Skip to content

pip: bump the pip-updates group across 1 directory with 4 updates#1369

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/sshd/pip-updates-93cdf16e6c
Open

pip: bump the pip-updates group across 1 directory with 4 updates#1369
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/sshd/pip-updates-93cdf16e6c

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 6, 2026
edited
Loading

Updates the requirements on certifi, charset-normalizer, ruff and black to permit the latest version.
Updates certifi from 2026.1.4 to 2026.2.25

Commits

Updates charset-normalizer from 3.4.4 to 3.4.5

Release notes

Sourced from charset-normalizer's releases.

Version 3.4.5

3.4.5 (2026-03-06)

Changed

  • Update setuptools constraint to setuptools>=68,<=82.
  • Raised upper bound of mypyc for the optional pre-built extension to v1.19.1

Fixed

  • Add explicit link to lib math in our optimized build. (#692)
  • Logger level not restored correctly for empty byte sequences. (#701)
  • TypeError when passing bytearray to from_bytes. (#703)

Misc

  • Applied safe micro-optimizations in both our noise detector and language detector.
  • Rewrote the query_yes_no function (inside CLI) to avoid using ambiguous licensed code.
  • Added cd.py submodule into mypyc optional compilation to reduce further the performance impact.

[!WARNING]
mypyc changed the usual binary output for the optimized wheel. Beware, especially if using PyInstaller or alike. See jawah/charset_normalizer#714

Changelog

Sourced from charset-normalizer's changelog.

3.4.5 (2026-03-06)

Changed

  • Update setuptools constraint to setuptools>=68,<=82.
  • Raised upper bound of mypyc for the optional pre-built extension to v1.19.1

Fixed

  • Add explicit link to lib math in our optimized build. (#692)
  • Logger level not restored correctly for empty byte sequences. (#701)
  • TypeError when passing bytearray to from_bytes. (#703)

Misc

  • Applied safe micro-optimizations in both our noise detector and language detector.
  • Rewrote the query_yes_no function (inside CLI) to avoid using ambiguous licensed code.
  • Added cd.py submodule into mypyc optional compilation to reduce further the performance impact.
Commits
  • 7411396 📝 update changelog
  • 8de6012 Merge pull request #713 from jawah/release-3.4.5
  • 39d0fba Merge branch 'master' into release-3.4.5
  • f211d4a ⬆️ Bump actions/upload-artifact from 6.0.0 to 7.0.0 (#707)
  • 9123864 ⬆️ Bump github/codeql-action from 4.32.0 to 4.32.4 (#710)
  • 5cb1f12 ⬆️ Bump actions/download-artifact from 7.0.0 to 8.0.0 (#711)
  • 7e68582 ⬆️ Update setuptools requirement from <=81,>=68 to >=68,<=82.0.0 (#712)
  • e1e2ccb correct cp_similarity ratio ceiling (#704)
  • 209f9ff fix TypeError when passing bytearray to from_bytes (#703)
  • 6a8503f Fix logger level not restored correctly for empty byte sequences (#701)
  • Additional commits viewable in compare view

Updates ruff to 0.15.5

Release notes

Sourced from ruff's releases.

0.15.5

Release Notes

Released on 2026-03-05.

Preview features

  • Discover Markdown files by default in preview mode (#23434)
  • [perflint] Extend PERF102 to comprehensions and generators (#23473)
  • [refurb] Fix FURB101 and FURB103 false positives when I/O variable is used later (#23542)
  • [ruff] Add fix for none-not-at-end-of-union (RUF036) (#22829)
  • [ruff] Fix false positive for re.split with empty string pattern (RUF055) (#23634)

Bug fixes

  • [fastapi] Handle callable class dependencies with __call__ method (FAST003) (#23553)
  • [pydocstyle] Fix numpy section ordering (D420) (#23685)
  • [pyflakes] Fix false positive for names shadowing re-exports (F811) (#23356)
  • [pyupgrade] Avoid inserting redundant None elements in UP045 (#23459)

Documentation

  • Document extension mapping for Markdown code formatting (#23574)
  • Update default Python version examples (#23605)

Other changes

  • Publish releases to Astral mirror (#23616)

Contributors

Install ruff 0.15.5

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/ruff/releases/download/0.15.5/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.5

Released on 2026-03-05.

Preview features

  • Discover Markdown files by default in preview mode (#23434)
  • [perflint] Extend PERF102 to comprehensions and generators (#23473)
  • [refurb] Fix FURB101 and FURB103 false positives when I/O variable is used later (#23542)
  • [ruff] Add fix for none-not-at-end-of-union (RUF036) (#22829)
  • [ruff] Fix false positive for re.split with empty string pattern (RUF055) (#23634)

Bug fixes

  • [fastapi] Handle callable class dependencies with __call__ method (FAST003) (#23553)
  • [pydocstyle] Fix numpy section ordering (D420) (#23685)
  • [pyflakes] Fix false positive for names shadowing re-exports (F811) (#23356)
  • [pyupgrade] Avoid inserting redundant None elements in UP045 (#23459)

Documentation

  • Document extension mapping for Markdown code formatting (#23574)
  • Update default Python version examples (#23605)

Other changes

  • Publish releases to Astral mirror (#23616)

Contributors

0.15.4

Released on 2026-02-26.

This is a follow-up release to 0.15.3 that resolves a panic when the new rule PLR1712 was enabled with any rule that analyzes definitions, such as many of the ANN or D rules.

Bug fixes

  • Fix panic on access to definitions after analyzing definitions (#23588)
  • [pyflakes] Suppress false positive in F821 for names used before del in stub files (#23550)

... (truncated)

Commits
  • 5e4a3d9 Bump 0.15.5 (#23743)
  • 69c23cc [ty] Render all changed diagnostics in conformance.py (#23613)
  • 4926bd5 [ty] Split deferred checks out of types/infer/builder.rs (#23740)
  • 9a70f5e Discover markdown files by default in preview mode (#23434)
  • 3dc78b0 [ty] Use HasOptionalDefinition for except handlers (#23739)
  • a6a5e8d [ty] Fix precedence of all selector in TOML configurations (#23723)
  • 2a5384b [ty] Make all selector case sensitive (#23713)
  • db77d7b [ty] Add a diagnostic if a TypeVar is used to specialize a ParamSpec, or ...
  • db28490 [ty] Override home directory in ty tests (#23724)
  • 5f0fd91 [ty] More type-variable default validation (#23639)
  • Additional commits viewable in compare view

Updates black to 26.3.0

Release notes

Sourced from black's releases.

26.3.0

Stable style

  • Don't double-decode input, causing non-UTF-8 files to be corrupted (#4964)
  • Fix crash on standalone comment in lambda default arguments (#4993)
  • Preserve parentheses when # type: ignore comments would be merged with other comments on the same line, preventing AST equivalence failures (#4888)

Preview style

  • Fix bug where if guards in case blocks were incorrectly split when the pattern had a trailing comma (#4884)
  • Fix string_processing crashing on unassigned long string literals with trailing commas (one-item tuples) (#4929)
  • Simplify implementation of the power operator "hugging" logic (#4918)

Packaging

  • Fix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in frozen environments (#4930)

Performance

  • Introduce winloop for windows as an alternative to uvloop (#4996)
  • Remove deprecated function uvloop.install() in favor of uvloop.new_event_loop() (#4996)
  • Rename maybe_install_uvloop function to maybe_use_uvloop to simplify loop installation and creation of either a uvloop/winloop evenloop or default eventloop (#4996)

Output

  • Emit a clear warning when the target Python version is newer than the running Python version, since AST safety checks cannot parse newer syntax. Also replace the misleading "INTERNAL ERROR" message with an actionable error explaining the version mismatch (#4983)

Blackd

  • Introduce winloop to be used when windows in use which enables blackd to run faster on windows when winloop is installed. (#4996)

Integrations

  • Remove unused gallery script (#5030)
  • Harden parsing of black requirements in the GitHub Action when use_pyproject is enabled so that only version specifiers are accepted and direct references such as black @ https://... are rejected. Users should upgrade to the latest version of the action as soon as possible. This update is received automatically when using psf/black@stable, and is independent of the version of Black installed by the

... (truncated)

Changelog

Sourced from black's changelog.

26.3.0

Stable style

  • Don't double-decode input, causing non-UTF-8 files to be corrupted (#4964)
  • Fix crash on standalone comment in lambda default arguments (#4993)
  • Preserve parentheses when # type: ignore comments would be merged with other comments on the same line, preventing AST equivalence failures (#4888)

Preview style

  • Fix bug where if guards in case blocks were incorrectly split when the pattern had a trailing comma (#4884)
  • Fix string_processing crashing on unassigned long string literals with trailing commas (one-item tuples) (#4929)
  • Simplify implementation of the power operator "hugging" logic (#4918)

Packaging

  • Fix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in frozen environments (#4930)

Performance

  • Introduce winloop for windows as an alternative to uvloop (#4996)
  • Remove deprecated function uvloop.install() in favor of uvloop.new_event_loop() (#4996)
  • Rename maybe_install_uvloop function to maybe_use_uvloop to simplify loop installation and creation of either a uvloop/winloop evenloop or default eventloop (#4996)

Output

  • Emit a clear warning when the target Python version is newer than the running Python version, since AST safety checks cannot parse newer syntax. Also replace the misleading "INTERNAL ERROR" message with an actionable error explaining the version mismatch (#4983)

Blackd

  • Introduce winloop to be used when windows in use which enables blackd to run faster on windows when winloop is installed. (#4996)

Integrations

  • Remove unused gallery script (#5030)
  • Harden parsing of black requirements in the GitHub Action when use_pyproject is enabled so that only version specifiers are accepted and direct references such as black @ https://... are rejected. Users should upgrade to the latest version of the action as soon as possible. This update is received automatically when using

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
pip: bump the pip-updates group across 1 directory with 4 updates
ce4c984 
Updates the requirements on [certifi](https://github.com/certifi/python-certifi), [charset-normalizer](https://github.com/jawah/charset_normalizer), [ruff](https://github.com/astral-sh/ruff) and [black](https://github.com/psf/black) to permit the latest version.

Updates `certifi` from 2026.1.4 to 2026.2.25
- [Commits](certifi/python-certifi@2026.01.04...2026.02.25)

Updates `charset-normalizer` from 3.4.4 to 3.4.5
- [Release notes](https://github.com/jawah/charset_normalizer/releases)
- [Changelog](https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md)
- [Commits](jawah/charset_normalizer@3.4.4...3.4.5)

Updates `ruff` to 0.15.5
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.0...0.15.5)

Updates `black` to 26.3.0
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](psf/black@26.1.0...26.3.0)

---
updated-dependencies:
- dependency-name: certifi
  dependency-version: 2026.2.25
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip-updates
- dependency-name: charset-normalizer
  dependency-version: 3.4.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: pip-updates
- dependency-name: ruff
  dependency-version: 0.15.5
  dependency-type: direct:production
  dependency-group: pip-updates
- dependency-name: black
  dependency-version: 26.3.0
  dependency-type: direct:production
  dependency-group: pip-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added automation This issue or pull request was created by automation pip-update This pull request updates a pip package sshd This issue or pull request affects SSHD labels Mar 6, 2026
@dependabot dependabot bot requested a review from a team as a code owner March 6, 2026 21:05
@dependabot dependabot bot added sshd This issue or pull request affects SSHD automation This issue or pull request was created by automation pip-update This pull request updates a pip package labels Mar 6, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

automation This issue or pull request was created by automation pip-update This pull request updates a pip package sshd This issue or pull request affects SSHD

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants