Bump the python-minor group across 1 directory with 15 updates

[dependabot]

Updates the requirements on rich, ruff, pyright, build, pydantic, certifi, cryptography, idna, lxml, nh3, packaging, pydantic-core, tzdata, virtualenv and psutil to permit the latest version.
Updates rich from 13.9.4 to 15.0.0

Release notes

Sourced from rich's releases.

The So Long 3.8 Release

A few fixes. The major version bump is to honor the passing of 3.8 support which reached its EOL in October 7, 2024

[15.0.0] - 2026-04-12

Changed

• Breaking change: Dropped support for Python3.8

Fixed

• Fixed empty print ignoring the end parameter Textualize/rich#4075
• Fixed Text.from_ansi removing newlines Textualize/rich#4076
• Fixed FileProxy.isatty not proxying Textualize/rich#4077
• Fixed inline code in Markdown tables cells Textualize/rich#4079

The Faster Startup Release

No new features in this release, but there should be improved startup time for Rich apps, and potentially improved runtime if you have a lot of links.

[14.3.4] - 2026-04-11

Changed

• Improved import time with lazy loading Textualize/rich#4070
• Changed link id generation to avoid random number generation at runtime Textualize/rich#3845

The infinite Release

Fixed a infinite loop in split_graphemes

[14.3.3] - 2026-02-19

Fixed

• Fixed infinite loop with cells.split_graphemes Textualize/rich#4006

The ZWJy release

A fix for cell_len edge cases

[14.3.2] - 2026-02-01

Fixed

• Fixed solo ZWJ crash Textualize/rich#3953
• Fixed control codes reporting width of 1 Textualize/rich#3953

The Nerdy Fix release

Fixed issue with characters outside of unicode range reporting 0 cell size

[14.3.1] - 2026-01-24

... (truncated)

Changelog

Sourced from rich's changelog.

[15.0.0] - 2026-04-12

Changed

• Breaking change: Dropped support for Python3.8

Fixed

• Fixed empty print ignoring the end parameter Textualize/rich#4075
• Fixed Text.from_ansi removing newlines Textualize/rich#4076
• Fixed FileProxy.isatty not proxying Textualize/rich#4077
• Fixed inline code in Markdown tables cells Textualize/rich#4079

[14.3.4] - 2026-04-11

Changed

• Improved import time with lazy loading Textualize/rich#4070
• Changed link id generation to avoid random number generation at runtime Textualize/rich#3845

[14.3.3] - 2026-02-19

Fixed

• Fixed infinite loop with cells.split_graphemes Textualize/rich#4006

[14.3.2] - 2026-02-01

Fixed

• Fixed solo ZWJ crash Textualize/rich#3953
• Fixed control codes reporting width of 1 Textualize/rich#3953

[14.3.1] - 2026-01-24

Fixed

• Fixed characters out of unicode range reporting a cell size if 0 Textualize/rich#3944

[14.3.0] - 2026-01-24

Fixed

• IPython now respects when a Console instance is passed to pretty.install Textualize/rich#3915
• Fixed extraneous blank line on non-interactive disabled Progress Textualize/rich#3905
• Fixed extra padding on first cell in columns Textualize/rich#3935
• Fixed trailing whitespace removed when soft_wrap=True Textualize/rich#3937
• Fixed style new-lines when soft_wrap = True and a print style is set Textualize/rich#3938

Added

... (truncated)

Commits

• 6ac483c correction
• 458a910 Merge pull request #4080 from Textualize/bump1500
• 82e06e0 changelog
• d6556bc bump to 15.0.0
• ffe2edc Merge pull request #4079 from Textualize/inline-table-code
• cf3b5a1 changelog
• 77f0edb remove comments
• 7ef2d05 fix inline code in table cells
• 19c67b9 Merge pull request #4077 from Textualize/isattry
• 494b795 changelog
• Additional commits viewable in compare view

Updates ruff from 0.15.10 to 0.15.12

Release notes

Sourced from ruff's releases.

0.15.12

Release Notes

Released on 2026-04-24.

Preview features

• Implement #ruff:file-ignore file-level suppressions (#23599)
• Implement #ruff:ignore logical-line suppressions (#23404)
• Revert preview changes to displayed diagnostic severity in LSP (#24789)
• [airflow] Implement task-branch-as-short-circuit (AIR004) (#23579)
• [flake8-bugbear] Fix break/continue handling in loop-iterator-mutation (B909) (#24440)
• [pylint] Fix PLC2701 for type parameter scopes (#24576)

Rule changes

• [pandas-vet] Suggest .array as well in PD011 (#24805)

CLI

• Respect default Unix permissions for cache files (#24794)

Documentation

• [pylint] Fix PLR0124 description not to claim self-comparison always returns the same value (#24749)
• [pyupgrade] Expand docs on reusable TypeVars and scoping (UP046) (#24153)
• Improve rules table accessibility (#24711)

Contributors

• @​dylwil3
• @​AlexWaygood
• @​woodruffw
• @​avasis-ai
• @​Dev-iL
• @​denyszhak
• @​ShipItAndPray
• @​anishgirianish
• @​augustelalande
• @​amyreese
• @​majiayu000

Install ruff 0.15.12

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ruff/releases/download/0.15.12/ruff-installer.sh | sh

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.12

Released on 2026-04-24.

Preview features

• Implement #ruff:file-ignore file-level suppressions (#23599)
• Implement #ruff:ignore logical-line suppressions (#23404)
• Revert preview changes to displayed diagnostic severity in LSP (#24789)
• [airflow] Implement task-branch-as-short-circuit (AIR004) (#23579)
• [flake8-bugbear] Fix break/continue handling in loop-iterator-mutation (B909) (#24440)
• [pylint] Fix PLC2701 for type parameter scopes (#24576)

Rule changes

• [pandas-vet] Suggest .array as well in PD011 (#24805)

CLI

• Respect default Unix permissions for cache files (#24794)

Documentation

• [pylint] Fix PLR0124 description not to claim self-comparison always returns the same value (#24749)
• [pyupgrade] Expand docs on reusable TypeVars and scoping (UP046) (#24153)
• Improve rules table accessibility (#24711)

Contributors

• @​dylwil3
• @​AlexWaygood
• @​woodruffw
• @​avasis-ai
• @​Dev-iL
• @​denyszhak
• @​ShipItAndPray
• @​anishgirianish
• @​augustelalande
• @​amyreese
• @​majiayu000

0.15.11

Released on 2026-04-16.

Preview features

• [ruff] Ignore RUF029 when function is decorated with asynccontextmanager (#24642)
• [airflow] Implement airflow-xcom-pull-in-template-string (AIR201) (#23583)
• [flake8-bandit] Fix S103 false positives and negatives in mask analysis (#24424)

... (truncated)

Commits

• 66f93cf Bump 0.15.12 (#24815)
• 476a4d0 [ty] Complete support for more detailed diagnostics on possibly unbound error...
• ed669ea Implement #ruff:file-ignore file-level suppressions (#23599)
• e73d952 [ty] Include inferred type in invalid-key concise diagnostic for union/inte...
• 80feb29 [ty] report only dead annotation-only locals as unused (#24811)
• 0fbf2bc Drop deprecated license classifier (#24808)
• 43b174c [ty] Infer lambda parameter types with Callable type context (#24317)
• 4f449ae [ty] Add error context for intersection types (#24772)
• 5b4e753 [ty] Add support for goto in literal enum member inlay hint (#24792)
• e7cc762 [ty] Add error context for TypedDict assignments (#24790)
• Additional commits viewable in compare view

Updates pyright from 1.1.408 to 1.1.409

Commits

• d7508e5 [pyright updated to 1.1.409] Update Version (#359)
• See full diff in compare view

Updates build from 1.4.3 to 1.4.4

Release notes

Sourced from build's releases.

1.4.4

What's Changed

• 🐛 fix(release): generate consistent CHANGELOG heading levels by @​gaborbernat in pypa/build#1032
• docs: move source links by @​henryiii in pypa/build#1034
• revert: drop PEP 660 change by @​henryiii in pypa/build#1039
• fix: ignore installed when running pip by @​henryiii in pypa/build#1040
• fix: revert part of #973 by @​henryiii in pypa/build#1044
• chore: report coverage failure lines by @​henryiii in pypa/build#1046
• tests: fix issue with uv run by @​henryiii in pypa/build#1048
• docs: reorganize testing docs for copy/paste by @​abitrolly in pypa/build#1043
• tests: keep environment from leaking in Python 3.15 by @​henryiii in pypa/build#1049
• docs: fix issue with changelog generation by @​henryiii in pypa/build#1050

Full Changelog: pypa/build@1.4.3...1.4.4

Changelog

Sourced from build's changelog.

#################### 1.4.4 (2026-04-22) ####################

---

Bugfixes

---

• Fix release pipeline generating CHANGELOG.rst entries with inconsistent heading levels, which broke sphinx -W and pinned Read the Docs stable at 1.4.0 - by :user:gaborbernat. (:issue:1031)
• Revert :pr:1039 from build 1.4.3, no longer check direct_url (for now) - by :user:henryiii (:issue:1039)
• Add --ignore-installed to pip install command to prevent issues with packages already present in the isolated build environment - by :user:henryiii (:issue:1037) (:issue:1040)
• Partial revert of :pr:973, keeping log messages in one entry, multiple lines. (:issue:1044)

---

Miscellaneous

---

• :issue:1048, :issue:1049

#################### 1.4.3 (2026-04-10) ####################

---

Features

---

• Add kind parameter to log messages to separate semantic and representation - by :user:abitrolly (:issue:973)

---

Bugfixes

---

• Strip PYTHONPATH from the environment during isolated builds to prevent host packages from leaking into the build
  • by :user:gaborbernat (:issue:405)
• Pass --no-input to pip to prevent hidden credential prompts that cause hangs, and automatically set PIP_KEYRING_PROVIDER=subprocess (or UV_KEYRING_PROVIDER=subprocess for the uv installer) when the keyring CLI is on PATH -- by :user:gaborbernat (:issue:409)
• check_dependency now reports URL requirements as unmet instead of silently accepting them when a package with the same name is installed - by :user:gaborbernat (:issue:860)
• Fix misleading missing dependency error display where transitive dependency chains showed the top-level package on a separate line, making it appear as if the top-level package itself was missing - by :user:gaborbernat (:issue:875)
• Fix towncrier template to generate changelog categories in definition order - by :user:gaborbernat (:issue:1007)
• Resolve thread-safety races in the build API - by :user:gaborbernat (:issue:1015)
• Validate backend-path entries exist on disk with a clear error - by :user:gaborbernat (:issue:1016)

---

Miscellaneous

... (truncated)

Commits

• 70666a2 chore: prepare for 1.4.4
• 653d865 docs: fix issue with changelog generation (#1050)
• 373b9ee tests: keep environment from leaking in Python 3.15 (#1049)
• e37e2ae docs: reorganize testing docs for copy/paste (#1043)
• e9c194a tests: fix issue with uv run (#1048)
• 03b7d70 chore: report coverage failure lines (#1046)
• 2afa3b5 fix: revert part of #973 (#1044)
• b336f60 pre-commit: bump repositories (#1045)
• 6d8039a fix: ignore installed when running pip (#1040)
• ebf6eba revert: drop PEP 660 change (#1039)
• Additional commits viewable in compare view

Updates pydantic from 2.13.0 to 2.13.3

Release notes

Sourced from pydantic's releases.

v2.13.3 2026-04-20

v2.13.3 (2026-04-20)

What's Changed

Fixes

• Handle AttributeError subclasses with from_attributes by @​Viicos in #13096

Full Changelog: pydantic/pydantic@v2.13.2...v2.13.3

v2.13.2 2026-04-17

v2.13.2 (2026-04-17)

What's Changed

Fixes

• Fix ValidationInfo.field_name missing with model_validate_json() by @​Viicos in #13084

Full Changelog: pydantic/pydantic@v2.13.1...v2.13.2

v2.13.1 2026-04-15

v2.13.1 (2026-04-15)

What's Changed

Fixes

• Fix ValidationInfo.data missing with model_validate_json() by @​davidhewitt in #13079

Full Changelog: pydantic/pydantic@v2.13.0...v2.13.1

Changelog

Sourced from pydantic's changelog.

v2.13.3 (2026-04-20)

GitHub release

What's Changed

Fixes

• Handle AttributeError subclasses with from_attributes by @​Viicos in #13096

v2.13.2 (2026-04-17)

GitHub release

What's Changed

Fixes

• Fix ValidationInfo.field_name missing with model_validate_json() by @​Viicos in #13084

v2.13.1 (2026-04-15)

GitHub release

What's Changed

Fixes

• Fix ValidationInfo.data missing with model_validate_json() by @​davidhewitt in #13079

Commits

• 9e9a111 Fix backported test
• 1ec8c6a Prepare release v2.13.3
• fb4f204 Handle AttributeError subclasses with from_attributes
• ca3ddd1 Prepare release v2.13.2
• 000e823 Fix ValidationInfo.field_name missing with model_validate_json()
• d45d8be Prepare release 2.13.1
• 54aca60 Fix ValidationInfo.data missing with model_validate_json()
• See full diff in compare view

Updates certifi from 2026.2.25 to 2026.4.22

Commits

• 5dddfb0 2026.04.22 (#410)
• f99eccd Bump peter-evans/create-pull-request from 8.1.0 to 8.1.1 (#404)
• 918bed0 Bump actions/upload-artifact from 7.0.0 to 7.0.1 (#405)
• 0a49067 Bump pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0 (#403)
• acf6ce8 Bump actions/download-artifact from 8.0.0 to 8.0.1 (#398)
• feb0ed2 Bump actions/download-artifact from 7.0.0 to 8.0.0 (#397)
• d9c11a5 Bump actions/upload-artifact from 6.0.0 to 7.0.0 (#396)
• See full diff in compare view

Updates cryptography from 46.0.7 to 47.0.0

Changelog

Sourced from cryptography's changelog.

47.0.0 - 2026-04-24

* Support for Python 3.8 is deprecated and will be removed in the next
  ``cryptography`` release.
* **BACKWARDS INCOMPATIBLE:** Support for binary elliptic curves
  (``SECT*`` classes) has been removed. These curves are rarely used and
  have additional security considerations that make them undesirable.
* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL 1.1.x has been removed.
  OpenSSL 3.0.0 or later is now required. LibreSSL, BoringSSL, and AWS-LC
  continue to be supported.
* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 4.1.
* **BACKWARDS INCOMPATIBLE:** Loading keys with unsupported algorithms or
  keys with unsupported explicit curve encodings now raises
  :class:`~cryptography.exceptions.UnsupportedAlgorithm` instead of
  ``ValueError``. This change affects
  :func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key`,
  :func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`,
  :func:`~cryptography.hazmat.primitives.serialization.load_pem_public_key`,
  :func:`~cryptography.hazmat.primitives.serialization.load_der_public_key`,
  and :meth:`~cryptography.x509.Certificate.public_key` when called on
  certificates with unsupported public key algorithms.
* **BACKWARDS INCOMPATIBLE:** When parsing elliptic curve private keys, we now
  reject keys that incorrectly encode a private key of the wrong length because
  such keys are impossible to process in a constant-time manner. We do not
  believe keys with this problem are in wide use, however we may revert this
  change based on the feedback we receive.
* Deprecated passing 64-bit (8-byte) and 128-bit (16-byte) keys to
  :class:`~cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES`. In a
  future release, only 192-bit (24-byte) keys will be accepted. Users should
  expand shorter keys themselves (e.g., for single DES: ``key + key + key``,
  for two-key: ``key + key[:8]``).
* Updated the minimum supported Rust version (MSRV) to 1.83.0, from 1.74.0.
* Support for ``x86_64`` macOS (including publishing wheels) is deprecated
  and will be removed in the next release. We will switch to publishing an
  ``arm64`` only wheel for macOS.
* Support for 32-bit Windows (including publishing wheels) is deprecated
  and will be removed in the next release. Users should move to a 64-bit
  Python installation.
* ``public_bytes`` and ``private_bytes`` methods on keys now raise
  ``TypeError`` (instead of ``ValueError``) if an invalid encoding is provided
  for the given ``format``.
* Moved :class:`~cryptography.hazmat.decrepit.ciphers.modes.CFB`,
  :class:`~cryptography.hazmat.decrepit.ciphers.modes.OFB`, and
  :class:`~cryptography.hazmat.decrepit.ciphers.modes.CFB8` into
  :doc:`/hazmat/decrepit/index` and deprecated them in the ``modes`` module.
  They will be removed from the ``modes`` module in 49.0.0.
* Moved :class:`~cryptography.hazmat.primitives.ciphers.algorithms.Camellia`
  into  :doc:`/hazmat/decrepit/index` and deprecated it in the ``cipher`` module.
  It will be removed from the ``cipher`` module in 49.0.0.
</tr></table> 

... (truncated)

Commits

• 59c5f5e bump for 47.0.0 release (#14730)
• 9025578 Add MLKEM1024-P384 hybrid KEM support in HPKE (#14722)
• ef66de4 Recommend Argon2id over PBKDF2HMAC as KDF (#14724)
• d996a37 Add ubuntu-resolute to CI workflow (#14729)
• e86da41 chore(deps): bump libc from 0.2.185 to 0.2.186 (#14725)
• 1c33c9a Bump downstream dependencies in CI (#14728)
• 67fb6be Bump x509-limbo and/or wycheproof in CI (#14727)
• 6cb20b3 Bump BoringSSL, OpenSSL, AWS-LC in CI (#14726)
• d6f372d Update supported OpenSSL versions in installation docs (#14721)
• ebd2619 openssl 3.3 is out of upstream support (#14720)
• Additional commits viewable in compare view

Updates idna from 3.11 to 3.13

Changelog

Sourced from idna's changelog.

3.13 (2026-04-22) +++++++++++++++++

• Correct classification error for codepoint U+A7F1

3.12 (2026-04-21) +++++++++++++++++

• Update to Unicode 17.0.0.
• Issue a deprecation warning for the transitional argument.
• Added lazy-loading to provide some performance improvements.
• Removed vestiges of code related to Python 2 support, including segmentation of data structures specific to Jython.

Thanks to Rodrigo Nogueira for contributions to this release.

Commits

• 89cdfd2 Release v3.13
• 1eb0686 Pre-release 3.13
• 5f20d1e Merge pull request #220 from kjd/unicode-next
• 4ea8425 Regenerate idnadata.py with correct NFKC_CF data
• fd47341 Use NFKC_CF from Unicode data files instead of Python's unicodedata module
• a5304a4 Merge pull request #219 from kjd/release-3.12
• d80d6f9 Release v3.12
• 1bb44dd Merge pull request #218 from kjd/release-candidate-3.12rc0
• 909c49d Release candidate for 3.12
• c5459a1 Merge pull request #217 from kjd/housekeeping-2
• Additional commits viewable in compare view

Updates lxml from 6.0.4 to 6.1.0

Changelog

Sourced from lxml's changelog.

6.1.0 (2026-04-17)

This release fixes a possible external entity injection (XXE) vulnerability in iterparse() and the ETCompatXMLParser.

Features added

• GH#486: The HTML ARIA accessibility attributes were added to the set of safe attributes in lxml.html.defs. This allows lxml_html_clean to pass them through. Patch by oomsveta.

• The default chunk size for reading from file-likes in iterparse() is now configurable with a new chunk_size argument.

Bugs fixed

• LP#2146291: The resolve_entities option was still set to True for iterparse and ETCompatXMLParser, allowing for external entity injection (XXE) when using these parsers without setting this option explicitly. The default was now changed to 'internal' only (as for the normal XML and HTML parsers since lxml 5.0). Issue found by Sihao Qiu as CVE-2026-41066.

Commits

• 43722f4 Update changelog.
• 8747040 Name version of option change in docstring.
• 6c36e6c Fix pypistats URL in download statistics script.
• c7d76d6 Change security policy to point to Github security advisories.
• 378ccf8 Update project income report.
• 315270b Docs: Reduce TOC depth of package pages and move module contents first.
• 6dbba7f Docs: Show current year in copyright line.
• e4385bf Update project income report.
• 5bed1e1 Validate file hashes in release download script.
• c13ee10 Prepare release of 6.1.0.
• Additional commits viewable in compare view

Updates nh3 from 0.3.4 to 0.3.5

Release notes

Sourced from nh3's releases.

v0.3.5

What's Changed

• Add usage examples for clean() and Cleaner arguments by @​gghez in messense/nh3#120
• Add doctest coverage for module docstrings and RST files by @​gghez in messense/nh3#121
• Bump pyo3 from 0.28.2 to 0.28.3 by @​dependabot[bot] in messense/nh3#123
• Add tags parameter to clean_text by @​gghez in messense/nh3#122

Full Changelog: messense/nh3@v0.3.4...v0.3.5

Commits

• 9e78e6a Bump version to 0.3.5
• 5225ec2 Add tags parameter to clean_text (#122)
• 129df52 Bump pyo3 from 0.28.2 to 0.28.3 (#123)
• 25348df Add doctest coverage for module docstrings and RST files (#121)
• bf48b37 Add usage examples for clean() and Cleaner arguments (#120)
• See full diff in compare view

Updates packaging from 26.1 to 26.2

Release notes

Sourced from packaging's releases.

26.2

What's Changed

Fixes:

• Fix incorrect sysconfig var name for pyemscripten by @​ryanking13 in pypa/packaging#1160
• Make Version, Specifier, SpecifierSet, Tag, Marker, and Requirement pickle-safe and backward-compatible with pickles created in 25.0-26.1 (including references to the removed packaging._structures module) by @​eachimei and @​henryiii in pypa/packaging#1163, pypa/packaging#1168, pypa/packaging#1170, and pypa/packaging#1171
• fix: re-export ExceptionGroup for now by @​henryiii in pypa/packaging#1164

Documentation:

• docs: add errors section and fix missing details by @​henryiii in pypa/packaging#1159
• docs(dev): document property-based test suite by @​r266-tech in pypa/packaging#1167
• Fix typo in DirectUrl documentation by @​sbidoul in pypa/packaging#1169
• docs(specifiers): add is_unsatisfiable() usage example by @​r266-tech in pypa/packaging#1166

Internal:

• Enable the auditor persona on zizmor by @​henryiii in pypa/packaging#1158
• Test new pickle guarantees by @​henryiii in pypa/packaging#1174
• Use native uv integration in rtd by @​henryiii in pypa/packaging#1175

New Contributors

• @​ryanking13 made their first contribution in pypa/packaging#1160
• @​eachimei made their first contribution in pypa/packaging#1163

Full Changelog: pypa/packaging@26.1...26.2

Changelog

Sourced from packaging's changelog.

26.2 - 2026-04-24

Fixes:

Fix incorrect sysconfig var name for pyemscripten in (:pull:1160)
Make Version, Specifier, SpecifierSet, Tag, Marker, and Requirement pickle-safe

and backward-compatible with pickles created in 25.0-26.1 (including references to the removed

packaging._structures module) (:pull:1163, :pull:1168, :pull:1170, :pull:1171)
Re-export ExceptionGroup in metadata for now in (:pull:1164)

Documentation:

Add errors section and fix missing details in (:pull:1159)
Document our property-based test suite in (:pull:1167)
Fix a DirectUrl typo in (:pull:1167)
Add example of is_unsatisfiable in (:pull:1166)

Internal:

Enable the auditor persona on zizmor in (:pull:1158)
Test new pickle guarantees in (:pull:1174)
Use new native ReadTheDocs uv integration in (:pull:1175)

Commits

• 84a87ee Bump for release
• 4a616b6 docs: a few more updates to prepare for 26.2 (#1176)
• 9de6f44 ci: use native uv integration in rtd (#1175)
• bc76e14 chore: update changelog for 26.2 (#1161)
• 3f00091 tests: add a pickle check (#1174)
• 48a8a06 fix: make Requirements/Markers pickle-safe (#1171)
• 823b44e fix: make Tags pickle-safe (#1170)
• 4bed32d fix: make Specifier / SpecifierSet pickle-safe (#1168)
• 963118e fix: re-export ExceptionGroup for now (#1164)
• 66e34a8 docs(specifiers): add is_unsatisfiable() usage example (#1166)
• Additional commits viewable in compare view

Updates pydantic-core from 2.46.0 to 2.46.3

Commits

• See full diff in compare view

Updates tzdata from 2026.1 to 2026.2

Release notes

Sourced from tzdata's releases.

2026.2: Release of upstream tzdata 2026b

Version 2026.2

Upstream version 2026b released 2026-04-23T06:06:43+00:00

Briefly:

British Columbia moved to permanent -07 on 2026-03-09. Some more overflow bugs have been fixed in zic.

Changes to future timestamps

British Columbia’s 2026-03-08 spring forward was its last foreseeable clock change, as it moved to permanent -07 thereafter. (Thanks to Arthur David Olson.) Although the change to permanent -07 legally took place on 2026-03-09, temporarily model the change to occur on 2026-11-01 at 02:00 instead. This works around a limitation in CLDR v48.2 (2026-03-17). This temporary hack is planned to be removed after CLDR is fixed.

Changelog

Sourced from tzdata's changelog.

Version 2026.2

Upstream version 2026b released 2026-04-23T06:06:43+00:00

Briefly:

British Columbia moved to permanent -07 on 2026-03-09. Some more overflow bugs have been fixed in zic.

Changes to future timestamps

British Columbia’s 2026-03-08 spring forward was its last foreseeable clock change, as it moved to permanent -07 thereafter. (Thanks to Arthur David Olson.) Although the change to permanent -07 legally took place on 2026-03-09, temporarily model the change to occur on 2026-11-01 at 02:00 instead. This works around a limitation in CLDR v48.2 (2026-03-17). This temporary hack is planned to be removed after CLDR is fixed.

---

Commits

• 1ed8943 Update tzdata to version '2026b' (#135)
• e3b2209 Add 14-day cooldown to Dependabot
• 7e5b595 Hash pin GitHub Actions
• See full diff in compare view

Updates virtualenv from 21.2.4 to 21.3.0

Release notes

Sourced from virtualenv's releases.

21.3.0

What's Changed

• 🐛 fix(type): stop ty flagging default_source on Action by @​gaborbernat in pypa/virtualenv#3124
• feat: Reintroduce xonsh shell support by @​anki-code in pypa/virtualenv#3125
• 🐛 fix(test): prevent PowerShell activation test from crashing xdist workers on Windows by @​gaborbernat in pypa/virtualenv#3128
• docs: Add usage instruction for Xonsh activation by @​anki-code in pypa/virtualenv#3130
• Upgrade embedded pip/setuptools/wheel by @​github-actions[bot] in pypa/virtualenv#3132

New Contributors

• @​anki-code made their first contribution in pypa/virtualenv#3125

Full Changelog: pypa/virtualenv@21.2.4...21.3.0

Changelog

Sourced from virtualenv's changelog.

Features - 21.3.0

• Re-introduce xonsh shell activator (activate.xsh) previously removed in 20.7.0, and make the plugin loader prefer virtualenv's built-in entry points so a third-party package cannot override them by registering a duplicate name. (:issue:3003)

Bugfixes - 21.3.0

• Upgrade embedded wheels:

  • pip to 26.1 (:issue:3132)

---

v21.2.4 (2026-04-14)

---

Commits

• e917cc2 release 21.3.0
• 21152f1 Upgrade embedded pip/setuptools/wheel (#3132)
• 096bdcd chore(deps): bump astral-sh/setup-uv from 8.0.0 to 8.1.0 (#3131)
• 01610dc docs: Add usage instruction for Xonsh activation (#3130)
• fb6ec7c 🐛 fix(test): prevent PowerShell activation test from crashing xdist workers o...
• 6095679 [pre-commit.ci] pre-commit autoupdate (#3129)
• 8d3179c chore(deps): bump peter-evans/create-pull-request from 8.1.0 to 8.1.1 (#3127)
• a159c50 chore(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 (#3126)
• 9ba729b feat: Reintroduce xonsh shell support (#3125)
• d42ea5c 🐛 fix(type): stop ty flagging default_source on Action (#3124)
• See full diff in compare view

Updates psutil to 7.2.2

Changelog

Sourced from psutil's changelog.

7.2.2 — 2026-01-28 ^^^^^^^^^^^^^^^^^^

Enhancements

• :gh:2705: [Linux]: :meth:Process.wait now uses pidfd_open() + poll() (no busy loop). Requires Linux >= 5.3 and Python >= 3.9.
• :gh:2705: [macOS], [BSD]: :meth:Process.wait now uses kqueue() (no busy loop).

Bug fixes

• :gh:2701, [macOS]: fix compilation error on macOS < 10.7. (patch by Sergey Fedorov)
• :gh:2707, [macOS]: fix potential memory leaks in error paths of :meth:Process.memory_full_info and :meth:Process.threads.
• :gh:2708, [macOS]: :meth:Process.cmdline and :meth:Process.environ may fail with OSError: [Errno 0] Undefined error (from sysctl(KERN_PROCARGS2)). They now raise :exc:AccessDenied instead.

7.2.1 — 2025-12-29 ^^^^^^^^^^^^^^^^^^

Bug fixes

• :gh:2699, [FreeBSD], [NetBSD]: :func:heap_info does not detect small allocations (<= 1K). In order to fix that, we now flush internal jemalloc cache before fetching the metrics.

7.2.0 — 2025-12-23 ^^^^^^^^^^^^^^^^^^

Enhancements

• :gh:1275: new :func:heap_info and :func:heap_trim functions, providing direct access to the platform's native C heap allocator (glibc, mimalloc, libmalloc). Useful to create tools to detect memor...

  Description has been truncated