Skip to content

Deps: Bump the python-packages group across 1 directory with 17 updates#1227

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/python-packages-5de0893bdb
Closed

Deps: Bump the python-packages group across 1 directory with 17 updates#1227
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/python-packages-5de0893bdb

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 1, 2026

Copy link
Copy Markdown
Contributor

Bumps the python-packages group with 17 updates in the / directory:

Package From To
tomlkit 0.14.0 0.15.0
lxml 6.1.0 6.1.1
coverage 7.13.5 7.14.1
certifi 2026.4.22 2026.5.20
click 8.3.3 8.4.1
idna 3.15 3.17
librt 0.9.0 0.11.0
mdit-py-plugins 0.5.0 0.6.1
mypy 1.20.2 2.1.0
platformdirs 4.9.6 4.10.0
requests 2.33.1 2.34.2
ruff 0.15.12 0.15.15
snowballstemmer 3.0.1 3.1.0
soupsieve 2.8.3 2.8.4
starlette 1.0.0 1.2.1
uvicorn 0.46.0 0.48.0
watchfiles 1.1.1 1.2.0

Updates tomlkit from 0.14.0 to 0.15.0

Release notes

Sourced from tomlkit's releases.

0.15.0

What's Changed

New Contributors

Full Changelog: python-poetry/tomlkit@0.14.0...0.15.0

Changelog

Sourced from tomlkit's changelog.

[0.15.0] - 2026-05-10

Changed

  • Update parser to support TOML spec v1.1.0. (#456)
Commits
  • 8694e4d chore: bump version to 0.15.0 and update changelog for release (#473)
  • e636a51 [pre-commit.ci] pre-commit autoupdate (#472)
  • 96a4d22 fix: fix a parser hang (#470)
  • 843f799 [pre-commit.ci] pre-commit autoupdate (#469)
  • 2c87eaf Honor sort_keys for parsed TOML documents (#471)
  • 8e32f9c Type annotations (#460)
  • df98af4 [pre-commit.ci] pre-commit autoupdate (#461)
  • 4bd97db chore(deps): bump requests from 2.32.4 to 2.33.0 in /docs (#462)
  • b2d7030 chore(deps-dev): bump pygments from 2.17.2 to 2.20.0 (#463)
  • 87d98b1 chore(deps): bump pygments from 2.18.0 to 2.20.0 in /docs (#464)
  • Additional commits viewable in compare view

Updates lxml from 6.1.0 to 6.1.1

Changelog

Sourced from lxml's changelog.

6.1.1 (2026-05-18)

Bugs fixed

Commits
  • b4a4c59 Build: Fix build in Py3.8.
  • a116dcb Fix typo: type annotions -> type annotations in PEP 560 comments (GH-504)
  • 7287a75 Prepare release of 6.1.1.
  • 5927a6d Add missing "xlink:href" to the known HTML link attributes.
  • 23efeb4 Build: Fix build in Py3.8.
  • 2c0563b Build: Add bug patch for libxslt 1.1.43 and apply it during the static librar...
  • 8a35fcc Fix doctest in PyPy3.9.
  • See full diff in compare view

Updates coverage from 7.13.5 to 7.14.1

Changelog

Sourced from coverage's changelog.

Version 7.14.1 — 2026-05-26

  • Fix: the HTML report used typographic niceties to make file paths more readable by adding a small amount of space around slashes. Those spaces interfered with searching the page for file paths of interest. Now the report uses CSS to accomplish the same visual tweak so that searches with slashes work correctly. Closes issue 2170_.

  • Add a 3.16 PyPI classifier <hugo-316_>_ since we test on the 3.16 main branch.

.. _issue 2170: coveragepy/coveragepy#2170 .. _hugo-316: https://mastodon.social/@​hugovk/116588523571204490

.. _changes_7-14-0:

Version 7.14.0 — 2026-05-10

  • Feature: now when running one of the reporting commands, if there are parallel data files that need combining, they will be implicitly combined before creating the report. There is no option to avoid the combination; let us know if you have a use case that requires it. Thanks, Tim Hatch <pull 2162_>. Closes issue 1781.

  • Fix: the output from combine was too verbose, listing each file considered. Now it shows a single line with the counts of files combined, files skipped, and files with errors. The -q flag suppresses this line. The old detailed lines are available with the new --debug=combine option.

