chore(deps): update python packages#258
Merged
Merged
Conversation
renovate
Bot
force-pushed
the
renovate/python-packages
branch
13 times, most recently
from
62602ec to
64e673c
Compare
renovate
Bot
force-pushed
the
renovate/python-packages
branch
9 times, most recently
from
c5fa689 to
45a8286
Compare
renovate
Bot
force-pushed
the
renovate/python-packages
branch
2 times, most recently
from
bb84b1d to
550bbd9
Compare
olantwin
force-pushed
the
renovate/python-packages
branch
from
550bbd9 to
ab5e895
Compare
olantwin
force-pushed
the
renovate/python-packages
branch
from
ab5e895 to
a0b0f51
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
3.4.6→3.4.72026.02.25→2026.05.202.9.0.post0→2.9.04.61.1→4.63.02026.2.0→2026.4.0v3.6.0→v3.7.0v3.9→v3.17v3.10.8→v3.10.9v2.11.0→v2.12.01.4.9→1.5.0v2.4.2→v2.6.0.dev0v3.0.1→v3.1.0.dev0v2.32.5→v2.34.226.0→26.212.1.1→12.2.0v5.7.2→v5.7.42.6.3→2.7.0Release Notes
Ousret/charset_normalizer (Ousret/charset_normalizer)
v3.4.7Compare Source
Changed
setuptoolsconstraint tosetuptools>=68,<82.1.Fixed
certifi/python-certifi (certifi/python-certifi)
v2026.05.20Compare Source
v2026.04.22Compare Source
dateutil/dateutil (dateutil/dateutil)
v2.9.0Compare Source
Version 2.9.0 (2024-02-29)
Data updates
Features
dateutilsubmodules lazily imported using PEP 562. On Python 3.7+, things likeimport dateutil; dateutil.tz.gettz("America/New_York")will now work without explicitly importingdateutil.tz, with the import occurring behind the scenes on first use. The old behavior remains on Python 3.6 and earlier. Fixed by Orson Adams. (gh issue #771, gh pr #1007)Bugfixes
datetime.utcfromtimestamp, which is deprecated as of Python 3.12. Reported by Hugo van Kemenade (gh pr #1284), fixed by Thomas Grainger (gh pr #1285).Documentation changes
fonttools/fonttools (fonttools/fonttools)
v4.63.0Compare Source
bgcltable (#4065).IFTandIFTXtables (Incremental Font Transfer, PatchMapFormat2) (#4070, #4072).FieldSpecdataclass for OpenType table schema definitions, replacing raw tuples inotData.py(#4076).nametable strings as comments next to label IDs in TTX output, matching the convention used byfvar,STAT,trak(#4089).split_cubic_into_threethat could cause ±1 off-curve coordinate shifts (#3928, #4083).map_backwardfor many-to-one (flat-segment) axis maps that silently dropped entries via dict comprehension (googlefonts/ufo2ft#978, #4085).setUnicodeRangesto accept reserved bits 123-127, restoring round-trip withgetUnicodeRangesand fixingrecalcUnicodeRangescrash in the subsetter (#4087, #4088).v4.62.1Compare Source
v4.62.0Compare Source
fonttools diffcommand for comparing font files, imported from thefdiffproject and heavily reworked (#1190, #4007, #4009, #4011, #4013, #4019).VariableScalarinterpolation bug with non-linear avar mappings. Also decoupleVariableScalarfrom compiled fonts, allowing it to work with designspace data before compilation (#3938, #4054).VariableScalaraxis ordering and iterative delta rounding to match fontc behavior (#4053).ConditionsetStatementto fix glyphsLib round-tripping (fontra/fontra-glyphs#130, #4057).0xFFFFinstead of0for missing nameIDs incvfeature params (#4010, #4012).CmapSubtable.__lt__()TypeErroron Python 3 when subtables share the same encoding record, and add compile-time validation for unique encoding records (#4035, #4055).glyphObject=None(#4030, #4031).SegmentToPointPenedge case: only remove a duplicate final point onclosePath()if it is an on-curve point (#4014, #4015).eval()withsafeEval()inparseBlendList()to prevent arbitrary code execution from crafted TTX files (#4039, #4040).META,SING,GMAP,GPKG) (#4044).getSubModelnot forwardingextrapolate/axisRanges; check location uniqueness after stripping zeros (#4047).--variable-fontsfilter inbuild_many; remove dead code and fix comments (#4048).unbuildreturn types consistent; validatemapCLI coordinates (#4051).ColorLibErrorwhen base glyphs are missing from glyphMap, instead of a confusingKeyError(#4041).fvartable dependency (#4017).nametable dependency (#4018).saveXMLregression with empty table lists, clarify docstring (#4025, #4026, #4056).libmfor Cython extensions using math functions (#4028, #4029).DSIG,DefaultTable,ttProgram(#4033).fsspec/filesystem_spec (fsspec/filesystem_spec)
v2026.4.0Compare Source
v2026.3.0Compare Source
ifduyue/python-xxhash (ifduyue/python-xxhash)
v3.7.0Compare Source
Full list of changes: ifduyue/python-xxhash@v3.6.0...v3.7.0
kjd/idna (kjd/idna)
v3.17Compare Source
v3.16Compare Source
v3.15Compare Source
v3.14Compare Source
v3.13Compare Source
v3.12Compare Source
v3.11Compare Source
v3.10Compare Source
matplotlib/matplotlib (matplotlib/matplotlib)
v3.10.9Compare Source
This is a micro release of the v3.10.x series.
Highlights of this release include:
milesgranger/pyrus-cramjam (milesgranger/pyrus-cramjam)
v2.12.0Compare Source
What's Changed
python-sourceto include type stubs by @ods in milesgranger/cramjam#231Full Changelog: milesgranger/cramjam@v2.11.0...v2.12.0
v2.12.0-rc1Compare Source
What's Changed
python-sourceto include type stubs by @ods in milesgranger/cramjam#231Full Changelog: milesgranger/cramjam@v2.11.0.post1...v2.12.0-rc1
nucleic/kiwi (nucleic/kiwi)
v1.5.0Compare Source
numpy/numpy (numpy/numpy)
v2.6.0.dev0Compare Source
v2.5.0.dev0Compare Source
v2.4.6: (May 18, 2026)Compare Source
NumPy 2.4.6 Release Notes
NumPy 2.4.6 is a quick release that fixes a regression discovered in the 2.4.5
release.
This release supports Python versions 3.11-3.14
Contributors
A total of 4 people contributed to this release. People with a "+" by their
names contributed a patch for the first time.
Pull requests merged
A total of 4 pull requests were merged for this release.
arr.conj()np.linalg.svd(..., hermitian=True)returns non-unitary...v2.4.5: (May 15, 2026)Compare Source
NumPy 2.4.5 Release Notes
NumPy 2.4.5 is a patch release that fixes bugs discovered after the 2.4.4
release, has some typing improvements, and maintains infrastructure.
This release supports Python versions 3.11-3.14
Contributors
A total of 17 people contributed to this release. People with a "+" by their
names contributed a patch for the first time.
Pull requests merged
A total of 28 pull requests were merged for this release.
np.shapeassignability issue for python lists (#31171)pack_inner...tile: accept numpy scalars and arrays as second argument...ix_fix for boolean and non-1d input (#31218)_NestedSequencetype parameter default to work around...DTypeLikeruntime type-checker support (#31425)v2.4.4: 2.4.4 (Mar 29, 2026)Compare Source
NumPy 2.4.4 Release Notes
The NumPy 2.4.4 is a patch release that fixes bugs discovered after the 2.4.3
release. It should finally close issue #30816, the OpenBLAS threading problem
on ARM.
This release supports Python versions 3.11-3.14
Contributors
A total of 8 people contributed to this release. People with a "+" by their
names contributed a patch for the first time.
Pull requests merged
A total of 7 pull requests were merged for this release.
sprintfwithsnprintf...v2.4.3: 2.4.3 (Mar 9, 2026)Compare Source
NumPy 2.4.3 Release Notes
The NumPy 2.4.3 is a patch release that fixes bugs discovered after the
2.4.2 release. The most user visible fix may be a threading fix for
OpenBLAS on ARM, closing issue #30816.
This release supports Python versions 3.11-3.14
Contributors
A total of 11 people contributed to this release. People with a "+" by their
names contributed a patch for the first time.
Pull requests merged
A total of 14 pull requests were merged for this release.
matlib: missing extended precision importspandas-dev/pandas (pandas-dev/pandas)
v3.1.0.dev0Compare Source
v3.0.3: pandas 3.0.3Compare Source
We are pleased to announce the release of pandas 3.0.3.
This is a patch release in the 3.0.x series and includes some regression fixes and bug fixes. We recommend that all users of the 3.0.x series upgrade to this version.
See the full whatsnew for a list of all the changes.
Pandas 3.0 supports Python 3.11 and higher.
The release can be installed from PyPI:
Or from conda-forge
Please report any issues with the release on the pandas issue tracker.
Thanks to all the contributors who made this release possible.
v3.0.2: pandas 3.0.2Compare Source
We are pleased to announce the release of pandas 3.0.2.
This is a patch release in the 3.0.x series and includes some regression fixes and bug fixes. We recommend that all users of the 3.0.x series upgrade to this version.
See the full whatsnew for a list of all the changes.
Pandas 3.0 supports Python 3.11 and higher.
The release can be installed from PyPI:
Or from conda-forge
Please report any issues with the release on the pandas issue tracker.
Thanks to all the contributors who made this release possible.
psf/requests (psf/requests)
v2.34.2Compare Source
2.34.2 (2026-05-14)
headersinput type back toMappingto avoid invariance issues withMutableMappingand inferred dict types. Users callingRequest.headers.update()may need to narrow typing in their code. (#7441)Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14
v2.34.1Compare Source
2.34.1 (2026-05-13)
Bugfixes
jsoninput type fromdictandlisttoMappingand
Sequence. (#7436)headersinput type to MutableMapping and removedNonefromRequest.headerstyping to improve handling for users. (#7431)Response.reasonmoved fromstr | Nonetostrto improve handlingfor users. (#7437)
__getattr__implementationsweren't being properly detected as Iterables. (#7433)
New Contributors
Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13
v2.34.0Compare Source
2.34.0 (2026-05-11)
Announcements
Requests 2.34.0 introduces inline types, replacing those provided by
typeshed. Public API types should be fully compatible with mypy, pyright,
and ty. We believe types are comprehensive but if you find issues, please
report them to the pinned tracking issue.
Special thanks to @bastimeyer, @cthoyt, @edgarrmondragon, and @srittau for
helping review and test the types ahead of the release. (#7272)
Improvements
usedforsecurity=Falseto clarifysecurity considerations. (#7310)
should be able to start testing prior to its release in October. (#7422)
Bugfixes
Response.historyno longer contains a reference to itself, preventingaccidental looping when traversing the history list. (#7328)
proxy_bypass implementation has been updated with CPython's fix from
bpo-39057. (#7427)
URI paths. This should address user issues with specific presigned
URLs. Note the full fix requires urllib3 2.7.0+. (#7315)
New Contributors
Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2340-2026-05-11
v2.34.0.dev1Compare Source
v2.33.1Compare Source
2.33.1 (2026-03-30)
Bugfixes
files in the tmp directory. (#7305)
New Contributors
Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2331-2026-03-30
v2.33.0Compare Source
2.33.0 (2026-03-25)
Announcements
Security
requests.utils.extract_zipped_pathsnow extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.Improvements
Bugfixes
Deprecations
Documentation
New Contributors
Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25
pypa/packaging (pypa/packaging)
v26.2Compare Source
What's Changed
Fixes:
Version,Specifier,SpecifierSet,Tag,Marker, andRequirementpickle-safeand backward-compatible with pickles created in 25.0-26.1 (including references to the removed
packaging._structuresmodule) by @eachimei and @henryiii in #1163, #1168, #1170, and #1171Documentation:
Internal:
New Contributors
Full Changelog: pypa/packaging@26.1...26.2
v26.1Compare Source
Features:
PEP 783: add handling for Emscripten wheel tags by @hoodmane in #804(old name used in implementation, will be fixed in next release)abi3.abi3tfree-threading tag by @ngoldbaum in #1099packaging.dependency_groupsmodule, based on thedependency-groupspackage by @sirosen in #1065packaging.direct_urlmodule by @sbidoul in #944packaging.errorsmodule by @henryiii in #1071SpecifierSet.is_unsatisfiableusing ranges (new internals that will be expanded in future versions) by @notatallshaw in #1119create_compatible_tags_selectorto select compatible tags by @sbidoul in #1110keyargument toSpecifierSet.filter()by @frostming in #1068&and|forMarker's by @henryiii in #1146Version.__replace__and addVersion.from_partsby @henryiii in #1078parse_wheel_filenameby @r266-tech in #1150Behavior adaptations:
<V.postNto match spec by @notatallshaw in #1140>Vto match spec by @notatallshaw in #1141format_full_versionto_format_full_versionto make it visibly private by @r266-tech in #1125Pylock (PEP 751) updates:
selectfunction by @sbidoul in #1092select()method andPylockSelectErrorby @r266-tech in #1153filenameproperty toPackageSdistandPackageWheel, more validation by @sbidoul in #1095Fixes:
>comparison for versions with dev+local segments by @veeceey in #1097InfinityTypeandNegativeInfinityTypeby @bysiber in #1093SpecifierSetby @notatallshaw in #1109keyparameter inSpecifierSet.filterwhen specifiers are empty and prerelease isFalseby @notatallshaw in #1096reproutput by @henryiii in #1090Specifier's===uses original string, not normalized, when available by @notatallshaw in #1124ValueErrorby @notatallshaw in #1155Performance:
VersiontoVersioncomparison by skipping_keyproperty by @notatallshaw in #1083Versionhash value in dedicated slot by @notatallshaw in #1118_cmpkeyto remove use of custom objects by @notatallshaw in #1116__replace__in Specifier comparison if not needed by @notatallshaw in #1081SpecifierSetusetupleinstead offrozensetfor_specsby @notatallshaw in #1108SpecifierSetfiltering by implementing cost-based ordering by @notatallshaw in #1105SpecifierSet.filterby @notatallshaw in #1076__slots__toMarkerby @henryiii in #1147Specifierregex by @sirosen in #1106Internal:
collections.namedtuplein tests by @henryiii in #1070dir()/ tab-completion in REPL by @henryiii in #1011__all__/__dir__by @henryiii in #1069SpecifierSet.prereleasesby @notatallshaw in #1073_compare_compatibleby @notatallshaw in #1100Specifier.prereleasesby @notatallshaw in #1074Specifier.prereleasesby @notatallshaw in #1072Documentation:
Version.from_parts()by @Jackenmen in #1134&and|operators for combiningMarkerobjects by @r266-tech in #1151Versiondocumentation by @henryiii in #1089Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.