Skip to content

Bump the production-dependencies group with 7 updates#1943

Merged
KatieB5 merged 1 commit intomainfrom
dependabot/pip/production-dependencies-c1635a06af
Mar 23, 2026
Merged

Bump the production-dependencies group with 7 updates#1943
KatieB5 merged 1 commit intomainfrom
dependabot/pip/production-dependencies-c1635a06af

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 23, 2026
edited
Loading

Bumps the production-dependencies group with 7 updates:

Package From To
charset-normalizer 3.4.5 3.4.6
mkdocs-get-deps 0.2.0 0.2.2
mkdocs-material 9.7.4 9.7.5
filelock 3.25.0 3.25.2
identify 2.6.17 2.6.18
virtualenv 21.1.0 21.2.0
setuptools 82.0.0 82.0.1

Updates charset-normalizer from 3.4.5 to 3.4.6

Release notes

Sourced from charset-normalizer's releases.

Version 3.4.6

3.4.6 (2026-03-15)

Changed

  • Flattened the logic in charset_normalizer.md for higher performance. Removed eligible(..) and feed(...) in favor of feed_info(...).
  • Raised upper bound for mypy[c] to 1.20, for our optimized version.
  • Updated UNICODE_RANGES_COMBINED using Unicode blocks v17.

Fixed

  • Edge case where noise difference between two candidates can be almost insignificant. (#672)
  • CLI --normalize writing to wrong path when passing multiple files in. (#702)

Misc

  • Freethreaded pre-built wheels now shipped in PyPI starting with 3.14t. (#616)
Changelog

Sourced from charset-normalizer's changelog.

3.4.6 (2026-03-15)

Changed

  • Flattened the logic in charset_normalizer.md for higher performance. Removed eligible(..) and feed(...) in favor of feed_info(...).
  • Raised upper bound for mypy[c] to 1.20, for our optimized version.
  • Updated UNICODE_RANGES_COMBINED using Unicode blocks v17.

Fixed

  • Edge case where noise difference between two candidates can be almost insignificant. (#672)
  • CLI --normalize writing to wrong path when passing multiple files in. (#702)

Misc

  • Freethreaded pre-built wheels now shipped in PyPI starting with 3.14t. (#616)
Commits
  • 5478b84 Merge pull request #715 from jawah/release-3.4.6
  • 5c0a09e ✔️ add confidence for threading usage, mostly due to lru_cach...
  • ef826b2 📝 update changelog
  • 5564f1a 📝 update docs accordingly
  • 0f2cf7d 📝 update changelog
  • 54a1894 🐛 fix --normalize writing to wrong path with multiple files
  • 2177e28 📝 update changelog
  • b2497a5 🐛 edge case where noise difference between two candidates can be almost i...
  • 13a5d0b 🔧 upgrade ci requirements
  • b9ffbd4 🔧 enable 3.14t nox mypyc session
  • Additional commits viewable in compare view

Updates mkdocs-get-deps from 0.2.0 to 0.2.2

Commits

Updates mkdocs-material from 9.7.4 to 9.7.5

Release notes

Sourced from mkdocs-material's releases.

mkdocs-material-9.7.5

[!WARNING]

Material for MkDocs is in maintenance mode

Going forward, the Material for MkDocs team focuses on Zensical, a next-gen static site generator built from first principles. We will provide critical bug fixes and security updates for Material for MkDocs until November 2026.

Read the full announcement on our blog

Changes

  • Limited version range of mkdocs to <2
  • Updated MkDocs 2.0 incompatibility warning (clarify relation with MkDocs)
Changelog

Sourced from mkdocs-material's changelog.

mkdocs-material-9.7.6 (2026-03-19)

  • Automatically disable MkDocs 2.0 warning for forks of MkDocs

mkdocs-material-9.7.5 (2026-03-10)

  • Limited version range of mkdocs to <2
  • Updated MkDocs 2.0 incompatibility warning (clarify relation with MkDocs)

mkdocs-material-9.7.4 (2026-03-03)

  • Hardened social cards plugin by switching to sandboxed environment
  • Updated MkDocs 2.0 incompatibility warning

mkdocs-material-9.7.3 (2026-02-24)

  • Fixed #8567: Print MkDocs 2.0 incompatibility warning to stderr

mkdocs-material-9.7.2 (2026-02-18)

  • Opened up version ranges of optional dependencies for forward-compatibility
  • Added warning to 'mkdocs build' about impending MkDocs 2.0 incompatibility

mkdocs-material-9.7.1 (2025-12-18)

  • Updated requests to 2.30+ to mitigate CVE in urllib
  • Fixed privacy plugin not picking up protocol-relative URLs
  • Fixed #8542: false positives and negatives captured in privacy plugin

mkdocs-material-9.7.0 (2025-11-11)

⚠️ Material for MkDocs is now in maintenance mode

This is the last release of Material for MkDocs that will receive new features. Going forward, the Material for MkDocs team focuses on Zensical, a next-gen static site generator built from first principles. We will provide critical bug fixes and security updates for Material for MkDocs for 12 months at least.

Read the full announcement on our blog: https://squidfunk.github.io/mkdocs-material/blog/2025/11/05/zensical/

This release includes all features that were previously exclusive to the Insiders edition. These features are now freely available to everyone.

Note on deprecated plugins: The projects and typeset plugins are included in this release, but must be considered deprecated. Both plugins proved unsustainable to maintain and represent architectural dead ends. They are provided as-is without ongoing support.

Changes:

... (truncated)

Commits
  • 00b9933 Prepare 9.7.5 release
  • 37683d1 Updated blog post on MkDocs 2.0
  • 199e315 Updated warning message to clarify relation to MkDocs
  • 1025833 Limited version range of mkdocs to <2
  • 1532f52 Added update log to blog post
  • d0c8b28 Updated dependencies to fix vulnerabilities
  • 71d4869 Updated blog post on MkDocs 2.0
  • 0d30a13 Updated blog post on MkDocs 2.0
  • 8b55995 Updated blog post on MkDocs 2.0
  • 66d413f Updated blog post on MkDocs 2.0
  • See full diff in compare view

Updates filelock from 3.25.0 to 3.25.2

Release notes

Sourced from filelock's releases.

3.25.2

What's Changed

Full Changelog: tox-dev/filelock@3.25.1...3.25.2

3.25.1

What's Changed

Full Changelog: tox-dev/filelock@3.25.0...3.25.1

Changelog

Sourced from filelock's changelog.

########### Changelog ###########

3.25.2 (2026-03-11)

  • 🐛 fix(unix): suppress EIO on close in Docker bind mounts :pr:513

3.25.1 (2026-03-09)

  • [pre-commit.ci] pre-commit autoupdate :pr:510 - by :user:pre-commit-ci[bot]
  • 🐛 fix(win): restore best-effort lock file cleanup on release :pr:511
  • [pre-commit.ci] pre-commit autoupdate :pr:508 - by :user:pre-commit-ci[bot]
  • 📝 docs(logo): add branded project logo :pr:507

3.25.0 (2026-03-01)

  • ✨ feat(async): add AsyncReadWriteLock :pr:506
  • Standardize .github files to .yaml suffix
  • build(deps): bump actions/download-artifact from 7 to 8 :pr:503 - by :user:dependabot[bot]
  • build(deps): bump actions/upload-artifact from 6 to 7 :pr:502 - by :user:dependabot[bot]
  • Move SECURITY.md to .github/SECURITY.md
  • Add security policy
  • Add permissions to check workflow :pr:500
  • [pre-commit.ci] pre-commit autoupdate :pr:499 - by :user:pre-commit-ci[bot]

3.24.3 (2026-02-19)

  • 🐛 fix(unix): handle ENOENT race on FUSE/NFS during acquire :pr:495
  • 🐛 fix(ci): add trailing blank line after changelog entries :pr:492

3.24.2 (2026-02-16)

  • 🐛 fix(rw): close sqlite3 cursors and skip SoftFileLock Windows race :pr:491
  • 🐛 fix(test): resolve flaky write non-starvation test :pr:490
  • 📝 docs: restructure using Diataxis framework :pr:489

3.24.1 (2026-02-15)

... (truncated)

Commits

Updates identify from 2.6.17 to 2.6.18

Commits

Updates virtualenv from 21.1.0 to 21.2.0

Release notes

Sourced from virtualenv's releases.

21.2.0

What's Changed

Full Changelog: pypa/virtualenv@21.1.0...21.2.0

Changelog

Sourced from virtualenv's changelog.

Features - 21.2.0

  • Update embed wheel generator (tasks/upgrade_wheels.py) to include type annotations in generated output - by :user:rahuldevikar. (:issue:3075)

Bugfixes - 21.2.0

  • Pass --without-scm-ignore-files to subprocess venv on Python 3.13+ so virtualenv controls .gitignore creation, fixing flaky test_create_no_seed and --no-vcs-ignore being ignored in subprocess path - by :user:gaborbernat. (:issue:3089)
  • Use BASH_SOURCE[0] instead of $0 in the bash activate script relocation fallback, fixing incorrect PATH when sourcing the activate script from a different directory - by :user:gaborbernat. (:issue:3090)

v21.1.0 (2026-02-27)

Commits
  • 0b6f444 release 21.2.0
  • e1af35d 🐛 fix(create): prevent venv from racing virtualenv on gitignore creation (#3092)
  • f05bf08 🐛 fix(bash): use BASH_SOURCE in activate relocation (#3091)
  • 0cd0e09 fix broken README heading introduced in docs restructure (#3088)
  • b7ab17e [pre-commit.ci] pre-commit autoupdate (#3087)
  • f2062bc chore(deps): bump astral-sh/setup-uv from 4 to 7 (#3086)
  • eb27e55 Add type annotations to embed wheel generator output (#3085)
  • fbb3bd1 chore(deps): bump peter-evans/create-pull-request from 7 to 8 (#3081)
  • a1d3963 chore(deps): bump actions/setup-python from 5 to 6 (#3080)
  • e768d56 chore(deps): bump actions/upload-artifact from 4 to 7 (#3082)
  • Additional commits viewable in compare view

Updates setuptools from 82.0.0 to 82.0.1

Changelog

Sourced from setuptools's changelog.

v82.0.1

Bugfixes

  • Fix the loading of launcher manifest.xml file. (#5047)
  • Replaced deprecated json.__version__ with fixture in tests. (#5186)

Improved Documentation

  • Add advice about how to improve predictability when installing sdists. (#5168)

Misc

Commits
  • 5a13876 Bump version: 82.0.0 → 82.0.1
  • 51ab8f1 Avoid using (deprecated) 'json.version' in tests (#5194)
  • f9c37b2 Docs/CI: Fix intersphinx references (#5195)
  • 8173db2 Docs: Fix intersphinx references
  • 09bafbc Fix past tense on newsfragment
  • 461ea56 Add news fragment
  • c4ffe53 Avoid using (deprecated) 'json.version' in tests
  • 749258b Cleanup pkg_resources dependencies and configuration (#5175)
  • 2019c16 Parse ext-module.define-macros from pyproject.toml as list of tuples (#5169)
  • b809c86 Sync setuptools schema with validate-pyproject (#5157)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Mar 23, 2026
@dependabot
Bump the production-dependencies group with 7 updates
faba846 
Bumps the production-dependencies group with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [charset-normalizer](https://github.com/jawah/charset_normalizer) | `3.4.5` | `3.4.6` |
| [mkdocs-get-deps](https://github.com/mkdocs/get-deps) | `0.2.0` | `0.2.2` |
| [mkdocs-material](https://github.com/squidfunk/mkdocs-material) | `9.7.4` | `9.7.5` |
| [filelock](https://github.com/tox-dev/py-filelock) | `3.25.0` | `3.25.2` |
| [identify](https://github.com/pre-commit/identify) | `2.6.17` | `2.6.18` |
| [virtualenv](https://github.com/pypa/virtualenv) | `21.1.0` | `21.2.0` |
| [setuptools](https://github.com/pypa/setuptools) | `82.0.0` | `82.0.1` |


Updates `charset-normalizer` from 3.4.5 to 3.4.6
- [Release notes](https://github.com/jawah/charset_normalizer/releases)
- [Changelog](https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md)
- [Commits](jawah/charset_normalizer@3.4.5...3.4.6)

Updates `mkdocs-get-deps` from 0.2.0 to 0.2.2
- [Commits](https://github.com/mkdocs/get-deps/commits)

Updates `mkdocs-material` from 9.7.4 to 9.7.5
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases)
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG)
- [Commits](squidfunk/mkdocs-material@9.7.4...9.7.5)

Updates `filelock` from 3.25.0 to 3.25.2
- [Release notes](https://github.com/tox-dev/py-filelock/releases)
- [Changelog](https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst)
- [Commits](tox-dev/filelock@3.25.0...3.25.2)

Updates `identify` from 2.6.17 to 2.6.18
- [Commits](pre-commit/identify@v2.6.17...v2.6.18)

Updates `virtualenv` from 21.1.0 to 21.2.0
- [Release notes](https://github.com/pypa/virtualenv/releases)
- [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst)
- [Commits](pypa/virtualenv@21.1.0...21.2.0)

Updates `setuptools` from 82.0.0 to 82.0.1
- [Release notes](https://github.com/pypa/setuptools/releases)
- [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst)
- [Commits](pypa/setuptools@v82.0.0...v82.0.1)

---
updated-dependencies:
- dependency-name: charset-normalizer
  dependency-version: 3.4.6
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: mkdocs-get-deps
  dependency-version: 0.2.2
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: mkdocs-material
  dependency-version: 9.7.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: filelock
  dependency-version: 3.25.2
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: identify
  dependency-version: 2.6.18
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: virtualenv
  dependency-version: 21.2.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: setuptools
  dependency-version: 82.0.1
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/pip/production-dependencies-c1635a06af branch from ef37f4d to faba846 Compare March 23, 2026 11:14
@KatieB5 KatieB5 merged commit efd833a into main Mar 23, 2026
1 check passed
@KatieB5 KatieB5 deleted the dependabot/pip/production-dependencies-c1635a06af branch March 23, 2026 13:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@KatieB5 KatieB5 KatieB5 approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@KatieB5