Skip to content

Deps: Bump the python-packages group across 1 directory with 8 updates#4

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/python-packages-cef71afbe3
Closed

Deps: Bump the python-packages group across 1 directory with 8 updates#4
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/python-packages-cef71afbe3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 18, 2026
edited
Loading

Copy link
Copy Markdown

Bumps the python-packages group with 8 updates in the / directory:

Package From To
ruff 0.15.14 0.15.17
pypsrp 0.9.0 0.9.1
anyio 4.13.0 4.14.0
certifi 2026.5.20 2026.6.17
cryptography 48.0.0 49.0.0
gssapi 1.8.2 1.11.1
idna 3.16 3.18
pontos 25.8.1 26.5.0

Updates ruff from 0.15.14 to 0.15.17

Release notes

Sourced from ruff's releases.

0.15.17

Release Notes

Released on 2026-06-11.

Preview features

  • Allow human-readable names in suppression comments (#25614)
  • Fix handling of ignore comments within a disable/enable pair (#25845)
  • Prioritize human-readable names in CLI output (#25869)
  • Respect diagnostic start and parent ranges and trailing comments in ruff:ignore suppressions (#25673)
  • [flake8-async] Add trio.as_safe_channel to safe decorators (ASYNC119) (#25775)
  • [flake8-pytest-style] Also check pytest_asyncio fixtures (#25375)
  • [ruff] Ban pytest autouse fixtures (RUF076) (#25477)
  • [pyupgrade] Add from __future__ import annotations automatically (UP007, UP045) (#23259)

Bug fixes

  • Fix diagnostic when ruff:enable or ruff:disable appears where ruff:ignore is expected (#25700)
  • [pyupgrade] Preserve leading empty literals to avoid syntax errors (UP032) (#25491)

Rule changes

  • [flake8-pytest-style] Clarify diagnostic message for single parameters (PT007) (#25592)
  • [numpy] Drop autofix for np.in1d (NPY201) (#25612)
  • [pylint] Exempt Python version comparisons (PLR2004) (#25743)

Performance

  • Reserve AST Vecs with correct capacity for common cases (#25451)

Formatter

  • Preserve whitespace for Quarto cell option comments (#25641)

CLI

  • Allow rule names in ruff rule (#25640)

Other changes

  • Fix playground diagnostics scrollbars (#25642)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.17

Released on 2026-06-11.

Preview features

  • Allow human-readable names in suppression comments (#25614)
  • Fix handling of ignore comments within a disable/enable pair (#25845)
  • Prioritize human-readable names in CLI output (#25869)
  • Respect diagnostic start and parent ranges and trailing comments in ruff:ignore suppressions (#25673)
  • [flake8-async] Add trio.as_safe_channel to safe decorators (ASYNC119) (#25775)
  • [flake8-pytest-style] Also check pytest_asyncio fixtures (#25375)
  • [ruff] Ban pytest autouse fixtures (RUF076) (#25477)
  • [pyupgrade] Add from __future__ import annotations automatically (UP007, UP045) (#23259)

Bug fixes

  • Fix diagnostic when ruff:enable or ruff:disable appears where ruff:ignore is expected (#25700)
  • [pyupgrade] Preserve leading empty literals to avoid syntax errors (UP032) (#25491)

Rule changes

  • [flake8-pytest-style] Clarify diagnostic message for single parameters (PT007) (#25592)
  • [numpy] Drop autofix for np.in1d (NPY201) (#25612)
  • [pylint] Exempt Python version comparisons (PLR2004) (#25743)

Performance

  • Reserve AST Vecs with correct capacity for common cases (#25451)

Formatter

  • Preserve whitespace for Quarto cell option comments (#25641)

CLI

  • Allow rule names in ruff rule (#25640)

Other changes

  • Fix playground diagnostics scrollbars (#25642)

Contributors

... (truncated)

Commits
  • 7c645a9 Bump 0.15.17 (#25872)
  • f381eb1 Prioritize human-readable names in CLI output (#25869)
  • b9b4546 Minor workflow simplification (#25870)
  • 1e77ba0 [ty] Move PreformattedBlockScanner to format-agnostic location. (#25856)
  • 6f2b772 [ty] Preserve nominal type of enum.property instances (#25849)
  • be4777c [ty] Fix site-package error when multiple versions of pythons are installed i...
  • 53f6ff7 Allow human-readable names in suppression comments (#25614)
  • 6740325 [ty] Restrict uncached raw signature access (#25866)
  • 970b1bf Auto-update snapshots when syncing typeshed (#25841)
  • 0785793 Fix handling of ignore comments within a disable/enable pair (#25845)
  • Additional commits viewable in compare view

Updates pypsrp from 0.9.0 to 0.9.1

Release notes

Sourced from pypsrp's releases.

v0.9.1

0.9.1 - 2026-03-16

  • Fix recursion issue when generating requests HTTP adapter on each new connection

What's Changed

New Contributors

Full Changelog: jborean93/pypsrp@v0.9.0...v0.9.1

Changelog

Sourced from pypsrp's changelog.

0.9.1 - 2026-03-16

  • Fix recursion issue when generating requests HTTP adapter on each new connection
Commits

Updates anyio from 4.13.0 to 4.14.0

Release notes

Sourced from anyio's releases.

4.14.0

  • Added support for Python 3.15

  • Added an asynchronous implementation of the itertools module (#998; PR by @​11kkw)

  • Added the local_port parameter to connect_tcp() to allow binding to a specific local port before connecting (#1067; PR by @​nullwiz)

  • Added support for custom capacity limiters in async path and file I/O functions and classes

  • Added the create_task() task group method for easier asyncio migration (returns a TaskHandle) (#1098)

  • Changed TaskGroup.start_soon() to return a TaskHandle

  • Added an option for TaskGroup.start() to return a TaskHandle (which then contains the start value in the start_value property)

  • Added the cancel() convenience method to TaskGroup as a shortcut for cancelling the task group's cancel scope

  • Improved the error message when a known backend is not installed to suggest the install command (#1115; PR by @​EmmanuelNiyonshuti)

  • Improved anyio.Path to preserve subclass types by returning Self in methods that return path objects (#1130; PR by @​EmmanuelNiyonshuti)

  • Changed the parameter type annotation in anyio.Path.write_bytes() to accept any ReadableBuffer, thus allowing it to accept bytearray and memoryview to match pathlib.Path.write_bytes() (#1135; PR by @​SAY-5)

  • Changed several type annotations to only accept callables returning coroutine-like objects instead of arbitrary awaitables:

    • TaskGroup.start_soon()
    • TaskGroup.start()
    • anyio.from_thread.run()

    This reverts an earlier change from v3.7.0 which was made in error. (#1153)

  • Changed anyio.run to support callables returning arbitrary awaitables at runtime on all backends. Previously, this only worked on asyncio (#1171; PR by @​gschaffner)

  • Changed several classes (and their subclasses) to have __slots__ (with __weakref__):

    • anyio.CancelScope
    • anyio.CapacityLimiter
    • anyio.Condition
    • anyio.Event
    • anyio.Lock
    • anyio.ResourceGuard
    • anyio.Semaphore

  • Fixed cancellation exception escaping a cancel scope when triggered via check_cancelled() in a worker thread (#1113)

  • Fixed TaskGroup raising AttributeError instead of a clear error when entered more than once (#1109; PR by @​bahtya)

  • Fixed lost type information when passing arguments to lru_cache (#1104; PR by @​Graeme22)

  • Fixed test resumption after KeyboardInterrupt in async generator fixtures on the asyncio backend (#1060; PR by @​EmmanuelNiyonshuti)

... (truncated)

Commits
  • ffe9133 Bumped up the version
  • f8b9f01 Fixed asyncio lock waiter deadlocks after cancellation (#1145)
  • d517ee1 [pre-commit.ci] pre-commit autoupdate (#1176)
  • 550b68e Make anyio.run support Awaitable at runtime on all backends (#1171)
  • 29a5e04 Fixed FastAPI test run
  • 4d752ac Updated downstream test setups for FastAPI and Anthropic MCP
  • ebdc950 Added task handle support to start() and start_soon() (#1153)
  • f32bfb8 Fixed test suite compatibility issues with Pytest 9.1.0
  • 85f7e8e Added __slots__ to several classes
  • b7ea84c [pre-commit.ci] pre-commit autoupdate (#1165)
  • Additional commits viewable in compare view

Updates certifi from 2026.5.20 to 2026.6.17

Commits

Updates cryptography from 48.0.0 to 49.0.0

Changelog

Sourced from cryptography's changelog.

49.0.0 - 2026-06-12


* **BACKWARDS INCOMPATIBLE:** Support for ``x86_64`` macOS has been removed.
  We now only publish ``arm64`` wheels for macOS.
* **BACKWARDS INCOMPATIBLE:** Support for 32-bit Windows has been removed.
  Users should move to a 64-bit Python installation.
* **BACKWARDS INCOMPATIBLE:** Removed the deprecated
  ``PUBLIC_KEY_TYPES``, ``PRIVATE_KEY_TYPES``,
  ``CERTIFICATE_PRIVATE_KEY_TYPES``, ``CERTIFICATE_ISSUER_PUBLIC_KEY_TYPES``,
  and ``CERTIFICATE_PUBLIC_KEY_TYPES`` type aliases. Use
  ``PublicKeyTypes``, ``PrivateKeyTypes``, ``CertificateIssuerPrivateKeyTypes``,
  ``CertificateIssuerPublicKeyTypes``, and ``CertificatePublicKeyTypes``
  instead. These were deprecated in version 40.0.
* **BACKWARDS INCOMPATIBLE:** :class:`~cryptography.hazmat.primitives.ciphers.algorithms.ChaCha20`
  now treats the first 4 bytes of the ``nonce`` as a 32-bit little-endian block
  counter (as defined in :rfc:`7539`) and tracks the number of bytes processed.
  Attempting to encrypt or decrypt more data than the counter allows before it
  would overflow now raises a :class:`ValueError` rather than silently diverging
  from RFC 7539. Setting the counter portion of the ``nonce`` to zero allows
  encrypting up to 256 GiB with a given nonce.
* **BACKWARDS INCOMPATIBLE:** Loading an X.509 certificate whose ECDSA or DSA
  signature ``AlgorithmIdentifier`` contains encoded NULL parameters now raises
  a :class:`ValueError`. Such certificates are invalid, but older versions of
  Java emitted them; previously they loaded with a deprecation warning.
* Fixed cross-compilation of the CFFI bindings when ``PYO3_CROSS_LIB_DIR``
  is set. The build now derives the Python include directory from
  ``PYO3_CROSS_LIB_DIR`` instead of querying the host interpreter, which
  previously caused the build to fail during cross-compilations for embedded
  systems, on hosts which have same-version Python development headers
  installed as the target Python.
* Added support for signing and verifying X.509 certificates, certificate
  signing requests, and certificate revocation lists with
  :doc:`/hazmat/primitives/asymmetric/mldsa` keys, as well as loading
  certificates that contain ML-DSA public keys.
* Added :meth:`~cryptography.hazmat.primitives.hpke.KEM.enc_length` to
  :class:`~cryptography.hazmat.primitives.hpke.KEM` so callers can split the
  encapsulated key from the ciphertext returned by
  :meth:`~cryptography.hazmat.primitives.hpke.Suite.encrypt`.
* :meth:`~cryptography.x509.verification.ExtensionPolicy.require_present`,
  :meth:`~cryptography.x509.verification.ExtensionPolicy.may_be_present`, and
  :meth:`~cryptography.x509.verification.ExtensionPolicy.require_not_present`
  now accept any extension type. Previously only a fixed set of extension
  types was supported, which made it impossible to account for otherwise
  unrecognized critical extensions during path validation.
* Added support for using :class:`~cryptography.x509.Certificate`,
  :class:`~cryptography.x509.CertificateSigningRequest`, and
  :class:`~cryptography.x509.CertificateRevocationList` as field types in
  :doc:`/hazmat/asn1/index` structures.
* Added :func:`~cryptography.hazmat.asn1.value_set`, a class decorator that
</tr></table>

... (truncated)

Commits
  • e300bbe bump version and changelog for 49.0.0 (#15030)
  • fa74cd8 Add external mu (message representative) support for ML-DSA (#14979)
  • f594db3 chore(deps): bump openssl from 0.10.80 to 0.10.81 (#15029)
  • 608e011 chore(deps): bump openssl-sys from 0.9.116 to 0.9.117 (#15028)
  • a322bc4 chore(deps): bump cc from 1.2.63 to 1.2.64 (#15027)
  • 33181a7 Reject critical nameConstraints extensions containing directoryName constrain...
  • 6080dc7 Bump dependencies that dependabot isn't (#15026)
  • 121faa3 chore(deps): bump virtualenv from 21.4.2 to 21.4.3 (#15023)
  • 829520b Add more robust processing for DH parameters. (#15016)
  • 0f05001 Bump downstream dependencies in CI (#15025)
  • Additional commits viewable in compare view

Updates gssapi from 1.8.2 to 1.11.1

Release notes

Sourced from gssapi's releases.

v1.11.1

What's Changed

Full Changelog: pythongssapi/python-gssapi@v1.11.0...v1.11.1

v1.11.0

What's Changed

Bug: This was never pushed to PyPI due to a bug in the setup.py classifiers. The v1.11.1 release contains the same changes here.

Full Changelog: pythongssapi/python-gssapi@v1.10.1...v1.11.0

v1.10.1

What's Changed

New Contributors

Full Changelog: pythongssapi/python-gssapi@v1.10.0...v1.10.1

v1.10.0

What's Changed

New Contributors

Full Changelog: pythongssapi/python-gssapi@v1.9.0...v1.10.0

v1.9.0

No release notes provided.

Release v1.8.3: Klipspringer (Patch 3)

Commits
  • 5acb5b1 Fix up classifier from typo
  • 02a1dbe Fix up flake issue
  • 28ae966 Add Free-Threading and Limited API/Stable ABI
  • 55df351 Fix license file release
  • 0adf37c Use the SPDX license name in setup.py as required by PEP-639
  • 35cbd27 Add long_description_content_type to setup
  • d792186 Update Python requirements and pin Cython
  • 6cd2011 remove deprecated license classifier
  • 52bd8e9 Fix type annotation for gssapi.creds.Credentials name property. Add test checks.
  • fc7326e Update macOS build versions
  • Additional commits viewable in compare view

Updates idna from 3.16 to 3.18

Changelog

Sourced from idna's changelog.

3.18 (2026-06-02)

  • When decoding a domain, add a display argument that will pass through invalid labels rather than raising an exception.

3.17 (2026-05-28)

  • Substantial 75% reduction in memory usage through new data structures and some optimization in processing speed.
  • Added a general 1024-character input length cap to the public validation, conversion, and codec entry points. This is well above any legitimate domain or label and guards against pathological inputs.
Commits
  • f39ea90 Release 3.18
  • 40f4e40 Pre-release 3.18rc0
  • 1a5bf80 Merge pull request #253 from kjd/lenient-decode
  • 5bbb26f Merge branch 'master' into lenient-decode
  • c532bae Rename decode() lenient= option to display= (issue #248)
  • 0b1758b Merge pull request #252 from kjd/release-3.17
  • f48619c Release 3.17
  • 7421ba8 Pre-release 3.17rc0
  • 22ebb73 Merge pull request #251 from kjd/structure-optimizations
  • 2a7ac0a Drop redundant parallel-arrays comment from uts46data
  • Additional commits viewable in compare view

Updates pontos from 25.8.1 to 26.5.0

Release notes

Sourced from pontos's releases.

pontos 26.5.0

26.5.0 - 2026-05-19

👷 Changed

🚢 Dependencies

pontos 26.4.3

26.4.3 - 2026-04-29

✨ Added

pontos 26.4.2

26.4.2 - 2026-04-27

✨ Added

👷 Changed

🐛 Bug Fixes

🔧 Miscellaneous

🚢 Dependencies

pontos 26.4.1

[26.4.1] - 2026-04-21

... (truncated)

Commits
  • a380de6 Automatic release to 26.5.0
  • 12b9dd2 Change: Rename "Status Change" to "CVE Status Change"
  • fd0a178 Deps: Bump urllib3 from 2.6.3 to 2.7.0
  • 00adf54 Update: Greenbone license header
  • a793376 Automatic adjustments after release [skip ci]
  • 7e3dffb Automatic release to 26.4.3
  • f2f0401 Add: CVE Change event name "Data Remediation" (#1214)
  • a81ba03 Automatic adjustments after release [skip ci]
  • 46c3185 Automatic release to 26.4.2
  • 31d0465 Use snake_case for release-version output variables
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Deps: Bump the python-packages group across 1 directory with 8 updates
a961144 
Bumps the python-packages group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [ruff](https://github.com/astral-sh/ruff) | `0.15.14` | `0.15.17` |
| [pypsrp](https://github.com/jborean93/pypsrp) | `0.9.0` | `0.9.1` |
| [anyio](https://github.com/agronholm/anyio) | `4.13.0` | `4.14.0` |
| [certifi](https://github.com/certifi/python-certifi) | `2026.5.20` | `2026.6.17` |
| [cryptography](https://github.com/pyca/cryptography) | `48.0.0` | `49.0.0` |
| [gssapi](https://github.com/pythongssapi/python-gssapi) | `1.8.2` | `1.11.1` |
| [idna](https://github.com/kjd/idna) | `3.16` | `3.18` |
| [pontos](https://github.com/greenbone/pontos) | `25.8.1` | `26.5.0` |



Updates `ruff` from 0.15.14 to 0.15.17
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.14...0.15.17)

Updates `pypsrp` from 0.9.0 to 0.9.1
- [Release notes](https://github.com/jborean93/pypsrp/releases)
- [Changelog](https://github.com/jborean93/pypsrp/blob/master/CHANGELOG.md)
- [Commits](jborean93/pypsrp@v0.9.0...v0.9.1)

Updates `anyio` from 4.13.0 to 4.14.0
- [Release notes](https://github.com/agronholm/anyio/releases)
- [Commits](agronholm/anyio@4.13.0...4.14.0)

Updates `certifi` from 2026.5.20 to 2026.6.17
- [Commits](certifi/python-certifi@2026.05.20...2026.06.17)

Updates `cryptography` from 48.0.0 to 49.0.0
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@48.0.0...49.0.0)

Updates `gssapi` from 1.8.2 to 1.11.1
- [Release notes](https://github.com/pythongssapi/python-gssapi/releases)
- [Commits](pythongssapi/python-gssapi@v1.8.2...v1.11.1)

Updates `idna` from 3.16 to 3.18
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.md)
- [Commits](kjd/idna@v3.16...v3.18)

Updates `pontos` from 25.8.1 to 26.5.0
- [Release notes](https://github.com/greenbone/pontos/releases)
- [Commits](greenbone/pontos@v25.8.1...v26.5.0)

---
updated-dependencies:
- dependency-name: ruff
  dependency-version: 0.15.17
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: python-packages
- dependency-name: pypsrp
  dependency-version: 0.9.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-packages
- dependency-name: anyio
  dependency-version: 4.14.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: certifi
  dependency-version: 2026.6.17
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: cryptography
  dependency-version: 49.0.0
  dependency-type: indirect
  update-type: version-update:semver-major
  dependency-group: python-packages
- dependency-name: gssapi
  dependency-version: 1.11.1
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: idna
  dependency-version: '3.18'
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: pontos
  dependency-version: 26.5.0
  dependency-type: indirect
  update-type: version-update:semver-major
  dependency-group: python-packages
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jun 18, 2026
@dependabot dependabot Bot requested a review from a team as a code owner June 18, 2026 04:15
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jun 18, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jun 25, 2026

Copy link
Copy Markdown
Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jun 25, 2026
@dependabot dependabot Bot deleted the dependabot/pip/python-packages-cef71afbe3 branch June 25, 2026 04:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants