged into master (07bd8c1).** Co-authored-by: Dr Alex Mitre <bedr10_capacitacion@hotmail.com>

Bumps [actions/cache](https://github.com/actions/cache) from 5.0.4 to 5.0.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/releases">actions/cache's releases</a>.</em></p> <blockquote> <h2>v5.0.5</h2> <h2>What's Changed</h2> <ul> <li>Update ts-http-runtime dependency by <a href="https://github.com/yacaovsnc"><code>@yacaovsnc</code></a> in <a href="https://redirect.github.com/actions/cache/pull/1747">actions/cache#1747</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/cache/compare/v5...v5.0.5">https://github.com/actions/cache/compare/v5...v5.0.5</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's changelog</a>.</em></p> <blockquote> <h1>Releases</h1> <h2>How to prepare a release</h2> <blockquote> <p>[!NOTE]<br /> Relevant for maintainers with write access only.</p> </blockquote> <ol> <li>Switch to a new branch from <code>main</code>.</li> <li>Run <code>npm test</code> to ensure all tests are passing.</li> <li>Update the version in <a href="https://github.com/actions/cache/blob/main/package.json"><code>https://github.com/actions/cache/blob/main/package.json</code></a>.</li> <li>Run <code>npm run build</code> to update the compiled files.</li> <li>Update this <a href="https://github.com/actions/cache/blob/main/RELEASES.md"><code>https://github.com/actions/cache/blob/main/RELEASES.md</code></a> with the new version and changes in the <code>## Changelog</code> section.</li> <li>Run <code>licensed cache</code> to update the license report.</li> <li>Run <code>licensed status</code> and resolve any warnings by updating the <a href="https://github.com/actions/cache/blob/main/.licensed.yml"><code>https://github.com/actions/cache/blob/main/.licensed.yml</code></a> file with the exceptions.</li> <li>Commit your changes and push your branch upstream.</li> <li>Open a pull request against <code>main</code> and get it reviewed and merged.</li> <li>Draft a new release <a href="https://github.com/actions/cache/releases">https://github.com/actions/cache/releases</a> use the same version number used in <code>package.json</code> <ol> <li>Create a new tag with the version number.</li> <li>Auto generate release notes and update them to match the changes you made in <code>RELEASES.md</code>.</li> <li>Toggle the set as the latest release option.</li> <li>Publish the release.</li> </ol> </li> <li>Navigate to <a href="https://github.com/actions/cache/actions/workflows/release-new-action-version.yml">https://github.com/actions/cache/actions/workflows/release-new-action-version.yml</a> <ol> <li>There should be a workflow run queued with the same version number.</li> <li>Approve the run to publish the new version and update the major tags for this action.</li> </ol> </li> </ol> <h2>Changelog</h2> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/cache/commit/27d5ce7f107fe9357f9df03efb73ab90386fccae"><code>27d5ce7</code></a> Merge pull request <a href="https://redirect.github.com/actions/cache/issues/1747">#1747</a> from actions/yacaovsnc/update-dependency</li> <li><a href="https://github.com/actions/cache/commit/f280785d7b6e1884c7d12b9136eb0f4a1574fcfd"><code>f280785</code></a> licensed changes</li> <li><a href="https://github.com/actions/cache/commit/619aeb1606e195be0b36fd0ff68dcf1aff6b65a7"><code>619aeb1</code></a> npm run build generated dist files</li> <li><a href="https://github.com/actions/cache/commit/bcf16c2893940a4899761e55c7ac3c1cf88a04f6"><code>bcf16c2</code></a> Update ts-http-runtime to 0.3.5</li> <li>See full diff in <a href="https://github.com/actions/cache/compare/v5.0.4...v5.0.5">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache&package-manager=github_actions&previous-version=5.0.4&new-version=5.0.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…wing in Server Request Handler Factory (#12370) **This is a backport of PR #12332 as merged into master (06e510b).** Signed-off-by: Trần Bách <45133811+barttran2k@users.noreply.github.com> Co-authored-by: Trần Bách <45133811+barttran2k@users.noreply.github.com> Co-authored-by: Sam Bull <git@sambull.org>

(cherry picked from commit adf7799)

(cherry picked from commit 53f6e91)

… pattern (#12396) **This is a backport of PR #12394 as merged into master (24ed3b3).** Fixes #980. Co-authored-by: nightcityblade <jackchen@haloailabs.com>

**This is a backport of PR #12350 as merged into master (7eb0577).** Co-authored-by: Sam Bull <git@sambull.org>

…std on Python 3.14 in linting deps (#12407) **This is a backport of PR #12406 as merged into master (b0601d6).** Co-authored-by: Michael Seifert <m.seifert@digitalernachschub.de>

…12385) (#12445)

Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2 to 3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/softprops/action-gh-release/releases">softprops/action-gh-release's releases</a>.</em></p> <blockquote> <h2>v3.0.0</h2> <p><code>3.0.0</code> is a major release that moves the action runtime from Node 20 to Node 24. Use <code>v3</code> on GitHub-hosted runners and self-hosted fleets that already support the Node 24 Actions runtime. If you still need the last Node 20-compatible line, stay on <code>v2.6.2</code>.</p> <h2>What's Changed</h2> <h3>Other Changes 🔄</h3> <ul> <li>Move the action runtime and bundle target to Node 24</li> <li>Update <code>@types/node</code> to the Node 24 line and allow future Dependabot updates</li> <li>Keep the floating major tag on <code>v3</code>; <code>v2</code> remains pinned to the latest <code>2.x</code> release</li> </ul> <h2>v2.6.2</h2>  <h2>What's Changed</h2> <h3>Other Changes 🔄</h3> <ul> <li>chore(deps): bump picomatch from 4.0.3 to 4.0.4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/softprops/action-gh-release/pull/775">softprops/action-gh-release#775</a></li> <li>chore(deps): bump brace-expansion from 5.0.4 to 5.0.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/softprops/action-gh-release/pull/777">softprops/action-gh-release#777</a></li> <li>chore(deps): bump vite from 8.0.0 to 8.0.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/softprops/action-gh-release/pull/781">softprops/action-gh-release#781</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/softprops/action-gh-release/compare/v2...v2.6.2">https://github.com/softprops/action-gh-release/compare/v2...v2.6.2</a></p> <h2>v2.6.1</h2> <p><code>2.6.1</code> is a patch release focused on restoring linked discussion thread creation when <code>discussion_category_name</code> is set. It fixes <code>[#764](https://github.com/softprops/action-gh-release/issues/764)</code>, where the draft-first publish flow stopped carrying the discussion category through the final publish step.</p> <p>If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.</p> <h2>What's Changed</h2> <h3>Bug fixes 🐛</h3> <ul> <li>fix: preserve discussion category on publish by <a href="https://github.com/chenrui333"><code>@chenrui333</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/765">softprops/action-gh-release#765</a></li> </ul> <h2>v2.6.0</h2> <p><code>2.6.0</code> is a minor release centered on <code>previous_tag</code> support for <code>generate_release_notes</code>, which lets workflows pin GitHub's comparison base explicitly instead of relying on the default range. It also includes the recent concurrent asset upload recovery fix, a <code>working_directory</code> docs sync, a checked-bundle freshness guard for maintainers, and clearer immutable-prerelease guidance where GitHub platform behavior imposes constraints on how prerelease asset uploads can be published.</p> <p>If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.</p> <h2>What's Changed</h2>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md">softprops/action-gh-release's changelog</a>.</em></p> <blockquote> <h2>0.1.13</h2> <ul> <li>fix issue with multiple runs concatenating release bodies <a href="https://redirect.github.com/softprops/action-gh-release/pull/145">#145</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/softprops/action-gh-release/commit/b4309332981a82ec1c5618f44dd2e27cc8bfbfda"><code>b430933</code></a> release: cut v3.0.0 for Node 24 upgrade (<a href="https://redirect.github.com/softprops/action-gh-release/issues/670">#670</a>)</li> <li><a href="https://github.com/softprops/action-gh-release/commit/c2e35e05a74208bafbfcbdae5ebc9da7236e980f"><code>c2e35e0</code></a> chore(deps): bump the npm group across 1 directory with 7 updates (<a href="https://redirect.github.com/softprops/action-gh-release/issues/783">#783</a>)</li> <li>See full diff in <a href="https://github.com/softprops/action-gh-release/compare/v2...v3">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=softprops/action-gh-release&package-manager=github_actions&previous-version=2&new-version=3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sam Bull <git@sambull.org>

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6 to 7. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's releases</a>.</em></p> <blockquote> <h2>v7.0.0</h2> <h2>v7 What's new</h2> <h3>Direct Uploads</h3> <p>Adds support for uploading single files directly (unzipped). Callers can set the new <code>archive</code> parameter to <code>false</code> to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The <code>name</code> parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.</p> <h3>ESM</h3> <p>To support new versions of the <code>@actions/*</code> packages, we've upgraded the package to ESM.</p> <h2>What's Changed</h2> <ul> <li>Add proxy integration test by <a href="https://github.com/Link"><code>@Link</code></a>- in <a href="https://redirect.github.com/actions/upload-artifact/pull/754">actions/upload-artifact#754</a></li> <li>Upgrade the module to ESM and bump dependencies by <a href="https://github.com/danwkennedy"><code>@danwkennedy</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/762">actions/upload-artifact#762</a></li> <li>Support direct file uploads by <a href="https://github.com/danwkennedy"><code>@danwkennedy</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/764">actions/upload-artifact#764</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Link"><code>@Link</code></a>- made their first contribution in <a href="https://redirect.github.com/actions/upload-artifact/pull/754">actions/upload-artifact#754</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/upload-artifact/compare/v6...v7.0.0">https://github.com/actions/upload-artifact/compare/v6...v7.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/upload-artifact/commit/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f"><code>bbbca2d</code></a> Support direct file uploads (<a href="https://redirect.github.com/actions/upload-artifact/issues/764">#764</a>)</li> <li><a href="https://github.com/actions/upload-artifact/commit/589182c5a4cec8920b8c1bce3e2fab1c97a02296"><code>589182c</code></a> Upgrade the module to ESM and bump dependencies (<a href="https://redirect.github.com/actions/upload-artifact/issues/762">#762</a>)</li> <li><a href="https://github.com/actions/upload-artifact/commit/47309c993abb98030a35d55ef7ff34b7fa1074b5"><code>47309c9</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-artifact/issues/754">#754</a> from actions/Link-/add-proxy-integration-tests</li> <li><a href="https://github.com/actions/upload-artifact/commit/02a8460834e70dab0ce194c64360c59dc1475ef0"><code>02a8460</code></a> Add proxy integration test</li> <li>See full diff in <a href="https://github.com/actions/upload-artifact/compare/v6...v7">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/upload-artifact&package-manager=github_actions&previous-version=6&new-version=7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> > **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.4 to 46.0.5. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst">cryptography's changelog</a>.</em></p> <blockquote> <p>46.0.5 - 2026-02-10</p> <pre><code> * An attacker could create a malicious public key that reveals portions of your private key when using certain uncommon elliptic curves (binary curves). This version now includes additional security checks to prevent this attack. This issue only affects binary elliptic curves, which are rarely used in real-world applications. Credit to **XlabAI Team of Tencent Xuanwu Lab and Atuin Automated Vulnerability Discovery Engine** for reporting the issue. **CVE-2026-26007** * Support for ``SECT*`` binary elliptic curves is deprecated and will be removed in the next release. <p>.. v46-0-4:<br /> </code></pre></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pyca/cryptography/commit/06e120e682cb200e3f7050c02f0bcdac90c4c6ad"><code>06e120e</code></a> bump version for 46.0.5 release (<a href="https://redirect.github.com/pyca/cryptography/issues/14289">#14289</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c"><code>0eebb9d</code></a> EC check key on cofactor > 1 (<a href="https://redirect.github.com/pyca/cryptography/issues/14287">#14287</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/bedf6e186b814f69a3f54f51252c23a71d44ed2e"><code>bedf6e1</code></a> fix openssl version on 46 branch (<a href="https://redirect.github.com/pyca/cryptography/issues/14220">#14220</a>)</li> <li>See full diff in <a href="https://github.com/pyca/cryptography/compare/46.0.4...46.0.5">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cryptography&package-manager=pip&previous-version=46.0.4&new-version=46.0.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> > **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sam Bull <git@sambull.org>

Bumps [imagesize](https://github.com/shibukawa/imagesize_py) from 1.4.1 to 1.5.0. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/shibukawa/imagesize_py/commit/0e23feed1bdcdb2c1cb471bdb747bdeeb46d5601"><code>0e23fee</code></a> bump version to 1.5.0</li> <li><a href="https://github.com/shibukawa/imagesize_py/commit/3b791f1b3accea6966816030f6884ae1f0df6c03"><code>3b791f1</code></a> add contributors</li> <li><a href="https://github.com/shibukawa/imagesize_py/commit/fb4cbabdda4a1bfa05265a9f4579775d183e4221"><code>fb4cbab</code></a> add test for BMP</li> <li><a href="https://github.com/shibukawa/imagesize_py/commit/de454728a434b4eb39550d5e8384cc91e6491497"><code>de45472</code></a> Merge pull request <a href="https://redirect.github.com/shibukawa/imagesize_py/issues/67">#67</a> from flagman/fix-vp8x-dimensions</li> <li><a href="https://github.com/shibukawa/imagesize_py/commit/3cff760adf129a43661059a25084232000773928"><code>3cff760</code></a> Merge pull request <a href="https://redirect.github.com/shibukawa/imagesize_py/issues/65">#65</a> from fuyb1992/master</li> <li><a href="https://github.com/shibukawa/imagesize_py/commit/e59bc0347fb6ac03d18e476547c953aa7bc39a13"><code>e59bc03</code></a> Merge pull request <a href="https://redirect.github.com/shibukawa/imagesize_py/issues/60">#60</a> from ExtReMLapin/patch-2</li> <li><a href="https://github.com/shibukawa/imagesize_py/commit/44c4d1f276cf3109fca28663df5d13eebb9bdfc9"><code>44c4d1f</code></a> Merge pull request <a href="https://redirect.github.com/shibukawa/imagesize_py/issues/56">#56</a> from gremur/patch-1</li> <li><a href="https://github.com/shibukawa/imagesize_py/commit/a880db55a8395145c3de30067b2423655b324cf5"><code>a880db5</code></a> Fix VP8X WebP dimension parsing bug</li> <li><a href="https://github.com/shibukawa/imagesize_py/commit/3a6b008f06512ddb97858296dbf25ed01dcc8f23"><code>3a6b008</code></a> Update imagesize.py issuse: <a href="https://redirect.github.com/shibukawa/imagesize_py/issues/57">#57</a></li> <li><a href="https://github.com/shibukawa/imagesize_py/commit/178b3c2b07b178510b33b2f16d2de82aebbf8cf8"><code>178b3c2</code></a> added support for signed values thanks to <a href="https://github.com/marcoffee"><code>@marcoffee</code></a></li> <li>Additional commits viewable in <a href="https://github.com/shibukawa/imagesize_py/compare/1.4.1...1.5.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=imagesize&package-manager=pip&previous-version=1.4.1&new-version=1.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> > **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sam Bull <git@sambull.org>

Bumps [actions/github-script](https://github.com/actions/github-script) from 8 to 9. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/github-script/releases">actions/github-script's releases</a>.</em></p> <blockquote> <h2>v9.0.0</h2> <p><strong>New features:</strong></p> <ul> <li><strong><code>getOctokit</code> factory function</strong> — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See <a href="https://github.com/actions/github-script#creating-additional-clients-with-getoctokit">Creating additional clients with <code>getOctokit</code></a> for details and examples.</li> <li><strong>Orchestration ID in user-agent</strong> — The <code>ACTIONS_ORCHESTRATION_ID</code> environment variable is automatically appended to the user-agent string for request tracing.</li> </ul> <p><strong>Breaking changes:</strong></p> <ul> <li><strong><code>require('@actions/github')</code> no longer works in scripts.</strong> The upgrade to <code>@actions/github</code> v9 (ESM-only) means <code>require('@actions/github')</code> will fail at runtime. If you previously used patterns like <code>const { getOctokit } = require('@actions/github')</code> to create secondary clients, use the new injected <code>getOctokit</code> function instead — it's available directly in the script context with no imports needed.</li> <li><code>getOctokit</code> is now an injected function parameter. Scripts that declare <code>const getOctokit = ...</code> or <code>let getOctokit = ...</code> will get a <code>SyntaxError</code> because JavaScript does not allow <code>const</code>/<code>let</code> redeclaration of function parameters. Use the injected <code>getOctokit</code> directly, or use <code>var getOctokit = ...</code> if you need to redeclare it.</li> <li>If your script accesses other <code>@actions/github</code> internals beyond the standard <code>github</code>/<code>octokit</code> client, you may need to update those references for v9 compatibility.</li> </ul> <h2>What's Changed</h2> <ul> <li>Add ACTIONS_ORCHESTRATION_ID to user-agent string by <a href="https://github.com/Copilot"><code>@Copilot</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/695">actions/github-script#695</a></li> <li>ci: use deployment: false for integration test environments by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/712">actions/github-script#712</a></li> <li>feat!: add getOctokit to script context, upgrade <code>@actions/github</code> v9, <code>@octokit/core</code> v7, and related packages by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/700">actions/github-script#700</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Copilot"><code>@Copilot</code></a> made their first contribution in <a href="https://redirect.github.com/actions/github-script/pull/695">actions/github-script#695</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/github-script/compare/v8.0.0...v9.0.0">https://github.com/actions/github-script/compare/v8.0.0...v9.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/github-script/commit/3a2844b7e9c422d3c10d287c895573f7108da1b3"><code>3a2844b</code></a> Merge pull request <a href="https://redirect.github.com/actions/github-script/issues/700">#700</a> from actions/salmanmkc/expose-getoctokit + prepare re...</li> <li><a href="https://github.com/actions/github-script/commit/ca10bbdd1a7739de09e99a200c7a59f5d73a4079"><code>ca10bbd</code></a> fix: use <code>@octokit/core/</code>types import for v7 compatibility</li> <li><a href="https://github.com/actions/github-script/commit/86e48e20ac85c970ed1f96e718fd068173948b7b"><code>86e48e2</code></a> merge: incorporate main branch changes</li> <li><a href="https://github.com/actions/github-script/commit/c1084728b5b935ec4ddc1e4cee877b01797b3ff9"><code>c108472</code></a> chore: rebuild dist for v9 upgrade and getOctokit factory</li> <li><a href="https://github.com/actions/github-script/commit/afff112e4f8b57c718168af75b89ce00bc8d091d"><code>afff112</code></a> Merge pull request <a href="https://redirect.github.com/actions/github-script/issues/712">#712</a> from actions/salmanmkc/deployment-false + fix user-ag...</li> <li><a href="https://github.com/actions/github-script/commit/ff8117e5b78c415f814f39ad6998f424fee7b817"><code>ff8117e</code></a> ci: fix user-agent test to handle orchestration ID</li> <li><a href="https://github.com/actions/github-script/commit/81c6b7876079abe10ff715951c9fc7b3e1ab389d"><code>81c6b78</code></a> ci: use deployment: false to suppress deployment noise from integration tests</li> <li><a href="https://github.com/actions/github-script/commit/3953caf8858d318f37b6cc53a9f5708859b5a7b7"><code>3953caf</code></a> docs: update README examples from <a href="https://github.com/v8"><code>@v8</code></a> to <a href="https://github.com/v9"><code>@v9</code></a>, add getOctokit docs and v9 brea...</li> <li><a href="https://github.com/actions/github-script/commit/c17d55b90dcdb3d554d0027a6c180a7adc2daf78"><code>c17d55b</code></a> ci: add getOctokit integration test job</li> <li><a href="https://github.com/actions/github-script/commit/a047196d9a02fe92098771cafbb98c2f1814e408"><code>a047196</code></a> test: add getOctokit integration tests via callAsyncFunction</li> <li>Additional commits viewable in <a href="https://github.com/actions/github-script/compare/v8...v9">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/github-script&package-manager=github_actions&previous-version=8&new-version=9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sam Bull <git@sambull.org>

Bumps [multidict](https://github.com/aio-libs/multidict) from 6.7.0 to 6.7.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/aio-libs/multidict/releases">multidict's releases</a>.</em></p> <blockquote> <h2>6.7.1</h2> <h2>Bug fixes</h2> <ul> <li> <p>Fixed slow memory leak caused by identity by adding <code>Py_DECREF</code> to identity value before leaving <code>md_pop_one</code> on success -- by :user:<code>Vizonex</code>.</p> <p><em>Related issues and pull requests on GitHub:</em> <a href="https://redirect.github.com/aio-libs/multidict/issues/1284">#1284</a>.</p> </li> </ul> <hr /> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/aio-libs/multidict/blob/master/CHANGES.rst">multidict's changelog</a>.</em></p> <blockquote> <h1>6.7.1</h1> <p><em>(2026-01-25)</em></p> <h2>Bug fixes</h2> <ul> <li> <p>Fixed slow memory leak caused by identity by adding <code>Py_DECREF</code> to identity value before leaving <code>md_pop_one</code> on success -- by :user:<code>Vizonex</code>.</p> <p><em>Related issues and pull requests on GitHub:</em> :issue:<code>1284</code>.</p> </li> </ul> <hr /> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/aio-libs/multidict/commit/39d3c322f6a9e824beee9b6f178e3166205f0f59"><code>39d3c32</code></a> Release 6.7.1 (<a href="https://redirect.github.com/aio-libs/multidict/issues/1289">#1289</a>)</li> <li><a href="https://github.com/aio-libs/multidict/commit/77bb95e83c226c3557015d055a1ce4a29889d49e"><code>77bb95e</code></a> Fix memory leak caused by identity when default value is inplace (<a href="https://redirect.github.com/aio-libs/multidict/issues/1284">#1284</a>)</li> <li><a href="https://github.com/aio-libs/multidict/commit/87dd4a49a5e8d5b01a8d801cac0c92984726f411"><code>87dd4a4</code></a> Bump dependabot/fetch-metadata from 2.4.0 to 2.5.0 (<a href="https://redirect.github.com/aio-libs/multidict/issues/1287">#1287</a>)</li> <li><a href="https://github.com/aio-libs/multidict/commit/6c764124a79da8f700faa1e3638311c58828947e"><code>6c76412</code></a> Bump actions/cache from 4 to 5 (<a href="https://redirect.github.com/aio-libs/multidict/issues/1275">#1275</a>)</li> <li><a href="https://github.com/aio-libs/multidict/commit/b91a033a29f360e76a8a24b92d50120d9cd08065"><code>b91a033</code></a> Bump actions/upload-artifact from 4 to 6 (<a href="https://redirect.github.com/aio-libs/multidict/issues/1277">#1277</a>)</li> <li><a href="https://github.com/aio-libs/multidict/commit/84bf82c0e2ec68919e7f3b7c5c7388a82f4737ee"><code>84bf82c</code></a> Bump psutil from 7.1.3 to 7.2.1 (<a href="https://redirect.github.com/aio-libs/multidict/issues/1279">#1279</a>)</li> <li><a href="https://github.com/aio-libs/multidict/commit/3f7b3cec6a5c23a100d972a667e7f67b84809bb3"><code>3f7b3ce</code></a> Bump pypa/cibuildwheel from 3.3.0 to 3.3.1 (<a href="https://redirect.github.com/aio-libs/multidict/issues/1280">#1280</a>)</li> <li><a href="https://github.com/aio-libs/multidict/commit/bbae9027cc99e23fc1ab98d97ed0adcd644c32c8"><code>bbae902</code></a> Bump sigstore/gh-action-sigstore-python from 3.1.0 to 3.2.0 (<a href="https://redirect.github.com/aio-libs/multidict/issues/1274">#1274</a>)</li> <li><a href="https://github.com/aio-libs/multidict/commit/000b5b0d25b3fc672c4226615f52a7d0cd6c2c96"><code>000b5b0</code></a> Remove follow_untyped_imports for mypy-sphinx (<a href="https://redirect.github.com/aio-libs/multidict/issues/1286">#1286</a>)</li> <li><a href="https://github.com/aio-libs/multidict/commit/3d2d63044c98c8ede9204e8a9685921763cc0d4e"><code>3d2d630</code></a> Bump actions/download-artifact from 6 to 7 (<a href="https://redirect.github.com/aio-libs/multidict/issues/1276">#1276</a>)</li> <li>Additional commits viewable in <a href="https://github.com/aio-libs/multidict/compare/v6.7.0...v6.7.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=multidict&package-manager=pip&previous-version=6.7.0&new-version=6.7.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> > **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sam Bull <git@sambull.org>

Bumps [librt](https://github.com/mypyc/librt) from 0.8.1 to 0.9.0. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/mypyc/librt/commit/8f66cfe9cb3611b32741dd5b00e9049a627d6ccb"><code>8f66cfe</code></a> Bump version to 0.9.0</li> <li><a href="https://github.com/mypyc/librt/commit/149b3698bc3f6f7724f3fe6148938d6a4bc0d421"><code>149b369</code></a> Sync mypy including extract_symbol() PR (<a href="https://redirect.github.com/mypyc/librt/issues/37">#37</a>)</li> <li><a href="https://github.com/mypyc/librt/commit/05c11113460b73eb8ecc90adf539996012510169"><code>05c1111</code></a> Use PEP 639 license metadata (<a href="https://redirect.github.com/mypyc/librt/issues/34">#34</a>)</li> <li>See full diff in <a href="https://github.com/mypyc/librt/compare/v0.8.1...v0.9.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=librt&package-manager=pip&previous-version=0.8.1&new-version=0.9.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [regex](https://github.com/mrabarnett/mrab-regex) from 2026.2.19 to 2026.2.28. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/mrabarnett/mrab-regex/blob/hg/changelog.txt">regex's changelog</a>.</em></p> <blockquote> <p>Version: 2026.2.28</p> <pre><code>Replaced atomic operations with mutex on pattern object for free-threaded Python. </code></pre> <p>Version: 2026.2.26</p> <pre><code>PR [#598](mrabarnett/mrab-regex#598): Fix race condition in storage caching with atomic operations. <p>Replaced use of PyUnicode_GET_LENGTH with PyUnicode_GetLength. </code></pre></p> <p>Version: 2026.2.19</p> <pre><code>Added \z as alias of \Z, like in re module. <p>Added prefixmatch as alias of match, like in re module. </code></pre></p> <p>Version: 2026.1.15</p> <pre><code>Re-uploaded. </code></pre> <p>Version: 2026.1.14</p> <pre><code>Git issue 596: Specifying {e<=0} causes ca 210× slow-down. <p>Added RISC-V wheels. </code></pre></p> <p>Version: 2025.11.3</p> <pre><code>Git issue 594: Support relative PARNO in recursive subpatterns. </code></pre> <p>Version: 2025.10.23</p> <pre><code>'setup.py' was missing from the source distribution. </code></pre> <p>Version: 2025.10.22</p> <pre><code>Fixed test in main.yml. </code></pre> <p>Version: 2025.10.21</p> <pre><code>Moved tests into subfolder. </code></pre> <p>Version: 2025.10.20</p> <pre><code>Re-organised files. <p>Updated to Unicode 17.0.0. </code></pre></p> <p>Version: 2025.9.20</p>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/mrabarnett/mrab-regex/commit/df2d5ac9983af6febc0c2f32aff396a06142f8cb"><code>df2d5ac</code></a> Replaced atomic operations with mutex on pattern object for free-threaded Pyt...</li> <li><a href="https://github.com/mrabarnett/mrab-regex/commit/ed3d9caf347d6be15f362111775c9ef8d4ca49b2"><code>ed3d9ca</code></a> Replaced use of PyUnicode_GET_LENGTH with PyUnicode_GetLength.</li> <li><a href="https://github.com/mrabarnett/mrab-regex/commit/28dd3e7db3a5bdbf6d7b9d9da35f4a75d842e4b2"><code>28dd3e7</code></a> Merge pull request <a href="https://redirect.github.com/mrabarnett/mrab-regex/issues/598">#598</a> from kevmo314/fix-storage-caching-race</li> <li><a href="https://github.com/mrabarnett/mrab-regex/commit/cd631d83738de110272ed99d0049ae7532b3783d"><code>cd631d8</code></a> Fix race condition in storage caching with atomic operations</li> <li>See full diff in <a href="https://github.com/mrabarnett/mrab-regex/compare/2026.2.19...2026.2.28">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=regex&package-manager=pip&previous-version=2026.2.19&new-version=2026.2.28)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> > **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sam Bull <git@sambull.org>

**This is a backport of PR #12737 as merged into master (05129a0).** Co-authored-by: Sam Bull <git@sambull.org>

#12740) **This is a backport of PR #12739 as merged into master (b3f2ff4).** Co-authored-by: Sam Bull <git@sambull.org>

…a past the first gzip member (#12745) **This is a backport of PR #12674 as merged into master (e8832ae).** Co-authored-by: Ashutosh Kumar Singh <144926351+Ashutosh-177@users.noreply.github.com>

(cherry picked from commit 1e14d35)

…ibrary list (#12749) **This is a backport of PR #12727 as merged into master (269f03b).** Co-authored-by: Pablo Nicolás Estevez <pablo22estevez@gmail.com>

… from docs (#12750) **This is a backport of PR #12726 as merged into master (e3a6714).** Co-authored-by: Pablo Nicolás Estevez <pablo22estevez@gmail.com>

**This is a backport of PR #12751 as merged into master (af3e950).** Co-authored-by: Sam Bull <git@sambull.org>

…es to show expected vs received bytes (#12755) **This is a backport of PR #12753 as merged into master (eeb21d0).** Co-authored-by: Sam Bull <git@sambull.org>

**This is a backport of PR #12754 as merged into master (0d864ff).** Co-authored-by: Sam Bull <git@sambull.org>

Bumps [pip](https://github.com/pypa/pip) from 26.1.1 to 26.1.2. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>26.1.2 (2026-05-31)</h1> <h2>Bug Fixes</h2> <ul> <li>Reject <code>console_scripts</code> and <code>gui_scripts</code> entry points whose name would install a script outside the scripts directory. (<code>[#14000](pypa/pip#14000) <https://github.com/pypa/pip/issues/14000></code>_)</li> <li>Fix installation incorrectly failing when the target path contains a doubled slash, such as with <code>pip install --root //...</code>. (<code>[#14001](pypa/pip#14001) <https://github.com/pypa/pip/issues/14001></code>_)</li> <li>Send a consistent <code>Accept-Encoding</code> header to avoid a spurious <code>Cache entry deserialization failed</code> warning. (<code>[#14012](pypa/pip#14012) <https://github.com/pypa/pip/issues/14012></code>_)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/31d7d168953668aad85154d6121879d07fbeac27"><code>31d7d16</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/79f348c86a149adec5a9852788dcc13114b29d3c"><code>79f348c</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/237a9258813636b7b1ead05e2cb0d509b44f67ee"><code>237a925</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/14001">#14001</a> from notatallshaw/fix-is-within-directory</li> <li><a href="https://github.com/pypa/pip/commit/34d0285d548bbd644bfabfede2dfabed23c240db"><code>34d0285</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/14006">#14006</a> from laymonage/fix-requirements_from_scripts-space-...</li> <li><a href="https://github.com/pypa/pip/commit/09d3e07066c56e20b4ab2b3133e29f02f19be5e9"><code>09d3e07</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/14012">#14012</a> from notatallshaw/stable-accept-encoding</li> <li><a href="https://github.com/pypa/pip/commit/fa7854f6b37113a2c4698cdde902e1fcc9bebdd5"><code>fa7854f</code></a> Use is_within_directory for entry point check</li> <li><a href="https://github.com/pypa/pip/commit/d01b46c273e08bf4299feb81899c9bd0b3e7029b"><code>d01b46c</code></a> NEWS ENTRY</li> <li><a href="https://github.com/pypa/pip/commit/7ff8bdd81ec5edca2bebf78ad8506dda710d6af5"><code>7ff8bdd</code></a> Fix is_within_directory for doubled-slash roots</li> <li><a href="https://github.com/pypa/pip/commit/7ea3466fb51ccc729e67ea85809df5a4dda1987b"><code>7ea3466</code></a> NEWS ENTRY</li> <li><a href="https://github.com/pypa/pip/commit/85673eaa109f343658f9904f4045ff009378ae08"><code>85673ea</code></a> Fix Accept-Encoding to gzip, deflate</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/26.1.1...26.1.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=26.1.1&new-version=26.1.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [pytest](https://github.com/pytest-dev/pytest) from 9.0.2 to 9.0.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pytest-dev/pytest/releases">pytest's releases</a>.</em></p> <blockquote> <h2>9.0.3</h2> <h1>pytest 9.0.3 (2026-04-07)</h1> <h2>Bug fixes</h2> <ul> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/12444">#12444</a>: Fixed <code>pytest.approx</code> which now correctly takes into account <code>~collections.abc.Mapping</code> keys order to compare them.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/13634">#13634</a>: Blocking a <code>conftest.py</code> file using the <code>-p no:</code> option is now explicitly disallowed.</p> <p>Previously this resulted in an internal assertion failure during plugin loading.</p> <p>Pytest now raises a clear <code>UsageError</code> explaining that conftest files are not plugins and cannot be disabled via <code>-p</code>.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/13734">#13734</a>: Fixed crash when a test raises an exceptiongroup with <code>__tracebackhide__ = True</code>.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/14195">#14195</a>: Fixed an issue where non-string messages passed to unittest.TestCase.subTest() were not printed.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/14343">#14343</a>: Fixed use of insecure temporary directory (CVE-2025-71176).</p> </li> </ul> <h2>Improved documentation</h2> <ul> <li><a href="https://redirect.github.com/pytest-dev/pytest/issues/13388">#13388</a>: Clarified documentation for <code>-p</code> vs <code>PYTEST_PLUGINS</code> plugin loading and fixed an incorrect <code>-p</code> example.</li> <li><a href="https://redirect.github.com/pytest-dev/pytest/issues/13731">#13731</a>: Clarified that capture fixtures (e.g. <code>capsys</code> and <code>capfd</code>) take precedence over the <code>-s</code> / <code>--capture=no</code> command-line options in <code>Accessing captured output from a test function <accessing-captured-output></code>.</li> <li><a href="https://redirect.github.com/pytest-dev/pytest/issues/14088">#14088</a>: Clarified that the default <code>pytest_collection</code> hook sets <code>session.items</code> before it calls <code>pytest_collection_finish</code>, not after.</li> <li><a href="https://redirect.github.com/pytest-dev/pytest/issues/14255">#14255</a>: TOML integer log levels must be quoted: Updating reference documentation.</li> </ul> <h2>Contributor-facing changes</h2> <ul> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/12689">#12689</a>: The test reports are now published to Codecov from GitHub Actions. The test statistics is visible <a href="https://app.codecov.io/gh/pytest-dev/pytest/tests">on the web interface</a>.</p> <p>-- by <code>aleguy02</code></p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e"><code>a7d58d7</code></a> Prepare release version 9.0.3</li> <li><a href="https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22"><code>089d981</code></a> Merge pull request <a href="https://redirect.github.com/pytest-dev/pytest/issues/14366">#14366</a> from bluetech/revert-14193-backport</li> <li><a href="https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac"><code>8127eaf</code></a> Revert "Fix: assertrepr_compare respects dict insertion order (<a href="https://redirect.github.com/pytest-dev/pytest/issues/14050">#14050</a>) (<a href="https://redirect.github.com/pytest-dev/pytest/issues/14193">#14193</a>)"</li> <li><a href="https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241"><code>99a7e60</code></a> Merge pull request <a href="https://redirect.github.com/pytest-dev/pytest/issues/14363">#14363</a> from pytest-dev/patchback/backports/9.0.x/95d8423bd...</li> <li><a href="https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95"><code>ddee02a</code></a> Merge pull request <a href="https://redirect.github.com/pytest-dev/pytest/issues/14343">#14343</a> from bluetech/cve-2025-71176-simple</li> <li><a href="https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619"><code>74eac69</code></a> doc: Update training info (<a href="https://redirect.github.com/pytest-dev/pytest/issues/14298">#14298</a>) (<a href="https://redirect.github.com/pytest-dev/pytest/issues/14301">#14301</a>)</li> <li><a href="https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869"><code>f92dee7</code></a> Merge pull request <a href="https://redirect.github.com/pytest-dev/pytest/issues/14267">#14267</a> from pytest-dev/patchback/backports/9.0.x/d6fa26c62...</li> <li><a href="https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439"><code>7ee58ac</code></a> Merge pull request <a href="https://redirect.github.com/pytest-dev/pytest/issues/12378">#12378</a> from Pierre-Sassoulas/fix-implicit-str-concat-and-d...</li> <li><a href="https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8"><code>37da870</code></a> Merge pull request <a href="https://redirect.github.com/pytest-dev/pytest/issues/14259">#14259</a> from mitre88/patch-4 (<a href="https://redirect.github.com/pytest-dev/pytest/issues/14268">#14268</a>)</li> <li><a href="https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed"><code>c34bfa3</code></a> Add explanation for string context diffs (<a href="https://redirect.github.com/pytest-dev/pytest/issues/14257">#14257</a>) (<a href="https://redirect.github.com/pytest-dev/pytest/issues/14266">#14266</a>)</li> <li>Additional commits viewable in <a href="https://github.com/pytest-dev/pytest/compare/9.0.2...9.0.3">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [packaging](https://github.com/pypa/packaging) from 26.0 to 26.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pypa/packaging/releases">packaging's releases</a>.</em></p> <blockquote> <h2>26.2</h2> <h2>What's Changed</h2> <p>Fixes:</p> <ul> <li>Fix incorrect sysconfig var name for pyemscripten by <a href="https://github.com/ryanking13"><code>@ryanking13</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1160">pypa/packaging#1160</a></li> <li>Make <code>Version</code>, <code>Specifier</code>, <code>SpecifierSet</code>, <code>Tag</code>, <code>Marker</code>, and <code>Requirement</code> pickle-safe and backward-compatible with pickles created in 25.0-26.1 (including references to the removed <code>packaging._structures</code> module) by <a href="https://github.com/eachimei"><code>@eachimei</code></a> and <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1163">pypa/packaging#1163</a>, <a href="https://redirect.github.com/pypa/packaging/pull/1168">pypa/packaging#1168</a>, <a href="https://redirect.github.com/pypa/packaging/pull/1170">pypa/packaging#1170</a>, and <a href="https://redirect.github.com/pypa/packaging/pull/1171">pypa/packaging#1171</a></li> <li>fix: re-export ExceptionGroup for now by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1164">pypa/packaging#1164</a></li> </ul> <p>Documentation:</p> <ul> <li>docs: add errors section and fix missing details by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1159">pypa/packaging#1159</a></li> <li>docs(dev): document property-based test suite by <a href="https://github.com/r266-tech"><code>@r266-tech</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1167">pypa/packaging#1167</a></li> <li>Fix typo in DirectUrl documentation by <a href="https://github.com/sbidoul"><code>@sbidoul</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1169">pypa/packaging#1169</a></li> <li>docs(specifiers): add is_unsatisfiable() usage example by <a href="https://github.com/r266-tech"><code>@r266-tech</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1166">pypa/packaging#1166</a></li> </ul> <p>Internal:</p> <ul> <li>Enable the auditor persona on zizmor by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1158">pypa/packaging#1158</a></li> <li>Test new pickle guarantees by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1174">pypa/packaging#1174</a></li> <li>Use native uv integration in rtd by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1175">pypa/packaging#1175</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/ryanking13"><code>@ryanking13</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/packaging/pull/1160">pypa/packaging#1160</a></li> <li><a href="https://github.com/eachimei"><code>@eachimei</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/packaging/pull/1163">pypa/packaging#1163</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/pypa/packaging/compare/26.1...26.2">https://github.com/pypa/packaging/compare/26.1...26.2</a></p> <h2>26.1</h2> <p>Features:</p> <ul> <li><del>PEP 783: add handling for Emscripten wheel tags by <a href="https://github.com/hoodmane"><code>@hoodmane</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/804">pypa/packaging#804</a></del> (old name used in implementation, will be fixed in next release)</li> <li>PEP 803: add handling for the <code>abi3.abi3t</code> free-threading tag by <a href="https://github.com/ngoldbaum"><code>@ngoldbaum</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1099">pypa/packaging#1099</a></li> <li>PEP 723: add <code>packaging.dependency_groups</code> module, based on the <code>dependency-groups</code> package by <a href="https://github.com/sirosen"><code>@sirosen</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1065">pypa/packaging#1065</a></li> <li>Add the <code>packaging.direct_url</code> module by <a href="https://github.com/sbidoul"><code>@sbidoul</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/944">pypa/packaging#944</a></li> <li>Add the <code>packaging.errors</code> module by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1071">pypa/packaging#1071</a></li> <li>Add <code>SpecifierSet.is_unsatisfiable</code> using ranges (new internals that will be expanded in future versions) by <a href="https://github.com/notatallshaw"><code>@notatallshaw</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1119">pypa/packaging#1119</a></li> <li>Add <code>create_compatible_tags_selector</code> to select compatible tags by <a href="https://github.com/sbidoul"><code>@sbidoul</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1110">pypa/packaging#1110</a></li> <li>Add a <code>key</code> argument to <code>SpecifierSet.filter()</code> by <a href="https://github.com/frostming"><code>@frostming</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1068">pypa/packaging#1068</a></li> <li>Support <code>&</code> and <code>|</code> for <code>Marker</code>'s by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1146">pypa/packaging#1146</a></li> <li>Normalize <code>Version.__replace__</code> and add <code>Version.from_parts</code> by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1078">pypa/packaging#1078</a></li> <li>Add an option to validate compressed tag set sort order in <code>parse_wheel_filename</code> by <a href="https://github.com/r266-tech"><code>@r266-tech</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1150">pypa/packaging#1150</a></li> </ul> <p>Behavior adaptations:</p> <ul> <li>Narrow exclusion of pre-releases for <code><V.postN</code> to match spec by <a href="https://github.com/notatallshaw"><code>@notatallshaw</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1140">pypa/packaging#1140</a></li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/packaging/blob/main/CHANGELOG.rst">packaging's changelog</a>.</em></p> <blockquote> <p>26.2 - 2026-04-24</p> <pre><code> Fixes: <ul> <li>Fix incorrect sysconfig var name for pyemscripten in (:pull:<code>1160</code>)</li> <li>Make <code>Version</code>, <code>Specifier</code>, <code>SpecifierSet</code>, <code>Tag</code>, <code>Marker</code>, and <code>Requirement</code> pickle-safe<br /> and backward-compatible with pickles created in 25.0-26.1 (including references to the removed<br /> <code>packaging._structures</code> module) (:pull:<code>1163</code>, :pull:<code>1168</code>, :pull:<code>1170</code>, :pull:<code>1171</code>)</li> <li>Re-export <code>ExceptionGroup</code> in metadata for now in (:pull:<code>1164</code>)</li> </ul> <p>Documentation:</p> <ul> <li>Add errors section and fix missing details in (:pull:<code>1159</code>)</li> <li>Document our property-based test suite in (:pull:<code>1167</code>)</li> <li>Fix a <code>DirectUrl</code> typo in (:pull:<code>1169</code>)</li> <li>Add example of <code>is_unsatisfiable</code> in (:pull:<code>1166</code>)</li> </ul> <p>Internal:</p> <ul> <li>Enable the auditor persona on zizmor in (:pull:<code>1158</code>)</li> <li>Test new pickle guarantees in (:pull:<code>1174</code>)</li> <li>Use new native ReadTheDocs uv integration in (:pull:<code>1175</code>)</li> </ul> <p>26.1 - 2026-04-14<br /> </code></pre></p> <p>Features:</p> <ul> <li>PEP 783: add handling for Emscripten wheel tags in (:pull:<code>804</code>) (old name used in implementation, fixed in next release)</li> <li>PEP 803: add handling for the <code>abi3.abi3t</code> free-threading tag in (:pull:<code>1099</code>)</li> <li>PEP 723: add <code>packaging.dependency_groups</code> module, based on the <code>dependency-groups</code> package in (:pull:<code>1065</code>)</li> <li>Add the <code>packaging.direct_url</code> module in (:pull:<code>944</code>)</li> <li>Add the <code>packaging.errors</code> module in (:pull:<code>1071</code>)</li> <li>Add <code>SpecifierSet.is_unsatisfiable</code> using ranges (new internals that will be expanded in future versions) in (:pull:<code>1119</code>)</li> <li>Add <code>create_compatible_tags_selector</code> to select compatible tags in (:pull:<code>1110</code>)</li> <li>Add a <code>key</code> argument to <code>SpecifierSet.filter()</code> in (:pull:<code>1068</code>)</li> <li>Support <code>&</code> and <code>|</code> for <code>Marker</code>'s in (:pull:<code>1146</code>)</li> <li>Normalize <code>Version.__replace__</code> and add <code>Version.from_parts</code> in (:pull:<code>1078</code>)</li> <li>Add an option to validate compressed tag set sort order in <code>parse_wheel_filename</code> in (:pull:<code>1150</code>)</li> </ul> <p>Behavior adaptations:</p> <ul> <li>Narrow exclusion of pre-releases for <code><V.postN</code> to match spec in (:pull:<code>1140</code>)</li> <li>Narrow exclusion of post-releases for <code>>V</code> to match spec in (:pull:<code>1141</code>)</li> <li>Rename <code>format_full_version</code> to <code>_format_full_version</code> to make it visibly private in (:pull:<code>1125</code>)</li> <li>Restrict local version to ASCII in (:pull:<code>1102</code>)</li> </ul> <p>Pylock (PEP 751) updates:</p>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/packaging/commit/84a87ee42483d7352f9502d78a9553da8859aa7a"><code>84a87ee</code></a> Bump for release</li> <li><a href="https://github.com/pypa/packaging/commit/4a616b65bed23c8c6d58e6b0fc1a4434d4ff1f14"><code>4a616b6</code></a> docs: a few more updates to prepare for 26.2 (<a href="https://redirect.github.com/pypa/packaging/issues/1176">#1176</a>)</li> <li><a href="https://github.com/pypa/packaging/commit/9de6f44f1e82d4595edf3aad1c4f6f98c85935a0"><code>9de6f44</code></a> ci: use native uv integration in rtd (<a href="https://redirect.github.com/pypa/packaging/issues/1175">#1175</a>)</li> <li><a href="https://github.com/pypa/packaging/commit/bc76e14debd1a2799d1ca8f9d9c9823f35bfa466"><code>bc76e14</code></a> chore: update changelog for 26.2 (<a href="https://redirect.github.com/pypa/packaging/issues/1161">#1161</a>)</li> <li><a href="https://github.com/pypa/packaging/commit/3f00091c08f0aa830e33ed7db00f16f11c8ac97f"><code>3f00091</code></a> tests: add a pickle check (<a href="https://redirect.github.com/pypa/packaging/issues/1174">#1174</a>)</li> <li><a href="https://github.com/pypa/packaging/commit/48a8a069805291186522de3eff73ea80a8ca96ad"><code>48a8a06</code></a> fix: make Requirements/Markers pickle-safe (<a href="https://redirect.github.com/pypa/packaging/issues/1171">#1171</a>)</li> <li><a href="https://github.com/pypa/packaging/commit/823b44ed1f904084a77ae3adf0ef130af6365f84"><code>823b44e</code></a> fix: make Tags pickle-safe (<a href="https://redirect.github.com/pypa/packaging/issues/1170">#1170</a>)</li> <li><a href="https://github.com/pypa/packaging/commit/4bed32d920ca7211dd65fdf0a1ee06376e9c4733"><code>4bed32d</code></a> fix: make Specifier / SpecifierSet pickle-safe (<a href="https://redirect.github.com/pypa/packaging/issues/1168">#1168</a>)</li> <li><a href="https://github.com/pypa/packaging/commit/963118e37caae97bc8b72f72956c7fb4ca9857ec"><code>963118e</code></a> fix: re-export ExceptionGroup for now (<a href="https://redirect.github.com/pypa/packaging/issues/1164">#1164</a>)</li> <li><a href="https://github.com/pypa/packaging/commit/66e34a80256c96dea11da143682950c84b8133bb"><code>66e34a8</code></a> docs(specifiers): add is_unsatisfiable() usage example (<a href="https://redirect.github.com/pypa/packaging/issues/1166">#1166</a>)</li> <li>Additional commits viewable in <a href="https://github.com/pypa/packaging/compare/26.0...26.2">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [pytest-cov](https://github.com/pytest-dev/pytest-cov) from 7.0.0 to 7.1.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst">pytest-cov's changelog</a>.</em></p> <blockquote> <h2>7.1.0 (2026-03-21)</h2> <ul> <li> <p>Fixed total coverage computation to always be consistent, regardless of reporting settings. Previously some reports could produce different total counts, and consequently can make --cov-fail-under behave different depending on reporting options. See <code>[#641](pytest-dev/pytest-cov#641) <https://github.com/pytest-dev/pytest-cov/issues/641></code>_.</p> </li> <li> <p>Improve handling of ResourceWarning from sqlite3.</p> <p>The plugin adds warning filter for sqlite3 <code>ResourceWarning</code> unclosed database (since 6.2.0). It checks if there is already existing plugin for this message by comparing filter regular expression. When filter is specified on command line the message is escaped and does not match an expected message. A check for an escaped regular expression is added to handle this case.</p> <p>With this fix one can suppress <code>ResourceWarning</code> from sqlite3 from command line::</p> <p>pytest -W "ignore:unclosed database in <sqlite3.Connection object at:ResourceWarning" ...</p> </li> <li> <p>Various improvements to documentation. Contributed by Art Pelling in <code>[#718](pytest-dev/pytest-cov#718) <https://github.com/pytest-dev/pytest-cov/pull/718></code>_ and "vivodi" in <code>[#738](pytest-dev/pytest-cov#738) <https://github.com/pytest-dev/pytest-cov/pull/738></code><em>. Also closed <code>[#736](pytest-dev/pytest-cov#736) <https://github.com/pytest-dev/pytest-cov/issues/736></code></em>.</p> </li> <li> <p>Fixed some assertions in tests. Contributed by in Markéta Machová in <code>[#722](pytest-dev/pytest-cov#722) <https://github.com/pytest-dev/pytest-cov/pull/722></code>_.</p> </li> <li> <p>Removed unnecessary coverage configuration copying (meant as a backup because reporting commands had configuration side-effects before coverage 5.0).</p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pytest-dev/pytest-cov/commit/66c8a526b1246b5eb8fb1bc218878131bc628622"><code>66c8a52</code></a> Bump version: 7.0.0 → 7.1.0</li> <li><a href="https://github.com/pytest-dev/pytest-cov/commit/f7076624784332594aa4cb3585d4757d295db15e"><code>f707662</code></a> Make the examples use pypy 3.11.</li> <li><a href="https://github.com/pytest-dev/pytest-cov/commit/6049a7847872e3139e6c82e93787123df5dc8672"><code>6049a78</code></a> Make context test use the old ctracer (seems the new sysmon tracer behaves di...</li> <li><a href="https://github.com/pytest-dev/pytest-cov/commit/8ebf20bbbc73478b3f8fd36d30237d9ea083f06b"><code>8ebf20b</code></a> Update changelog.</li> <li><a href="https://github.com/pytest-dev/pytest-cov/commit/861d30e60d571f97259c6b718b71c819d5dbc3b9"><code>861d30e</code></a> Remove the backup context manager - shouldn't be needed since coverage 5.0, ...</li> <li><a href="https://github.com/pytest-dev/pytest-cov/commit/fd4c956014035527f0c3c8d7faef3f8cfdadac7f"><code>fd4c956</code></a> Pass the precision on the nulled total (seems that there's some caching goion...</li> <li><a href="https://github.com/pytest-dev/pytest-cov/commit/78c9c4ecb005faf4962fd86ff7bf9c9cce9554d6"><code>78c9c4e</code></a> Only run the 3.9 on older deps.</li> <li><a href="https://github.com/pytest-dev/pytest-cov/commit/4849a922e8be725c662a3d9175da571ace6545dc"><code>4849a92</code></a> Punctuation.</li> <li><a href="https://github.com/pytest-dev/pytest-cov/commit/197c35e2f37031fd1927715307ab6eed7cb3d2b7"><code>197c35e</code></a> Update changelog and hopefully I don't forget to publish release again :))</li> <li><a href="https://github.com/pytest-dev/pytest-cov/commit/14dc1c92d44108384e39803888635fdbfc578b7f"><code>14dc1c9</code></a> Update examples to use 3.11 and make the adhoc layout example look a bit more...</li> <li>Additional commits viewable in <a href="https://github.com/pytest-dev/pytest-cov/compare/v7.0.0...v7.1.0">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [idna](https://github.com/kjd/idna) from 3.17 to 3.18. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/kjd/idna/blob/master/HISTORY.md">idna's changelog</a>.</em></p> <blockquote> <h2>3.18 (2026-06-02)</h2> <ul> <li>When decoding a domain, add a <code>display</code> argument that will pass through invalid labels rather than raising an exception.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/kjd/idna/commit/f39ea903ba49eb5a0b2c6723c9a929b41ed4a0f1"><code>f39ea90</code></a> Release 3.18</li> <li><a href="https://github.com/kjd/idna/commit/40f4e407bc7452da37c24b0c112dcda9a5b299ba"><code>40f4e40</code></a> Pre-release 3.18rc0</li> <li><a href="https://github.com/kjd/idna/commit/1a5bf80f2fa40454589e6144efe5f72015ef9d24"><code>1a5bf80</code></a> Merge pull request <a href="https://redirect.github.com/kjd/idna/issues/253">#253</a> from kjd/lenient-decode</li> <li><a href="https://github.com/kjd/idna/commit/5bbb26fc86e28c4ee1434ae8ae8db76de4c2a5ac"><code>5bbb26f</code></a> Merge branch 'master' into lenient-decode</li> <li><a href="https://github.com/kjd/idna/commit/c532bae5270489cef8faf9f6b1eb70cbcb454c6d"><code>c532bae</code></a> Rename decode() lenient= option to display= (issue <a href="https://redirect.github.com/kjd/idna/issues/248">#248</a>)</li> <li><a href="https://github.com/kjd/idna/commit/0b1758ba11952a2e88fd6141ffa620409bff0580"><code>0b1758b</code></a> Merge pull request <a href="https://redirect.github.com/kjd/idna/issues/252">#252</a> from kjd/release-3.17</li> <li><a href="https://github.com/kjd/idna/commit/47b5cde6fffd1a33c4a600228152c919c6de0eb4"><code>47b5cde</code></a> Add lenient option to decode() for best-effort label recovery (issue <a href="https://redirect.github.com/kjd/idna/issues/248">#248</a>)</li> <li>See full diff in <a href="https://github.com/kjd/idna/compare/v3.17...v3.18">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=idna&package-manager=pip&previous-version=3.17&new-version=3.18)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [pytest-cov](https://github.com/pytest-dev/pytest-cov) from 7.0.0 to 7.1.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst">pytest-cov's changelog</a>.</em></p> <blockquote> <h2>7.1.0 (2026-03-21)</h2> <ul> <li> <p>Fixed total coverage computation to always be consistent, regardless of reporting settings. Previously some reports could produce different total counts, and consequently can make --cov-fail-under behave different depending on reporting options. See <code>[#641](pytest-dev/pytest-cov#641) <https://github.com/pytest-dev/pytest-cov/issues/641></code>_.</p> </li> <li> <p>Improve handling of ResourceWarning from sqlite3.</p> <p>The plugin adds warning filter for sqlite3 <code>ResourceWarning</code> unclosed database (since 6.2.0). It checks if there is already existing plugin for this message by comparing filter regular expression. When filter is specified on command line the message is escaped and does not match an expected message. A check for an escaped regular expression is added to handle this case.</p> <p>With this fix one can suppress <code>ResourceWarning</code> from sqlite3 from command line::</p> <p>pytest -W "ignore:unclosed database in <sqlite3.Connection object at:ResourceWarning" ...</p> </li> <li> <p>Various improvements to documentation. Contributed by Art Pelling in <code>[#718](pytest-dev/pytest-cov#718) <https://github.com/pytest-dev/pytest-cov/pull/718></code>_ and "vivodi" in <code>[#738](pytest-dev/pytest-cov#738) <https://github.com/pytest-dev/pytest-cov/pull/738></code><em>. Also closed <code>[#736](pytest-dev/pytest-cov#736) <https://github.com/pytest-dev/pytest-cov/issues/736></code></em>.</p> </li> <li> <p>Fixed some assertions in tests. Contributed by in Markéta Machová in <code>[#722](pytest-dev/pytest-cov#722) <https://github.com/pytest-dev/pytest-cov/pull/722></code>_.</p> </li> <li> <p>Removed unnecessary coverage configuration copying (meant as a backup because reporting commands had configuration side-effects before coverage 5.0).</p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pytest-dev/pytest-cov/commit/66c8a526b1246b5eb8fb1bc218878131bc628622"><code>66c8a52</code></a> Bump version: 7.0.0 → 7.1.0</li> <li><a href="https://github.com/pytest-dev/pytest-cov/commit/f7076624784332594aa4cb3585d4757d295db15e"><code>f707662</code></a> Make the examples use pypy 3.11.</li> <li><a href="https://github.com/pytest-dev/pytest-cov/commit/6049a7847872e3139e6c82e93787123df5dc8672"><code>6049a78</code></a> Make context test use the old ctracer (seems the new sysmon tracer behaves di...</li> <li><a href="https://github.com/pytest-dev/pytest-cov/commit/8ebf20bbbc73478b3f8fd36d30237d9ea083f06b"><code>8ebf20b</code></a> Update changelog.</li> <li><a href="https://github.com/pytest-dev/pytest-cov/commit/861d30e60d571f97259c6b718b71c819d5dbc3b9"><code>861d30e</code></a> Remove the backup context manager - shouldn't be needed since coverage 5.0, ...</li> <li><a href="https://github.com/pytest-dev/pytest-cov/commit/fd4c956014035527f0c3c8d7faef3f8cfdadac7f"><code>fd4c956</code></a> Pass the precision on the nulled total (seems that there's some caching goion...</li> <li><a href="https://github.com/pytest-dev/pytest-cov/commit/78c9c4ecb005faf4962fd86ff7bf9c9cce9554d6"><code>78c9c4e</code></a> Only run the 3.9 on older deps.</li> <li><a href="https://github.com/pytest-dev/pytest-cov/commit/4849a922e8be725c662a3d9175da571ace6545dc"><code>4849a92</code></a> Punctuation.</li> <li><a href="https://github.com/pytest-dev/pytest-cov/commit/197c35e2f37031fd1927715307ab6eed7cb3d2b7"><code>197c35e</code></a> Update changelog and hopefully I don't forget to publish release again :))</li> <li><a href="https://github.com/pytest-dev/pytest-cov/commit/14dc1c92d44108384e39803888635fdbfc578b7f"><code>14dc1c9</code></a> Update examples to use 3.11 and make the adhoc layout example look a bit more...</li> <li>Additional commits viewable in <a href="https://github.com/pytest-dev/pytest-cov/compare/v7.0.0...v7.1.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pytest-cov&package-manager=pip&previous-version=7.0.0&new-version=7.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio) from 1.3.0 to 1.4.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pytest-dev/pytest-asyncio/releases">pytest-asyncio's releases</a>.</em></p> <blockquote> <h2>pytest-asyncio v1.4.0</h2> <h1><a href="https://github.com/pytest-dev/pytest-asyncio/tree/1.4.0">1.4.0</a> - 2026-05-26</h1> <h2>Deprecated</h2> <ul> <li>Overriding the <em>event_loop_policy</em> fixture is deprecated. Use the <code>pytest_asyncio_loop_factories</code> hook instead. (<a href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/1419">#1419</a>)</li> </ul> <h2>Added</h2> <ul> <li> <p>Added the <code>pytest_asyncio_loop_factories</code> hook to parametrize asyncio tests with custom event loop factories.</p> <p>The hook returns a mapping of factory names to loop factories, and <code>pytest.mark.asyncio(loop_factories=[...])</code> selects a subset of configured factories per test. When a single factory is configured, test names are unchanged.</p> <p>Synchronous <code>@pytest_asyncio.fixture</code> functions now see the correct event loop when custom loop factories are configured, even when test code disrupts the current event loop (e.g., via <code>asyncio.run()</code> or <code>asyncio.set_event_loop(None)</code>). (<a href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/1164">#1164</a>)</p> </li> </ul> <h2>Changed</h2> <ul> <li>Improved the readability of the warning message that is displayed when <code>asyncio_default_fixture_loop_scope</code> is unset (<a href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/1298">#1298</a>)</li> <li>Only import <code>asyncio.AbstractEventLoopPolicy</code> for type checking to avoid raising a DeprecationWarning. (<a href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/1394">#1394</a>)</li> <li>Updated minimum supported pytest version to v8.4.0. (<a href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/1397">#1397</a>)</li> </ul> <h2>Fixed</h2> <ul> <li>Fixed a <code>ResourceWarning: unclosed event loop</code> warning that could occur when a synchronous test called <code>asyncio.run()</code> or otherwise unset the current event loop after pytest-asyncio had run an async test or fixture. (<a href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/724">#724</a>)</li> </ul> <h2>Notes for Downstream Packagers</h2> <ul> <li>Added dependency on <code>sphinx-tabs >= 3.5</code> to organize documentation examples into tabs. (<a href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/1395">#1395</a>)</li> </ul> <h2>pytest-asyncio v1.4.0a2</h2> <h1><a href="https://github.com/pytest-dev/pytest-asyncio/tree/1.4.0a2">1.4.0a2</a> - 2026-05-02</h1> <h2>Deprecated</h2> <ul> <li>Overriding the <em>event_loop_policy</em> fixture is deprecated. Use the <code>pytest_asyncio_loop_factories</code> hook instead. (<a href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/1419">#1419</a>)</li> </ul> <h2>Added</h2> <ul> <li> <p>Added the <code>pytest_asyncio_loop_factories</code> hook to parametrize asyncio tests with custom event loop factories.</p> <p>The hook returns a mapping of factory names to loop factories, and <code>pytest.mark.asyncio(loop_factories=[...])</code> selects a subset of configured factories per test. When a single factory is configured, test names are unchanged on pytest 8.4+.</p> <p>Synchronous <code>@pytest_asyncio.fixture</code> functions now see the correct event loop when custom loop factories are configured, even when test code disrupts the current event loop (e.g., via <code>asyncio.run()</code> or <code>asyncio.set_event_loop(None)</code>). (<a href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/1164">#1164</a>)</p> </li> </ul> <h2>Changed</h2> <ul> <li>Improved the readability of the warning message that is displayed when <code>asyncio_default_fixture_loop_scope</code> is unset (<a href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/1298">#1298</a>)</li> <li>Only import <code>asyncio.AbstractEventLoopPolicy</code> for type checking to avoid raising a DeprecationWarning. (<a href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/1394">#1394</a>)</li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pytest-dev/pytest-asyncio/commit/6e14cd2af9292dca1fa2b027a06bbc40b0e0e425"><code>6e14cd2</code></a> chore: Prepare release of v1.4.0.</li> <li><a href="https://github.com/pytest-dev/pytest-asyncio/commit/4b900fb5d0c30949c574e55dd904ee179f858a5e"><code>4b900fb</code></a> Build(deps): Bump codecov/codecov-action from 6.0.0 to 6.0.1</li> <li><a href="https://github.com/pytest-dev/pytest-asyncio/commit/ab9f63245094865c42c940a34af724b0dec1debf"><code>ab9f632</code></a> Build(deps): Bump zipp from 3.23.1 to 4.1.0</li> <li><a href="https://github.com/pytest-dev/pytest-asyncio/commit/a56fc77ecd59f781d8471b0f6a82bf58e08c95fa"><code>a56fc77</code></a> Build(deps): Bump hypothesis from 6.152.6 to 6.152.8</li> <li><a href="https://github.com/pytest-dev/pytest-asyncio/commit/e8bae9bc1f197731fc1a210c0da557af7b698e6d"><code>e8bae9b</code></a> Build(deps): Bump requests from 2.34.0 to 2.34.2</li> <li><a href="https://github.com/pytest-dev/pytest-asyncio/commit/fc433402c570fd36a7a227ef4bc3abd4579299de"><code>fc43340</code></a> Build(deps): Bump idna from 3.14 to 3.15</li> <li><a href="https://github.com/pytest-dev/pytest-asyncio/commit/762eaf5033b798b965c92afdbb2cebefa8fc3a8b"><code>762eaf5</code></a> Build(deps): Bump jaraco-functools from 4.4.0 to 4.5.0</li> <li><a href="https://github.com/pytest-dev/pytest-asyncio/commit/b62e2228c80070977baf6b77ba89d5c148af920f"><code>b62e222</code></a> Build(deps): Bump click from 8.3.3 to 8.4.0</li> <li><a href="https://github.com/pytest-dev/pytest-asyncio/commit/919044700627889d25ca63b6e7a3bc785f3137eb"><code>9190447</code></a> Build(deps): Bump pydantic from 2.13.3 to 2.13.4</li> <li><a href="https://github.com/pytest-dev/pytest-asyncio/commit/82a393c5e31b6ebbbd8ec2a8dafc5f35b9cf1236"><code>82a393c</code></a> ci: Remove unnecessary debug output.</li> <li>Additional commits viewable in <a href="https://github.com/pytest-dev/pytest-asyncio/compare/v1.3.0...v1.4.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pytest-asyncio&package-manager=pip&previous-version=1.3.0&new-version=1.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [distlib](https://github.com/pypa/distlib) from 0.4.0 to 0.4.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/distlib/blob/master/CHANGES.rst">distlib's changelog</a>.</em></p> <blockquote> <p>0.4.1</p> <pre><code> Released: 2026-06-02 <ul> <li> <p>scripts</p> <ul> <li>Fix path traversal bug in handling entry points which allowed escaping the scripts directory. Thanks to tonghuaroot for the comprehensive report.</li> </ul> </li> <li> <p>tests</p> <ul> <li>Fix <a href="https://redirect.github.com/pypa/distlib/issues/251">#251</a>: Change test function following a reorganization which happened in the Python stdlib. </code></pre></li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/distlib/commit/d562ad5aabe23dc03b22fccdf84dc01fddf0d336"><code>d562ad5</code></a> Changes for 0.4.1.</li> <li><a href="https://github.com/pypa/distlib/commit/6286442857de9f734686d08f0e59ca8048ee357a"><code>6286442</code></a> Fix <a href="https://redirect.github.com/pypa/distlib/issues/251">#251</a>: Use more appropriate function in test.</li> <li><a href="https://github.com/pypa/distlib/commit/e3b1cd6ec121058ae71a2aab08aa2a120360c872"><code>e3b1cd6</code></a> Bump version.</li> <li><a href="https://github.com/pypa/distlib/commit/da3e90aef9c2ea545ac653039dd970174b48ebd4"><code>da3e90a</code></a> Added tag 0.4.0 for changeset d31f0b340fde</li> <li>See full diff in <a href="https://github.com/pypa/distlib/compare/0.4.0...0.4.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=distlib&package-manager=pip&previous-version=0.4.0&new-version=0.4.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [click](https://github.com/pallets/click) from 8.3.1 to 8.4.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pallets/click/releases">click's releases</a>.</em></p> <blockquote> <h2>8.4.1</h2> <p>This is the Click 8.4.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.</p> <p>PyPI: <a href="https://pypi.org/project/click/8.4.1/">https://pypi.org/project/click/8.4.1/</a> Changes: <a href="https://click.palletsprojects.com/page/changes/#version-8-4-1">https://click.palletsprojects.com/page/changes/#version-8-4-1</a> Milestone: <a href="https://github.com/pallets/click/milestone/32?closed=1">https://github.com/pallets/click/milestone/32?closed=1</a></p> <ul> <li><code>get_parameter_source()</code> is available during eager callbacks and type conversion again. <a href="https://redirect.github.com/pallets/click/issues/3458">#3458</a> <a href="https://redirect.github.com/pallets/click/issues/3484">#3484</a></li> <li>Zsh completion scripts parse correctly on Windows. <a href="https://redirect.github.com/pallets/click/issues/3277">#3277</a> # 3466</li> <li>Shell completion of <code>Choice</code> <code>Enum</code> values produces a valid completion result. <a href="https://redirect.github.com/pallets/click/issues/3015">#3015</a></li> <li>Fix empty byte-string handling in echo. <a href="https://redirect.github.com/pallets/click/issues/3487">#3487</a></li> <li>Fix closed file error with <code>echo_via_pager</code>. <a href="https://redirect.github.com/pallets/click/issues/3449">#3449</a></li> </ul> <h2>8.4.0</h2> <p>This is the Click 8.4.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecation, or introduce potentially breaking changes.</p> <p>We encourage everyone to upgrade. You can read more about our <a href="https://palletsprojects.com/versions">Version Support Policy</a> on our website.</p> <p>PyPI: <a href="https://pypi.org/project/click/8.4.0/">https://pypi.org/project/click/8.4.0/</a> Changes: <a href="https://click.palletsprojects.com/page/changes/#version-8-4-0">https://click.palletsprojects.com/page/changes/#version-8-4-0</a> Milestone <a href="https://github.com/pallets/click/milestone/30">https://github.com/pallets/click/milestone/30</a></p> <ul> <li> <p><code>ParamType</code> typing improvements. <a href="https://redirect.github.com/pallets/click/issues/3371">#3371</a></p> <ul> <li>:class:<code>ParamType</code> is now a generic abstract base class, parameterized by its converted value type.</li> <li>:meth:<code>~ParamType.convert</code> return types are narrowed on all concrete types (<code>str</code> for :class:<code>STRING</code>, <code>int</code> for :class:<code>INT</code>, etc.).</li> <li>:meth:<code>~ParamType.to_info_dict</code> returns specific :class:<code>~typing.TypedDict</code> subclasses instead of <code>dict[str, Any]</code>.</li> <li>:class:<code>CompositeParamType</code> and the number-range base are now generic with abstract methods.</li> </ul> </li> <li> <p>Refactor <code>convert_type</code> to extract type inference into a private <code>_guess_type</code> helper, and add :func:<code>typing.overload</code> signatures. <a href="https://redirect.github.com/pallets/click/issues/3372">#3372</a></p> </li> <li> <p><code>Parameter</code> typing improvements. <a href="https://redirect.github.com/pallets/click/issues/2805">#2805</a></p> <ul> <li>:class:<code>Parameter</code> is now an abstract base class, making explicit that it cannot be instantiated directly.</li> <li>:attr:<code>Parameter.name</code> is now <code>str</code> instead of <code>str | None</code>. When <code>expose_value=False</code>, the name is set to <code>""</code> instead of <code>None</code>.</li> <li>The <code>ctx</code> parameter of :meth:<code>Parameter.get_error_hint</code> is now typed as <code>Context | None</code>, matching the runtime behavior.</li> </ul> </li> <li> <p>Split string values from <code>default_map</code> for parameters with <code>nargs > 1</code> or :class:<code>Tuple</code> type, matching environment variable behavior.</p> </li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pallets/click/blob/main/CHANGES.rst">click's changelog</a>.</em></p> <blockquote> <h2>Version 8.4.1</h2> <p>Released 2026-05-21</p> <ul> <li><code>get_parameter_source()</code> is available during eager callbacks and type conversion again. :issue:<code>3458</code> :issue:<code>3484</code></li> <li>Zsh completion scripts parse correctly on Windows. :issue:<code>3277</code> :pr:<code>3466</code></li> <li>Shell completion of <code>Choice</code> <code>Enum</code> values produces a valid completion result. :issue:<code>3015</code></li> <li>Fix empty byte-string handling in echo. :issue:<code>3487</code></li> <li>Fix closed file error with <code>echo_via_pager</code>. :issue:<code>3449</code></li> </ul> <h2>Version 8.4.0</h2> <p>Released 2026-05-17</p> <ul> <li> <p>:class:<code>ParamType</code> typing improvements. :pr:<code>3371</code></p> <ul> <li>:class:<code>ParamType</code> is now a generic abstract base class, parameterized by its converted value type.</li> <li>:meth:<code>~ParamType.convert</code> return types are narrowed on all concrete types (<code>str</code> for :class:<code>STRING</code>, <code>int</code> for :class:<code>INT</code>, etc.).</li> <li>:meth:<code>~ParamType.to_info_dict</code> returns specific :class:<code>~typing.TypedDict</code> subclasses instead of <code>dict[str, Any]</code>.</li> <li>:class:<code>CompositeParamType</code> and the number-range base are now generic with abstract methods.</li> </ul> </li> <li> <p>Refactor <code>convert_type</code> to extract type inference into a private <code>_guess_type</code> helper, and add :func:<code>typing.overload</code> signatures. :pr:<code>3372</code></p> </li> <li> <p>:class:<code>Parameter</code> typing improvements. :pr:<code>2805</code></p> <ul> <li>:class:<code>Parameter</code> is now an abstract base class, making explicit that it cannot be instantiated directly.</li> <li>:attr:<code>Parameter.name</code> is now <code>str</code> instead of <code>str | None</code>. When <code>expose_value=False</code>, the name is set to <code>""</code> instead of <code>None</code>.</li> <li>The <code>ctx</code> parameter of :meth:<code>Parameter.get_error_hint</code> is now typed as <code>Context | None</code>, matching the runtime behavior.</li> </ul> </li> <li> <p>Split string values from <code>default_map</code> for parameters with <code>nargs > 1</code> or :class:<code>Tuple</code> type, matching environment variable behavior. :issue:<code>2745</code> :pr:<code>3364</code></p> </li> <li> <p>Auto-detect <code>type=UNPROCESSED</code> for <code>flag_value</code> of non-basic types (not <code>str</code>, <code>int</code>, <code>float</code>, or <code>bool</code>), so programmer-provided Python objects like classes and enum members are passed through unchanged instead of being stringified. Previously <code>type=click.UNPROCESSED</code> had to be set explicitly. :issue:<code>2012</code> :pr:<code>3363</code></p> </li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pallets/click/commit/6eeb50e948ea136db145280f6f5dd52eca3fa7e5"><code>6eeb50e</code></a> release version 8.4.1</li> <li><a href="https://github.com/pallets/click/commit/67921d5b71584112eebcbf89596b5f0e6d14c49f"><code>67921d5</code></a> change log and doc fixes (<a href="https://redirect.github.com/pallets/click/issues/3495">#3495</a>)</li> <li><a href="https://github.com/pallets/click/commit/9c41f46a4015700489ad009266edf1f3893d01d1"><code>9c41f46</code></a> Fix changelog and version admonitions</li> <li><a href="https://github.com/pallets/click/commit/6cb34774f20598aa288332f8da02c5aee85448a6"><code>6cb3477</code></a> fix skip condition</li> <li><a href="https://github.com/pallets/click/commit/5ee8e3123d8ddece6c47eff9a7a7d4ca478c4f37"><code>5ee8e31</code></a> fix I/O operation on closed file error with CliRunner and echo_via_pager (<a href="https://redirect.github.com/pallets/click/issues/3482">#3482</a>)</li> <li><a href="https://github.com/pallets/click/commit/becbde5cf416441627f779e8dd34e57738ee1c1f"><code>becbde5</code></a> pager doesn't close std streams</li> <li><a href="https://github.com/pallets/click/commit/a5f5aa6d4012d256ccca24638f2642fc371e9f77"><code>a5f5aa6</code></a> Handle empty bytes in echo (<a href="https://redirect.github.com/pallets/click/issues/3493">#3493</a>)</li> <li><a href="https://github.com/pallets/click/commit/4d3db84b251518e97299a38a5ca4bab3d01873a2"><code>4d3db84</code></a> handle empty bytes in echo</li> <li><a href="https://github.com/pallets/click/commit/d42f15b71757de791a5781fb179fd972da9169f5"><code>d42f15b</code></a> Fix <code>get_parameter_source()</code> during type conversion and eager callbacks (<a href="https://redirect.github.com/pallets/click/issues/3484">#3484</a>)</li> <li><a href="https://github.com/pallets/click/commit/0baa8db07736fc7ad3d3eed97d4c73b0059c63e1"><code>0baa8db</code></a> Document ctx.params bypass with test and doc</li> <li>Additional commits viewable in <a href="https://github.com/pallets/click/compare/8.3.1...8.4.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=click&package-manager=pip&previous-version=8.3.1&new-version=8.4.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

bdraco and others added 30 commits March 31, 2026 12:07

Incremnet version to 3.13.5.dev0

83a85fa

[PR #12307/f4dc0dee backport][3.14] Fix spurious "Future exception wa…

d20f8d6

…s never retrieved" warning on disconnect during backpressure (#12326) **This is a backport of PR #12307 as merged into master (f4dc0de).** Co-authored-by: availov <51930102+availov@users.noreply.github.com>

[PR #12328/522439ac backport][3.14] Fix GunicornWebWorker failing to …

2acea2d

…reset SIGCHLD handler (#12329) **This is a backport of PR #12328 as merged into master (522439a).** Co-authored-by: bahtyar <34988899+Bahtya@users.noreply.github.com>

[PR #12330/fc67cfdf backport][3.14] Increase some size in client benc…

c68f771

…hmark tests (#12333) **This is a backport of PR #12330 as merged into master (fc67cfd).** Co-authored-by: Sam Bull <git@sambull.org>

[3.14] Harden cookie file permissions in CookieJar.save() (#12335)

4cad257

[PR #12350/7eb05774 backport][3.14] Fix octal tests (#12351)

f2c0280

**This is a backport of PR #12350 as merged into master (7eb0577).** Co-authored-by: Sam Bull <git@sambull.org>

[PR #12349/b5f1aa53 backport][3.14] Add Cython coverage (#12354)

0373f7c

**This is a backport of PR #12349 as merged into master (b5f1aa5).** Co-authored-by: Sam Bull <git@sambull.org>

Allow decompression to continue after exceeding max_length (#11966) (#…

b502ae6

…12355) (cherry picked from commit 0c7ce34)

Use DEFAULT_CHUNK_SIZE global (#12356) (#12365)

04ed4bd

(cherry picked from commit bec74bb)

[PR #12264/af05010 backport][3.14] Reject HTTP/1.1 requests without H…

7848785

…ost header (#12367) (cherry picked from commit af05010)

[PR #12364/3f772cf7 backport][3.14] Disable cov/xdist by default (#12368

0544166

) **This is a backport of PR #12364 as merged into master (3f772cf).** Co-authored-by: Sam Bull <git@sambull.org>

[PR #12202/07bd8c1d backport][3.14] docs: clarify params query canoni…

3c04f9f

…calization behavior (#12369) **This is a backport of PR #12202 as merged into master (07bd8c1).** Co-authored-by: Dr Alex Mitre <bedr10_capacitacion@hotmail.com>

Benchmark tests for decompression optimisations (#12358) (#12381)

5c17b64

(cherry picked from commit adf7799)

Optimise decompression size (#12357) (#12391)

3c56715

(cherry picked from commit 53f6e91)

[PR #12394/24ed3b34 backport][3.14] docs: mention fake server testing…

6d81b02

… pattern (#12396) **This is a backport of PR #12394 as merged into master (24ed3b3).** Fixes #980. Co-authored-by: nightcityblade <jackchen@haloailabs.com>

[PR #12350/7eb05774 backport][3.13] Fix octal tests (#12401)

5d74702

**This is a backport of PR #12350 as merged into master (7eb0577).** Co-authored-by: Sam Bull <git@sambull.org>

[PR #12406/b0601d64 backport][3.14] Avoid installation of backports.z…

4f58585

…std on Python 3.14 in linting deps (#12407) **This is a backport of PR #12406 as merged into master (b0601d6).** Co-authored-by: Michael Seifert <m.seifert@digitalernachschub.de>

[3.14] Validate Content-Length format in ClientRequest (backport of #…

d719386

…12385) (#12445)

patchback Bot and others added 27 commits May 30, 2026 18:46

[PR #12737/05129a00 backport][3.14] Fix pip-tools config (#12738)

fd7a4ac

**This is a backport of PR #12737 as merged into master (05129a0).** Co-authored-by: Sam Bull <git@sambull.org>

[PR #12739/b3f2ff4e backport][3.14] Move pip-tools into pyproject.toml (

2da9914

#12740) **This is a backport of PR #12739 as merged into master (b3f2ff4).** Co-authored-by: Sam Bull <git@sambull.org>

[3.14] Improve HTTPS-on-HTTP parser error (#12743)

8e2f232

[PR #12674/e8832aee backport][3.14] Fix ZLibDecompressor dropping dat…

2049ba8

…a past the first gzip member (#12745) **This is a backport of PR #12674 as merged into master (e8832ae).** Co-authored-by: Ashutosh Kumar Singh <144926351+Ashutosh-177@users.noreply.github.com>

Improve timing issues on shutdown tests (#12747) (#12748)

8206f2c

(cherry picked from commit 1e14d35)

[PR #12727/269f03b5 backport][3.14] add aiointercept to third party l…

f01bb0d

…ibrary list (#12749) **This is a backport of PR #12727 as merged into master (269f03b).** Co-authored-by: Pablo Nicolás Estevez <pablo22estevez@gmail.com>

[PR #12726/e3a67148 backport][3.14] remove third party archived repos…

660339a

… from docs (#12750) **This is a backport of PR #12726 as merged into master (e3a6714).** Co-authored-by: Pablo Nicolás Estevez <pablo22estevez@gmail.com>

[PR #12751/af3e9507 backport][3.14] Fix Dependabot Security (#12752)

e0337ac

**This is a backport of PR #12751 as merged into master (af3e950).** Co-authored-by: Sam Bull <git@sambull.org>

[PR #12753/eeb21d08 backport][3.14] Improve ContentLengthError messag…

514567a

…es to show expected vs received bytes (#12755) **This is a backport of PR #12753 as merged into master (eeb21d0).** Co-authored-by: Sam Bull <git@sambull.org>

[PR #12754/0d864ff9 backport][3.14] Fix sendfile test (#12756)

236d2c1

**This is a backport of PR #12754 as merged into master (0d864ff).** Co-authored-by: Sam Bull <git@sambull.org>

Release v3.14.0 (#12757)

edb2724

Merge branch '3.13' into 3.14

d5b2e38

Merge branch '3.14' of github.com:aio-libs/aiohttp into 3.14

e3ff5d4

Merge branch '3.14'

bfc642d

Fix CHANGES.rst (#12775)

635266b

Point Dependabot to 3.15 branch (#12774)

c66e5cb

pull Bot locked and limited conversation to collaborators Jun 2, 2026

pull Bot added the ⤵️ pull label Jun 2, 2026

pull Bot merged commit f387f62 into tj-python:master Jun 2, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[pull] master from aio-libs:master#604

[pull] master from aio-libs:master#604
pull[bot] merged 194 commits into
tj-python:masterfrom
aio-libs:master

pull Bot commented Jun 2, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

8 participants

Conversation

pull Bot commented Jun 2, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

8 participants

pull Bot commented Jun 2, 2026 •

edited

Loading