Skip to content

Bump the pip-dependencies group with 7 updates#4929

Open
dependabot[bot] wants to merge 2 commits into
developfrom
dependabot/pip/develop/pip-dependencies-6c4564e995
Open

Bump the pip-dependencies group with 7 updates#4929
dependabot[bot] wants to merge 2 commits into
developfrom
dependabot/pip/develop/pip-dependencies-6c4564e995

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 10, 2026

Copy link
Copy Markdown
Contributor

Updates the requirements on ansible, python-dateutil, netaddr, gitpython, requests, urllib3 and graphql-core to permit the latest version.
Updates ansible from 12.3.0 to 14.1.0

Commits
  • b41eb51 Ansible 14.1.0: Dependencies, changelog and porting guide (#699)
  • 3030559 Add 15/ directory (#698)
  • 7ec68fa Release Ansible 14.0.0 (#697)
  • 79c7241 Schedule cyberark.pas for removal from Ansible 15 (#694)
  • 413d77b Specify collection-directory for graphiant.nas (take 2) (#693)
  • 5fd3dfc Specify collection-directory for graphiant.nas (#692)
  • 5629d13 Ansible 14.0.0rc1: Dependencies, changelog and porting guide (#691)
  • 3be0a6c Ansible 14: Include community.mysql 5.x (#690)
  • 23e2ede Restore community.mysql redirect_replacement_major_version to 14 (#688)
  • 2855fe3 Ansible 14.0.0b1: Dependencies, changelog and porting guide (#687)
  • Additional commits viewable in compare view

Updates python-dateutil to 2.9.0.post0

Release notes

Sourced from python-dateutil's releases.

2.9.0.post0

Version 2.9.0.post0 (2024-03-01)

Bugfixes

  • Pinned setuptools_scm to <8, which should make the generated _version.py file compatible with all supported versions of Python.
Changelog

Sourced from python-dateutil's changelog.

Version 2.9.0.post0 (2024-03-01)

Bugfixes

  • Pinned setuptools_scm to <8, which should make the generated _version.py file compatible with all supported versions of Python.

Version 2.9.0 (2024-02-29)

Data updates

  • Updated tzdata version to 2024a. (gh pr #1342)

Features

  • Made all dateutil submodules lazily imported using PEP 562 <https://www.python.org/dev/peps/pep-0562/>_. On Python 3.7+, things like import dateutil; dateutil.tz.gettz("America/New_York") will now work without explicitly importing dateutil.tz, with the import occurring behind the scenes on first use. The old behavior remains on Python 3.6 and earlier. Fixed by Orson Adams. (gh issue #771, gh pr #1007)

Bugfixes

  • Removed a call to datetime.utcfromtimestamp, which is deprecated as of Python 3.12. Reported by Hugo van Kemenade (gh pr #1284), fixed by Thomas Grainger (gh pr #1285).

Documentation changes

  • Added note into docs and tests where relativedelta would return last day of the month only if the same day on a different month resolves to a date that doesn't exist. Reported by @​hawkEye-01 (gh issue #1167). Fixed by @​Mifrill (gh pr #1168)

Version 2.8.2 (2021-07-08)

Data updates

  • Updated tzdata version to 2021a. (gh pr #1128)

... (truncated)

Commits
  • 1ae8077 Merge pull request #1346 from pganssle/release_2.9.0.post0
  • ee6de9d Update news to prepare for release
  • 9780d32 Pin setuptools_scm to <8
  • db9d018 Merge pull request #1343 from pganssle/release_2.9.0
  • 423ca2f Run updatezinfo before build
  • edd3fd4 Update NEWS file
  • fe02d02 Run towncrier with Python 3.11
  • 9c7524a Fix MANIFEST.in pattern
  • 6de58f5 Update classifiers to include Python 3.12
  • 8fe0cab Merge pull request #1342 from pganssle/update_zoneinfo
  • Additional commits viewable in compare view

Updates netaddr to 1.3.0

Release notes

Sourced from netaddr's releases.

1.3.0

Changelog: https://netaddr.readthedocs.io/en/latest/changes.html#release-1-3-0 Commits: netaddr/netaddr@1.2.1...1.3.0

Changelog

Sourced from netaddr's changelog.

Release: 1.3.0

Date: 2024-05-28

Added:

  • Add partial address expansion in :class:IPNetwork via the expand_partial switch, this enables opting into pre-1.1.0 behavior

Fixed:

  • Fix running the test suite on musl systems
  • Fix :class:IPAddress IPv6 parsing with :data:ZEROFILL enabled
  • Fix handling of the :data:NOHOST flag in the :class:IPNetwork copy constructor

Release: 1.2.1

Date: 2024-02-17

Fixed:

  • Fix bad version 1.2.0 upload to PyPI – now yanked. No changes to the package.

Release: 1.2.0

Date: 2024-02-17

Added:

  • Add CLI tool subcommand to display :ref:cli-network-info.

Changed:

  • Support running :ref:interactive-shell without IPython installed.

Fixed:

  • Explicitly raise TypeError is a non-string value is passed to :func:valid_ipv4 or :func:valid_ipv6.

Release: 1.1.0

Date: 2024-02-15

... (truncated)

Commits
  • 85a7b25 Bump the package version in the documentation to 1.3.0
  • 75360b1 Release version 1.3.0
  • 77c0075 Fix the name of the flag in the docstring
  • 88b9455 Tune the partial network expansion flag
  • c20b9c5 Synchronize docs/requirements.txt with poetry.lock
  • 860bb0c Bump requests from 2.31.0 to 2.32.2 in /docs (#388)
  • 39d255a Bump jinja2 from 3.1.3 to 3.1.4 in /docs (#382)
  • 9561d22 Bump idna from 3.6 to 3.7 in /docs (#379)
  • d2f5d05 IPNetwork: Allow partial addresses (again) (#377)
  • 7347c71 Fix some IPv4-compatible/IPv4-mapped documentation mistakes
  • Additional commits viewable in compare view

Updates gitpython to 3.1.50

Release notes

Sourced from gitpython's releases.

3.1.50

What's Changed

New Contributors

Full Changelog: gitpython-developers/GitPython@3.1.49...3.1.50

Commits

Updates requests to 2.34.2

Release notes

Sourced from requests's releases.

v2.34.2

2.34.2 (2026-05-14)

  • Moved headers input type back to Mapping to avoid invariance issues with MutableMapping and inferred dict types. Users calling Request.headers.update() may need to narrow typing in their code. (#7441)

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14

Changelog

Sourced from requests's changelog.

2.34.2 (2026-05-14)

  • Moved headers input type back to Mapping to avoid invariance issues with MutableMapping and inferred dict types. Users calling Request.headers.update() may need to narrow typing in their code. (#7441)

2.34.1 (2026-05-13)

Bugfixes

  • Widened json input type from dict and list to Mapping and Sequence. (#7436)
  • Changed headers input type to MutableMapping and removed None from Request.headers typing to improve handling for users. (#7431)
  • Response.reason moved from str | None to str to improve handling for users. (#7437)
  • Fixed a bug where some bodies with custom __getattr__ implementations weren't being properly detected as Iterables. (#7433)

2.34.0 (2026-05-11)

Announcements

  • Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue.

    Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for helping review and test the types ahead of the release. (#7272)

Improvements

  • Digest Auth hashing algorithms have added usedforsecurity=False to clarify security considerations. (#7310)
  • Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. (#7422)
  • Requests added support for Python 3.14t. (#7419)

Bugfixes

  • Response.history no longer contains a reference to itself, preventing accidental looping when traversing the history list. (#7328)
  • Requests no longer performs greedy matching on no_proxy domains. The proxy_bypass implementation has been updated with CPython's fix from bpo-39057. (#7427)
  • Requests no longer incorrectly strips duplicate leading slashes in URI paths. This should address user issues with specific presigned URLs. Note the full fix requires urllib3 2.7.0+. (#7315)

... (truncated)

Commits

Updates urllib3 to 2.7.0

Release notes

Sourced from urllib3's releases.

2.7.0

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Security

Addressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.

  • Decompression-bomb safeguards of the streaming API were bypassed:

    1. When HTTPResponse.drain_conn() was called after the response had been read and decompressed partially. (Reported by @​Cycloctane)
    2. During the second HTTPResponse.read(amt=N) or HTTPResponse.stream(amt=N) call when the response was decompressed using the official Brotli library. (Reported by @​kimkou2024)

    See GHSA-mf9v-mfxr-j63j for details.

  • HTTP pools created using ProxyManager.connection_from_url did not strip sensitive headers specified in Retry.remove_headers_on_redirect when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by @​christos-spearbit)

Deprecations and Removals

  • Used FutureWarning instead of DeprecationWarning for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (urllib3/urllib3#3763)
  • Removed support for end-of-life Python 3.9. (urllib3/urllib3#3720)
  • Removed support for end-of-life PyPy3.10. (urllib3/urllib3#4979)
  • Bumped the minimum supported pyOpenSSL version to 19.0.0. (urllib3/urllib3#3777)

Bugfixes

  • Fixed a bug where HTTPResponse.read(amt=None) was ignoring decompressed data buffered from previous partial reads. (urllib3/urllib3#3636)
  • Fixed a bug where HTTPResponse.read() could cache only part of the response after a partial read when cache_content=True. (urllib3/urllib3#4967)
  • Fixed HTTPResponse.stream() and HTTPResponse.read_chunked() to handle amt=0. (urllib3/urllib3#3793)
  • Updated _TYPE_BODY type alias to include missing Iterable[str], matching the documented and runtime behavior of chunked request bodies. (urllib3/urllib3#3798)
  • Fixed LocationParseError when paths resembling schemeless URIs were passed to HTTPConnectionPool.urlopen(). (urllib3/urllib3#3352)
  • Fixed BaseHTTPResponse.readinto() type annotation to accept memoryview in addition to bytearray, matching the io.RawIOBase.readinto contract and enabling use with io.BufferedReader without type errors. (urllib3/urllib3#3764)
Changelog

Sourced from urllib3's changelog.

2.7.0 (2026-05-07)

Security

Addressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.

  • Decompression-bomb safeguards of the streaming API were bypassed:

    1. When HTTPResponse.drain_conn() was called after the response had been read and decompressed partially.
    2. During the second HTTPResponse.read(amt=N) or HTTPResponse.stream(amt=N) call when the response was decompressed using the official Brotli <https://pypi.org/project/brotli/>__ library.

    See GHSA-mf9v-mfxr-j63j <https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j>__ for details.

  • HTTP pools created using ProxyManager.connection_from_url did not strip sensitive headers specified in Retry.remove_headers_on_redirect when redirecting to a different host. (GHSA-qccp-gfcp-xxvc <https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc>__)

Deprecations and Removals

  • Used FutureWarning instead of DeprecationWarning for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. ([#3763](https://github.com/urllib3/urllib3/issues/3763) <https://github.com/urllib3/urllib3/issues/3763>__)
  • Removed support for end-of-life Python 3.9. ([#3720](https://github.com/urllib3/urllib3/issues/3720) <https://github.com/urllib3/urllib3/issues/3720>__)
  • Removed support for end-of-life PyPy3.10. ([#4979](https://github.com/urllib3/urllib3/issues/4979) <https://github.com/urllib3/urllib3/issues/4979>__)
  • Bumped the minimum supported pyOpenSSL version to 19.0.0. ([#3777](https://github.com/urllib3/urllib3/issues/3777) <https://github.com/urllib3/urllib3/issues/3777>__)

Bugfixes

  • Fixed a bug where HTTPResponse.read(amt=None) was ignoring decompressed data buffered from previous partial reads. ([#3636](https://github.com/urllib3/urllib3/issues/3636) <https://github.com/urllib3/urllib3/issues/3636>__)
  • Fixed a bug where HTTPResponse.read() could cache only part of the response after a partial read when cache_content=True.

... (truncated)

Commits

Updates graphql-core to 3.2.11

Release notes

Sourced from graphql-core's releases.

v3.2.11

Patch-release GraphQL-core v3.2.11, based on GraphQL.js v16.14.1.

This patch-release supports Python 3.7 to 3.14.

Notable changes:

  • Allow configuration of the ofType introspection depth
  • Add support for directives on directive definitions
  • Restore variable own-property checks in value_from_ast
  • Remove unused variable-definition tracking in ValuesOfCorrectTypeRule

Thanks to all who are sponsoring me (@​Cito) for maintaining this project.

Commits
  • d5a5464 Bump version
  • 6d7c4dd docs: fix inline examples, deprecation descriptions, type category
  • 456fa2c Allow configuration of the ofType introspection depth
  • 672281d Add support for directives on directive definitions
  • 1922ab7 Restore variable own-property checks in valueFromAST
  • 0ccc1a5 Use Object.create(null) to avoid prototype issues
  • 12bcb49 Bump version
  • 4070240 Incorrect validation errors when variable descriptions are used
  • 66adfb4 Sibling errors should not be added after propagation
  • 20de4b0 Schema coordinates
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Updates the requirements on [ansible](https://github.com/ansible-community/ansible-build-data), [python-dateutil](https://github.com/dateutil/dateutil), [netaddr](https://github.com/netaddr/netaddr), [gitpython](https://github.com/gitpython-developers/GitPython), [requests](https://github.com/psf/requests), [urllib3](https://github.com/urllib3/urllib3) and [graphql-core](https://github.com/graphql-python/graphql-core) to permit the latest version.

Updates `ansible` from 12.3.0 to 14.1.0
- [Changelog](https://github.com/ansible-community/ansible-build-data/blob/main/docs/release-process.md)
- [Commits](ansible-community/ansible-build-data@12.3.0...14.1.0)

Updates `python-dateutil` to 2.9.0.post0
- [Release notes](https://github.com/dateutil/dateutil/releases)
- [Changelog](https://github.com/dateutil/dateutil/blob/master/NEWS)
- [Commits](dateutil/dateutil@2.8.0...2.9.0.post0)

Updates `netaddr` to 1.3.0
- [Release notes](https://github.com/netaddr/netaddr/releases)
- [Changelog](https://github.com/netaddr/netaddr/blob/master/CHANGELOG.rst)
- [Commits](netaddr/netaddr@1.0.0...1.3.0)

Updates `gitpython` to 3.1.50
- [Release notes](https://github.com/gitpython-developers/GitPython/releases)
- [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES)
- [Commits](gitpython-developers/GitPython@2.0.0...3.1.50)

Updates `requests` to 2.34.2
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.32.0...v2.34.2)

Updates `urllib3` to 2.7.0
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.0.0...2.7.0)

Updates `graphql-core` to 3.2.11
- [Release notes](https://github.com/graphql-python/graphql-core/releases)
- [Commits](graphql-python/graphql-core@v3.0.0...v3.2.11)

---
updated-dependencies:
- dependency-name: ansible
  dependency-version: 14.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: pip-dependencies
- dependency-name: python-dateutil
  dependency-version: 2.9.0.post0
  dependency-type: direct:production
  dependency-group: pip-dependencies
- dependency-name: netaddr
  dependency-version: 1.3.0
  dependency-type: direct:production
  dependency-group: pip-dependencies
- dependency-name: gitpython
  dependency-version: 3.1.50
  dependency-type: direct:production
  dependency-group: pip-dependencies
- dependency-name: requests
  dependency-version: 2.34.2
  dependency-type: direct:production
  dependency-group: pip-dependencies
- dependency-name: urllib3
  dependency-version: 2.7.0
  dependency-type: direct:production
  dependency-group: pip-dependencies
- dependency-name: graphql-core
  dependency-version: 3.2.11
  dependency-type: direct:production
  dependency-group: pip-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jul 10, 2026
@sonarqubecloud

Copy link
Copy Markdown

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant