Skip to content

chore(deps): bump the python-minor-patch group with 6 updates#214

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/python-minor-patch-e082da0f1a
Closed

chore(deps): bump the python-minor-patch group with 6 updates#214
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/python-minor-patch-e082da0f1a

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 29, 2026
edited
Loading

Bumps the python-minor-patch group with 6 updates:

Package From To
requests 2.33.0 2.34.2
markdown 3.10 3.10.2
pytest-cov 7.0.0 7.1.0
ruff 0.14.10 0.15.14
pre-commit 4.5.1 4.6.0
hatch 1.16.2 1.16.5

Updates requests from 2.33.0 to 2.34.2

Release notes

Sourced from requests's releases.

v2.34.2

2.34.2 (2026-05-14)

  • Moved headers input type back to Mapping to avoid invariance issues with MutableMapping and inferred dict types. Users calling Request.headers.update() may need to narrow typing in their code. (#7441)

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14

v2.34.1

2.34.1 (2026-05-13)

Bugfixes

  • Widened json input type from dict and list to Mapping and Sequence. (#7436)
  • Changed headers input type to MutableMapping and removed None from Request.headers typing to improve handling for users. (#7431)
  • Response.reason moved from str | None to str to improve handling for users. (#7437)
  • Fixed a bug where some bodies with custom __getattr__ implementations weren't being properly detected as Iterables. (#7433)

New Contributors

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13

v2.34.0

2.34.0 (2026-05-11)

Announcements

  • Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue.

    Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for helping review and test the types ahead of the release. (#7272)

Improvements

  • Digest Auth hashing algorithms have added usedforsecurity=False to clarify security considerations. (#7310)
  • Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. (#7422)
  • Requests added support for Python 3.14t. (#7419)

Bugfixes

  • Response.history no longer contains a reference to itself, preventing accidental looping when traversing the history list. (#7328)
  • Requests no longer performs greedy matching on no_proxy domains. The

... (truncated)

Changelog

Sourced from requests's changelog.

2.34.2 (2026-05-14)

  • Moved headers input type back to Mapping to avoid invariance issues with MutableMapping and inferred dict types. Users calling Request.headers.update() may need to narrow typing in their code. (#7441)

2.34.1 (2026-05-13)

Bugfixes

  • Widened json input type from dict and list to Mapping and Sequence. (#7436)
  • Changed headers input type to MutableMapping and removed None from Request.headers typing to improve handling for users. (#7431)
  • Response.reason moved from str | None to str to improve handling for users. (#7437)
  • Fixed a bug where some bodies with custom __getattr__ implementations weren't being properly detected as Iterables. (#7433)

2.34.0 (2026-05-11)

Announcements

  • Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue.

    Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for helping review and test the types ahead of the release. (#7272)

Improvements

  • Digest Auth hashing algorithms have added usedforsecurity=False to clarify security considerations. (#7310)
  • Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. (#7422)
  • Requests added support for Python 3.14t. (#7419)

Bugfixes

  • Response.history no longer contains a reference to itself, preventing accidental looping when traversing the history list. (#7328)
  • Requests no longer performs greedy matching on no_proxy domains. The proxy_bypass implementation has been updated with CPython's fix from bpo-39057. (#7427)
  • Requests no longer incorrectly strips duplicate leading slashes in URI paths. This should address user issues with specific presigned URLs. Note the full fix requires urllib3 2.7.0+. (#7315)

... (truncated)

Commits

Updates markdown from 3.10 to 3.10.2

Release notes

Sourced from markdown's releases.

Release 3.10.2

Fixed

  • Fix a regression related to comment handling (#1590).
  • More reliable fix for </ (#1593).

Release 3.10.1

Fixed

  • Ensure nested elements inside inline comments are properly unescaped (#1571).
  • Make the docs build successfully with mkdocstrings-python 2.0 (#1575).
  • Fix infinite loop when multiple bogus or unclosed HTML comments appear in input (#1578).
  • Fix another infinite loop when handling bad comments (#1586).
Changelog

Sourced from markdown's changelog.

[3.10.2] - 2026-02-09

Fixed

  • Fix a regression related to comment handling (#1590).
  • More reliable fix for </ (#1593).

[3.10.1] - 2026-01-21

Fixed

  • Ensure nested elements inside inline comments are properly unescaped (#1571).
  • Make the docs build successfully with mkdocstrings-python 2.0 (#1575).
  • Fix infinite loop when multiple bogus or unclosed HTML comments appear in input (#1578).
  • Fix another infinite loop when handling bad comments (#1586).

[3.10.0] - 2025-11-03

Changed

  • Officially support Python 3.14 and PyPy 3.11 and drop support for Python 3.9 and PyPy 3.9.

Fixed

  • Fix an HTML comment parsing case in some Python versions that can cause an infinite loop (#1554).
  • Revert the default behavior of USE_DEFINITION_ORDER (to True). The new behavior introduced in 3.9.0 is experimental and results are inconsistent. It should not have been made the default behavior (#1561).

[3.9.0] - 2025-09-04

Changed

  • Footnotes are now ordered by the occurrence of their references in the document. A new configuration option for the footnotes extension, USE_DEFINITION_ORDER, has been added to support restoring the previous behavior of ordering footnotes by the occurrence of definitions (#1367).

Fixed

  • Ensure inline processing iterates through elements in document order (#1546).
  • Fix handling of incomplete HTML tags in code spans in Python 3.14 (#1547).

[3.8.2] - 2025-06-19

Fixed

  • Fix codecs deprecation in Python 3.14 (#1537).

... (truncated)

Commits
  • e7a0efb Bump version to 3.10.2
  • 6301833 Document HTML sanitation policy
  • 7f29f1a More reliable fix for </
  • c438647 Fix regression of special comments
  • e5fa5b8 Bump version to 3.10.1
  • f925349 More HTML fixes
  • 9933a0a Revert "Allow reference links with backticks"
  • 07dfa4e Allow reference links with backticks
  • fb6b27a Fix infinite loop when text contains multiple unclosed comments
  • 89112c2 Make the docs build successfully with mkdocstrings-python 2.0
  • Additional commits viewable in compare view

Updates pytest-cov from 7.0.0 to 7.1.0

Changelog

Sourced from pytest-cov's changelog.

7.1.0 (2026-03-21)

  • Fixed total coverage computation to always be consistent, regardless of reporting settings. Previously some reports could produce different total counts, and consequently can make --cov-fail-under behave different depending on reporting options. See [#641](https://github.com/pytest-dev/pytest-cov/issues/641) <https://github.com/pytest-dev/pytest-cov/issues/641>_.

  • Improve handling of ResourceWarning from sqlite3.

    The plugin adds warning filter for sqlite3 ResourceWarning unclosed database (since 6.2.0). It checks if there is already existing plugin for this message by comparing filter regular expression. When filter is specified on command line the message is escaped and does not match an expected message. A check for an escaped regular expression is added to handle this case.

    With this fix one can suppress ResourceWarning from sqlite3 from command line::

    pytest -W "ignore:unclosed database in <sqlite3.Connection object at:ResourceWarning" ...

  • Various improvements to documentation. Contributed by Art Pelling in [#718](https://github.com/pytest-dev/pytest-cov/issues/718) <https://github.com/pytest-dev/pytest-cov/pull/718>_ and "vivodi" in [#738](https://github.com/pytest-dev/pytest-cov/issues/738) <https://github.com/pytest-dev/pytest-cov/pull/738>. Also closed [#736](https://github.com/pytest-dev/pytest-cov/issues/736) <https://github.com/pytest-dev/pytest-cov/issues/736>.

  • Fixed some assertions in tests. Contributed by in Markéta Machová in [#722](https://github.com/pytest-dev/pytest-cov/issues/722) <https://github.com/pytest-dev/pytest-cov/pull/722>_.

  • Removed unnecessary coverage configuration copying (meant as a backup because reporting commands had configuration side-effects before coverage 5.0).

Commits
  • 66c8a52 Bump version: 7.0.0 → 7.1.0
  • f707662 Make the examples use pypy 3.11.
  • 6049a78 Make context test use the old ctracer (seems the new sysmon tracer behaves di...
  • 8ebf20b Update changelog.
  • 861d30e Remove the backup context manager - shouldn't be needed since coverage 5.0, ...
  • fd4c956 Pass the precision on the nulled total (seems that there's some caching goion...
  • 78c9c4e Only run the 3.9 on older deps.
  • 4849a92 Punctuation.
  • 197c35e Update changelog and hopefully I don't forget to publish release again :))
  • 14dc1c9 Update examples to use 3.11 and make the adhoc layout example look a bit more...
  • Additional commits viewable in compare view

Updates ruff from 0.14.10 to 0.15.14

Release notes

Sourced from ruff's releases.

0.15.14

Release Notes

Released on 2026-05-21.

Preview features

  • [airflow] Implement airflow-task-implicit-multiple-outputs (AIR202) (#25152)
  • [flake8-use-pathlib] Mark PTH101 fix as unsafe when first argument is a class attribute annotated as int (#25086)
  • [pylint] Implement too-many-try-statements (W0717) (#23970)
  • [ruff] Add incorrect-decorator-order (RUF074) (#23461)
  • [ruff] Add fallible-context-manager (RUF075) (#22844)

Bug fixes

  • Fix lambda formatting in interpolated string expressions (#25144)
  • Treat generic frozenset annotations as immutable (#25251)
  • [flake8-type-checking] Avoid strict behavior when future-annotations are enabled (TC001, TC002, TC003) (#25035)
  • [pylint] Avoid false positives in else clause (PLR1733) (#25177)

Rule changes

  • [flake8-comprehensions] Skip C417 for lambdas with positional-only parameters (#25272)
  • [flake8-simplify] Preserve f-string source verbatim in SIM101 fix (#25061)

Performance

  • Avoid unnecessary parser lookahead for operators (#25290)

Documentation

  • Update code example setting Neovim LSP log level (#25284)

Other changes

  • Add full PEP 798 support (#25104)
  • Add a parser recursion limit (#24810)
  • Update various ruff_python_stdlib APIs (#25273)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.14

Released on 2026-05-21.

Preview features

  • [airflow] Implement airflow-task-implicit-multiple-outputs (AIR202) (#25152)
  • [flake8-use-pathlib] Mark PTH101 fix as unsafe when first argument is a class attribute annotated as int (#25086)
  • [pylint] Implement too-many-try-statements (W0717) (#23970)
  • [ruff] Add incorrect-decorator-order (RUF074) (#23461)
  • [ruff] Add fallible-context-manager (RUF075) (#22844)

Bug fixes

  • Fix lambda formatting in interpolated string expressions (#25144)
  • Treat generic frozenset annotations as immutable (#25251)
  • [flake8-type-checking] Avoid strict behavior when future-annotations are enabled (TC001, TC002, TC003) (#25035)
  • [pylint] Avoid false positives in else clause (PLR1733) (#25177)

Rule changes

  • [flake8-comprehensions] Skip C417 for lambdas with positional-only parameters (#25272)
  • [flake8-simplify] Preserve f-string source verbatim in SIM101 fix (#25061)

Performance

  • Avoid unnecessary parser lookahead for operators (#25290)

Documentation

  • Update code example setting Neovim LSP log level (#25284)

Other changes

  • Add full PEP 798 support (#25104)
  • Add a parser recursion limit (#24810)
  • Update various ruff_python_stdlib APIs (#25273)

Contributors

... (truncated)

Commits
  • 9ad2da3 Bump 0.15.14 (#25295)
  • c714e84 [ty] Modernize setup of union types in mdtests (#25291)
  • 8a8e35e [flake8-comprehensions] Skip C417 for lambdas with positional-only parame...
  • aea5ed4 Avoid unnecessary parser lookahead for operators (#25290)
  • e9d72bb [ty] Allow enum member accesses on self (#25077)
  • 6cbd59b Set exclude-newer = "7 days" in our PEP-723 scripts (#25285)
  • 9999a39 Update code example on how to update Neovim LSP log level (#25284)
  • 67d8c54 [ty] Retain recursively-defined state in binary expressions (#25277)
  • 25a3191 [ty] Refine Callable class-decorator fallback for unknown results (#25250)
  • c423054 Add a recursion limit to the parser (#24810)
  • Additional commits viewable in compare view

Updates pre-commit from 4.5.1 to 4.6.0

Release notes

Sourced from pre-commit's releases.

pre-commit v4.6.0

Features

  • pre-commit hook-impl: allow --hook-dir to be missing to enable easier usage with git 2.54+ git hooks.

Fixes

Changelog

Sourced from pre-commit's changelog.

4.6.0 - 2026-04-21

Features

  • pre-commit hook-impl: allow --hook-dir to be missing to enable easier usage with git 2.54+ git hooks.

Fixes

Commits
  • f35134b v4.6.0
  • 2a51ffc Merge pull request #3662 from pre-commit/hook-impl-optional-hook-dir
  • d7dee32 make --hook-dir optional for hook-impl
  • 965aeb1 Merge pull request #3661 from pre-commit/hook-impl-required
  • 2eacc06 --hook-type is required for hook-impl
  • f5678bf Merge pull request #3657 from pre-commit/pre-commit-ci-update-config
  • 054cc5b [pre-commit.ci] pre-commit autoupdate
  • 5c0f302 Merge pull request #3652 from pre-commit/pre-commit-ci-update-config
  • a5d9114 [pre-commit.ci] pre-commit autoupdate
  • 129a1f5 Merge pull request #3641 from pre-commit/mxr-patch-1
  • Additional commits viewable in compare view

Updates hatch from 1.16.2 to 1.16.5

Release notes

Sourced from hatch's releases.

Hatch v1.16.5

Fixed:

  • Handle a breaking change in virtualenv by only supporting the latest version and adding python-discovery as a dependency.

Hatch v1.16.4

Fixed:

  • Fixes hatch shell type error for keep_env.
  • SBOM documentation for including SBOM files in sdist
  • Fixes workspace member detection to properly handle shared path prefixes.

Hatch v1.16.3

Added:

  • Env var for keep-env when an exception occurs during environment creation to enable debugging.

Fixed:

  • Fix issue with self-referential dependencies not being recognized.
  • Fix incomplete environments created when an exception occurs during creation.
  • Fix dependency-groups not working with when environment is not marked as builder.
  • Change Keyring to take expect repository URL instead of repository name.
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the python-minor-patch group with 6 updates
a92afda 
Bumps the python-minor-patch group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [requests](https://github.com/psf/requests) | `2.33.0` | `2.34.2` |
| [markdown](https://github.com/Python-Markdown/markdown) | `3.10` | `3.10.2` |
| [pytest-cov](https://github.com/pytest-dev/pytest-cov) | `7.0.0` | `7.1.0` |
| [ruff](https://github.com/astral-sh/ruff) | `0.14.10` | `0.15.14` |
| [pre-commit](https://github.com/pre-commit/pre-commit) | `4.5.1` | `4.6.0` |
| [hatch](https://github.com/pypa/hatch) | `1.16.2` | `1.16.5` |


Updates `requests` from 2.33.0 to 2.34.2
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.33.0...v2.34.2)

Updates `markdown` from 3.10 to 3.10.2
- [Release notes](https://github.com/Python-Markdown/markdown/releases)
- [Changelog](https://github.com/Python-Markdown/markdown/blob/master/docs/changelog.md)
- [Commits](Python-Markdown/markdown@3.10.0...3.10.2)

Updates `pytest-cov` from 7.0.0 to 7.1.0
- [Changelog](https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst)
- [Commits](pytest-dev/pytest-cov@v7.0.0...v7.1.0)

Updates `ruff` from 0.14.10 to 0.15.14
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.14.10...0.15.14)

Updates `pre-commit` from 4.5.1 to 4.6.0
- [Release notes](https://github.com/pre-commit/pre-commit/releases)
- [Changelog](https://github.com/pre-commit/pre-commit/blob/main/CHANGELOG.md)
- [Commits](pre-commit/pre-commit@v4.5.1...v4.6.0)

Updates `hatch` from 1.16.2 to 1.16.5
- [Release notes](https://github.com/pypa/hatch/releases)
- [Commits](pypa/hatch@hatch-v1.16.2...hatch-v1.16.5)

---
updated-dependencies:
- dependency-name: requests
  dependency-version: 2.34.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor-patch
- dependency-name: markdown
  dependency-version: 3.10.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-minor-patch
- dependency-name: pytest-cov
  dependency-version: 7.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor-patch
- dependency-name: ruff
  dependency-version: 0.15.14
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor-patch
- dependency-name: pre-commit
  dependency-version: 4.6.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: python-minor-patch
- dependency-name: hatch
  dependency-version: 1.16.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels May 29, 2026
@dependabot dependabot Bot requested a review from a team as a code owner May 29, 2026 22:03
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels May 29, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 29, 2026

Version Check Failed

Please increment...

@socket-security
Copy link
Copy Markdown

socket-security Bot commented May 29, 2026

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedpypi/​pre-commit@​4.5.1 ⏵ 4.6.093 +1100100100100
Updatedpypi/​hatch@​1.16.2 ⏵ 1.16.595 +1100100100100
Updatedpypi/​requests@​2.33.0 ⏵ 2.34.299 +1100100100100
Updatedpypi/​markdown@​3.10 ⏵ 3.10.2100 +1100100100100
Updatedpypi/​pytest-cov@​7.0.0 ⏵ 7.1.0100100100100100
Updatedpypi/​ruff@​0.14.10 ⏵ 0.15.14100 +1100100100100

View full report

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 29, 2026

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this May 29, 2026
@dependabot dependabot Bot deleted the dependabot/uv/python-minor-patch-e082da0f1a branch May 29, 2026 22:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants