Skip to content

deps(deps): bump the python-minor-patch group with 7 updates#83

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/python-minor-patch-a9bebb255e
Open

deps(deps): bump the python-minor-patch group with 7 updates#83
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/python-minor-patch-a9bebb255e

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 13, 2026

Copy link
Copy Markdown
Contributor

Bumps the python-minor-patch group with 7 updates:

Package From To
anyio 4.14.1 4.14.2
build 1.5.0 1.5.1
charset-normalizer 3.4.8 3.4.9
dulwich 1.2.9 1.2.10
filelock 3.29.5 3.29.7
ruff 0.15.20 0.15.21
torch 2.12.1 2.13.0

Updates anyio from 4.14.1 to 4.14.2

Release notes

Sourced from anyio's releases.

4.14.2

  • Changed ByteReceiveStream.receive() implementations to raise a ValueError when max_bytes is not a positive integer (#1191)
  • Fixed CapacityLimiter.total_tokens rejecting float("inf") when the limiter was instantiated outside of an event loop. The adapter setter checked for infinity by identity (value is math.inf), so only the exact math.inf singleton was accepted, while every backend setter (using math.isinf()) accepts any positive infinity (#1189; PR by @​greymoth-jp).
  • Fixed to_process.run_sync() deadlocking when the worker function writes enough data to sys.stderr to fill the (undrained) pipe buffer. The worker process now redirects sys.stderr to os.devnull as well, matching the documented behavior
  • Fixed TLSStream.wrap() matching an internationalized (unicode) host name against the peer certificate using IDNA 2003 (via the standard library) instead of IDNA 2008, which could cause the host name to be matched against the wrong certificate (#1208)
  • Fixed anyio.open_process() (and run_process()) ignoring the extra_groups argument, as it mistakenly passed the value of the group argument instead (#1209)
  • Fixed CapacityLimiter.acquire_nowait() and CapacityLimiter.acquire_nowait_on_behalf_of() raising trio.WouldBlock instead of anyio.WouldBlock on the trio backend when there are no tokens available (#1218)
  • Fixed CapacityLimiter on the asyncio backend over-granting tokens (borrowed_tokens exceeding total_tokens and available_tokens going negative) when a non-blocking acquire was made in the window between a token being released and the notified waiter resuming. The freed token is now reserved for the woken waiter right away, so the non-blocking acquire correctly raises WouldBlock (#1170; PR by @​gaoflow)
  • Fixed unnecessary CPU spin when delivering cancellation from CancelScope on asyncio under certain conditions, including improper cancel scope nesting (#1111)
Commits
  • c384f99 Bumped up the version
  • dbba29d Fixed 100% CPU spin on cancel scope misuse (#1217)
  • 6bbc6c3 Fix CapacityLimiter over-granting tokens on asyncio (#1172)
  • 6f82b25 Refactored TestTLSStream.test_receive_invalid_max_bytes() to be less flaky
  • be24b04 Relaxed timeouts to fix test flakiness
  • 8113506 Fix test flakiness caused by slow callback duration logging
  • 1e988b6 Fixed CapacityLimiter raising trio.WouldBlock instead of anyio.WouldBlock (#1...
  • 44713f3 Pin setup-uv to a commit sha across downstream jobs (#1213)
  • f1b7301 Fixed stderr writes in a worker subprocess causing a deadlock (#1207)
  • 212be93 Fix flaky test_tcp_listener_same_port using a hardcoded port (#1206)
  • Additional commits viewable in compare view

Updates build from 1.5.0 to 1.5.1

Release notes

Sourced from build's releases.

1.5.1

What's Changed

... (truncated)

Changelog

Sourced from build's changelog.

#################### 1.5.1 (2026-07-09) ####################


Features


  • Add --report=PATH to write a machine-readable JSON report of built artifacts; --metadata now also accepts .whl files - by :user:gaborbernat (:issue:198)
  • The srcdir argument now accepts .tar.gz source distributions, extracting and building from them - by :user:gaborbernat (:issue:311)
  • The "Unmet dependencies" error from --no-isolation builds now shows the wanted version, found version, and interpreter - by :user:gaborbernat (:issue:504)
  • Add --sdist-extract-dir to extract the intermediate sdist into a persistent directory, enabling compiler cache reuse across rebuilds - by :user:gaborbernat (:issue:614)
  • Add --env-dir to place the isolated build environment at a fixed path, enabling compiler cache reuse across builds
    • by :user:gaborbernat (:issue:655)
  • Print a summary of resolved dependency versions (name==version) after installing them in isolated builds - by :user:gaborbernat (:issue:959)
  • On build failure, print a tip pointing to --env-dir and --sdist-extract-dir for debugging and link to the "Debug a failed build" how-to - reported by :user:dimpase, implemented by :user:gaborbernat (:issue:966)

Bugfixes


  • Drain verbose subprocess output inline instead of using a ThreadPoolExecutor, which silently swallowed logging errors - by :user:henryiii (:issue:1098)
  • Reject a file passed as --env-dir with a clear error instead of a raw FileExistsError - by :user:henryiii (:issue:1100)
  • Emit CLI warnings to stderr instead of stdout, so they no longer corrupt --metadata JSON output on stdout - by :user:ymyzk (:issue:1111)
  • Fix the Windows symlink support probe always returning False due to a stale object interpolated into the destination path - by :user:henryiii (:issue:1118)
  • Fix metadata_path's build-backend fallback returning a nonexistent dist-info path for wheels with a build tag - by :user:henryiii (:issue:1119)
  • Write pip/uv requirements and constraints files with \n instead of os.linesep, avoiding doubled \r\r\n line endings on Windows - by :user:henryiii (:issue:1120)
  • Batch of small robustness fixes: correct macOS release parsing for the minimum pip version, avoid sharing the mutable default build-system table between builders, keep the original error when isolated-environment setup fails early, and raise BuildException for an invalid wheel - by :user:henryiii (:issue:1121)
  • Decide color support independently for stdout and stderr instead of only checking stdout.isatty(), so redirecting one stream no longer disables or leaks ANSI colors on the other - by :user:henryiii (:issue:1123)

Deprecations and Removals


  • Deprecate :func:build.util.project_wheel_metadata; use python -m build --metadata instead - by

... (truncated)

Commits
  • d08fcd7 chore: prepare for 1.5.1
  • 135801c test: isolate color tests from NO_COLOR and FORCE_COLOR (#1128)
  • 820d4e5 perf: memoize check_dependency (#1122)
  • 6c03264 pre-commit: bump repositories (#1127)
  • 43c337a refactor: simplify code paths found in review (#1124)
  • 260ae22 fix: minor robustness fixes from code review (#1121)
  • 100e86e refactor: open the wheel only once in metadata_path (#1126)
  • 272db6c fix: decide color support per output stream, not solely from stdout (#1123)
  • bc4ca7c fix: use LF instead of os.linesep when writing pip/uv requirements files (#1120)
  • 16d8143 fix: derive dist-info directory from wheel contents, not filename (#1119)
  • Additional commits viewable in compare view

Updates charset-normalizer from 3.4.8 to 3.4.9

Release notes

Sourced from charset-normalizer's releases.

Version 3.4.9

3.4.9 (2026-07-07)

Fixed

  • Regression in our fallback path leading to a decode error. (#771) We've yanked 3.4.8 as a result of that bug.
Changelog

Sourced from charset-normalizer's changelog.

3.4.9 (2026-07-07)

Fixed

  • Regression in our fallback path leading to a decode error. (#771) We've yanked 3.4.8 as a result of that bug.
Commits
  • cc68407 Merge pull request #772 from jawah/fix-regression-fallback-path
  • 152b923 chore: release 3.4.9
  • 2bc2607 fix: unicodedecodeerror in fallback path
  • be252d7 chore(deps): bump docker/setup-qemu-action from 4.1.0 to 4.2.0 (#767)
  • 71c7bdd chore(deps): bump actions/setup-python from 6.2.0 to 6.3.0 (#768)
  • aeea391 chore(deps): bump pypa/cibuildwheel from 3.4.1 to 4.1.0 (#758)
  • See full diff in compare view

Updates dulwich from 1.2.9 to 1.2.10

Release notes

Sourced from dulwich's releases.

dulwich-1.2.10

  • Fix regression in 1.2.9 where loose objects whose content inflates to more than 8192 bytes failed to parse with `zlib.error: object header exceeds maximum size`. (Jelmer Vernooij, #2292)
Changelog

Sourced from dulwich's changelog.

1.2.10 2026-07-07

  • Fix regression in 1.2.9 where loose objects whose content inflates to more than 8192 bytes failed to parse with zlib.error: object header exceeds maximum size. (Jelmer Vernooij, #2292)
Commits
  • 9c45439 Release 1.2.10
  • 6100e4e Fix regression parsing loose objects that inflate past 8KB (#2293)
  • f489f7d Fix regression parsing loose objects that inflate past 8KB
  • See full diff in compare view

Updates filelock from 3.29.5 to 3.29.7

Release notes

Sourced from filelock's releases.

3.29.7

What's Changed

Full Changelog: tox-dev/filelock@3.29.6...3.29.7

3.29.6

What's Changed

Full Changelog: tox-dev/filelock@3.29.5...3.29.6

Commits
  • 1efb893 _util: drop the dead st_mtime=0 short-circuit in raise_on_not_writable_file (...
  • 3547d58 soft_rw: evict a non-regular write marker without reading it (#588)
  • 616400e asyncio: detect cross-instance reentrant deadlocks before the poll loop (#586)
  • f8b0e93 test: silence fork DeprecationWarning on 3.15 (#585)
  • b68be65 _util: drop the dead st_mtime=0 short-circuit in raise_on_not_writable_file (...
  • a833dd9 serialise singleton construction in FileLockMeta (#581)
  • bb2f884 [pre-commit.ci] pre-commit autoupdate (#583)
  • da9c3ed 💰 Surface GitHub Sponsors + thanks.dev
  • See full diff in compare view

Updates ruff from 0.15.20 to 0.15.21

Release notes

Sourced from ruff's releases.

0.15.21

Release Notes

Released on 2026-07-09.

Preview features

  • Add --add-ignore for adding ruff:ignore comments (#26346)
  • [flake8-comprehensions] Drop C409 tuple comprehension preview behavior (#25707)
  • Avoid whitespace normalization when formatting comments (#26455)
  • [pyupgrade] Lint and fix use of deprecated abc decorators (UP051) (#26417)

Bug fixes

  • Refine non-empty f-string detection (#26526)
  • Detect syntax errors in individual notebook cells (#26419)
  • [flake8-implicit-str-concat] Fix ISC003 autofix incorrectly stripping + from comments (#26554)

Rule changes

  • [flake8-executable] Mark EXE004 fix as unsafe (#26033)
  • [flake8-pyi] Mark PYI061 fixes as unsafe in Python files (#26533)
  • [pydocstyle] Skip overload-with-docstring in stub files (D418) (#26318)

Performance

  • Avoid per-token source index visitor calls (#26506)
  • Cache parenthesized expression boundaries in the formatter (#26344)
  • Improve performance of rendering edits in preview mode (#26565)
  • Inline fits_element in formatter (#26429)
  • Inline formatter printing hot paths (#26504)
  • Lazily create builtin bindings (#26510)
  • Skip empty trivia scans in the source indexer (#26507)
  • Use ICF for macOS release builds (#25780)

Formatter

  • Add --extend-exclude to ruff format (#26372)

Documentation

  • Add "How does Ruff's import sorting compare to isort?" link to README (#26530)
  • Fix Mozilla Firefox repository link in README (#26537)
  • [flake8-bandit] Fix misleading docstring for mako-templates (S702) (#26432)
  • [ruff] Fix non-triggering example for if-key-in-dict-del (RUF051) (#26433)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.21

Released on 2026-07-09.

Preview features

  • Add --add-ignore for adding ruff:ignore comments (#26346)
  • [flake8-comprehensions] Drop C409 tuple comprehension preview behavior (#25707)
  • Avoid whitespace normalization when formatting comments (#26455)
  • [pyupgrade] Lint and fix use of deprecated abc decorators (UP051) (#26417)

Bug fixes

  • Refine non-empty f-string detection (#26526)
  • Detect syntax errors in individual notebook cells (#26419)
  • [flake8-implicit-str-concat] Fix ISC003 autofix incorrectly stripping + from comments (#26554)

Rule changes

  • [flake8-executable] Mark EXE004 fix as unsafe (#26033)
  • [flake8-pyi] Mark PYI061 fixes as unsafe in Python files (#26533)
  • [pydocstyle] Skip overload-with-docstring in stub files (D418) (#26318)

Performance

  • Avoid per-token source index visitor calls (#26506)
  • Cache parenthesized expression boundaries in the formatter (#26344)
  • Improve performance of rendering edits in preview mode (#26565)
  • Inline fits_element in formatter (#26429)
  • Inline formatter printing hot paths (#26504)
  • Lazily create builtin bindings (#26510)
  • Skip empty trivia scans in the source indexer (#26507)
  • Use ICF for macOS release builds (#25780)

Formatter

  • Add --extend-exclude to ruff format (#26372)

Documentation

  • Add "How does Ruff's import sorting compare to isort?" link to README (#26530)
  • Fix Mozilla Firefox repository link in README (#26537)
  • [flake8-bandit] Fix misleading docstring for mako-templates (S702) (#26432)
  • [ruff] Fix non-triggering example for if-key-in-dict-del (RUF051) (#26433)

Contributors

... (truncated)

Commits

Updates torch from 2.12.1 to 2.13.0

Release notes

Sourced from torch's releases.

PyTorch 2.13.0 Release Notes

Highlights

For more details about these highlighted features, you can look at the release blogpost. Below are the full release notes for this release.

Tracked Regressions

ROCm wheels break torch.compile on CPU in environments without a GPU

Running a torch==2.13.0+rocm7.2 wheel in an environment where no GPU is available (torch.cuda.is_available() is False) breaks torch.compile on the CPU path: the first compile raises RuntimeError: Can't detect vectorized ISA for CPU (#189194). This is a regression from torch==2.12.1+rocm7.2, which compiles CPU code fine (detecting e.g. VecAVX2) in the same setup. The 2.13 ROCm wheel appears to rely on something present in the ROCm builder image to detect the CPU vectorized ISA, so it works when run on a ROCm image but fails on a plain CPU-only image.

Workaround: run the +rocm wheel on a ROCm image, or install a standard CPU/CUDA build for GPU-less environments.

Backwards Incompatible Changes

  • Stop building CPython 3.13t (free-threaded) binaries (#182951)

    Upstream pypa/manylinux removed CPython 3.13t (free-threaded) on 2026-05-07, because 3.13t was experimental and has been superseded by the now-non-experimental CPython 3.14t. As a result, PyTorch 2.13 no longer ships cp313t wheels (Linux, Triton, and related artifacts). Users on the free-threaded interpreter should move to Python 3.14t.

    PyTorch 2.12:

    # cp313t (free-threaded 3.13) wheels were available
    python3.13t -m pip install torch

    PyTorch 2.13:

... (truncated)

Commits
  • cf30153 [release/2.13] Strip +PTX from CUDA arch list on release/RC builds (#188914) ...
  • 3e3e24b [release/2.13] Restrict cuda-bindings to Python < 3.15 for CUDA 12.9 builds (...
  • 7986b06 [release/2.13] Bump binary build timeout 280 -> 400 minutes (#188551)
  • 0bdbc26 [release/2.13] Add CUDA 12.9 to TORCH_CUDA_ARCH_LIST tables (#188443)
  • 9cabb45 [release/2.13] Update manywheel docker image pin to 78e737ad (#188409)
  • 78e737a [release/2.13] Revert "Tighten generalized scatter graph target (#184075)" (#...
  • 0bb9b5b [release/2.13] Revert "dynamo: round-trip torch.cuda.stream ctx mgr across gr...
  • aaac2bf [release/2.13] Revert "[Reland] Port D104346887/PR 182675 for index_add fast ...
  • 9330813 Fix build_with_debinfo.py broken by CONFIGURE_DEPENDS globbing (#188192)
  • 4e077a7 Remove setuptools upper bound (#188190)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the python-minor-patch group with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [anyio](https://github.com/agronholm/anyio) | `4.14.1` | `4.14.2` |
| [build](https://github.com/pypa/build) | `1.5.0` | `1.5.1` |
| [charset-normalizer](https://github.com/jawah/charset_normalizer) | `3.4.8` | `3.4.9` |
| [dulwich](https://github.com/dulwich/dulwich) | `1.2.9` | `1.2.10` |
| [filelock](https://github.com/tox-dev/py-filelock) | `3.29.5` | `3.29.7` |
| [ruff](https://github.com/astral-sh/ruff) | `0.15.20` | `0.15.21` |
| [torch](https://github.com/pytorch/pytorch) | `2.12.1` | `2.13.0` |


Updates `anyio` from 4.14.1 to 4.14.2
- [Release notes](https://github.com/agronholm/anyio/releases)
- [Commits](agronholm/anyio@4.14.1...4.14.2)

Updates `build` from 1.5.0 to 1.5.1
- [Release notes](https://github.com/pypa/build/releases)
- [Changelog](https://github.com/pypa/build/blob/main/CHANGELOG.rst)
- [Commits](pypa/build@1.5.0...1.5.1)

Updates `charset-normalizer` from 3.4.8 to 3.4.9
- [Release notes](https://github.com/jawah/charset_normalizer/releases)
- [Changelog](https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md)
- [Commits](jawah/charset_normalizer@3.4.8...3.4.9)

Updates `dulwich` from 1.2.9 to 1.2.10
- [Release notes](https://github.com/dulwich/dulwich/releases)
- [Changelog](https://github.com/jelmer/dulwich/blob/main/NEWS)
- [Commits](jelmer/dulwich@dulwich-1.2.9...dulwich-1.2.10)

Updates `filelock` from 3.29.5 to 3.29.7
- [Release notes](https://github.com/tox-dev/py-filelock/releases)
- [Changelog](https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst)
- [Commits](tox-dev/filelock@3.29.5...3.29.7)

Updates `ruff` from 0.15.20 to 0.15.21
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.20...0.15.21)

Updates `torch` from 2.12.1 to 2.13.0
- [Release notes](https://github.com/pytorch/pytorch/releases)
- [Changelog](https://github.com/pytorch/pytorch/blob/main/RELEASE.md)
- [Commits](pytorch/pytorch@v2.12.1...v2.13.0)

---
updated-dependencies:
- dependency-name: anyio
  dependency-version: 4.14.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-minor-patch
- dependency-name: build
  dependency-version: 1.5.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-minor-patch
- dependency-name: charset-normalizer
  dependency-version: 3.4.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-minor-patch
- dependency-name: dulwich
  dependency-version: 1.2.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-minor-patch
- dependency-name: filelock
  dependency-version: 3.29.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-minor-patch
- dependency-name: ruff
  dependency-version: 0.15.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-minor-patch
- dependency-name: torch
  dependency-version: 2.13.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jul 13, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: automated, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants