Skip to content

build(deps): bump the python-deps group with 11 updates #1957

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 10, 2025
Merged

build(deps): bump the python-deps group with 11 updates #1957

merged 1 commit into from
Jun 10, 2025

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jun 9, 2025
edited by github-actions bot
Loading

Bumps the python-deps group with 11 updates:

Package From To
boto3 1.38.29 1.38.33
boto3-stubs 1.38.29 1.38.33
botocore 1.38.29 1.38.33
botocore-stubs 1.38.29 1.38.30
greenlet 3.2.2 3.2.3
hypothesis 6.135.0 6.135.4
pandas 2.2.3 2.3.0
requests 2.32.3 2.32.4
ruamel-yaml 0.18.12 0.18.14
ruff 0.11.12 0.11.13
tomlkit 0.13.2 0.13.3

Updates boto3 from 1.38.29 to 1.38.33

Commits
  • af071cb Merge branch 'release-1.38.33'
  • a9ec3f9 Bumping version to 1.38.33
  • 3d2b7a9 Add changelog entries from botocore
  • c2ef4c3 Merge branch 'release-1.38.32'
  • 3c5f285 Merge branch 'release-1.38.32' into develop
  • 6d14b07 Bumping version to 1.38.32
  • 2644d95 Add changelog entries from botocore
  • 1a5a89a Merge branch 'release-1.38.31'
  • d910d4f Merge branch 'release-1.38.31' into develop
  • abf78b6 Bumping version to 1.38.31
  • Additional commits viewable in compare view

Updates boto3-stubs from 1.38.29 to 1.38.33

Release notes

Sourced from boto3-stubs's releases.

8.8.0 - Python 3.8 runtime is back

Changed

  • [services] install_requires section is calculated based on dependencies in use, so typing-extensions version is set properly
  • [all] Replaced typing imports with collections.abc with a fallback to typing for Python <3.9
  • [all] Added aliases for builtins.list, builtins.set, builtins.dict, and builtins.type, so Python 3.8 runtime should work as expected again (reported by @​YHallouard in #340 and @​Omri-Ben-Yair in #336)
  • [all] Unions use the same type annotations as the rest of the structures due to proper fallbacks

Fixed

  • [services] Universal input/output shapes were not replaced properly in service subresources
  • [docs] Simplified doc links rendering for services
  • [services] Cleaned up unnecessary imports in client.pyi
  • [builder] Import records with fallback are always rendered
Commits

Updates botocore from 1.38.29 to 1.38.33

Commits

Updates botocore-stubs from 1.38.29 to 1.38.30

Commits

Updates greenlet from 3.2.2 to 3.2.3

Changelog

Sourced from greenlet's changelog.

3.2.3 (2025-06-05)

  • Make greenlet build and run on Python 3.14 beta 2 on Windows amd64.
  • Potentially fix build on NetBSD/sparc64. See PR 447 <https://github.com/python-greenlet/greenlet/pull/447>_.
Commits
  • f40c095 Preparing release 3.2.3
  • f3051e0 Change log for #447
  • cfbff33 Merge pull request #447 from alarixnia/sparc
  • e00d0a8 Tweaking msvc.
  • 0c22f32 Try adding 3.14 to make-manylinux
  • c3190ab Hack around more incompatible changes in CPython for 3.14 on Windows.
  • 45670b3 appveyor/3.14: Try the extern C trick. I don't actually expect this to work.
  • e263d75 appveyor: Try installing 3.14b2
  • 7c1d5c0 github actions: bump from 3.14b1 to 3.14b2
  • 69bed96 Fix compilation on NetBSD/sparc64
  • Additional commits viewable in compare view

Updates hypothesis from 6.135.0 to 6.135.4

Release notes

Sourced from hypothesis's releases.

Hypothesis for Python - version 6.135.4

Further improve the performance of the constants-collection feature introduced in version 6.131.1, by ignoring large files and files with many constants.

The canonical version of these notes (with links) is on readthedocs.

Hypothesis for Python - version 6.135.3

This release adds the experimental and unstable "OBSERVABILITY_CHOICES" option for observability. If set, the choice sequence is included in "metadata.choice_nodes", and choice sequence spans are included in "metadata.choice_spans".

These are relatively low-level implementation detail of Hypothesis, and are exposed in observability for users building tools or research on top of Hypothesis. See "PrimitiveProvider" for more details about the choice sequence and choice spans.

We are actively working towards a better interface for this. Feel free to use "OBSERVABILITY_CHOICES" to experiment, but don't rely on it yet!

The canonical version of these notes (with links) is on readthedocs.

Hypothesis for Python - version 6.135.2

This patch restores compatibility when using the legacy Python 3.9 LL(1) parser yet again, because the fix in version 6.131.33 was too brittle.

Thanks to Marco Ricci for this fix!

The canonical version of these notes (with links) is on readthedocs.

Hypothesis for Python - version 6.135.1

"DirectoryBasedExampleDatabase" now removes empty directories after "delete()" is called.

The canonical version of these notes (with links) is on readthedocs.

Commits
  • 609acd8 Bump hypothesis-python version to 6.135.4 and update changelog
  • b4ff5f9 Merge pull request #4398 from tybug/next
  • 0328676 Bump hypothesis-python version to 6.135.3 and update changelog
  • 26b75d5 Merge pull request #4422 from tybug/observability-choice-nodes
  • fec47d6 Bump hypothesis-python version to 6.135.2 and update changelog
  • 1b8adb2 Merge pull request #4426 from the-13th-letter/restore-py39-compatibility-LL1-...
  • 076510d reword
  • 1e744f1 add more docs to span_start
  • 0d9e29b address review
  • 989ae59 separate _nolimit cache
  • Additional commits viewable in compare view

Updates pandas from 2.2.3 to 2.3.0

Release notes

Sourced from pandas's releases.

Pandas 2.3.0

We are pleased to announce the release of pandas 2.3.0. This release includes some new features, bug fixes, and performance improvements. We recommend that all users upgrade to this version.

See the full whatsnew for a list of all the changes. Pandas 2.3.0 supports Python 3.10 and higher.

The release will be available on the defaults and conda-forge channels:

conda install -c conda-forge pandas

Or via PyPI:

python3 -m pip install --upgrade pandas

Please report any issues with the release on the pandas issue tracker.

Thanks to all the contributors who made this release possible.

Commits

Updates requests from 2.32.3 to 2.32.4

Release notes

Sourced from requests's releases.

v2.32.4

2.32.4 (2025-06-10)

Security

  • CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file. (#6965)

Improvements

  • Numerous documentation improvements

Deprecations

  • Added support for pypy 3.11 for Linux and macOS. (#6926)
  • Dropped support for pypy 3.9 following its end of support. (#6926)
Changelog

Sourced from requests's changelog.

2.32.4 (2025-06-10)

Security

  • CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.

Improvements

  • Numerous documentation improvements

Deprecations

  • Added support for pypy 3.11 for Linux and macOS.
  • Dropped support for pypy 3.9 following its end of support.
Commits
  • 021dc72 Polish up release tooling for last manual release
  • 821770e Bump version and add release notes for v2.32.4
  • 59f8aa2 Add netrc file search information to authentication documentation (#6876)
  • 5b4b64c Add more tests to prevent regression of CVE 2024 47081
  • 7bc4587 Add new test to check netrc auth leak (#6962)
  • 96ba401 Only use hostname to do netrc lookup instead of netloc
  • 7341690 Merge pull request #6951 from tswast/patch-1
  • 6716d7c remove links
  • a7e1c74 Update docs/conf.py
  • c799b81 docs: fix dead links to kenreitz.org
  • Additional commits viewable in compare view

Updates ruamel-yaml from 0.18.12 to 0.18.14

Updates ruff from 0.11.12 to 0.11.13

Release notes

Sourced from ruff's releases.

0.11.13

Release Notes

Preview features

  • [airflow] Add unsafe fix for module moved cases (AIR301,AIR311,AIR312,AIR302) (#18367,#18366,#18363,#18093)
  • [refurb] Add coverage of set and frozenset calls (FURB171) (#18035)
  • [refurb] Mark FURB180 fix unsafe when class has bases (#18149)

Bug fixes

  • [perflint] Fix missing parentheses for lambda and ternary conditions (PERF401, PERF403) (#18412)
  • [pyupgrade] Apply UP035 only on py313+ for get_type_hints() (#18476)
  • [pyupgrade] Make fix unsafe if it deletes comments (UP004,UP050) (#18393, #18390)

Rule changes

  • [fastapi] Avoid false positive for class dependencies (FAST003) (#18271)

Documentation

  • Update editor setup docs for Neovim and Vim (#18324)

Other changes

  • Support Python 3.14 template strings (t-strings) in formatter and parser (#17851)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.11.13

Preview features

  • [airflow] Add unsafe fix for module moved cases (AIR301,AIR311,AIR312,AIR302) (#18367,#18366,#18363,#18093)
  • [refurb] Add coverage of set and frozenset calls (FURB171) (#18035)
  • [refurb] Mark FURB180 fix unsafe when class has bases (#18149)

Bug fixes

  • [perflint] Fix missing parentheses for lambda and ternary conditions (PERF401, PERF403) (#18412)
  • [pyupgrade] Apply UP035 only on py313+ for get_type_hints() (#18476)
  • [pyupgrade] Make fix unsafe if it deletes comments (UP004,UP050) (#18393, #18390)

Rule changes

  • [fastapi] Avoid false positive for class dependencies (FAST003) (#18271)

Documentation

  • Update editor setup docs for Neovim and Vim (#18324)

Other changes

  • Support Python 3.14 template strings (t-strings) in formatter and parser (#17851)
Commits
  • 5faf72a Bump 0.11.13 (#18484)
  • 28dbc5c [ty] Fix completion order in playground (#18480)
  • ce216c7 Remove Message::to_rule (#18447)
  • 33468cc [pyupgrade] Apply UP035 only on py313+ for get_type_hints() (#18476)
  • 8531f4b [ty] Add infrastructure for AST garbage collection (#18445)
  • 5510020 [ty] IDE: add support for object.\<CURSOR> completions (#18468)
  • c0bb83b [perflint] fix missing parentheses for lambda and ternary conditions (PERF4...
  • 74a4e9a Combine lint and syntax error handling (#18471)
  • 8485dbb [ty] Fix --python argument for Windows, and improve error messages for bad ...
  • 0858896 [ty] type narrowing by attribute/subscript assignments (#18041)
  • Additional commits viewable in compare view

Updates tomlkit from 0.13.2 to 0.13.3

Release notes

Sourced from tomlkit's releases.

0.13.3

What's Changed

New Contributors

Full Changelog: python-poetry/tomlkit@0.13.2...0.13.3

Changelog

Sourced from tomlkit's changelog.

[0.13.3] - 2025-06-05

Added

  • Add .item() method to array and tables to retrieve an item by key. (#390)

Fixed

  • Fix missing newline when parsing a separated array of tables without trailing new line. (#381)
  • Fix non-existing key error when deleting an item from an out-of-order table. (#383)
  • Ensure newline is added between the plain values and the first table. (#387)
  • Fix repeated whitespace when removing an array item. (#405)
  • Fix invalid serialization after removing array item if the comma is on its own line. (#408)
  • Fix serialization of a nested dotted key table. (#411)
  • Refine the error message when use non-string as single key. (#412)
  • Fix invalid serialization after overwriting a key of a out-of-order table. (#414)
Commits
  • 8c963db chore: update version to 0.13.3 (#423)
  • fcb82ae fix: Missing newline at end of file with multiple array of tables can corrupt...
  • d4e1ecd fix: add newline indentation after existing items in Container class (#421)
  • e3b7332 fix: ensure unique table indices when adding items to out-of-order tables (#420)
  • 14607a5 chore(deps-dev): bump jinja2 from 3.1.5 to 3.1.6 (#418)
  • bd31dbd fix: Dumping a subelement of a parsed toml fails starting on 4rd level of nes...
  • 62a6708 fix: Invalid serialization when overwriting out-of-order table key (#417)
  • 64064f3 [pre-commit.ci] pre-commit autoupdate (#415)
  • df4afc6 Fix: reject single keys that aren't strings (#416)
  • 832e855 Fix array item removal (#409)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

📚 Documentation preview 📚: https://opendatacube--1957.org.readthedocs.build/en/1957/

@dependabot
build(deps): bump the python-deps group with 11 updates
7ee6253 
Bumps the python-deps group with 11 updates:

| Package | From | To |
| --- | --- | --- |
| [boto3](https://github.com/boto/boto3) | `1.38.29` | `1.38.33` |
| [boto3-stubs](https://github.com/youtype/mypy_boto3_builder) | `1.38.29` | `1.38.33` |
| [botocore](https://github.com/boto/botocore) | `1.38.29` | `1.38.33` |
| [botocore-stubs](https://github.com/youtype/botocore-stubs) | `1.38.29` | `1.38.30` |
| [greenlet](https://github.com/python-greenlet/greenlet) | `3.2.2` | `3.2.3` |
| [hypothesis](https://github.com/HypothesisWorks/hypothesis) | `6.135.0` | `6.135.4` |
| [pandas](https://github.com/pandas-dev/pandas) | `2.2.3` | `2.3.0` |
| [requests](https://github.com/psf/requests) | `2.32.3` | `2.32.4` |
| ruamel-yaml | `0.18.12` | `0.18.14` |
| [ruff](https://github.com/astral-sh/ruff) | `0.11.12` | `0.11.13` |
| [tomlkit](https://github.com/sdispater/tomlkit) | `0.13.2` | `0.13.3` |


Updates `boto3` from 1.38.29 to 1.38.33
- [Release notes](https://github.com/boto/boto3/releases)
- [Commits](boto/boto3@1.38.29...1.38.33)

Updates `boto3-stubs` from 1.38.29 to 1.38.33
- [Release notes](https://github.com/youtype/mypy_boto3_builder/releases)
- [Commits](https://github.com/youtype/mypy_boto3_builder/commits)

Updates `botocore` from 1.38.29 to 1.38.33
- [Commits](boto/botocore@1.38.29...1.38.33)

Updates `botocore-stubs` from 1.38.29 to 1.38.30
- [Release notes](https://github.com/youtype/botocore-stubs/releases)
- [Commits](https://github.com/youtype/botocore-stubs/commits)

Updates `greenlet` from 3.2.2 to 3.2.3
- [Changelog](https://github.com/python-greenlet/greenlet/blob/master/CHANGES.rst)
- [Commits](python-greenlet/greenlet@3.2.2...3.2.3)

Updates `hypothesis` from 6.135.0 to 6.135.4
- [Release notes](https://github.com/HypothesisWorks/hypothesis/releases)
- [Commits](HypothesisWorks/hypothesis@hypothesis-python-6.135.0...hypothesis-python-6.135.4)

Updates `pandas` from 2.2.3 to 2.3.0
- [Release notes](https://github.com/pandas-dev/pandas/releases)
- [Commits](pandas-dev/pandas@v2.2.3...v2.3.0)

Updates `requests` from 2.32.3 to 2.32.4
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.32.3...v2.32.4)

Updates `ruamel-yaml` from 0.18.12 to 0.18.14

Updates `ruff` from 0.11.12 to 0.11.13
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.11.12...0.11.13)

Updates `tomlkit` from 0.13.2 to 0.13.3
- [Release notes](https://github.com/sdispater/tomlkit/releases)
- [Changelog](https://github.com/python-poetry/tomlkit/blob/master/CHANGELOG.md)
- [Commits](python-poetry/tomlkit@0.13.2...0.13.3)

---
updated-dependencies:
- dependency-name: boto3
  dependency-version: 1.38.33
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-deps
- dependency-name: boto3-stubs
  dependency-version: 1.38.33
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-deps
- dependency-name: botocore
  dependency-version: 1.38.33
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-deps
- dependency-name: botocore-stubs
  dependency-version: 1.38.30
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-deps
- dependency-name: greenlet
  dependency-version: 3.2.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-deps
- dependency-name: hypothesis
  dependency-version: 6.135.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-deps
- dependency-name: pandas
  dependency-version: 2.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-deps
- dependency-name: requests
  dependency-version: 2.32.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-deps
- dependency-name: ruamel-yaml
  dependency-version: 0.18.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-deps
- dependency-name: ruff
  dependency-version: 0.11.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-deps
- dependency-name: tomlkit
  dependency-version: 0.13.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-deps
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jun 9, 2025
@SpacemanPaul SpacemanPaul merged commit 5718b1b into develop Jun 10, 2025
18 checks passed
@SpacemanPaul SpacemanPaul deleted the dependabot/uv/python-deps-72af3924e5 branch June 10, 2025 00:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SpacemanPaul SpacemanPaul SpacemanPaul approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@SpacemanPaul