Bump the dependencies group in /.config with 6 updates #1978

dependabot · 2025-05-04T10:17:32Z

Bumps the dependencies group in /.config with 6 updates:

Package	From	To
charset-normalizer	`3.4.1`	`3.4.2`
cryptography	`44.0.2`	`44.0.3`
importlib-metadata	`8.6.1`	`8.7.0`
pymdown-extensions	`10.14.3`	`10.15`
termcolor	`3.0.1`	`3.1.0`
yamllint	`1.37.0`	`1.37.1`

Updates charset-normalizer from 3.4.1 to 3.4.2

Release notes

Sourced from charset-normalizer's releases.

Version 3.4.2

3.4.2 (2025-05-02)

Fixed

Addressed the DeprecationWarning in our CLI regarding argparse.FileType by backporting the target class into the package. (#591)

Improved the overall reliability of the detector with CJK Ideographs. (#605) (#587)

Changed

Optional mypyc compilation upgraded to version 1.15 for Python >= 3.9

Changelog

Sourced from charset-normalizer's changelog.

3.4.2 (2025-05-02)

Fixed

Addressed the DeprecationWarning in our CLI regarding argparse.FileType by backporting the target class into the package. (#591)

Improved the overall reliability of the detector with CJK Ideographs. (#605) (#587)

Changed

Optional mypyc compilation upgraded to version 1.15 for Python >= 3.8

Commits

6422af1 📝 update release date
0e60ec1 🔖 Release 3.4.2 (#614)
f6630ce ⬆️ Bump pypa/cibuildwheel from 2.23.2 to 2.23.3 (#617)
677c999 ⬆️ Bump actions/download-artifact from 4.2.1 to 4.3.0 (#618)
960ab1e ⬆️ Bump actions/setup-python from 5.5.0 to 5.6.0 (#619)
6eb6325 ⬆️ Bump github/codeql-action from 3.28.10 to 3.28.16 (#620)
c99c0f2 ⬆️ Update coverage requirement from <7.7,>=7.2.7 to >=7.2.7,<7.9 (#606)
270f28e ⬆️ Bump actions/setup-python from 5.4.0 to 5.5.0 (#607)
d4d89a0 ⬆️ Bump pypa/cibuildwheel from 2.22.0 to 2.23.2 (#608)
905fcf5 ⬆️ Bump slsa-framework/slsa-github-generator from 2.0.0 to 2.1.0 (#609)
Additional commits viewable in compare view

Updates cryptography from 44.0.2 to 44.0.3

Changelog

Sourced from cryptography's changelog.

44.0.3 - 2025-05-02

* Fixed compilation when using LibreSSL 4.1.0.

.. _v44-0-2:

Commits

b92c841 [44.0.x] backports for libressl 4.1.0 support release (#12848)
387ca00 Hopefully add Window / MacOS PyPy 3.10 / 3.11 support (#12559)
See full diff in compare view

Updates importlib-metadata from 8.6.1 to 8.7.0

Changelog

Sourced from importlib-metadata's changelog.

v8.7.0

Features

.metadata() (and Distribution.metadata) can now return None if the metadata directory exists but not metadata file is present. (#493)

Bugfixes

Raise consistent ValueError for invalid EntryPoint.value (#518)

Commits

708dff4 Finalize
b3065f0 Merge pull request #519 from python/bugfix/493-metadata-missing
e4351c2 Add a new test capturing the new expectation.
5a65705 Refactor the casting into a wrapper for brevity and to document its purpose.
0830c39 Add news fragment.
22bb567 Fix type errors where metadata could be None.
57f31d7 Allow metadata to return None when there is no metadata present.
b9c4be4 Merge pull request #518 from python/bugfix/488-bad-ep-value
9f8af01 Prefer a cached property, as the property is likely to be retrieved at least ...
f179e28 Also raise ValueError on construction if the value is invalid.
Additional commits viewable in compare view

Updates pymdown-extensions from 10.14.3 to 10.15

Release notes

Sourced from pymdown-extensions's releases.

10.15.0

NEW: SuperFences: Add relaxed_headers option which can tolerate bad content in the fenced code header. When enabled, code blocks with bad content in the header will likely still convert into code blocks, often respecting the specified language.

NEW: Add type hints to the Blocks interface and a few additional files.

FIX: Blocks: Fix some corner cases of nested blocks with lists.

FIX: Tab and Tabbed: Fix a case where tabs could fail if combine_header_slug was enabled and there was no header.

Commits

d32c6b3 Update changelog
9f5c3ca Finish typing the Blocks interface and type additional referenced files (#2652)
84a087b add type annotations to block.py (#2634)
70e475c Docs: update JS deps
0eb2047 Provide option for more relaxed fenced code headers (#2649)
677a863 Fix some corner cases with Blocks and nested lists (#2651)
f655468 Fix a corner case with combine_header_slug and Tab and Tabbed
3e8a097 Only show "steps" as direct list items
f8d7f62 Docs: Mermaid Pie chart is now considered viable and update version used
48cda23 Add a note about snippet syntax and XML files
Additional commits viewable in compare view

Updates termcolor from 3.0.1 to 3.1.0

Release notes

Sourced from termcolor's releases.

Release 3.1.0

Added

Add true colour RGB option as input arguments (#102) @icyveins7

Cache system lookups to save invocation time (#107) @miketheman

Advertise typing via classifier (#104) @miketheman

Changed

Migrate coverage configuration to pyproject.toml (#105) @miketheman

Commits

1e0ae11 Test free-threaded Python 3.13t and 3.14t (#111)
9e3f5bb Test free-threaded Python 3.13t and 3.14t
52bf721 Add mutation testing (#109)
968cfa5 Add tests for cprint kwargs
6048bd5 Add mutation testing
fd08149 Test code branches (#108)
b32a006 Test code branches
60815d2 Cache system lookups to save invocation time (#107)
7e1e892 Complete coverage via added tests (#106)
e516dd5 Cache system lookups to save invocation time
Additional commits viewable in compare view

Updates yamllint from 1.37.0 to 1.37.1

Changelog

Sourced from yamllint's changelog.

1.37.1 (2025-05-04)

Rule comments: tell how many spaces are expected

Rule quoted-strings: Fix only-when-needed on multiline with backslash

Config: Report if rules is not a dict

Fix test_codec_built_in_equivalent() test when run with pytest

CI: Fix TestPyPI "dev0" versions for master commits on tags

Docs: Add links to GitHub repository and releases

Docs: Fix GitLab integration example

Docs: Fix GitLab integration link

Fix the tests badge link on the README

Commits

79a6b2b yamllint version 1.37.1
b6fe397 config: Report if 'rules' is not a dict
2ec2d7a docs: Fix GitLab integration link
1a6542c quoted-strings: Fix only-when-needed on multiline with backslash
2d10aaa docs: Fix GitLab integration example
263fb88 README: Fix the tests badge link
a942f5c Rename tests.common.test_codec_built_in_equivalent()
639a7c6 comments: Tell how many spaces are expected in 'min-spaces-from-content'
0f2fbb0 docs: Add links to GitHub repository and releases
bce26d6 CI: Fix TestPyPI "dev0" versions for master commits on tags
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the dependencies group in /.config with 6 updates: | Package | From | To | | --- | --- | --- | | [charset-normalizer](https://github.com/jawah/charset_normalizer) | `3.4.1` | `3.4.2` | | [cryptography](https://github.com/pyca/cryptography) | `44.0.2` | `44.0.3` | | [importlib-metadata](https://github.com/python/importlib_metadata) | `8.6.1` | `8.7.0` | | [pymdown-extensions](https://github.com/facelessuser/pymdown-extensions) | `10.14.3` | `10.15` | | [termcolor](https://github.com/termcolor/termcolor) | `3.0.1` | `3.1.0` | | [yamllint](https://github.com/adrienverge/yamllint) | `1.37.0` | `1.37.1` | Updates `charset-normalizer` from 3.4.1 to 3.4.2 - [Release notes](https://github.com/jawah/charset_normalizer/releases) - [Changelog](https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md) - [Commits](jawah/charset_normalizer@3.4.1...3.4.2) Updates `cryptography` from 44.0.2 to 44.0.3 - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@44.0.2...44.0.3) Updates `importlib-metadata` from 8.6.1 to 8.7.0 - [Release notes](https://github.com/python/importlib_metadata/releases) - [Changelog](https://github.com/python/importlib_metadata/blob/main/NEWS.rst) - [Commits](python/importlib_metadata@v8.6.1...v8.7.0) Updates `pymdown-extensions` from 10.14.3 to 10.15 - [Release notes](https://github.com/facelessuser/pymdown-extensions/releases) - [Commits](facelessuser/pymdown-extensions@10.14.3...10.15) Updates `termcolor` from 3.0.1 to 3.1.0 - [Release notes](https://github.com/termcolor/termcolor/releases) - [Changelog](https://github.com/termcolor/termcolor/blob/main/CHANGES.md) - [Commits](termcolor/termcolor@3.0.1...3.1.0) Updates `yamllint` from 1.37.0 to 1.37.1 - [Release notes](https://github.com/adrienverge/yamllint/releases) - [Changelog](https://github.com/adrienverge/yamllint/blob/master/CHANGELOG.rst) - [Commits](adrienverge/yamllint@v1.37.0...v1.37.1) --- updated-dependencies: - dependency-name: charset-normalizer dependency-version: 3.4.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: cryptography dependency-version: 44.0.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: importlib-metadata dependency-version: 8.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: pymdown-extensions dependency-version: '10.15' dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: termcolor dependency-version: 3.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: yamllint dependency-version: 1.37.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies minor A bug fix or non-impacting change skip-changelog labels May 4, 2025

dependabot bot requested a review from a team as a code owner May 4, 2025 10:17

github-project-automation bot added this to 🧰 devtools project board May 4, 2025

dependabot bot had a problem deploying to ack May 4, 2025 10:17 Failure

abhikdps removed the minor A bug fix or non-impacting change label May 4, 2025

abhikdps temporarily deployed to ack May 4, 2025 12:37 — with GitHub Actions Inactive

ansibuddy enabled auto-merge May 4, 2025 12:38

ansibuddy approved these changes May 4, 2025

View reviewed changes

ansibuddy added this pull request to the merge queue May 4, 2025

github-project-automation bot moved this to Review in 🧰 devtools project board May 4, 2025

abhikdps removed this pull request from the merge queue due to a manual request May 4, 2025

abhikdps added this pull request to the merge queue May 4, 2025

github-merge-queue bot removed this pull request from the merge queue due to no response for status checks May 4, 2025

abhikdps merged commit 38a3926 into main May 4, 2025
28 of 32 checks passed

abhikdps deleted the dependabot/pip/dot-config/dependencies-993df1a7c2 branch May 4, 2025 16:55

github-project-automation bot moved this from Review to Done in 🧰 devtools project board May 4, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the dependencies group in /.config with 6 updates #1978

Bump the dependencies group in /.config with 6 updates #1978

Uh oh!

dependabot bot commented on behalf of github May 4, 2025

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Bump the dependencies group in /.config with 6 updates #1978

Bump the dependencies group in /.config with 6 updates #1978

Uh oh!

Conversation

dependabot bot commented on behalf of github May 4, 2025

Version 3.4.2

3.4.2 (2025-05-02)

Fixed

Changed

3.4.2 (2025-05-02)

Fixed

Changed

v8.7.0

Features

Bugfixes

10.15.0

Release 3.1.0

Added

Changed

1.37.1 (2025-05-04)

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!