  • Fix: running a Python file through a symlink now sets the sys.path correctly, matching regular Python behavior. Fixes issue 2157_.

  • Fix: Collector.flush_data could fail with "RuntimeError: Set changed size during iteration" when a tracer in another thread added a line to the per-file set that add_lines (or add_arcs) was iterating. The values passed to CoverageData are now snapshotted via dict.copy() and set.copy(), which are atomic under the GIL. Thanks, Alex Vandiver <pull 2165_>_.

  • Fix: the soft keyword lazy is now bolded in HTML reports.

  • We are no longer testing eventlet support. Eventlet started issuing stern deprecation warnings that break our tests. Our support code is still there.

.. _issue 1781: coveragepy/coveragepy#1781 .. _issue 2157: coveragepy/coveragepy#2157 .. _pull 2162: coveragepy/coveragepy#2162

... (truncated)

Commits
  • 64d9b66 docs: correct the date for 7.14.1
  • 6fa7dd4 chore: bump actions/dependency-review-action (#2181)
  • 078afae docs: sample HTML for 7.14.1
  • cb4f028 docs: prep for 7.14.1
  • ae2d09f Merge branch 'nedbat/classifire-316-kits'
  • 2c3568b build: declare 3.16 compatibility
  • faa68f8 chore: bump github/codeql-action in the action-dependencies group (#2173)
  • eb55fee test: we don't need PyPy < 7.3.22 anymore
  • ac168fe test: the text summary should show missing
  • fed4bd2 chore: upgrade virtualenv
  • Additional commits viewable in compare view

Updates certifi from 2026.4.22 to 2026.5.20

Commits

Updates click from 8.3.3 to 8.4.1

Release notes

Sourced from click's releases.

8.4.1

This is the Click 8.4.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/click/8.4.1/ Changes: https://click.palletsprojects.com/page/changes/#version-8-4-1 Milestone: https://github.com/pallets/click/milestone/32?closed=1

  • get_parameter_source() is available during eager callbacks and type conversion again. #3458 #3484
  • Zsh completion scripts parse correctly on Windows. #3277 # 3466
  • Shell completion of Choice Enum values produces a valid completion result. #3015
  • Fix empty byte-string handling in echo. #3487
  • Fix closed file error with echo_via_pager. #3449

8.4.0

This is the Click 8.4.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecation, or introduce potentially breaking changes.

We encourage everyone to upgrade. You can read more about our Version Support Policy on our website.

PyPI: https://pypi.org/project/click/8.4.0/ Changes: https://click.palletsprojects.com/page/changes/#version-8-4-0 Milestone https://github.com/pallets/click/milestone/30

  • ParamType typing improvements. #3371

    • :class:ParamType is now a generic abstract base class, parameterized by its converted value type.
    • :meth:~ParamType.convert return types are narrowed on all concrete types (str for :class:STRING, int for :class:INT, etc.).
    • :meth:~ParamType.to_info_dict returns specific :class:~typing.TypedDict subclasses instead of dict[str, Any].
    • :class:CompositeParamType and the number-range base are now generic with abstract methods.
  • Refactor convert_type to extract type inference into a private _guess_type helper, and add :func:typing.overload signatures. #3372

  • Parameter typing improvements. #2805

    • :class:Parameter is now an abstract base class, making explicit that it cannot be instantiated directly.
    • :attr:Parameter.name is now str instead of str | None. When expose_value=False, the name is set to "" instead of None.
    • The ctx parameter of :meth:Parameter.get_error_hint is now typed as Context | None, matching the runtime behavior.
  • Split string values from default_map for parameters with nargs > 1 or :class:Tuple type, matching environment variable behavior.

... (truncated)

Changelog

Sourced from click's changelog.

Version 8.4.1

Released 2026-05-21

  • get_parameter_source() is available during eager callbacks and type conversion again. :issue:3458 :issue:3484
  • Zsh completion scripts parse correctly on Windows. :issue:3277 :pr:3466
  • Shell completion of Choice Enum values produces a valid completion result. :issue:3015
  • Fix empty byte-string handling in echo. :issue:3487
  • Fix closed file error with echo_via_pager. :issue:3449

Version 8.4.0

Released 2026-05-17

  • :class:ParamType typing improvements. :pr:3371

    • :class:ParamType is now a generic abstract base class, parameterized by its converted value type.
    • :meth:~ParamType.convert return types are narrowed on all concrete types (str for :class:STRING, int for :class:INT, etc.).
    • :meth:~ParamType.to_info_dict returns specific :class:~typing.TypedDict subclasses instead of dict[str, Any].
    • :class:CompositeParamType and the number-range base are now generic with abstract methods.
  • Refactor convert_type to extract type inference into a private _guess_type helper, and add :func:typing.overload signatures. :pr:3372

  • :class:Parameter typing improvements. :pr:2805

    • :class:Parameter is now an abstract base class, making explicit that it cannot be instantiated directly.
    • :attr:Parameter.name is now str instead of str | None. When expose_value=False, the name is set to "" instead of None.
    • The ctx parameter of :meth:Parameter.get_error_hint is now typed as Context | None, matching the runtime behavior.
  • Split string values from default_map for parameters with nargs > 1 or :class:Tuple type, matching environment variable behavior. :issue:2745 :pr:3364

  • Auto-detect type=UNPROCESSED for flag_value of non-basic types (not str, int, float, or bool), so programmer-provided Python objects like classes and enum members are passed through unchanged instead of being stringified. Previously type=click.UNPROCESSED had to be set explicitly. :issue:2012 :pr:3363

... (truncated)

Commits
  • 6eeb50e release version 8.4.1
  • 67921d5 change log and doc fixes (#3495)
  • 9c41f46 Fix changelog and version admonitions
  • 6cb3477 fix skip condition
  • 5ee8e31 fix I/O operation on closed file error with CliRunner and echo_via_pager (#3482)
  • becbde5 pager doesn't close std streams
  • a5f5aa6 Handle empty bytes in echo (#3493)
  • 4d3db84 handle empty bytes in echo
  • d42f15b Fix get_parameter_source() during type conversion and eager callbacks (#3484)
  • 0baa8db Document ctx.params bypass with test and doc
  • Additional commits viewable in compare view

Updates idna from 3.15 to 3.17

Changelog

Sourced from idna's changelog.

3.17 (2026-05-28)

  • Substantial 75% reduction in memory usage through new data structures and some optimization in processing speed.
  • Added a general 1024-character input length cap to the public validation, conversion, and codec entry points. This is well above any legitimate domain or label and guards against pathological inputs.

3.16 (2026-05-22)

  • Add a command-line interface (python -m idna, also available as the idna script). Encodes or decodes one or more domains supplied as arguments or on standard input, with options to select A-label or U-label output and control error handling.
  • Raise the minimum supported Python version to 3.9
  • Various code quality improvements
Commits
  • f48619c Release 3.17
  • 7421ba8 Pre-release 3.17rc0
  • 22ebb73 Merge pull request #251 from kjd/structure-optimizations
  • 2a7ac0a Drop redundant parallel-arrays comment from uts46data
  • 354eee9 Apply ruff format to uts46data.py
  • 8c34ffc Refactor uts46data into parallel arrays
  • 1189629 Range-encode joining_types for compact representation
  • f90b87a Generic length limit for functions
  • d6ffd28 Merge pull request #247 from kjd/release-3.16
  • 6d1a0de Release 3.16
  • Additional commits viewable in compare view

Updates librt from 0.9.0 to 0.11.0

Commits

Updates mdit-py-plugins from 0.5.0 to 0.6.1

Release notes

Sourced from mdit-py-plugins's releases.

v0.6.1

What's Changed

Full Changelog: executablebooks/mdit-py-plugins@v0.6.0...v0.6.1

v0.6.0

What's Changed

New Contributors

Full Changelog: executablebooks/mdit-py-plugins@v0.5.0...v0.6.0

Changelog

Sourced from mdit-py-plugins's changelog.

0.6.1 - 2026-05-13

  • 🐛 FIX: Nested field lists incorrectly nesting inside parent containers (#139)

    Field lists inside list items (or other indented containers) would recursively nest each field inside the previous one, instead of being siblings.

0.6.0 - 2026-05-07

  • ✨ NEW: Add GFM autolink and composite GFM plugins (#135)

    The gfm_autolink plugin implements GFM autolink literals, auto-linking URLs and email addresses without requiring angle brackets:

    Visit www.example.com or contact user@example.com

    The gfm composite plugin enables a full Github Flavored Markdown (GFM)-like configuration in a single call (tables, strikethrough, autolinks, task lists, alerts, and footnotes).

    See the GitHub docs for more information.

    Requires markdown-it-py >= 4.1.0.

  • ✨ NEW: Add superscript plugin and tests, thanks to @​elijahgreenstein (#128)

    Ported from markdown-it-sup. Renders superscript text using ^..^ syntax:

    29^th^ of May
Commits

Updates mypy from 1.20.2 to 2.1.0

Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next Release

Mypy 2.1

We’ve just uploaded mypy 2.1.0 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

librt.vecs: Fast Growable Array Type for Mypyc

The new librt.vecs module provides an efficient growable array type vec that is optimized for mypyc use. It provides fast, packed arrays with integer and floating point value types, which can be several times faster than list, and tens of times faster than array.array in code compiled using mypyc. It also supports nested vec objects and non-value-type items, such as vec[vec[str]].

Refer to the documentation for the details.

Contributed by Jukka Lehtosalo.

librt.random: Fast Pseudo-Random Number Generation

The new librt.random module provides fast pseudo-random number generation that is optimized for code compiled using mypyc. It can be 3x to 10x faster than the stdlib random module in compiled code.

Refer to the documentation for the details.

Contributed by Jukka Lehtosalo (PR 21433).

Mypyc Improvements

  • Enable incremental self-compilation (Vaggelis Danias, PR 21369)
  • Make compilation order with multiple files consistent (Piotr Sawicki, PR 21419)
  • Fix crash on accessing StopAsyncIteration (Piotr Sawicki, PR 21406)
  • Fix incremental compilation with separate flag (Vaggelis Danias, PR 21299)

Fixes to Crashes

  • Fix crash on partial type with --allow-redefinition and global declaration (Jukka Lehtosalo, PR 21428)
  • Fix broken awaitable generator patching (Ivan Levkivskyi, PR 21435)

... (truncated)

Commits

Updates platformdirs from 4.9.6 to 4.10.0

Release notes

Sourced from platformdirs's releases.

4.10.0

What's Changed

New Contributors

Full Changelog: tox-dev/platformdirs@4.9.6...4.10.0

Changelog

Sourced from platformdirs's changelog.

########### Changelog ###########


4.10.0 (2026-05-28)


  • ✨ feat: add user_publicshare_dir, user_templates_dir, user_fonts_dir, user_preference_dir :pr:491
  • ✨ feat: add user_projects_dir for $XDG_PROJECTS_DIR :pr:490
  • chore: improve platformdirs maintenance path :pr:488 - by :user:lphuc2250gma

4.9.6 (2026-04-09)


  • 🐛 fix(release): use double quotes for tag variable expansion :pr:477

4.9.5 (2026-04-06)


  • 📝 docs(appauthor): clarify None vs False on Windows :pr:476
  • Separates implementations of macOS dirs that share a default :pr:473 - by :user:Goddesen
  • Remove persist-credentials: false from release job :pr:472
  • fix: do not duplicate site dirs in Unix.iter_{config,site}_dirs() when use_site_for_root is active :pr:469 - by :user:viccie30
  • 🔧 fix(type): resolve ty 0.0.25 type errors :pr:468
  • 🔒 ci(workflows): add zizmor security auditing :pr:467
  • 🐛 fix(release): generate docstrfmt-compatible changelog entries :pr:463

4.9.4 (2026-03-05)


  • [pre-commit.ci] pre-commit autoupdate :pr:461 - by :user:pre-commit-ci[bot]
  • Update README.md
  • 📝 docs: add project logo to documentation :pr:459
  • Standardize .github files to .yaml suffix
  • build(deps): bump the all group with 2 updates :pr:457 - by :user:dependabot[bot]
  • Move SECURITY.md to .github/SECURITY.md
  • Add permissions to workflows :pr:455
  • Add security policy
  • [pre-commit.ci] pre-commit autoupdate :pr:454 - by :user:pre-commit-ci[bot]

4.9.2 (2026-02-16)


  • 📝 docs: restructure following Diataxis framework :pr:448

... (truncated)

Commits
  • 04cb136 Release 4.10.0
  • 078bc61 ✨ feat: add user_publicshare_dir, user_templates_dir, user_fonts_dir, user_pr...
  • d279747 ✨ feat: add user_projects_dir for $XDG_PROJECTS_DIR (#490)
  • 4116391 [pre-commit.ci] pre-commit autoupdate (#489)
  • dbc63f5 chore: improve platformdirs maintenance path (#488)
  • 9265108 [pre-commit.ci] pre-commit autoupdate (#487)
  • 9f857ec [pre-commit.ci] pre-commit autoupdate (#486)
  • a76e777 [pre-commit.ci] pre-commit autoupdate (#484)
  • 903fd9f [pre-commit.ci] pre-commit autoupdate (#483)
  • a5da35d build(deps): bump astral-sh/setup-uv from 8.0.0 to 8.1.0 in the all group (#482)
  • Additional commits viewable in compare view

Updates requests from 2.33.1 to 2.34.2

Release notes

Sourced from requests's releases.

v2.34.2

2.34.2 (2026-05-14)

  • Moved headers input type back to Mapping to avoid invariance issues with MutableMapping and inferred dict types. Users calling Request.headers.update() may need to narrow typing in their code. (#7441)

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14

v2.34.1

2.34.1 (2026-05-13)

Bugfixes

  • Widened json input type from dict and list to Mapping and Sequence. (#7436)
  • Changed headers input type to MutableMapping and removed None from Request.headers typing to improve handling for users. (#7431)
  • Response.reason moved from str | None to str to improve handling for users. (#7437)
  • Fixed a bug where some bodies with custom __getattr__ implementations weren't being properly detected as Iterables. (#7433)

New Contributors

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13

v2.34.0

2.34.0 (2026-05-11)

Announcements

  • Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue.

    Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for helping review and test the types ahead of the release. (#7272)

Improvements

  • Digest Auth hashing algorithms have added usedforsecurity=False to clarify security considerations. (#7310)
  • Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. (#7422)
  • Requests added support for Python 3.14t. (#7419)

Bugfixes

  • Response.history no longer contains a reference to itself, preventing accidental looping when traversing the history list. (#7328)
  • Requests no longer performs greedy matching on no_proxy domains. The

... (truncated)

Changelog

Sourced from requests's changelog.

2.34.2 (2026-05-14)

  • Moved headers input type back to Mapping to avoid invariance issues with MutableMapping and inferred dict types. Users calling Request.headers.update() may need to narrow typing in their code. (#7441)

2.34.1 (2026-05-13)

Bugfixes

  • Widened json input type from dict and list to Mapping and Sequence. (#7436)
  • Changed headers input type to MutableMapping and removed None from Request.headers typing to improve handling for users. (#7431)
  • Response.reason moved from str | None to str to improve handling for users. (#7437)
  • Fixed a bug where some bodies with custom __getattr__ implementations weren't being properly detected as Iterables. (#7433)

2.34.0 (2026-05-11)

Announcements

  • Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue.

    Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for helping review and test the types ahead of the release. (#7272)

Improvements

  • Digest Auth hashing algorithms have added usedforsecurity=False to clarify security considerations. (#7310)
  • Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. (#7422)
  • Requests added support for Python 3.14t. (#7419)

Bugfixes

  • Response.history no longer contains a reference to itself, preventing accidental looping when traversing the history list. (#7328)
  • Requests no longer performs greedy matching on no_proxy domains. The proxy_bypass implementation has been updated with CPython's fix from bpo-39057. (#7427)
  • Requests no longer incorrectly strips duplicate leading slashes in URI paths. This should address user issues with specific presigned URLs. Note the full fix requires urllib3 2.7.0+. (#7315)
Commits

Updates ruff from 0.15.12 to 0.15.15

Release notes

Sourced from ruff's releases.

0.15.15

Release Notes

Released on 2026-05-28.

Preview features

  • Fix Markdown closing fence handling (#25310)
  • [pyflakes] Report duplicate imports in typing.TYPE_CHECKING block (F811) (#22560)

Bug fixes

  • [pyflakes] Treat function-scope bare annotations as locals per PEP 526 (F821) (#21540)

Performance

  • Avoid redundant TokenValue drops in the lexer (#25300)
  • Reduce memory usage by dropping token-excess capacity and improve performance by approximating the initial tokens Vec size (#25354)
  • Use ThinVec in AST to shrink Stmt (#25361)

Documentation

  • Fix line-length example for --config option (#25389)
  • [flake8-comprehensions] Document RecursionError edge case in __len__ (C416) (#25286)
  • [mccabe] Improve example (C901) (#25287)
  • [pyupgrade] Clarify fix safety docs (UP007, UP045) (#25288)
  • [refurb] Document FURB192 exception change for empty sequences (#25317)
  • [ruff] Document false negative for user-defined types (RUF013) (#25289)

Formatter

  • Fix formatting of lambdas nested within f-strings (#25398)

Server

  • Return code action for codeAction/resolve requests that contain no or no valid URL (#25365)

Other changes

  • Expand semantic syntax errors for invalid walruses (#25415)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.15

Released on 2026-05-28.

Preview features

  • Fix Markdown closing fence handling (#25310)
  • [pyflakes] Report duplicate imports in typing.TYPE_CHECKING block (F811) (#22560)

Bug fixes

  • [pyflakes] Treat function-scope bare annotations as locals per PEP 526 (F821) (#21540)

Performance

  • Avoid redundant TokenValue drops in the lexer (#25300)
  • Reduce memory usage by dropping token-excess capacity and improve performance by approximating the initial tokens Vec size (#25354)
  • Use ThinVec in AST to shrink Stmt (#25361)

Documentation

  • Fix line-length example for --config option (#25389)
  • [flake8-comprehensions] Document RecursionError edge case in __len__ (C416) (#25286)
  • [mccabe] Improve example (C901) (#25287)
  • [pyupgrade] Clarify fix safety docs (UP007, UP045) (#25288)
  • [refurb] Document FURB192 exception change for empty sequences (#25317)
  • [ruff] Document false negative for user-defined types (RUF013) (#25289)

Formatter

  • Fix formatting of lambdas nested within f-strings (#25398)

Server

  • Return code action for codeAction/resolve requests that contain no o...

    Description has been truncated

Bumps the python-packages group with 17 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [tomlkit](https://github.com/python-poetry/tomlkit) | `0.14.0` | `0.15.0` |
| [lxml](https://github.com/lxml/lxml) | `6.1.0` | `6.1.1` |
| [coverage](https://github.com/coveragepy/coveragepy) | `7.13.5` | `7.14.1` |
| [certifi](https://github.com/certifi/python-certifi) | `2026.4.22` | `2026.5.20` |
| [click](https://github.com/pallets/click) | `8.3.3` | `8.4.1` |
| [idna](https://github.com/kjd/idna) | `3.15` | `3.17` |
| [librt](https://github.com/mypyc/librt) | `0.9.0` | `0.11.0` |
| [mdit-py-plugins](https://github.com/executablebooks/mdit-py-plugins) | `0.5.0` | `0.6.1` |
| [mypy](https://github.com/python/mypy) | `1.20.2` | `2.1.0` |
| [platformdirs](https://github.com/tox-dev/platformdirs) | `4.9.6` | `4.10.0` |
| [requests](https://github.com/psf/requests) | `2.33.1` | `2.34.2` |
| [ruff](https://github.com/astral-sh/ruff) | `0.15.12` | `0.15.15` |
| [snowballstemmer](https://github.com/snowballstem/snowball) | `3.0.1` | `3.1.0` |
| [soupsieve](https://github.com/facelessuser/soupsieve) | `2.8.3` | `2.8.4` |
| [starlette](https://github.com/Kludex/starlette) | `1.0.0` | `1.2.1` |
| [uvicorn](https://github.com/Kludex/uvicorn) | `0.46.0` | `0.48.0` |
| [watchfiles](https://github.com/samuelcolvin/watchfiles) | `1.1.1` | `1.2.0` |



Updates `tomlkit` from 0.14.0 to 0.15.0
- [Release notes](https://github.com/python-poetry/tomlkit/releases)
- [Changelog](https://github.com/python-poetry/tomlkit/blob/master/CHANGELOG.md)
- [Commits](python-poetry/tomlkit@0.14.0...0.15.0)

Updates `lxml` from 6.1.0 to 6.1.1
- [Release notes](https://github.com/lxml/lxml/releases)
- [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt)
- [Commits](lxml/lxml@lxml-6.1.0...lxml-6.1.1)

Updates `coverage` from 7.13.5 to 7.14.1
- [Release notes](https://github.com/coveragepy/coveragepy/releases)
- [Changelog](https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst)
- [Commits](coveragepy/coveragepy@7.13.5...7.14.1)

Updates `certifi` from 2026.4.22 to 2026.5.20
- [Commits](certifi/python-certifi@2026.04.22...2026.05.20)

Updates `click` from 8.3.3 to 8.4.1
- [Release notes](https://github.com/pallets/click/releases)
- [Changelog](https://github.com/pallets/click/blob/main/CHANGES.rst)
- [Commits](pallets/click@8.3.3...8.4.1)

Updates `idna` from 3.15 to 3.17
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.md)
- [Commits](kjd/idna@v3.15...v3.17)

Updates `librt` from 0.9.0 to 0.11.0
- [Commits](mypyc/librt@v0.9.0...v0.11.0)

Updates `mdit-py-plugins` from 0.5.0 to 0.6.1
- [Release notes](https://github.com/executablebooks/mdit-py-plugins/releases)
- [Changelog](https://github.com/executablebooks/mdit-py-plugins/blob/master/CHANGELOG.md)
- [Commits](executablebooks/mdit-py-plugins@v0.5.0...v0.6.1)

Updates `mypy` from 1.20.2 to 2.1.0
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md)
- [Commits](python/mypy@v1.20.2...v2.1.0)

Updates `platformdirs` from 4.9.6 to 4.10.0
- [Release notes](https://github.com/tox-dev/platformdirs/releases)
- [Changelog](https://github.com/tox-dev/platformdirs/blob/main/docs/changelog.rst)
- [Commits](tox-dev/platformdirs@4.9.6...4.10.0)

Updates `requests` from 2.33.1 to 2.34.2
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.33.1...v2.34.2)

Updates `ruff` from 0.15.12 to 0.15.15
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.12...0.15.15)

Updates `snowballstemmer` from 3.0.1 to 3.1.0
- [Changelog](https://github.com/snowballstem/snowball/blob/main/NEWS)
- [Commits](snowballstem/snowball@v3.0.1...v3.1.0)

Updates `soupsieve` from 2.8.3 to 2.8.4
- [Release notes](https://github.com/facelessuser/soupsieve/releases)
- [Commits](facelessuser/soupsieve@2.8.3...2.8.4)

Updates `starlette` from 1.0.0 to 1.2.1
- [Release notes](https://github.com/Kludex/starlette/releases)
- [Changelog](https://github.com/Kludex/starlette/blob/main/docs/release-notes.md)
- [Commits](Kludex/starlette@1.0.0...1.2.1)

Updates `uvicorn` from 0.46.0 to 0.48.0
- [Release notes](https://github.com/Kludex/uvicorn/releases)
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md)
- [Commits](Kludex/uvicorn@0.46.0...0.48.0)

Updates `watchfiles` from 1.1.1 to 1.2.0
- [Release notes](https://github.com/samuelcolvin/watchfiles/releases)
- [Commits](samuelcolvin/watchfiles@v1.1.1...v1.2.0)

---
updated-dependencies:
- dependency-name: tomlkit
  dependency-version: 0.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: lxml
  dependency-version: 6.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-packages
- dependency-name: coverage
  dependency-version: 7.14.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: certifi
  dependency-version: 2026.5.20
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: click
  dependency-version: 8.4.1
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: idna
  dependency-version: '3.17'
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: librt
  dependency-version: 0.11.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: mdit-py-plugins
  dependency-version: 0.6.1
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: mypy
  dependency-version: 2.1.0
  dependency-type: indirect
  update-type: version-update:semver-major
  dependency-group: python-packages
- dependency-name: platformdirs
  dependency-version: 4.10.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: requests
  dependency-version: 2.34.2
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: ruff
  dependency-version: 0.15.15
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: python-packages
- dependency-name: snowballstemmer
  dependency-version: 3.1.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: soupsieve
  dependency-version: 2.8.4
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: python-packages
- dependency-name: starlette
  dependency-version: 1.2.1
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: uvicorn
  dependency-version: 0.48.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: watchfiles
  dependency-version: 1.2.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: python-packages
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jun 1, 2026
@dependabot dependabot Bot requested review from a team as code owners June 1, 2026 07:24
@greenbonebot greenbonebot enabled auto-merge (rebase) June 1, 2026 07:24
@dependabot @github

dependabot Bot commented on behalf of github Jun 8, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jun 8, 2026
auto-merge was automatically disabled June 8, 2026 04:11

Pull request was closed

@dependabot dependabot Bot deleted the dependabot/pip/python-packages-5de0893bdb branch June 8, 2026 04:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants