Skip to content

Deps: Bump the python-packages group with 8 updates#136

Merged
greenbonebot merged 1 commit into
mainfrom
dependabot/pip/python-packages-ca98694e41
May 18, 2026
Merged

Deps: Bump the python-packages group with 8 updates#136
greenbonebot merged 1 commit into
mainfrom
dependabot/pip/python-packages-ca98694e41

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 18, 2026

Copy link
Copy Markdown
Contributor

Bumps the python-packages group with 8 updates:

Package From To
uvicorn 0.46.0 0.47.0
ast-serialize 0.3.0 0.5.0
black 26.3.1 26.5.0
click 8.3.3 8.4.0
idna 3.14 3.15
mypy 2.0.0 2.1.0
ruff 0.15.12 0.15.13
watchfiles 1.1.1 1.2.0

Updates uvicorn from 0.46.0 to 0.47.0

Release notes

Sourced from uvicorn's releases.

Version 0.47.0

What's Changed

Full Changelog: Kludex/uvicorn@0.46.0...0.47.0

Changelog

Sourced from uvicorn's changelog.

0.47.0 (May 14, 2026)

Added

  • Add ssl_context_factory for custom SSLContext configuration (#2920)

Changed

  • Eagerly import the ASGI app in the parent process (#2919)

Fixed

  • Treat fd=0 as a valid file descriptor with reload/workers (#2927)
Commits
  • 479a2c0 Version 0.47.0 (#2937)
  • 89347fd Add 7-day cooldown for dependency resolution via uv exclude-newer (#2936)
  • 767315b Drop unused contents/actions permissions from zizmor workflow (#2935)
  • f25ee43 chore(deps): bump urllib3 from 2.6.3 to 2.7.0 (#2933)
  • 8782666 Fix typo in docs/deployment/index.md. (#2932)
  • ad5ff87 Treat fd=0 as a valid file descriptor with reload/workers (#2927)
  • 6761b2c Remove Hugging Face sponsor block from docs (#2923)
  • 438f648 Surface sponsors on welcome page and sidebar (#2921)
  • 10ddc6d Add ssl_context_factory for custom SSLContext configuration (#2920)
  • b499bc4 Eagerly import the ASGI app in the parent process (#2919)
  • See full diff in compare view

Updates ast-serialize from 0.3.0 to 0.5.0

Commits

Updates black from 26.3.1 to 26.5.0

Release notes

Sourced from black's releases.

26.5.0

Highlights

  • Add support for unpacking in comprehensions (PEP 798) and for lazy imports (PEP 810), both new syntactic features in Python 3.15 (#5048)
  • Python 3.15 is now supported. Compiled wheels are not yet provided for Python 3.15, so performance may be slower than on existing Python versions. Wheels will be provided once Python 3.15 is later in its release cycle. (#5127)

Stable style

  • Fix # fmt: skip being ignored in nested if expressions with parenthesized in clauses (#4903)
  • Add syntactic support for Python 3.15 (#5048)
  • Fix crash when an f-string follows a # fmt: off comment inside brackets (#5097)
  • Preserve multiline compound statement headers when # fmt: skip is placed on the colon line (#5117)

Preview style

  • Improve heuristics around whether blank lines should appear before, within and after groups of same-name decorated functions (such as @overload groups) in .pyi stub files (#5021)
  • Fix blank lines being removed between a function and a decorated class in .pyi stub files (#5092)
  • Prevent string merger from creating unsplittable long lines when a pragma comment (e.g. # type: ignore) follows the closing bracket (#5096)

Packaging

Output

  • Improve parse error readability by showing multi-line output with an error pointer. (#5068)
  • Add SourceASTParseError to distinguish source parse failures from internal safety errors, improving error reporting when Black's lenient parser accepts input that ast.parse() rejects (#5080)

Blackd

  • Return HTTP 400 (Bad Request) for source parse failures instead of HTTP 500, keeping HTTP 500 only for genuine internal safety errors (#5080)

Integrations

  • Added documentation for doctest formatting tools and updated the integrations index to match (#4916)

... (truncated)

Changelog

Sourced from black's changelog.

Version 26.5.0

Highlights

  • Add support for unpacking in comprehensions (PEP 798) and for lazy imports (PEP 810), both new syntactic features in Python 3.15 (#5048)
  • Python 3.15 is now supported. Compiled wheels are not yet provided for Python 3.15, so performance may be slower than on existing Python versions. Wheels will be provided once Python 3.15 is later in its release cycle. (#5127)

Stable style

  • Fix # fmt: skip being ignored in nested if expressions with parenthesized in clauses (#4903)
  • Add syntactic support for Python 3.15 (#5048)
  • Fix crash when an f-string follows a # fmt: off comment inside brackets (#5097)
  • Preserve multiline compound statement headers when # fmt: skip is placed on the colon line (#5117)

Preview style

  • Improve heuristics around whether blank lines should appear before, within and after groups of same-name decorated functions (such as @overload groups) in .pyi stub files (#5021)
  • Fix blank lines being removed between a function and a decorated class in .pyi stub files (#5092)
  • Prevent string merger from creating unsplittable long lines when a pragma comment (e.g. # type: ignore) follows the closing bracket (#5096)

Packaging

Output

  • Improve parse error readability by showing multi-line output with an error pointer. (#5068)
  • Add SourceASTParseError to distinguish source parse failures from internal safety errors, improving error reporting when Black's lenient parser accepts input that ast.parse() rejects (#5080)

Blackd

  • Return HTTP 400 (Bad Request) for source parse failures instead of HTTP 500, keeping HTTP 500 only for genuine internal safety errors (#5080)

Integrations

  • Added documentation for doctest formatting tools and updated the integrations index to match (#4916)

... (truncated)

Commits

Updates click from 8.3.3 to 8.4.0

Release notes

Sourced from click's releases.

8.4.0

This is the Click 8.4.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecation, or introduce potentially breaking changes.

We encourage everyone to upgrade. You can read more about our Version Support Policy on our website.

PyPI: https://pypi.org/project/click/8.4.0/ Changes: https://click.palletsprojects.com/page/changes/#version-8-4-0 Milestone https://github.com/pallets/click/milestone/30

  • ParamType typing improvements. #3371

    • :class:ParamType is now a generic abstract base class, parameterized by its converted value type.
    • :meth:~ParamType.convert return types are narrowed on all concrete types (str for :class:STRING, int for :class:INT, etc.).
    • :meth:~ParamType.to_info_dict returns specific :class:~typing.TypedDict subclasses instead of dict[str, Any].
    • :class:CompositeParamType and the number-range base are now generic with abstract methods.
  • Refactor convert_type to extract type inference into a private _guess_type helper, and add :func:typing.overload signatures. #3372

  • Parameter typing improvements. #2805

    • :class:Parameter is now an abstract base class, making explicit that it cannot be instantiated directly.
    • :attr:Parameter.name is now str instead of str | None. When expose_value=False, the name is set to "" instead of None.
    • The ctx parameter of :meth:Parameter.get_error_hint is now typed as Context | None, matching the runtime behavior.
  • Split string values from default_map for parameters with nargs > 1 or :class:Tuple type, matching environment variable behavior. #2745 #3364

  • Auto-detect type=UNPROCESSED for flag_value of non-basic types (not str, int, float, or bool), so programmer-provided Python objects like classes and enum members are passed through unchanged instead of being stringified. Previously type=click.UNPROCESSED had to be set explicitly. #2012 #3363

  • The error hint now uses Command.get_help_option_names to pick non-shadowed help option names, so Try '... -h' no longer points to a subcommand option that shadows -h. All surviving names are shown (-h/--help). #2790 #3208

  • Fix readline functionality on non-Windows platforms. Prompt text is now passed directly to readline instead of being printed separately, allowing proper backspace, line editing, and line wrapping behavior. #2968

... (truncated)

Changelog

Sourced from click's changelog.

Version 8.4.0

Released 2026-05-17

  • :class:ParamType typing improvements. :pr:3371

    • :class:ParamType is now a generic abstract base class, parameterized by its converted value type.
    • :meth:~ParamType.convert return types are narrowed on all concrete types (str for :class:STRING, int for :class:INT, etc.).
    • :meth:~ParamType.to_info_dict returns specific :class:~typing.TypedDict subclasses instead of dict[str, Any].
    • :class:CompositeParamType and the number-range base are now generic with abstract methods.
  • Refactor convert_type to extract type inference into a private _guess_type helper, and add :func:typing.overload signatures. :pr:3372

  • :class:Parameter typing improvements. :pr:2805

    • :class:Parameter is now an abstract base class, making explicit that it cannot be instantiated directly.
    • :attr:Parameter.name is now str instead of str | None. When expose_value=False, the name is set to "" instead of None.
    • The ctx parameter of :meth:Parameter.get_error_hint is now typed as Context | None, matching the runtime behavior.
  • Split string values from default_map for parameters with nargs > 1 or :class:Tuple type, matching environment variable behavior. :issue:2745 :pr:3364

  • Auto-detect type=UNPROCESSED for flag_value of non-basic types (not str, int, float, or bool), so programmer-provided Python objects like classes and enum members are passed through unchanged instead of being stringified. Previously type=click.UNPROCESSED had to be set explicitly. :issue:2012 :pr:3363

  • The error hint now uses :meth:Command.get_help_option_names to pick non-shadowed help option names, so Try '... -h' no longer points to a subcommand option that shadows -h. All surviving names are shown (-h/--help). :issue:2790 :pr:3208

  • Fix readline functionality on non-Windows platforms. Prompt text is now passed directly to readline instead of being printed separately, allowing proper backspace, line editing, and line wrapping behavior. :issue:2968 :pr:2969

  • Use :func:os.startfile on Windows to open URLs in :func:open_url, replacing the start built-in which cannot be invoked without shell=True. :issue:3164 :pr:3186

  • Fix Fish shell completion errors when option help text contains newlines. :issue:3043 :pr:3126

... (truncated)

Commits
  • 41f410f Release 8.4.0
  • e3e69e3 Add type annotations for instance attributes in utils (#3422)
  • 3bb230d WIP: Fix HelpFormatter.write_usage producing spurious characters (#3434)
  • 63274a7 click.get_pager_file: add tests (#1572 followup) (#3405)
  • 0551bf5 Fix HelpFormatter.write_usage producing spurious characters
  • fc41aa1 Apply class-body annotations to KeepOpenFile for consistency
  • b761eda Skip some tests on Windows
  • 98302ac Check PAGER usage, color preservation and edge-cases
  • dbdae17 Fix documentation
  • 1aa2d53 Redesigned tests and get_pager_file branching to be more clear and not set color
  • Additional commits viewable in compare view

Updates idna from 3.14 to 3.15

Changelog

Sourced from idna's changelog.

3.15 (2026-05-12)

  • Enforce DNS-length cap on individual labels early in check_label, short-circuiting contextual-rule processing for oversized input while staying compatible with UTS 46 usage.
  • Tidy core helpers: hoist bidi category sets to module-level frozensets (avoiding per-codepoint list construction), simplify length checks, and reuse the shared _unicode_dots_re from idna.core in the codec module.
  • Use raise ... from err for proper exception chaining and switch internal string formatting to f-strings.
  • Allow flit_core 4.x in the build backend.
  • Expand the ruff lint set (flake8-bugbear, flake8-simplify, pyupgrade, perflint) and apply the surfaced fixes; pin lint CI to Python 3.14.
  • Add Dependabot configuration for GitHub Actions.
  • Convert README and HISTORY from reStructuredText to Markdown.
  • Reference CVE-2026-45409 for the 3.14 advisory in place of the initial GHSA identifier.

Thanks to Felix Yan, Stan Ulbrych, and metsw24-max for contributions to this release.

Commits
  • af30a09 Release 3.15
  • 30314d4 Pre-release 3.15rc0
  • 05d4b21 Merge pull request #237 from kjd/convert-docs-to-markdown
  • 2987fdb Convert README and HISTORY from reStructuredText to Markdown
  • 59fa800 Merge pull request #236 from kjd/dependabot/github_actions/actions-f3e34333ea
  • def6983 Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea
  • bbd8004 Merge pull request #234 from StanFromIreland/patch-1
  • edd07c0 Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group
  • 5557db0 Merge branch 'master' into patch-1
  • f11746c Merge pull request #235 from StanFromIreland/patch-2
  • Additional commits viewable in compare view

Updates mypy from 2.0.0 to 2.1.0

Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next Release

Mypy 2.1

We’ve just uploaded mypy 2.1.0 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

librt.vecs: Fast Growable Array Type for Mypyc

The new librt.vecs module provides an efficient growable array type vec that is optimized for mypyc use. It provides fast, packed arrays with integer and floating point value types, which can be several times faster than list, and tens of times faster than array.array in code compiled using mypyc. It also supports nested vec objects and non-value-type items, such as vec[vec[str]].

Refer to the documentation for the details.

Contributed by Jukka Lehtosalo.

librt.random: Fast Pseudo-Random Number Generation

The new librt.random module provides fast pseudo-random number generation that is optimized for code compiled using mypyc. It can be 3x to 10x faster than the stdlib random module in compiled code.

Refer to the documentation for the details.

Contributed by Jukka Lehtosalo (PR 21433).

Mypyc Improvements

  • Make compilation order with multiple files consistent (Piotr Sawicki, PR 21419)
  • Fix crash on accessing StopAsyncIteration (Piotr Sawicki, PR 21406)
  • Fix incremental compilation with separate flag (Vaggelis Danias, PR 21299)

Fixes to Crashes

  • Fix crash on partial type with --allow-redefinition and global declaration (Jukka Lehtosalo, PR 21428)
  • Fix broken awaitable generator patching (Ivan Levkivskyi, PR 21435)

Changes to Messages

... (truncated)

Commits

Updates ruff from 0.15.12 to 0.15.13

Release notes

Sourced from ruff's releases.

0.15.13

Release Notes

Released on 2026-05-14.

Preview features

  • Add a rule to flag lazy imports that are eagerly evaluated (#25016)
  • [pylint] Standardize diagnostic message (PLR0914, PLR0917) (#24996)

Bug fixes

  • Fix F811 false positive for class methods (#24933)
  • Fix setting selection for multi-folder workspace (#24819)
  • [eradicate] Fix false positive for lines with leading whitespace (ERA001) (#25122)
  • [flake8-pyi] Fix false positive for f-string debug specifier (PYI016) (#24098)

Rule changes

  • Always include panic payload in panic diagnostic message (#24873)
  • Restrict PYI034 for in-place operations to enclosing class (#24511)
  • Improve error message for parameters that are declared global (#24902)
  • Update known stdlib (#25103)

Performance

  • [isort] Avoid constructing glob::Patterns for literal known modules (#25123)

CLI

  • Add TOML examples to --config help text (#25013)
  • Colorize ruff check 'All checks passed' (#25085)

Configuration

  • Increase max allowed value of line-length setting (#24962)

Documentation

  • Add D203 to rules that conflict with the formatter (#25044)
  • Clarify COM819 and formatter interaction (#25045)
  • Clarify that NotImplemented is a value, not an exception (F901) (#25054)
  • Update number of lint rules supported (#24942)

Other changes

  • Simplify the playground's markdown template (#24924)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.13

Released on 2026-05-14.

Preview features

  • Add a rule to flag lazy imports that are eagerly evaluated (#25016)
  • [pylint] Standardize diagnostic message (PLR0914, PLR0917) (#24996)

Bug fixes

  • Fix F811 false positive for class methods (#24933)
  • Fix setting selection for multi-folder workspace (#24819)
  • [eradicate] Fix false positive for lines with leading whitespace (ERA001) (#25122)
  • [flake8-pyi] Fix false positive for f-string debug specifier (PYI016) (#24098)

Rule changes

  • Always include panic payload in panic diagnostic message (#24873)
  • Restrict PYI034 for in-place operations to enclosing class (#24511)
  • Improve error message for parameters that are declared global (#24902)
  • Update known stdlib (#25103)

Performance

  • [isort] Avoid constructing glob::Patterns for literal known modules (#25123)

CLI

  • Add TOML examples to --config help text (#25013)
  • Colorize ruff check 'All checks passed' (#25085)

Configuration

  • Increase max allowed value of line-length setting (#24962)

Documentation

  • Add D203 to rules that conflict with the formatter (#25044)
  • Clarify COM819 and formatter interaction (#25045)
  • Clarify that NotImplemented is a value, not an exception (F901) (#25054)
  • Update number of lint rules supported (#24942)

Other changes

  • Simplify the playground's markdown template (#24924)

Contributors

... (truncated)

Commits
  • 2afb467 Bump 0.15.13 (#25157)
  • 3008796 [ty] classify TypeVar semantic tokens as type parameters (#24891)
  • 79470e3 [isort] Avoid constructing glob::Patterns for literal known modules (#25123)
  • 2522549 Remove shellcheck from prek (#25154)
  • 7db7170 [ty] Support TypedDict key completions in incomplete, anonymous contexts (#25...
  • bb3dd53 [ty] Run full iteration analysis on narrowed typevars (#25143)
  • 828cdb7 [ty] Isolate file-watching test environment (#25151)
  • 89e1d86 [ty] Preserve TypedDict keys through dict unpacking (#24523)
  • 86f3064 [ty] Avoid accessing args[0] for static_assert (#25149)
  • ed819f9 [ty] Treat custom enum __new__ values as dynamic (#25136)
  • Additional commits viewable in compare view

Updates watchfiles from 1.1.1 to 1.2.0

Release notes

Sourced from watchfiles's releases.

v1.2.0 2026-05-17

What's Changed

New Contributors

Full Changelog: samuelcolvin/watchfiles@v1.1.1...v1.2.0

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the python-packages group with 8 updates:

| Package | From | To |
| --- | --- | --- |
| [uvicorn](https://github.com/Kludex/uvicorn) | `0.46.0` | `0.47.0` |
| [ast-serialize](https://github.com/mypyc/ast_serialize) | `0.3.0` | `0.5.0` |
| [black](https://github.com/psf/black) | `26.3.1` | `26.5.0` |
| [click](https://github.com/pallets/click) | `8.3.3` | `8.4.0` |
| [idna](https://github.com/kjd/idna) | `3.14` | `3.15` |
| [mypy](https://github.com/python/mypy) | `2.0.0` | `2.1.0` |
| [ruff](https://github.com/astral-sh/ruff) | `0.15.12` | `0.15.13` |
| [watchfiles](https://github.com/samuelcolvin/watchfiles) | `1.1.1` | `1.2.0` |


Updates `uvicorn` from 0.46.0 to 0.47.0
- [Release notes](https://github.com/Kludex/uvicorn/releases)
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md)
- [Commits](Kludex/uvicorn@0.46.0...0.47.0)

Updates `ast-serialize` from 0.3.0 to 0.5.0
- [Commits](mypyc/ast_serialize@v0.3.0...v0.5.0)

Updates `black` from 26.3.1 to 26.5.0
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](psf/black@26.3.1...26.5.0)

Updates `click` from 8.3.3 to 8.4.0
- [Release notes](https://github.com/pallets/click/releases)
- [Changelog](https://github.com/pallets/click/blob/main/CHANGES.rst)
- [Commits](pallets/click@8.3.3...8.4.0)

Updates `idna` from 3.14 to 3.15
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.md)
- [Commits](kjd/idna@v3.14...v3.15)

Updates `mypy` from 2.0.0 to 2.1.0
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md)
- [Commits](python/mypy@v2.0.0...v2.1.0)

Updates `ruff` from 0.15.12 to 0.15.13
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.12...0.15.13)

Updates `watchfiles` from 1.1.1 to 1.2.0
- [Release notes](https://github.com/samuelcolvin/watchfiles/releases)
- [Commits](samuelcolvin/watchfiles@v1.1.1...v1.2.0)

---
updated-dependencies:
- dependency-name: uvicorn
  dependency-version: 0.47.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: ast-serialize
  dependency-version: 0.5.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: black
  dependency-version: 26.5.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: click
  dependency-version: 8.4.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: idna
  dependency-version: '3.15'
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: mypy
  dependency-version: 2.1.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: ruff
  dependency-version: 0.15.13
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: python-packages
- dependency-name: watchfiles
  dependency-version: 1.2.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: python-packages
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels May 18, 2026
@dependabot dependabot Bot requested review from a team as code owners May 18, 2026 04:54
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels May 18, 2026
@greenbonebot greenbonebot enabled auto-merge (rebase) May 18, 2026 04:54
@greenbonebot greenbonebot merged commit 2773f69 into main May 18, 2026
9 of 12 checks passed
@greenbonebot greenbonebot deleted the dependabot/pip/python-packages-ca98694e41 branch May 18, 2026 06:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants