Skip to content

[Tech] Bump the non-major-dependencies group across 1 directory with 7 updates#2830

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/pipeline/non-major-dependencies-30cb37f314
Open

[Tech] Bump the non-major-dependencies group across 1 directory with 7 updates#2830
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/pipeline/non-major-dependencies-30cb37f314

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 2, 2026

Bumps the non-major-dependencies group with 7 updates in the /pipeline directory:

Package From To
geopandas 1.1.2 1.1.3
python-dotenv 1.2.1 1.2.2
geoalchemy2 0.18.1 0.18.4
prefect 3.6.9 3.6.24
coverage 7.13.4 7.13.5
sqlalchemy 2.0.46 2.0.48
css-inline 0.20.0 0.20.1

Updates geopandas from 1.1.2 to 1.1.3

Release notes

Sourced from geopandas's releases.

Version 1.1.3

What's Changed

This release addresses a handful of small compatibility issues with pandas 3.0 and backports some bugfixes.

Bug fixes:

  • Improved compatibility with pandas 3.0 Copy-on-Write feature, making use of deferred copies where possible (#3298, #3711).
  • Fix GeoSeries.sample_points not accepting list-like size when generating points using pointpaterns (#3710).
  • Fix from_wkt/wkb to correctly handle missing values with pandas 3 (where the new str dtype is used) (#3714).
  • Fix to_postgis to correctly handle missing values with pandas 3 (where the new str dtype is used) (#3722).
  • Using loc to assign column values to a new row index now correctly preserves the column CRS and geometry dtype on pandas 3.1, due to an upstream bug fix (#3741, Pandas #62523)
  • Random states in pointpats methods of sample_points can now be fixed with rng (#3737).

Full Changelog: geopandas/geopandas@v1.1.2...v1.1.3

Changelog

Sourced from geopandas's changelog.

Version 1.1.3 (March 10, 2026)

This release addresses a handful of small compatibility issues with pandas 3.0 and backports some bugfixes.

Bug fixes:

  • Improved compatibility with pandas 3.0 Copy-on-Write feature, making use of deferred copies where possible (#3298, #3711).
  • Fix GeoSeries.sample_points not accepting list-like size when generating points using pointpaterns (#3710).
  • Fix from_wkt/wkb to correctly handle missing values with pandas 3 (where the new str dtype is used) (#3714).
  • Fix to_postgis to correctly handle missing values with pandas 3 (where the new str dtype is used) (#3722).
  • Using loc to assign column values to a new row index now correctly preserves the column CRS and geometry dtype on pandas 3.1, due to an upstream bug fix (#3741, Pandas #62523)
  • Random states in pointpats methods of sample_points`` can now be fixed with rng` (#3737).
Commits
  • f5fe3ff RLS: v1.1.3
  • c104670 pointpats <2.5.3 test compat
  • af36b14 ENH: add pointpats as an optional dependency & pass in rng (#3737)
  • d9ed84a COMPAT: fix failing test for loc concatenation crs preservation with pandas 3...
  • 1b1ddc2 MAINT: use trusted publishing for releasing to PyPI (#3734)
  • 8d0c05d changelog
  • a424f17 Avoid returning deep copies with pandas 3.0 (with Copy-on-Write) (#3298)
  • 03fa43e MAINT: cleanup release warning for project.license table (#3603)
  • 29fdb30 CI: remove usage of PANDAS_FUTURE_INFER_STRINGS=0 (#3715)
  • 9070e13 missing changelog entries
  • Additional commits viewable in compare view

Updates python-dotenv from 1.2.1 to 1.2.2

Release notes

Sourced from python-dotenv's releases.

v1.2.2

Added

  • Support for Python 3.14, including the free-threaded (3.14t) build. (#)

Changed

  • The dotenv run command now forwards flags directly to the specified command by @​bbc2 in theskumar/python-dotenv#607
  • Improved documentation clarity regarding override behavior and the reference page.
  • Updated PyPy support to version 3.11.
  • Documentation for FIFO file support.
  • Support for Python 3.9.

Fixed

Breaking Changes

  • dotenv.set_key and dotenv.unset_key used to follow symlinks in some situations. This is no longer the case. For that behavior to be restored in all cases, follow_symlinks=True should be used.

  • In the CLI, set and unset used to follow symlinks in some situations. This is no longer the case.

  • dotenv.set_key, dotenv.unset_key and the CLI commands set and unset used to reset the file mode of the modified .env file to 0o600 in some situations. This is no longer the case: The original mode of the file is now preserved. Is the file needed to be created or wasn't a regular file, mode 0o600 is used.

Misc

New Contributors

Full Changelog: theskumar/python-dotenv@v1.2.1...v1.2.2

Changelog

Sourced from python-dotenv's changelog.

[1.2.2] - 2026-03-01

Added

  • Support for Python 3.14, including the free-threaded (3.14t) build. (#588)

Changed

  • The dotenv run command now forwards flags directly to the specified command by [@​bbc2] in #607
  • Improved documentation clarity regarding override behavior and the reference page.
  • Updated PyPy support to version 3.11.
  • Documentation for FIFO file support.
  • Dropped Support for Python 3.9.

Fixed

  • Improved set_key and unset_key behavior when interacting with symlinks by [@​bbc2] in [790c5c0]
  • Corrected the license specifier and added missing Python 3.14 classifiers in package metadata by [@​JYOuyang] in #590

Breaking Changes

  • dotenv.set_key and dotenv.unset_key used to follow symlinks in some situations. This is no longer the case. For that behavior to be restored in all cases, follow_symlinks=True should be used.

  • In the CLI, set and unset used to follow symlinks in some situations. This is no longer the case.

  • dotenv.set_key, dotenv.unset_key and the CLI commands set and unset used to reset the file mode of the modified .env file to 0o600 in some situations. This is no longer the case: The original mode of the file is now preserved. Is the file needed to be created or wasn't a regular file, mode 0o600 is used.

Commits

Updates geoalchemy2 from 0.18.1 to 0.18.4

Release notes

Sourced from geoalchemy2's releases.

0.18.4

What's Changed

Full Changelog: geoalchemy/geoalchemy2@0.18.3...0.18.4

0.18.3

What's Changed

Full Changelog: geoalchemy/geoalchemy2@0.18.2...0.18.3

0.18.2

What's Changed

Full Changelog: geoalchemy/geoalchemy2@0.18.1...0.18.2

Changelog

Sourced from geoalchemy2's changelog.

0.18.4

0.18.3

0.18.2

Commits

Updates prefect from 3.6.9 to 3.6.24

Release notes

Sourced from prefect's releases.

3.6.24 - A watched flow never boils

Note: unwatched flows also never boil

New Features 🎉

Enhancements ➕➕

Bug Fixes 🐞

Development & Tidiness 🧹

... (truncated)

Commits
  • 195d63c docs: Add release notes for 3.6.24 (#21322)
  • d4d5310 Fix heartbeat starvation under CPU-bound workloads (#21276)
  • f76299f Add opt-in BuildKit/buildx support via python-on-whales (#21286)
  • 6c39940 Add with_context() for logging from subprocesses (#21304)
  • b1dea50 Fix #21319: Skip dotenv_values when .env is not a regular file (#21320)
  • 316330b Remove expired docs banner (#21321)
  • d325a6c Update AGENTS.md files for f03e181 (#21318)
  • f03e181 Add position to block schema properties for UI field ordering (#21307)
  • 4a5e03a fix: preserve field aliases during Block serialization with include_secrets (...
  • af02e07 Respect PREFECT_SERVER_ANALYTICS_ENABLED env var in CLI (#21315)
  • Additional commits viewable in compare view

Updates coverage from 7.13.4 to 7.13.5

Changelog

Sourced from coverage's changelog.

Version 7.13.5 — 2026-03-17

  • Fix: issue 2138_ describes a memory leak that happened when repeatedly using the Coverage API with in-memory data. This is now fixed.

  • Fix: the markdown-formatted coverage report didn't fully escape special characters in file paths (issue 2141). This would be very unlikely to cause a problem, but now it's done properly, thanks to Ellie Ayla <pull 2142_>.

  • Fix: the C extension wouldn't build on VS2019, but now it does (issue 2145_).

.. _issue 2138: coveragepy/coveragepy#2138 .. _issue 2141: coveragepy/coveragepy#2141 .. _pull 2142: coveragepy/coveragepy#2142 .. _issue 2145: coveragepy/coveragepy#2145

.. _changes_7-13-4:

Commits
  • c88da14 docs: sample HTML for 7.13.5
  • e2ac3e1 build: sample HTML shouldn't include the status.json file
  • 910f8f3 docs: prep for 7.13.5
  • 3a4819c style: make workflows more uniform
  • 2a53705 chore: bump the action-dependencies group across 1 directory with 4 updates (...
  • e7c878d chore: make upgrade
  • ab4db40 build: use --generate-hashes when pinning
  • a438753 chore: make upgrade
  • 7b33457 refactor: some leftover pyupgrade 3.10 bits
  • 2ff968d refactor: this type wasn't used anywhere
  • Additional commits viewable in compare view

Updates sqlalchemy from 2.0.46 to 2.0.48

Release notes

Sourced from sqlalchemy's releases.

2.0.48

Released: March 2, 2026

engine

  • [engine] [bug] Fixed a critical issue in Engine where connections created in conjunction with the DialectEvents.do_connect() event listeners would receive shared, mutable collections for the connection arguments, leading to a variety of potential issues including unlimited growth of the argument list as well as elements within the parameter dictionary being shared among concurrent connection calls. In particular this could impact do_connect routines making use of complex mutable authentication structures.

    References: #13144

2.0.47

Released: February 24, 2026

orm

  • [orm] [bug] Fixed issue when using ORM mappings with Python 3.14's PEP 649 feature that no longer requires "future annotations", where the ORM's introspection of the __init__ method of mapped classes would fail if non-present identifiers in annotations were present. The vendored getfullargspec() method has been amended to use Format.FORWARDREF under Python 3.14 to prevent resolution of names that aren't present.

    References: #13104

engine

  • [engine] [usecase] The connection object returned by _engine.Engine.raw_connection() now supports the context manager protocol, automatically returning the connection to the pool when exiting the context.

    References: #13116

postgresql

  • [postgresql] [bug] Fixed an issue in the PostgreSQL dialect where foreign key constraint reflection would incorrectly swap or fail to capture onupdate and ondelete values when these clauses appeared in a different order than expected in the constraint definition. This issue primarily affected

... (truncated)

Commits

Updates css-inline from 0.20.0 to 0.20.1

Release notes

Sourced from css-inline's releases.

[C] Release 0.20.1

Changed

  • Update html5ever to 0.39.
  • Update selectors to 0.36.

Fixed

  • !important lost when inlining styles onto elements with existing inline style attributes. #682
  • !important lost when minify_css is enabled due to separator mismatch during property lookup. #682

[Java] Release 0.20.1

Changed

  • Update html5ever to 0.39.
  • Update selectors to 0.36.

Fixed

  • !important lost when inlining styles onto elements with existing inline style attributes. #682
  • !important lost when minify_css is enabled due to separator mismatch during property lookup. #682

[JavaScript] Release 0.20.1

Changed

  • Update html5ever to 0.39.
  • Update selectors to 0.36.

Fixed

  • !important lost when inlining styles onto elements with existing inline style attributes. #682
  • !important lost when minify_css is enabled due to separator mismatch during property lookup. #682

[PHP] Release 0.20.1

Changed

  • Update html5ever to 0.39.
  • Update selectors to 0.36.

Fixed

  • !important lost when inlining styles onto elements with existing inline style attributes. #682
  • !important lost when minify_css is enabled due to separator mismatch during property lookup. #682

[Python] Release 0.20.1

Changed

  • Update html5ever to 0.39.
  • Update selectors to 0.36.

... (truncated)

Changelog

Sourced from css-inline's changelog.

[0.20.1] - 2026-03-26

Changed

  • Update html5ever to 0.39.
  • Update selectors to 0.36.

Fixed

  • !important lost when inlining styles onto elements with existing inline style attributes. #682
  • !important lost when minify_css is enabled due to separator mismatch during property lookup. #682
Commits
  • 7d68478 chore(c): Release 0.20.1
  • ae58025 chore(python): Release 0.20.1
  • 63aa891 build(deps): bump picomatch from 2.3.1 to 2.3.2 in /bindings/javascript
  • e813347 build(deps-dev): bump nokogiri from 1.18.10 to 1.19.1 in /bindings/ruby
  • 89f8814 build(deps): bump flatted from 3.3.3 to 3.4.2 in /bindings/javascript
  • 66b1c5c docs: Update README & changelogs
  • 49eccbf build(deps): bump undici from 6.22.0 to 6.24.1 in /bindings/javascript
  • e1c92fc build(deps): bump rustls-webpki in /bindings/ruby/ext/css_inline
  • e34094f build(deps): bump rustls-webpki in /bindings/ruby
  • 77d743c build(deps): bump quinn-proto in /bindings/ruby/ext/css_inline
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
[Tech] Bump the non-major-dependencies group across 1 directory with …
d00b93c 
…7 updates

Bumps the non-major-dependencies group with 7 updates in the /pipeline directory:

| Package | From | To |
| --- | --- | --- |
| [geopandas](https://github.com/geopandas/geopandas) | `1.1.2` | `1.1.3` |
| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.2.1` | `1.2.2` |
| [geoalchemy2](https://github.com/geoalchemy/geoalchemy2) | `0.18.1` | `0.18.4` |
| [prefect](https://github.com/PrefectHQ/prefect) | `3.6.9` | `3.6.24` |
| [coverage](https://github.com/coveragepy/coveragepy) | `7.13.4` | `7.13.5` |
| [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) | `2.0.46` | `2.0.48` |
| [css-inline](https://github.com/Stranger6667/css-inline) | `0.20.0` | `0.20.1` |



Updates `geopandas` from 1.1.2 to 1.1.3
- [Release notes](https://github.com/geopandas/geopandas/releases)
- [Changelog](https://github.com/geopandas/geopandas/blob/main/CHANGELOG.md)
- [Commits](geopandas/geopandas@v1.1.2...v1.1.3)

Updates `python-dotenv` from 1.2.1 to 1.2.2
- [Release notes](https://github.com/theskumar/python-dotenv/releases)
- [Changelog](https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md)
- [Commits](theskumar/python-dotenv@v1.2.1...v1.2.2)

Updates `geoalchemy2` from 0.18.1 to 0.18.4
- [Release notes](https://github.com/geoalchemy/geoalchemy2/releases)
- [Changelog](https://github.com/geoalchemy/geoalchemy2/blob/main/CHANGES.txt)
- [Commits](geoalchemy/geoalchemy2@0.18.1...0.18.4)

Updates `prefect` from 3.6.9 to 3.6.24
- [Release notes](https://github.com/PrefectHQ/prefect/releases)
- [Commits](PrefectHQ/prefect@3.6.9...3.6.24)

Updates `coverage` from 7.13.4 to 7.13.5
- [Release notes](https://github.com/coveragepy/coveragepy/releases)
- [Changelog](https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst)
- [Commits](coveragepy/coveragepy@7.13.4...7.13.5)

Updates `sqlalchemy` from 2.0.46 to 2.0.48
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)

Updates `css-inline` from 0.20.0 to 0.20.1
- [Release notes](https://github.com/Stranger6667/css-inline/releases)
- [Changelog](https://github.com/Stranger6667/css-inline/blob/master/CHANGELOG.md)
- [Commits](Stranger6667/css-inline@c-v0.20.0...c-v0.20.1)

---
updated-dependencies:
- dependency-name: geopandas
  dependency-version: 1.1.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: non-major-dependencies
- dependency-name: python-dotenv
  dependency-version: 1.2.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: non-major-dependencies
- dependency-name: geoalchemy2
  dependency-version: 0.18.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: non-major-dependencies
- dependency-name: prefect
  dependency-version: 3.6.24
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: non-major-dependencies
- dependency-name: coverage
  dependency-version: 7.13.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: non-major-dependencies
- dependency-name: sqlalchemy
  dependency-version: 2.0.48
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: non-major-dependencies
- dependency-name: css-inline
  dependency-version: 0.20.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: non-major-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies tech. enhancement technical enhancement labels Apr 2, 2026
@tristanrobert
Copy link
Copy Markdown
Contributor

tristanrobert commented Apr 2, 2026

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud bot commented Apr 2, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@VincentAntoine VincentAntoine

Labels

dependencies tech. enhancement technical enhancement

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tristanrobert @VincentAntoine