build(deps): bump the all-python-deps group with 6 updates

[dependabot]

Bumps the all-python-deps group with 6 updates:

Package	From	To
cachetools	6.2.6	7.0.1
flask	3.1.2	3.1.3
gunicorn	24.1.1	25.1.0
certifi	2026.1.4	2026.2.25
scipy	1.17.0	1.17.1
werkzeug	3.1.5	3.1.6

Updates cachetools from 6.2.6 to 7.0.1

Changelog

Sourced from cachetools's changelog.

v7.0.1 (2026-02-10)

• Various test improvements.

• Update Copilot Instructions.

v7.0.0 (2026-02-01)

• Require Python 3.10 or later (breaking change).

• Drop support for passing info as fourth positional parameter to @cached (breaking change).

• Drop support for cache(self) returning None with @cachedmethod (breaking change).

• Convert the @cachedmethod wrappers to descriptors, deprecating its use with class methods and instances that do not provide a mutable __dict__ attribute (potentially breaking change).

• Convert the previously undocumented @cachedmethod attributes (cache, cache_lock, etc.) to properties for instance methods, providing official support and documentation (potentially breaking change).

• Add an optional info parameter to the @cachedmethod decorator for reporting per-instance cache statistics. Note that this requires the instance's __dict__ attribute to be a mutable mapping.

Commits

• e5f8f01 Release v7.0.1.
• bd4e24d More test improvements.
• 67ae4fb Minor test corrections and cleanups.
• 8e73eae Update Copilot Instructions.
• 28bbcba Release v7.0.0.
• 45776b2 Minor code and documentation improvements.
• 51a70a9 Fix #357: Update documentation.
• bb72c21 Fix #357: Add cache_info() support for @​cachedmethod.
• 86352ae Fix #357: Convert @​cachedmethod decorators to descriptors.
• 263cf31 Prepare v7.0.0.
• Additional commits viewable in compare view

Updates flask from 3.1.2 to 3.1.3

Release notes

Sourced from flask's releases.

3.1.3

This is the Flask 3.1.3 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Flask/3.1.3/ Changes: https://flask.palletsprojects.com/page/changes/#version-3-1-3

• The session is marked as accessed for operations that only access the keys but not the values, such as in and len. GHSA-68rp-wp8r-4726

Changelog

Sourced from flask's changelog.

Version 3.1.3

Released 2026-02-18

• The session is marked as accessed for operations that only access the keys but not the values, such as in and len. :ghsa:68rp-wp8r-4726

Commits

• 22d9247 release version 3.1.3
• 089cb86 Merge commit from fork
• c17f379 request context tracks session access
• 27be933 start version 3.1.3
• 4e652d3 Abort if the instance folder cannot be created (#5903)
• 3d03098 Abort if the instance folder cannot be created
• 407eb76 document using gevent for async (#5900)
• ac5664d document using gevent for async
• 4f79d5b Increase required flit_core version to 3.11 (#5865)
• fe3b215 Increase required flit_core version to 3.11
• Additional commits viewable in compare view

Updates gunicorn from 24.1.1 to 25.1.0

Release notes

Sourced from gunicorn's releases.

Gunicorn 25.1.0

New Features

• Control Interface (gunicornc): Add interactive control interface for managing running Gunicorn instances, similar to birdc for BIRD routing daemon ([PR #3505](benoitc/gunicorn#3505))

  • Unix socket-based communication with JSON protocol
  • Interactive mode with readline support and command history
  • Commands: show all/workers/dirty/config/stats/listeners
  • Worker management: worker add/remove/kill, dirty add/remove
  • Server control: reload, reopen, shutdown
  • New settings: --control-socket, --control-socket-mode, --no-control-socket
  • New CLI tool: gunicornc for connecting to control socket
  • See Control Interface Guide for details

• Dirty Stash: Add global shared state between workers via dirty.stash ([PR #3503](benoitc/gunicorn#3503))

  • In-memory key-value store accessible by all workers
  • Supports get, set, delete, clear, keys, and has operations
  • Useful for sharing state like feature flags, rate limits, or cached data

• Dirty Binary Protocol: Implement efficient binary protocol for dirty arbiter IPC using TLV (Type-Length-Value) encoding ([PR #3500](benoitc/gunicorn#3500))

  • More efficient than JSON for binary data
  • Supports all Python types: str, bytes, int, float, bool, None, list, dict
  • Better performance for large payloads

• Dirty TTIN/TTOU Signals: Add dynamic worker scaling for dirty arbiters ([PR #3504](benoitc/gunicorn#3504))

  • Send SIGTTIN to increase dirty workers
  • Send SIGTTOU to decrease dirty workers
  • Respects minimum worker constraints from app configurations

Changes

• ASGI Worker: Promoted from beta to stable
• Dirty Arbiters: Now marked as beta feature

Documentation

• Fix Markdown formatting in /configure documentation

25.0.3

What's Changed

Bug Fixes

• Fix RuntimeError when StopIteration raised in ASGI coroutine (#3484)
• Fix passing maxsplit in re.split() as positional argument (deprecated in Python 3.13)

... (truncated)

Commits

• 2d43101 docs: merge gunicornc into 25.1.0 release
• bf4ad8d docs: update 25.1.0 release date to 2026-02-13
• 730350e Merge pull request #3505 from benoitc/feature/gunicornc-control-interface
• 63df19b fix(tests): use process groups for reliable signal handling in PyPy
• cd77bcc fix(tests): increase wait time for all server tests
• 02ea985 fix(tests): improve server test reliability on FreeBSD
• 6d81c9e fix: resolve pylint warnings
• 7486baa fix: remove unused imports
• 3e60d29 docs: add gunicornc control interface guide
• e05e40d feat(ctl): add message-based dirty worker management
• Additional commits viewable in compare view

Updates certifi from 2026.1.4 to 2026.2.25

Commits

• 8571a4b 2026.02.25 (#395)
• 6f7de00 Bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 (#390)
• a1de59b Bump actions/checkout from 6.0.1 to 6.0.2 (#391)
• 7f5ade5 Bump actions/setup-python from 6.1.0 to 6.2.0 (#392)
• See full diff in compare view

Updates scipy from 1.17.0 to 1.17.1

Release notes

Sourced from scipy's releases.

SciPy 1.17.1 Release Notes

SciPy 1.17.1 is a bug-fix release with no new features compared to 1.17.0.

Authors

• Name (commits)
• Evgeni Burovski (5)
• Lucas Colley (1)
• Christoph Gohlke (1)
• Ralf Gommers (6)
• Matt Haberland (5)
• Matthias Koeppe (1)
• Nick ODell (1)
• Ilhan Polat (10)
• Tyler Reddy (44)
• Martin Schuck (3)
• Dan Schult (3)
• stratakis (1) +
• ਗਗਨਦੀਪ ਸਿੰਘ (Gagandeep Singh) (1)

A total of 13 people contributed to this release. People with a "+" by their names contributed a patch for the first time. This list of names is automatically generated, and may not be fully complete.

Complete issue list, PR list, and release asset hashes are available in the associated README.txt.

Commits

• 527eb7f REL: 1.17.1 release commit [wheel build]
• f11663b Merge pull request #24584 from tylerjereddy/treddy_prep_1.17.1
• 2c49e68 DOC: PR 24584 revisions
• 400fa15 safely convert index dtypes to intc for csgraph and superLU
• 8c70404 MAINT: PR 24584 revisions [wheel build]
• 6dda8c1 BUG: PR 24584 revisions
• 4a187e5 DOC: PR 24584 revisions
• 463ee9f ENH: linalg/inv: re-enable overwrite_a for 2D inputs (#24442)
• df746ee BUG: linalg: restore dtypes in inv, solve, det
• 246bfee MAINT:optimize: Enable multi-phase init to DIRECT
• Additional commits viewable in compare view

Updates werkzeug from 3.1.5 to 3.1.6

Release notes

Sourced from werkzeug's releases.

3.1.6

This is the Werkzeug 3.1.6 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Werkzeug/3.1.6/ Changes: https://werkzeug.palletsprojects.com/page/changes/#version-3-1-6

• safe_join on Windows does not allow special devices names in multi-segment paths. GHSA-29vq-49wr-vm6x

Changelog

Sourced from werkzeug's changelog.

Version 3.1.6

Released 2026-02-19

• safe_join on Windows does not allow special devices names in multi-segment paths. :ghsa:29vq-49wr-vm6x

Commits

• 04da1b5 release version 3.1.6
• f407712 Merge commit from fork
• f54fe98 safe_join prevents Windows special device names in multi-segment paths
• d005985 start version 3.1.6
• 8565c2c document rule priority (#3102)
• 3febc7e document rule priority
• 2525b82 remove state machine docs
• 4abfbd5 rewrite build docstring (#3097)
• 161c18b rewrite build docstring
• 86e11c2 release version 3.1.5 (#3085)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions