Skip to content

Bump the pip group with 3 updates #289

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
tstirrat15 merged 1 commit into from
Sep 22, 2025
Merged

Bump the pip group with 3 updates #289

tstirrat15 merged 1 commit into from
Sep 22, 2025

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 22, 2025

Updates the requirements on protobuf, grpcio-tools and mypy to permit the latest version.
Updates protobuf to 6.32.1

Commits

Updates grpcio-tools to 1.75.0

Release notes

Sourced from grpcio-tools's releases.

Release v1.75.0

This is release 1.75.0 (gemini) of gRPC Core.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes, with highlights listed below.

Core

  • [Security] Cherry Pick Spiffe Verification. (#40515)
  • [Python][Typeguard] Part 3 - Add Typeguard to AIO stack in tests. (#40217)
  • [c-ares] update version to 1.34.5. (#39508)
  • [pick_first] fix bug that caused us to stop attempting to connect. (#40162)

C++

  • [OTel C++] Implement retry metrics. (#39195)

Objective-C

  • Fix data race by adding custom getter for state property with @synchronized locking. (#40146)

Python

  • gRPC Python (grpcio) now depends on typing-extensions~=4.13. (#40137)
  • Update musllinux wheels from musllinux_1_1 to musllinux_1_2. (#40317)
    • Dropping musllinux_1_1 because it reached EOL in November 2024
    • Reference on musllinux platform tags: PEP 656
  • grpc.aio typehint fixes. (#40215, #40217)
    • Fixes type hints for grpc.aio._utils, grpc.aio._call, grpc.aio._interceptor and grpc.aio._utils
    • Fixing the error in public API: ClientCallDetails.method was declared as str but always called with bytes, see InterceptedUnaryUnaryCall.
  • Fixes issue #40325 with grpcio failing to install on all non-Mac Apple devices internal builds. (#40347)

Ruby

  • Ruby: Mark credential object in channel. (#40394)
  • [Ruby] Add rubygems support for linux-gnu and linux-musl platforms. (#39549)
Changelog

Sourced from grpcio-tools's changelog.

gRPC Release Schedule

Below is the release schedule for gRPC Java, Go and Core and its dependent languages C++, C#, Objective-C, PHP, Python and Ruby.

Releases are scheduled every six weeks on Tuesdays on a best effort basis. In some unavoidable situations a release may be delayed or released early or a language may skip a release altogether and do the next release to catch up with other languages. See the past releases in the links above. A six-week cycle gives us a good balance between delivering new features/fixes quickly and keeping the release overhead low.

The gRPC release support policy can be found here.

Releases are cut from release branches. For Core and Java repos, the release branch is cut two weeks before the scheduled release date. For Go, the branch is cut just before the release. An RC (release candidate) is published for Core and its dependent languages just after the branch cut. This RC is later promoted to release version if no further changes are made to the release branch. We do our best to keep head of master branch stable at all times regardless of release schedule. Daily build packages from master branch for C#, PHP, Python, Ruby and Protoc plugins are published on packages.grpc.io. If you depend on gRPC in production we recommend to set up your CI system to test the RCs and, if possible, the daily builds.

Names of gRPC releases are here.

Release Scheduled Branch Cut Scheduled Release Date
v1.17.0 Nov 19, 2018 Dec 4, 2018
v1.18.0 Jan 2, 2019 Jan 15, 2019
v1.19.0 Feb 12, 2019 Feb 26, 2019
v1.20.0 Mar 26, 2019 Apr 9, 2019
v1.21.0 May 7, 2019 May 21, 2019
v1.22.0 Jun 18, 2019 Jul 2, 2019
v1.23.0 Jul 30, 2019 Aug 13, 2019
v1.24.0 Sept 10, 2019 Sept 24, 2019
v1.25.0 Oct 22, 2019 Nov 5, 2019
v1.26.0 Dec 3, 2019 Dec 17, 2019
v1.27.0 Jan 14, 2020 Jan 28, 2020
v1.28.0 Feb 25, 2020 Mar 10, 2020
v1.29.0 Apr 7, 2020 Apr 21, 2020
v1.30.0 May 19, 2020 Jun 2, 2020
v1.31.0 Jul 14, 2020 Jul 28, 2020
v1.32.0 Aug 25, 2020 Sep 8, 2020
v1.33.0 Oct 6, 2020 Oct 20, 2020
v1.34.0 Nov 17, 2020 Dec 1, 2020
v1.35.0 Dec 29, 2020 Jan 12, 2021
v1.36.0 Feb 9, 2021 Feb 23, 2021
v1.37.0 Mar 23, 2021 Apr 6, 2021
v1.38.0 May 4, 2021 May 18, 2021
v1.39.0 Jun 15, 2021 Jun 29, 2021
v1.40.0 Jul 27, 2021 Aug 10, 2021
v1.41.0 Sep 7, 2021 Sep 21, 2021
v1.42.0 Oct 19, 2021 Nov 2, 2021
v1.43.0 Nov 30, 2021 Dec 14, 2021
v1.44.0 Jan 11, 2022 Jan 25, 2022
v1.45.0 Feb 22, 2022 Mar 8, 2022
Commits
  • 093085c [build] Fix objc boringssl build backport (#40689)
  • 8c45613 [release] Bump release version on v1.75.x branch to v1.75.0 (#40644)
  • d382f40 [Backport][v1.75.x][Python][Support 3.14] Enable Python 3.14 interpreters for...
  • e6db475 [Backport][v1.75.x][Python] Build manylinux aarch64 without cross-compilation...
  • 77dc9c8 [Backport][v1.75.x][Python] Updating rules_python to 1.5.4 (#40607)
  • 8f36086 [Security] Cherry Pick Spiffe Verification (#40515)
  • 5b393ee [release] Bump release version on v1.75.x to v1.75.0-pre1 (#40485)
  • e8715ed Bump core version to 50.0.0 for upcoming release (#40422)
  • 509f9fb [PH2] WritePath Integration (#40404)
  • 8a66132 [PH2][Settings] Adding documentation
  • Additional commits viewable in compare view

Updates mypy from 1.18.1 to 1.18.2

Changelog

Sourced from mypy's changelog.

Mypy 1.18.1

We’ve just uploaded mypy 1.18.1 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

Mypy Performance Improvements

Mypy 1.18.1 includes numerous performance improvements, resulting in about 40% speedup compared to 1.17 when type checking mypy itself. In extreme cases, the improvement can be 10x or higher. The list below is an overview of the various mypy optimizations. Many mypyc improvements (discussed in a separate section below) also improve performance.

Type caching optimizations have a small risk of causing regressions. When reporting issues with unexpected inferred types, please also check if --disable-expression-cache will work around the issue, as it turns off some of these optimizations.

  • Improve self check performance by 1.8% (Jukka Lehtosalo, PR 19768, 19769, 19770)
  • Optimize fixed-format deserialization (Ivan Levkivskyi, PR 19765)
  • Use macros to optimize fixed-format deserialization (Ivan Levkivskyi, PR 19757)
  • Two additional micro‑optimizations (Ivan Levkivskyi, PR 19627)
  • Another set of micro‑optimizations (Ivan Levkivskyi, PR 19633)
  • Cache common types (Ivan Levkivskyi, PR 19621)
  • Skip more method bodies in third‑party libraries for speed (Ivan Levkivskyi, PR 19586)
  • Simplify the representation of callable types (Ivan Levkivskyi, PR 19580)
  • Add cache for types of some expressions (Ivan Levkivskyi, PR 19505)
  • Use cache for dictionary expressions (Ivan Levkivskyi, PR 19536)
  • Use cache for binary operations (Ivan Levkivskyi, PR 19523)
  • Cache types of type objects (Ivan Levkivskyi, PR 19514)
  • Avoid duplicate work when checking boolean operations (Ivan Levkivskyi, PR 19515)
  • Optimize generic inference passes (Ivan Levkivskyi, PR 19501)
  • Speed up the default plugin (Jukka Lehtosalo, PRs 19385 and 19462)
  • Remove nested imports from the default plugin (Ivan Levkivskyi, PR 19388)
  • Micro‑optimize type expansion (Jukka Lehtosalo, PR 19461)
  • Micro‑optimize type indirection (Jukka Lehtosalo, PR 19460)
  • Micro‑optimize the plugin framework (Jukka Lehtosalo, PR 19464)
  • Avoid temporary set creation in subtype checking (Jukka Lehtosalo, PR 19463)
  • Subtype checking micro‑optimization (Jukka Lehtosalo, PR 19384)
  • Return early where possible in subtype check (Stanislav Terliakov, PR 19400)
  • Deduplicate some types before joining (Stanislav Terliakov, PR 19409)
  • Speed up type checking by caching argument inference context (Jukka Lehtosalo, PR 19323)
  • Optimize binding method self argument type and deprecation checks (Ivan Levkivskyi, PR 19556)
  • Keep trivial instance types/aliases during expansion (Ivan Levkivskyi, PR 19543)

Fixed‑Format Cache (Experimental)

... (truncated)

Commits
  • df05f05 remove +dev from version
  • 01a7a12 Update changelog for 1.18.2 (#19873)
  • ca5abf0 Typeshed cherry-pick: Make type of unitest.mock.Any a subclass of Any (#1...
  • 9d794b5 [mypyc] fix: inappropriate Nones in f-strings (#19846)
  • 2c0510c stubtest: additional guidance on errors when runtime is object.init (#19733)
  • 2f3f03c Bump version to 1.18.2+dev for point release
  • 7669841 Fix crash on recursive alias in indirection.py (#19845)
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the pip group with 3 updates
550518d 
Updates the requirements on [protobuf](https://github.com/protocolbuffers/protobuf), [grpcio-tools](https://github.com/grpc/grpc) and [mypy](https://github.com/python/mypy) to permit the latest version.

Updates `protobuf` to 6.32.1
- [Release notes](https://github.com/protocolbuffers/protobuf/releases)
- [Changelog](https://github.com/protocolbuffers/protobuf/blob/main/protobuf_release.bzl)
- [Commits](https://github.com/protocolbuffers/protobuf/commits)

Updates `grpcio-tools` to 1.75.0
- [Release notes](https://github.com/grpc/grpc/releases)
- [Changelog](https://github.com/grpc/grpc/blob/master/doc/grpc_release_schedule.md)
- [Commits](grpc/grpc@v1.63.0...v1.75.0)

Updates `mypy` from 1.18.1 to 1.18.2
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md)
- [Commits](python/mypy@v1.18.1...v1.18.2)

---
updated-dependencies:
- dependency-name: protobuf
  dependency-version: 6.32.1
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: grpcio-tools
  dependency-version: 1.75.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: mypy
  dependency-version: 1.18.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the area/dependencies Affects dependencies label Sep 22, 2025
@dependabot dependabot bot requested a review from a team as a code owner September 22, 2025 11:18
@dependabot dependabot bot added the area/dependencies Affects dependencies label Sep 22, 2025
@tstirrat15
Copy link
Contributor

tstirrat15 commented Sep 22, 2025

I can't unset the snyk check here, so I'm just going to merge past it.

@tstirrat15 tstirrat15 disabled auto-merge September 22, 2025 16:52
@tstirrat15 tstirrat15 merged commit dc5f74d into main Sep 22, 2025
12 of 13 checks passed
@tstirrat15 tstirrat15 deleted the dependabot/pip/pip-c960b5859e branch September 22, 2025 16:52
@github-actions github-actions bot locked and limited conversation to collaborators Sep 22, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

area/dependencies Affects dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tstirrat15