Skip to content

Deps: Bump the python-packages group with 9 updates#131

Merged
greenbonebot merged 1 commit into
mainfrom
dependabot/pip/python-packages-5df9a72ce8
Apr 13, 2026
Merged

Deps: Bump the python-packages group with 9 updates#131
greenbonebot merged 1 commit into
mainfrom
dependabot/pip/python-packages-5df9a72ce8

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 13, 2026

Copy link
Copy Markdown
Contributor

Bumps the python-packages group with 9 updates:

Package From To
uvicorn 0.43.0 0.44.0
pontos 26.3.1 26.4.0
greenlet 3.3.2 3.4.0
librt 0.8.1 0.9.0
lxml 6.0.2 6.0.4
mypy 1.20.0 1.20.1
platformdirs 4.9.4 4.9.6
rich 14.3.3 15.0.0
ruff 0.15.9 0.15.10

Updates uvicorn from 0.43.0 to 0.44.0

Release notes

Sourced from uvicorn's releases.

Version 0.44.0

What's Changed

Full Changelog: Kludex/uvicorn@0.43.0...0.44.0

Changelog

Sourced from uvicorn's changelog.

0.44.0 (April 6, 2026)

Added

  • Implement websocket keepalive pings for websockets-sansio (#2888)
Commits

Updates pontos from 26.3.1 to 26.4.0

Release notes

Sourced from pontos's releases.

pontos 26.4.0

26.4.0 - 2026-04-10

Added

  • Support standard project.version field in pyproject.toml 893f1bc3

Dependencies

  • Bump the python-packages group with 6 updates 30bf0013
  • Bump the python-packages group with 4 updates e146e6d3
  • Bump requests from 2.32.5 to 2.33.0 abb6a9f0
  • Bump the python-packages group with 2 updates 8521c5c0
Commits
  • 73ae309 Automatic release to 26.4.0
  • 893f1bc Add: Support standard project.version field in pyproject.toml
  • 30bf001 Deps: Bump the python-packages group with 6 updates
  • e146e6d Deps: Bump the python-packages group with 4 updates
  • abb6a9f Deps: Bump requests from 2.32.5 to 2.33.0
  • 8521c5c Deps: Bump the python-packages group with 2 updates
  • 510c625 Automatic adjustments after release [skip ci]
  • See full diff in compare view

Updates greenlet from 3.3.2 to 3.4.0

Changelog

Sourced from greenlet's changelog.

3.4.0 (2026-04-08)

  • Publish binary wheels for RiscV 64.

  • Fix multiple rare crash paths during interpreter shutdown.

    Note that this now relies on the atexit module, and introduces subtle API changes during interpreter shutdown (for example, getcurrent is no longer available once the atexit callback fires).

    See PR [#499](https://github.com/python-greenlet/greenlet/issues/499) <https://github.com/python-greenlet/greenlet/pull/499>_ by Nicolas Bouvrette.

  • Address the results of an automated code audit performed by Daniel Diniz. This includes several minor correctness changes that theoretically could have been crashing bugs, but typically only in very rare circumstances.

    See PR 502 <https://github.com/python-greenlet/greenlet/pull/502>_.

  • Fix several race conditions that could arise in free-threaded builds when using greenlet objects from multiple threads, some of which could lead to assertion failures or interpreter crashes.

    See issue 503 <https://github.com/python-greenlet/greenlet/issues/503>_, with thanks to Nitay Dariel and Daniel Diniz.

Commits
  • df6734e Preparing release 3.4.0
  • 0f86075 Merge pull request #504 from python-greenlet/freethreading-fixes
  • 4596574 TLBC: crash appears to still happen on CI 3.14t ubuntu. Re-enable workaround.
  • 2f4a1cf Make green_switch (python level greenlet.switch) and green_throw check for (p...
  • a0c2a2a Fix unused variable warning when asserts are disabled.
  • 8688581 gcc was complaining about an incomplete std::atomic type. make sure we includ...
  • 449c760 Make MainGreenlet._thread_state atomic; we use it for cross thread checking a...
  • f840e00 Add critical sections to greenlet attribute accessors.
  • 6b281d3 test_contextvars: No need for the fallback case where contextvars isn't avail...
  • f52615a Merge pull request #502 from python-greenlet/devdanzin-audit
  • Additional commits viewable in compare view

Updates librt from 0.8.1 to 0.9.0

Commits

Updates lxml from 6.0.2 to 6.0.4

Changelog

Sourced from lxml's changelog.

6.0.4 (2026-04-12)

Bugs fixed

  • LP#2148019: Spurious MemoryError during namespace cleanup.

6.0.3 (2026-04-09)

Bugs fixed

  • Several out of memory error cases now raise MemoryError that were not handled before.

  • Slicing with large step values (outside of +/- sys.maxsize) could trigger undefined C behaviour.

  • LP#2125399: Some failing tests were fixed or disabled in PyPy.

  • LP#2138421: Memory leak in error cases when setting the public_id or system_url of a document.

  • Memory leak in case of a memory allocation failure when copying document subtrees.

  • When mapping an XPath result to Python failed, the result memory could leak.

  • When preparing an XSLT transform failed, the XSLT parameter memory could leak.

Other changes

  • Built using Cython 3.2.4.

  • Binary wheels use zlib 1.3.2.

Commits
  • 1fd1d6b Fix release date.
  • 5154859 CI: Include all library versions in libs cache key to asssure updated on vers...
  • 6a606f3 Add "doesn't crash" tests for LP#2148019.
  • f488f16 Prepare release of 6.0.4.
  • 1255d98 LP#2148019: Prevent spurious MemoryError during namespace cleanup.
  • 03b0c4a Remove dead type check.
  • a6f833c Fix release date.
  • 973d059 Update changelog.
  • 9044a52 Build: Downgrade libiconv to 1.18 since 1.19 does not build reliably.
  • a34dfdd Build: Upgrade libiconv to 1.19.
  • Additional commits viewable in compare view

Updates mypy from 1.20.0 to 1.20.1

Changelog

Sourced from mypy's changelog.

Mypy 1.20.1

  • Always disable sync in SQLite cache (Ivan Levkivskyi, PR 21184)
  • Temporarily skip few base64 tests (Ivan Levkivskyi, PR 21193)
  • Revert dict.__or__ typeshed change (Ivan Levkivskyi, PR 21186)
  • Fix narrowing for match case with variadic tuples (Shantanu, PR 21192)
  • Avoid narrowing type[T] in type calls (Shantanu, PR 21174)
  • Fix regression for catching empty tuple in except (Shantanu, PR 21153)
  • Fix reachability for frozenset and dict view narrowing (Shantanu, PR 21151)
  • Fix narrowing with chained comparison (Shantanu, PR 21150)
  • Avoid narrowing to unreachable at module level (Shantanu, PR 21144)
  • Allow dangerous identity comparisons to Any typed variables (Shantanu, PR 21142)
  • --warn-unused-config should not be a strict flag (Ivan Levkivskyi, PR 21139)

Acknowledgements

Thanks to all mypy contributors who contributed to this release:

  • A5rocks
  • Aaron Wieczorek
  • Adam Turner
  • Ali Hamdan
  • asce
  • BobTheBuidler
  • Brent Westbrook
  • Brian Schubert
  • bzoracler
  • Chris Burroughs
  • Christoph Tyralla
  • Colin Watson
  • Donghoon Nam
  • E. M. Bray
  • Emma Smith
  • Ethan Sarp
  • George Ogden
  • getzze
  • grayjk
  • Gregor Riepl
  • Ivan Levkivskyi
  • James Hilliard
  • James Le Cuirot
  • Jeremy Nimmer
  • Joren Hammudoglu
  • Kai (Kazuya Ito)
  • kaushal trivedi
  • Kevin Kannammalil
  • Lukas Geiger
  • Łukasz Langa
  • Marc Mueller
  • Michael R. Crusoe
  • michaelm-openai

... (truncated)

Commits

Updates platformdirs from 4.9.4 to 4.9.6

Release notes

Sourced from platformdirs's releases.

4.9.6

What's Changed

Full Changelog: tox-dev/platformdirs@4.9.5...4.9.6

Changelog

Sourced from platformdirs's changelog.

########### Changelog ###########


4.9.6 (2026-04-09)


  • 🐛 fix(release): use double quotes for tag variable expansion :pr:477

4.9.5 (2026-04-06)


  • 📝 docs(appauthor): clarify None vs False on Windows :pr:476
  • Separates implementations of macOS dirs that share a default :pr:473 - by :user:Goddesen
  • Remove persist-credentials: false from release job :pr:472
  • fix: do not duplicate site dirs in Unix.iter_{config,site}_dirs() when use_site_for_root is active :pr:469 - by :user:viccie30
  • 🔧 fix(type): resolve ty 0.0.25 type errors :pr:468
  • 🔒 ci(workflows): add zizmor security auditing :pr:467
  • 🐛 fix(release): generate docstrfmt-compatible changelog entries :pr:463

4.9.4 (2026-03-05)


  • [pre-commit.ci] pre-commit autoupdate :pr:461 - by :user:pre-commit-ci[bot]
  • Update README.md
  • 📝 docs: add project logo to documentation :pr:459
  • Standardize .github files to .yaml suffix
  • build(deps): bump the all group with 2 updates :pr:457 - by :user:dependabot[bot]
  • Move SECURITY.md to .github/SECURITY.md
  • Add permissions to workflows :pr:455
  • Add security policy
  • [pre-commit.ci] pre-commit autoupdate :pr:454 - by :user:pre-commit-ci[bot]

4.9.2 (2026-02-16)


  • 📝 docs: restructure following Diataxis framework :pr:448
  • 📝 docs(platforms): fix RST formatting and TOC hierarchy :pr:447

4.9.1 (2026-02-14)


  • 📝 docs: enhance README, fix issues, and reorganize platforms.rst :pr:445

... (truncated)

Commits
  • 56efd77 Release 4.9.6
  • d5d812a 🐛 fix(release): use double quotes for tag variable expansion (#477)
  • c2b0cee build(deps): bump pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0 in the al...
  • 7688069 Release 4.9.5
  • 104d28b 📝 docs(appauthor): clarify None vs False on Windows (#476)
  • 0955048 [pre-commit.ci] pre-commit autoupdate (#475)
  • bd3c766 build(deps): bump astral-sh/setup-uv from 7.6.0 to 8.0.0 in the all group (#474)
  • 749ac3f Separates implementations of macOS dirs that share a default (#473)
  • cb88156 Remove persist-credentials: false from release job (#472)
  • a501eab [pre-commit.ci] pre-commit autoupdate (#470)
  • Additional commits viewable in compare view

Updates rich from 14.3.3 to 15.0.0

Release notes

Sourced from rich's releases.

The So Long 3.8 Release

A few fixes. The major version bump is to honor the passing of 3.8 support which reached its EOL in October 7, 2024

[15.0.0] - 2026-04-12

Changed

  • Breaking change: Dropped support for Python3.8

Fixed

The Faster Startup Release

No new features in this release, but there should be improved startup time for Rich apps, and potentially improved runtime if you have a lot of links.

[14.3.4] - 2026-04-11

Changed

Changelog

Sourced from rich's changelog.

[15.0.0] - 2026-04-12

Changed

  • Breaking change: Dropped support for Python3.8

Fixed

[14.3.4] - 2026-04-11

Changed

Commits

Updates ruff from 0.15.9 to 0.15.10

Release notes

Sourced from ruff's releases.

0.15.10

Release Notes

Released on 2026-04-09.

Preview features

  • [flake8-logging] Allow closures in except handlers (LOG004) (#24464)
  • [flake8-self] Make SLF diagnostics robust to non-self-named variables (#24281)
  • [flake8-simplify] Make the fix for collapsible-if safe in preview (SIM102) (#24371)

Bug fixes

  • Avoid emitting multi-line f-string elements before Python 3.12 (#24377)
  • Avoid syntax error from E502 fixes in f-strings and t-strings (#24410)
  • Strip form feeds from indent passed to dedent_to (#24381)
  • [pyupgrade] Fix panic caused by handling of octals (UP012) (#24390)
  • Reject multi-line f-string elements before Python 3.12 (#24355)

Rule changes

  • [ruff] Treat f-string interpolation as potential side effect (RUF019) (#24426)

Server

  • Add support for custom file extensions (#24463)

Documentation

  • Document adding fixes in CONTRIBUTING.md (#24393)
  • Fix JSON typo in settings example (#24517)

Contributors

Install ruff 0.15.10

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ruff/releases/download/0.15.10/ruff-installer.sh | sh

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.10

Released on 2026-04-09.

Preview features

  • [flake8-logging] Allow closures in except handlers (LOG004) (#24464)
  • [flake8-self] Make SLF diagnostics robust to non-self-named variables (#24281)
  • [flake8-simplify] Make the fix for collapsible-if safe in preview (SIM102) (#24371)

Bug fixes

  • Avoid emitting multi-line f-string elements before Python 3.12 (#24377)
  • Avoid syntax error from E502 fixes in f-strings and t-strings (#24410)
  • Strip form feeds from indent passed to dedent_to (#24381)
  • [pyupgrade] Fix panic caused by handling of octals (UP012) (#24390)
  • Reject multi-line f-string elements before Python 3.12 (#24355)

Rule changes

  • [ruff] Treat f-string interpolation as potential side effect (RUF019) (#24426)

Server

  • Add support for custom file extensions (#24463)

Documentation

  • Document adding fixes in CONTRIBUTING.md (#24393)
  • Fix JSON typo in settings example (#24517)

Contributors

Commits
  • 252f761 Bump 0.15.10 (#24519)
  • 37a1ec8 [ty] Fix assignability of intersections with bounded typevars (#24502)
  • f518cc9 [ty] Allow partially stringified type[…] annotations (#24518)
  • 16c4090 docs: fix JSON typo in settings example (#24517)
  • 99d97bd [ty] Tighten up a few edge cases in Concatenate type-expression parsing (#2...
  • 2714e34 [ty] Enable pull-diagnostics by default in E2E tests (#24516)
  • d8bc700 LSP: Add support for custom extensions (#24463)
  • a45f96d [ty] stop special-casing str constructor (#24514)
  • 87a0f01 [ruff] Treat f-string interpolation as potential side effect in RUF019 (#24426)
  • e9ba848 [ty] Fix excess subscript argument inference for non-generic types (#24354)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the python-packages group with 9 updates:

| Package | From | To |
| --- | --- | --- |
| [uvicorn](https://github.com/Kludex/uvicorn) | `0.43.0` | `0.44.0` |
| [pontos](https://github.com/greenbone/pontos) | `26.3.1` | `26.4.0` |
| [greenlet](https://github.com/python-greenlet/greenlet) | `3.3.2` | `3.4.0` |
| [librt](https://github.com/mypyc/librt) | `0.8.1` | `0.9.0` |
| [lxml](https://github.com/lxml/lxml) | `6.0.2` | `6.0.4` |
| [mypy](https://github.com/python/mypy) | `1.20.0` | `1.20.1` |
| [platformdirs](https://github.com/tox-dev/platformdirs) | `4.9.4` | `4.9.6` |
| [rich](https://github.com/Textualize/rich) | `14.3.3` | `15.0.0` |
| [ruff](https://github.com/astral-sh/ruff) | `0.15.9` | `0.15.10` |


Updates `uvicorn` from 0.43.0 to 0.44.0
- [Release notes](https://github.com/Kludex/uvicorn/releases)
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md)
- [Commits](Kludex/uvicorn@0.43.0...0.44.0)

Updates `pontos` from 26.3.1 to 26.4.0
- [Release notes](https://github.com/greenbone/pontos/releases)
- [Commits](greenbone/pontos@v26.3.1...v26.4.0)

Updates `greenlet` from 3.3.2 to 3.4.0
- [Changelog](https://github.com/python-greenlet/greenlet/blob/master/CHANGES.rst)
- [Commits](python-greenlet/greenlet@3.3.2...3.4.0)

Updates `librt` from 0.8.1 to 0.9.0
- [Commits](mypyc/librt@v0.8.1...v0.9.0)

Updates `lxml` from 6.0.2 to 6.0.4
- [Release notes](https://github.com/lxml/lxml/releases)
- [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt)
- [Commits](lxml/lxml@lxml-6.0.2...lxml-6.0.4)

Updates `mypy` from 1.20.0 to 1.20.1
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md)
- [Commits](python/mypy@v1.20.0...v1.20.1)

Updates `platformdirs` from 4.9.4 to 4.9.6
- [Release notes](https://github.com/tox-dev/platformdirs/releases)
- [Changelog](https://github.com/tox-dev/platformdirs/blob/main/docs/changelog.rst)
- [Commits](tox-dev/platformdirs@4.9.4...4.9.6)

Updates `rich` from 14.3.3 to 15.0.0
- [Release notes](https://github.com/Textualize/rich/releases)
- [Changelog](https://github.com/Textualize/rich/blob/master/CHANGELOG.md)
- [Commits](Textualize/rich@v14.3.3...v15.0.0)

Updates `ruff` from 0.15.9 to 0.15.10
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.9...0.15.10)

---
updated-dependencies:
- dependency-name: uvicorn
  dependency-version: 0.44.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: pontos
  dependency-version: 26.4.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: greenlet
  dependency-version: 3.4.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: librt
  dependency-version: 0.9.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: lxml
  dependency-version: 6.0.4
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: python-packages
- dependency-name: mypy
  dependency-version: 1.20.1
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: python-packages
- dependency-name: platformdirs
  dependency-version: 4.9.6
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: python-packages
- dependency-name: rich
  dependency-version: 15.0.0
  dependency-type: indirect
  update-type: version-update:semver-major
  dependency-group: python-packages
- dependency-name: ruff
  dependency-version: 0.15.10
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: python-packages
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Apr 13, 2026
@dependabot dependabot Bot requested review from a team as code owners April 13, 2026 04:18
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Apr 13, 2026
@greenbonebot greenbonebot enabled auto-merge (rebase) April 13, 2026 04:18
@greenbonebot greenbonebot merged commit e3bbe87 into main Apr 13, 2026
11 of 12 checks passed
@greenbonebot greenbonebot deleted the dependabot/pip/python-packages-5df9a72ce8 branch April 13, 2026 06:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants