Skip to content

Deps: Bump the python-packages group with 6 updates#991

Merged
greenbonebot merged 1 commit intomainfrom
dependabot/pip/main/python-packages-32416ec633
Aug 12, 2025
Merged

Deps: Bump the python-packages group with 6 updates#991
greenbonebot merged 1 commit intomainfrom
dependabot/pip/main/python-packages-32416ec633

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Aug 11, 2025

Bumps the python-packages group with 6 updates:

Package From To
djangorestframework 3.16.0 3.16.1
pylint 3.3.7 3.3.8
anyio 4.9.0 4.10.0
charset-normalizer 3.4.2 3.4.3
coverage 7.10.2 7.10.3
ruff 0.12.7 0.12.8

Updates djangorestframework from 3.16.0 to 3.16.1

Release notes

Sourced from djangorestframework's releases.

v3.16.1

This release fixes a few bugs, clean-up some old code paths for unsupported Python versions and improve translations.

Minor changes

  • Cleanup optional backports.zoneinfo dependency and conditions on unsupported Python 3.8 and lower in #9681. Python versions prior to 3.9 were already unsupported so this isn't considered as a breaking change.

Bug fixes

  • Fix regression in unique_together validation with SerializerMethodField in #9712
  • Fix UniqueTogetherValidator to handle fields with source attribute in #9688
  • Drop HTML line breaks on long headers in browsable API in #9438

Translations

  • Add Kazakh locale support in #9713
  • Update translations for Korean translations in #9571
  • Update German translations in #9676
  • Update Chinese translations in #9675
  • Update Arabic translations-sal in #9595
  • Update Persian translations in #9576
  • Update Spanish translations in #9701
  • Update Turkish Translations in #9749
  • Fix some typos in Brazilian Portuguese translations in #9673

Documentation

  • Removed reference to GitHub Issues and Discussions in #9660
  • Add drf-restwind and update outdated images in browsable-api.md in #9680
  • Updated funding page to represent current scope in #9686
  • Fix broken Heroku JSON Schema link in #9693
  • Update Django documentation links to use stable version in #9698
  • Expand docs on unique constraints cause 'required=True' in #9725
  • Revert extension back from djangorestframework-guardian2 to djangorestframework-guardian in #9734
  • Add note to tutorial about required request in serializer context when using HyperlinkedModelSerializer in #9732

Internal changes

  • Update GitHub Actions to use Ubuntu 24.04 for testing in #9677
  • Update test matrix to use Django 5.2 stable version in #9679
  • Add pyupgrade to pre-commit hooks in #9682
  • Fix test with Django 5 when pytz is available in #9715

New Contributors

... (truncated)

Commits
  • de018df Prepare 3.16.1 release (#9752)
  • a7d050f Turkish Translation updates (#9749)
  • 853969c Fix test with Django 5 when pytz is available (#9715)
  • 2ae8c11 Add note to tutorial about required request in serializer context when using ...
  • 70e54f4 Revert docs back to djangorestframework-guardian (#9734)
  • 3038494 Document that unique constraints cause required=True in ModelSerializer (#9...
  • 4bb46c2 Add Kazakh(kk) locale support (#9713)
  • e454758 Fix regression in unique_together validation with SerializerMethodField (#9712)
  • 33d59fe Update Spanish translations (#9701)
  • c0202a0 Update Django documentation links to use stable version (#9698)
  • Additional commits viewable in compare view

Updates pylint from 3.3.7 to 3.3.8

Commits
  • 98942ba Bump pylint to 3.3.8, update changelog (#10486)
  • 6a1620a Update pytest-benchmark requirement from ~=4.0 to ~=5.1 (#10066) (#10484)
  • cef60cc Fix false-negative for used-before-assignment with postponed evaluation in fu...
  • 5a5a9be Fix unused-variable false positive when using same name for multiple except...
  • 6ec71ba Respect docstring-min-length in docparams extension (#10104) (#10434)
  • fbde890 Fix Mermaid printer rendering double underscores as bold formatting (#10403) ...
  • 51234e5 Fix Pyreverse: Aggregations aren't filtered according to filter mode (PUB_ONL...
  • 329c967 Use custom Github App to authenticate backport job (#10394) (#10396)
  • 7038ef4 [Backport maintenance/3.3.x] Resolve possibly-used-before-assignment false po...
  • 045f179 Resolve possibly-used-before-assignment false positives from match block ...
  • Additional commits viewable in compare view

Updates anyio from 4.9.0 to 4.10.0

Release notes

Sourced from anyio's releases.

4.10.0

  • Added the feed_data() method to the BufferedByteReceiveStream class, allowing users to inject data directly into the buffer
  • Added various class methods to wrap existing sockets as listeners or socket streams:
    • SocketListener.from_socket()
    • SocketStream.from_socket()
    • UNIXSocketStream.from_socket()
    • UDPSocket.from_socket()
    • ConnectedUDPSocket.from_socket()
    • UNIXDatagramSocket.from_socket()
    • ConnectedUNIXDatagramSocket.from_socket()
  • Added a hierarchy of connectable stream classes for transparently connecting to various remote or local endpoints for exchanging bytes or objects
  • Added context manager mix-in classes (anyio.ContextManagerMixin and anyio.AsyncContextManagerMixin) to help write classes that embed other context managers, particularly cancel scopes or task groups (#905; PR by @​agronholm and @​tapetersen)
  • Added the ability to specify the thread name in start_blocking_portal() (#818; PR by @​davidbrochart)
  • Added anyio.notify_closing to allow waking anyio.wait_readable and anyio.wait_writable before closing a socket. Among other things, this prevents an OSError on the ProactorEventLoop. (#896; PR by @​graingert)
  • Incorporated several documentation improvements from the EuroPython 2025 sprint (special thanks to the sprinters: Emmanuel Okedele, Jan Murre, Euxenia Miruna Goia and Christoffer Fjord)
  • Added a documentation page explaining why one might want to use AnyIO's APIs instead of asyncio's
  • Updated the to_interpreters module to use the public concurrent.interpreters API on Python 3.14 or later
  • Fixed anyio.Path.copy() and anyio.Path.copy_into() failing on Python 3.14.0a7
  • Fixed return annotation of __aexit__ on async context managers. CMs which can suppress exceptions should return bool, or None otherwise. (#913; PR by @​Enegg)
  • Fixed rollover boundary check in SpooledTemporaryFile so that rollover only occurs when the buffer size exceeds max_size (#915; PR by @​11kkw)
  • Migrated testing and documentation dependencies from extras to dependency groups
  • Fixed compatibility of anyio.to_interpreter with Python 3.14.0b2 (#926; PR by @​hroncok)
  • Fixed SyntaxWarning on Python 3.14 about return in finally (#816)
  • Fixed RunVar name conflicts. RunVar instances with the same name should not share storage (#880; PR by @​vimfu)
  • Renamed the BrokenWorkerIntepreter exception to BrokenWorkerInterpreter. The old name is available as a deprecated alias. (#938; PR by @​ayussh-verma)
  • Fixed an edge case in CapacityLimiter on asyncio where a task, waiting to acquire a limiter gets cancelled and is subsequently granted a token from the limiter, but before the cancellation is delivered, and then fails to notify the next waiting task (#947)
Changelog

Sourced from anyio's changelog.

Version history

This library adheres to Semantic Versioning 2.0 <http://semver.org/>_.

4.10.0

  • Added the feed_data() method to the BufferedByteReceiveStream class, allowing users to inject data directly into the buffer

  • Added various class methods to wrap existing sockets as listeners or socket streams:

    • SocketListener.from_socket()
    • SocketStream.from_socket()
    • UNIXSocketStream.from_socket()
    • UDPSocket.from_socket()
    • ConnectedUDPSocket.from_socket()
    • UNIXDatagramSocket.from_socket()
    • ConnectedUNIXDatagramSocket.from_socket()

  • Added a hierarchy of connectable stream classes for transparently connecting to various remote or local endpoints for exchanging bytes or objects

  • Added context manager mix-in classes (anyio.ContextManagerMixin and anyio.AsyncContextManagerMixin) to help write classes that embed other context managers, particularly cancel scopes or task groups ([#905](https://github.com/agronholm/anyio/issues/905) <https://github.com/agronholm/anyio/pull/905>_; PR by @​agronholm and @​tapetersen)

  • Added the ability to specify the thread name in start_blocking_portal() ([#818](https://github.com/agronholm/anyio/issues/818) <https://github.com/agronholm/anyio/issues/818>_; PR by @​davidbrochart)

  • Added anyio.notify_closing to allow waking anyio.wait_readable and anyio.wait_writable before closing a socket. Among other things, this prevents an OSError on the ProactorEventLoop. ([#896](https://github.com/agronholm/anyio/issues/896) <https://github.com/agronholm/anyio/pull/896>_; PR by @​graingert)

  • Incorporated several documentation improvements from the EuroPython 2025 sprint (special thanks to the sprinters: Emmanuel Okedele, Jan Murre, Euxenia Miruna Goia and Christoffer Fjord)

  • Added a documentation page explaining why one might want to use AnyIO's APIs instead of asyncio's

  • Updated the to_interpreters module to use the public concurrent.interpreters API on Python 3.14 or later

  • Fixed anyio.Path.copy() and anyio.Path.copy_into() failing on Python 3.14.0a7

  • Fixed return annotation of __aexit__ on async context managers. CMs which can suppress exceptions should return bool, or None otherwise. ([#913](https://github.com/agronholm/anyio/issues/913) <https://github.com/agronholm/anyio/pull/913>_; PR by @​Enegg)

  • Fixed rollover boundary check in SpooledTemporaryFile so that rollover only occurs when the buffer size exceeds max_size ([#915](https://github.com/agronholm/anyio/issues/915) <https://github.com/agronholm/anyio/pull/915>_; PR by @​11kkw)

  • Migrated testing and documentation dependencies from extras to dependency groups

  • Fixed compatibility of anyio.to_interpreter with Python 3.14.0b2 ([#926](https://github.com/agronholm/anyio/issues/926) <https://github.com/agronholm/anyio/issues/926>_; PR by @​hroncok)

  • Fixed SyntaxWarning on Python 3.14 about return in finally ([#816](https://github.com/agronholm/anyio/issues/816) <https://github.com/agronholm/anyio/issues/816>_)

... (truncated)

Commits
  • 0cf55b8 Bumped up the version
  • b029df5 Updated the to_interpreter module to use the public API on Python 3.14 (#956)
  • 01f02cf Incorporated EP2025 sprint feedback and added a new section (#955)
  • d896480 [pre-commit.ci] pre-commit autoupdate (#954)
  • 0282b81 Added the BufferedByteReceiveStream.feed_data() method (#945)
  • 19e5477 Fixed a cancellation edge case for asyncio CapacityLimiter (#952)
  • 4666df3 [pre-commit.ci] pre-commit autoupdate (#946)
  • 38c2567 [pre-commit.ci] pre-commit autoupdate (#942)
  • 3db73ac Add missing imports for Readcting to cancellation in worker threads example (...
  • 2eda004 Added an example on how to use move_on_after() with shielding
  • Additional commits viewable in compare view

Updates charset-normalizer from 3.4.2 to 3.4.3

Release notes

Sourced from charset-normalizer's releases.

Version 3.4.3

3.4.3 (2025-08-09)

Changed

  • mypy(c) is no longer a required dependency at build time if CHARSET_NORMALIZER_USE_MYPYC isn't set to 1. (#595) (#583)
  • automatically lower confidence on small bytes samples that are not Unicode in detect output legacy function. (#391)

Added

  • Custom build backend to overcome inability to mark mypy as an optional dependency in the build phase.
  • Support for Python 3.14

Fixed

  • sdist archive contained useless directories.
  • automatically fallback on valid UTF-16 or UTF-32 even if the md says it's noisy. (#633)

Misc

  • SBOM are automatically published to the relevant GitHub release to comply with regulatory changes. Each published wheel comes with its SBOM. We choose CycloneDX as the format.
  • Prebuilt optimized wheel are no longer distributed by default for CPython 3.7 due to a change in cibuildwheel.
Changelog

Sourced from charset-normalizer's changelog.

3.4.3 (2025-08-09)

Changed

  • mypy(c) is no longer a required dependency at build time if CHARSET_NORMALIZER_USE_MYPYC isn't set to 1. (#595) (#583)
  • automatically lower confidence on small bytes samples that are not Unicode in detect output legacy function. (#391)

Added

  • Custom build backend to overcome inability to mark mypy as an optional dependency in the build phase.
  • Support for Python 3.14

Fixed

  • sdist archive contained useless directories.
  • automatically fallback on valid UTF-16 or UTF-32 even if the md says it's noisy. (#633)

Misc

  • SBOM are automatically published to the relevant GitHub release to comply with regulatory changes. Each published wheel comes with its SBOM. We choose CycloneDX as the format.
  • Prebuilt optimized wheel are no longer distributed by default for CPython 3.7 due to a change in cibuildwheel.
Commits
  • 46f662d Release 3.4.3 (#638)
  • 1a059b2 🔧 skip building on freethreaded as we're not confident it is stable
  • 2275e3d 📝 final note in CHANGELOG.md
  • c96acdf 📝 update release date on CHANGELOG.md
  • 43e5460 📝 update README.md
  • f277074 🔧 automatically lower confidence on small bytes str on non Unicode res...
  • 15ae241 🐛 automatically fallback on valid UTF-16 or UTF-32 even if the md says it...
  • 37397c1 🔧 enable 3.14 in nox test_mypyc session
  • cb82537 ⏪ revert license due to compat python 3.7 issue setuptools
  • 6a2efeb 🎨 fix linter errors
  • Additional commits viewable in compare view

Updates coverage from 7.10.2 to 7.10.3

Changelog

Sourced from coverage's changelog.

Version 7.10.3 — 2025-08-10

  • Fixes for patch = subprocess:

    • If subprocesses spawned yet more subprocesses simultaneously, some coverage could be missed. This is now fixed, closing issue 2024_.

    • If subprocesses were created in other directories, their data files were stranded there and not combined into the totals, as described in issue 2025_. This is now fixed.

    • On Windows (or maybe only some Windows?) the patch would fail with a ModuleNotFound error trying to import coverage. This is now fixed, closing issue 2022_.

    • Originally only options set in the coverage configuration file would apply to subprocesses. Options set on the coverage run command line (such as --branch) wouldn't be communicated to the subprocesses. This could lead to combining failures, as described in issue 2021_. Now the entire configuration is used in subprocesses, regardless of its origin.

    • Added debug=patch to help diagnose problems.

  • Fix: really close all SQLite databases, even in-memory ones. Closes issue 2017_.

.. _issue 2017: nedbat/coveragepy#2017 .. _issue 2021: nedbat/coveragepy#2021 .. _issue 2022: nedbat/coveragepy#2022 .. _issue 2024: nedbat/coveragepy#2024 .. _issue 2025: nedbat/coveragepy#2025

.. _changes_7-10-2:

Commits

Updates ruff from 0.12.7 to 0.12.8

Release notes

Sourced from ruff's releases.

0.12.8

Release Notes

Preview features

  • [flake8-use-pathlib] Expand PTH201 to check all PurePath subclasses (#19440)

Bug fixes

  • [flake8-blind-except] Change BLE001 to correctly parse exception tuples (#19747)
  • [flake8-errmsg] Exclude typing.cast from EM101 (#19656)
  • [flake8-simplify] Fix raw string handling in SIM905 for embedded quotes (#19591)
  • [flake8-import-conventions] Avoid false positives for NFKC-normalized __debug__ import aliases in ICN001 (#19411)
  • [isort] Fix syntax error after docstring ending with backslash (I002) (#19505)
  • [pylint] Mark PLC0207 fixes as unsafe when *args unpacking is present (#19679)
  • [pyupgrade] Prevent infinite loop with I002 (UP010, UP035) (#19413)
  • [ruff] Parenthesize generator expressions in f-strings (RUF010) (#19434)

Rule changes

  • [eradicate] Don't flag pyrefly pragmas as unused code (ERA001) (#19731)

Documentation

  • Replace "associative" with "commutative" in docs for RUF036 (#19706)
  • Fix copy and line separator colors in dark mode (#19630)
  • Fix link to typing documentation (#19648)
  • [refurb] Make more examples error out-of-the-box (#19695,#19673,#19672)

Other changes

  • Include column numbers in GitLab output format (#19708)
  • Always expand tabs to four spaces in diagnostics (#19618)
  • Update pre-commit's ruff id (#19654)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.12.8

Preview features

  • [flake8-use-pathlib] Expand PTH201 to check all PurePath subclasses (#19440)

Bug fixes

  • [flake8-blind-except] Change BLE001 to correctly parse exception tuples (#19747)
  • [flake8-errmsg] Exclude typing.cast from EM101 (#19656)
  • [flake8-simplify] Fix raw string handling in SIM905 for embedded quotes (#19591)
  • [flake8-import-conventions] Avoid false positives for NFKC-normalized __debug__ import aliases in ICN001 (#19411)
  • [isort] Fix syntax error after docstring ending with backslash (I002) (#19505)
  • [pylint] Mark PLC0207 fixes as unsafe when *args unpacking is present (#19679)
  • [pyupgrade] Prevent infinite loop with I002 (UP010, UP035) (#19413)
  • [ruff] Parenthesize generator expressions in f-strings (RUF010) (#19434)

Rule changes

  • [eradicate] Don't flag pyrefly pragmas as unused code (ERA001) (#19731)

Documentation

  • Replace "associative" with "commutative" in docs for RUF036 (#19706)
  • Fix copy and line separator colors in dark mode (#19630)
  • Fix link to typing documentation (#19648)
  • [refurb] Make more examples error out-of-the-box (#19695,#19673,#19672)

Other changes

  • Include column numbers in GitLab output format (#19708)
  • Always expand tabs to four spaces in diagnostics (#19618)
  • Update pre-commit's ruff id (#19654)
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Deps: Bump the python-packages group with 6 updates
667e273 
Bumps the python-packages group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [djangorestframework](https://github.com/encode/django-rest-framework) | `3.16.0` | `3.16.1` |
| [pylint](https://github.com/pylint-dev/pylint) | `3.3.7` | `3.3.8` |
| [anyio](https://github.com/agronholm/anyio) | `4.9.0` | `4.10.0` |
| [charset-normalizer](https://github.com/jawah/charset_normalizer) | `3.4.2` | `3.4.3` |
| [coverage](https://github.com/nedbat/coveragepy) | `7.10.2` | `7.10.3` |
| [ruff](https://github.com/astral-sh/ruff) | `0.12.7` | `0.12.8` |


Updates `djangorestframework` from 3.16.0 to 3.16.1
- [Release notes](https://github.com/encode/django-rest-framework/releases)
- [Commits](encode/django-rest-framework@3.16.0...3.16.1)

Updates `pylint` from 3.3.7 to 3.3.8
- [Release notes](https://github.com/pylint-dev/pylint/releases)
- [Commits](pylint-dev/pylint@v3.3.7...v3.3.8)

Updates `anyio` from 4.9.0 to 4.10.0
- [Release notes](https://github.com/agronholm/anyio/releases)
- [Changelog](https://github.com/agronholm/anyio/blob/master/docs/versionhistory.rst)
- [Commits](agronholm/anyio@4.9.0...4.10)

Updates `charset-normalizer` from 3.4.2 to 3.4.3
- [Release notes](https://github.com/jawah/charset_normalizer/releases)
- [Changelog](https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md)
- [Commits](jawah/charset_normalizer@3.4.2...3.4.3)

Updates `coverage` from 7.10.2 to 7.10.3
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](coveragepy/coveragepy@7.10.2...7.10.3)

Updates `ruff` from 0.12.7 to 0.12.8
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.12.7...0.12.8)

---
updated-dependencies:
- dependency-name: djangorestframework
  dependency-version: 3.16.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-packages
- dependency-name: pylint
  dependency-version: 3.3.8
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: python-packages
- dependency-name: anyio
  dependency-version: 4.10.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: charset-normalizer
  dependency-version: 3.4.3
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: python-packages
- dependency-name: coverage
  dependency-version: 7.10.3
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: python-packages
- dependency-name: ruff
  dependency-version: 0.12.8
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: python-packages
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Aug 11, 2025
@dependabot dependabot bot requested a review from a team as a code owner August 11, 2025 06:34
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Aug 11, 2025
@greenbonebot greenbonebot enabled auto-merge (rebase) August 11, 2025 06:34
@greenbonebot greenbonebot merged commit dd3a879 into main Aug 12, 2025
13 checks passed
@greenbonebot greenbonebot deleted the dependabot/pip/main/python-packages-32416ec633 branch August 12, 2025 07:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bjoernricks bjoernricks bjoernricks approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bjoernricks @greenbonebot