Skip to content

build(deps-dev): bump the minor-and-patch group with 4 updates #719

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 3, 2025
Merged

build(deps-dev): bump the minor-and-patch group with 4 updates #719

merged 1 commit into from
Nov 3, 2025

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 3, 2025

Bumps the minor-and-patch group with 4 updates: marshmallow, psutil, starlette and virtualenv.

Updates marshmallow from 4.0.1 to 4.1.0

Changelog

Sourced from marshmallow's changelog.

4.1.0 (2025-11-01) ++++++++++++++++++

Other changes:

  • Add __len__ implementation to missing so that it can be used with validate.Length <marshmallow.validate.Length> (:pr:2861). Thanks :user:agentgodzilla for the PR.
  • Drop support for Python 3.9 (:pr:2363).
  • Test against Python 3.14.
Commits
  • 441213d Bump version and update changelog
  • 2b84b56 (fix) missing constant with len validation (#2861)
  • fc87262 Test against Python 3.14 (#2864)
  • 2a5e2e1 Update CHANGELOG
  • d861be7 Merge pull request #2863 from marshmallow-code/drop_python_39
  • 22288b6 Fix ruff issues
  • 1d8fd27 Drop Python 3.9
  • 966caf9 [pre-commit.ci] pre-commit autoupdate
  • feb2244 Merge pull request #2857 from marshmallow-code/disable_RUF043
  • 23ee363 Disable RUF043 in tests: allow metacharacters in match patterns
  • Additional commits viewable in compare view

Updates psutil from 7.1.2 to 7.1.3

Changelog

Sourced from psutil's changelog.

7.1.3

2025-11-02

Enhancements

  • 2667_: enforce clang-format on all C and header files. It is now the mandatory formatting style for all C sources.
  • 2672_, [macOS], [BSD]: increase the chances to recognize zombie processes and raise the appropriate exception (ZombieProcess_).
  • 2676_, 2678_: replace unsafe sprintf / snprintf / sprintf_s calls with str_format(). Replace strlcat / strlcpy with safe str_copy / str_append. This unifies string handling across platforms and reduces unsafe usage of standard string functions, improving robustness.

Bug fixes

  • 2674_, [Windows]: disk_usage()_ could truncate values on 32-bit platforms, potentially reporting incorrect total/free/used space for drives larger than 4GB.
  • 2675_, [macOS]: Process.status()_ incorrectly returns "running" for 99% of the processes.
  • 2677_, [Windows]: fix MAC address string construction in net_if_addrs()_. Previously, the MAC address buffer was incorrectly updated using a fixed increment and sprintf_s, which could overflow or misformat the string if the MAC length or formatting changed. Also, the final '\n' was inserted unnecessarily.
  • 2679_, [OpenBSD], [NetBSD], [critical]: can't build due to C syntax error.
Commits
  • 5904ff9 Pre-release
  • d42db80 Update DEVGUIDE.rst
  • e4e1003 psutil_kinfo_proc: return in case of badargs; also print to stderr in case of...
  • bcdede4 Introduce PSUTIL_TESTING mode. Terminate execution if str_* funcs fail
  • 6822ba7 Replace strlcat/strlcpy with safe str_copy/str_append (#2678)
  • 0a7465c Windows: use str_format() in psutil_users().
  • fd05690 [Windows] fix MAC address string construction in net_if_addrs() (#2677)
  • 7d82135 NetBSD: refact proc cwd()
  • 262977f Replace unsafe sprintf/snprintf/sprintf_s calls with str_format() (#2676)
  • 1ba3cf5 Fix #2675 / macOS: convert process status() to a meaningful value
  • Additional commits viewable in compare view

Updates starlette from 0.48.0 to 0.50.0

Release notes

Sourced from starlette's releases.

Version 0.50.0

Removed

  • Drop Python 3.9 support #3061.

Full Changelog: Kludex/starlette@0.49.3...0.50.0

Version 0.49.3

Fixed

  • Relax strictness on Middleware type #3059.

Full Changelog: Kludex/starlette@0.49.2...0.49.3

Version 0.49.2

Fixed

  • Ignore if-modified-since header if if-none-match is present in StaticFiles #3044.

Full Changelog: Kludex/starlette@0.49.1...0.49.2

Version 0.49.1

This release fixes a security vulnerability in the parsing logic of the Range header in FileResponse.

You can view the full security advisory: GHSA-7f5h-v6xp-fcq8

Fixed

Full Changelog: Kludex/starlette@0.49.0...0.49.1

Version 0.49.0

Added

  • Add encoding parameter to Config class #2996.
  • Support multiple cookie headers in Request.cookies #3029.
  • Use Literal type for WebSocketEndpoint encoding values #3027.

Changed

  • Do not pollute exception context in Middleware when using BaseHTTPMiddleware #2976.

... (truncated)

Changelog

Sourced from starlette's changelog.

0.50.0 (November 1, 2025)

  • Drop Python 3.9 support #3061.

0.49.3 (November 1, 2025)

This is the last release that supports Python 3.9, which will be dropped in the next minor release.

Fixed

  • Relax strictness on Middleware type #3059.

0.49.2 (November 1, 2025)

Fixed

  • Ignore if-modified-since header if if-none-match is present in StaticFiles #3044.

0.49.1 (October 28, 2025)

This release fixes a security vulnerability in the parsing logic of the Range header in FileResponse.

You can view the full security advisory: GHSA-7f5h-v6xp-fcq8

Fixed

0.49.0 (October 28, 2025)

Added

  • Add encoding parameter to Config class #2996.
  • Support multiple cookie headers in Request.cookies #3029.
  • Use Literal type for WebSocketEndpoint encoding values #3027.

Changed

  • Do not pollute exception context in Middleware when using BaseHTTPMiddleware #2976.
Commits

Updates virtualenv from 20.35.3 to 20.35.4

Release notes

Sourced from virtualenv's releases.

20.35.4

What's Changed

New Contributors

Full Changelog: pypa/virtualenv@20.35.3...20.35.4

Changelog

Sourced from virtualenv's changelog.

v20.35.4 (2025-10-28)

Bugfixes - 20.35.4

- Fix race condition in ``_virtualenv.py`` when file is overwritten during import, preventing ``NameError`` when ``_DISTUTILS_PATCH`` is accessed - by :user:`gracetyy`. (:issue:`2969`)
- Upgrade embedded wheels:

    

  • pip to 25.3 from 25.2 (:issue:2989)
Commits
  • 0381534 release 20.35.4
  • 25207be Merge pull request #2989 from gaborbernat/bump-pip
  • d593841 Merge pull request #2984 from pypa/pre-commit-ci-update-config
  • f742f8d [pre-commit.ci] pre-commit autoupdate
  • 0a644b0 Merge pull request #2982 from gracetyy/fix/distutils_patch
  • 2b125eb refactor: fix last commit according to review feedback
  • 71d5e09 [pre-commit.ci] auto fixes from pre-commit.com hooks
  • fd0a834 refactor: fix last commit according to review feedback
  • c5e51d4 refactor: use pytest tmp_path fixture instead of tempfile.TemporaryDirectory
  • 629f7b8 Merge branch 'main' into fix/distutils_patch
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps-dev): bump the minor-and-patch group with 4 updates
43c4c98 
Bumps the minor-and-patch group with 4 updates: [marshmallow](https://github.com/marshmallow-code/marshmallow), [psutil](https://github.com/giampaolo/psutil), [starlette](https://github.com/Kludex/starlette) and [virtualenv](https://github.com/pypa/virtualenv).


Updates `marshmallow` from 4.0.1 to 4.1.0
- [Changelog](https://github.com/marshmallow-code/marshmallow/blob/dev/CHANGELOG.rst)
- [Commits](marshmallow-code/marshmallow@4.0.1...4.1.0)

Updates `psutil` from 7.1.2 to 7.1.3
- [Changelog](https://github.com/giampaolo/psutil/blob/master/HISTORY.rst)
- [Commits](giampaolo/psutil@release-7.1.2...release-7.1.3)

Updates `starlette` from 0.48.0 to 0.50.0
- [Release notes](https://github.com/Kludex/starlette/releases)
- [Changelog](https://github.com/Kludex/starlette/blob/main/docs/release-notes.md)
- [Commits](Kludex/starlette@0.48.0...0.50.0)

Updates `virtualenv` from 20.35.3 to 20.35.4
- [Release notes](https://github.com/pypa/virtualenv/releases)
- [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst)
- [Commits](pypa/virtualenv@20.35.3...20.35.4)

---
updated-dependencies:
- dependency-name: marshmallow
  dependency-version: 4.1.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: psutil
  dependency-version: 7.1.3
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: starlette
  dependency-version: 0.50.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: virtualenv
  dependency-version: 20.35.4
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Nov 3, 2025
@gadomski gadomski merged commit 22b6c37 into main Nov 3, 2025
10 checks passed
@gadomski gadomski deleted the dependabot/pip/minor-and-patch-8b58caeaed branch November 3, 2025 16:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@gadomski