Skip to content

Bump the ci-constraints group across 1 directory with 9 updates#32

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/ci/ci-constraints-a61240b6e1
Open

Bump the ci-constraints group across 1 directory with 9 updates#32
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/ci/ci-constraints-a61240b6e1

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Jun 8, 2026

Warning

Dependabot will stop supporting python v3.9!

Please upgrade to one of the following versions: v3.9, v3.10, v3.11, v3.12, v3.13, or v3.14.

Bumps the ci-constraints group with 9 updates in the /ci directory:

Package From To
cyclonedx-python-lib 11.7.0 11.9.0
idna 3.16 3.18
snowballstemmer 3.1.0 3.1.1
beautifulsoup4 4.14.3 4.15.0
docutils 0.22.4 0.23
ruamel-yaml 0.18.16 0.19.1
sphinx-tabs 3.4.5 3.4.7
sphinx-toolbox 4.1.2 4.2.0
standard-imghdr 3.10.14 3.13.0

Updates cyclonedx-python-lib from 11.7.0 to 11.9.0

Release notes

Sourced from cyclonedx-python-lib's releases.

v11.9.0 (2026-06-08)

Features

  • Add support for license expression details (#908, b502381)

What's Changed

Full Changelog: CycloneDX/cyclonedx-python-lib@v11.8.0...v11.9.0

v11.8.0 (2026-06-04)

Documentation

Features

  • Add support CycloneDX 1.7.1 & 1.6.2 & 1.5.1 (#985, 303889b)

  • Pull SPDX license IDs v1.1-3.28.0 (#986, 42ff044)

What's Changed

Full Changelog: CycloneDX/cyclonedx-python-lib@v11.7.0...v11.8.0

... (truncated)

Changelog

Sourced from cyclonedx-python-lib's changelog.

v11.9.0 (2026-06-08)

Features

  • Add support for license expression details (#908, b502381)

v11.8.0 (2026-06-04)

Documentation

Features

  • Add support CycloneDX 1.7.1 & 1.6.2 & 1.5.1 (#985, 303889b)

  • Pull SPDX license IDs v1.1-3.28.0 (#986, 42ff044)

Commits
  • 150777e chore(release): 11.9.0
  • b502381 feat: add support for license expression details (#908)
  • 2ce770f chore(deps): update m2r2 requirement from >=0.3.2 to >=0.3.4 (#970)
  • 5854695 chore(deps): bump snok/install-poetry from 1.4.1 to 1.4.2 (#990)
  • e537812 chore(release): 11.8.0
  • 42ff044 feat: pull SPDX license IDs v1.1-3.28.0 (#986)
  • 590402a chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.1 (#963)
  • 051abce chore(deps): bump actions/download-artifact from 7.0.0 to 8.0.1 (#964)
  • bc961ef chore(deps): bump actions/create-github-app-token from 3.1.1 to 3.2.0 (#982)
  • 303889b feat: add support CycloneDX 1.7.1 & 1.6.2 & 1.5.1 (#985)
  • Additional commits viewable in compare view

Updates idna from 3.16 to 3.18

Changelog

Sourced from idna's changelog.

3.18 (2026-06-02)

  • When decoding a domain, add a display argument that will pass through invalid labels rather than raising an exception.

3.17 (2026-05-28)

  • Substantial 75% reduction in memory usage through new data structures and some optimization in processing speed.
  • Added a general 1024-character input length cap to the public validation, conversion, and codec entry points. This is well above any legitimate domain or label and guards against pathological inputs.
Commits
  • f39ea90 Release 3.18
  • 40f4e40 Pre-release 3.18rc0
  • 1a5bf80 Merge pull request #253 from kjd/lenient-decode
  • 5bbb26f Merge branch 'master' into lenient-decode
  • c532bae Rename decode() lenient= option to display= (issue #248)
  • 0b1758b Merge pull request #252 from kjd/release-3.17
  • f48619c Release 3.17
  • 7421ba8 Pre-release 3.17rc0
  • 22ebb73 Merge pull request #251 from kjd/structure-optimizations
  • 2a7ac0a Drop redundant parallel-arrays comment from uts46data
  • Additional commits viewable in compare view

Updates snowballstemmer from 3.1.0 to 3.1.1

Changelog

Sourced from snowballstemmer's changelog.

Snowball 3.1.1 (2026-06-03)

Compiler changes

  • Bug fixes:

    • Fix a segmentation fault after reporting an error for a string command not followed by a string variable name or string literal. Bug introduced in 3.1.0. Patch from Jerry James (#287).

  • Compiler command-line options:

    • Emit an error for -o -/-output -. Output to stdout is not supported because we need to generate multiple files for some target languages. We were interpreting - as a base filename to append extensions to, so we'd create -.c and -.h for C, but creating filenames that start with - seems unhelpful.

Generic code generation changes

  • Bug fixes:

    • Variable localisation was failing to check the expression on the RHS of an integer test for uses of a variable, so could incorrectly localise an integer variable whose value should have persisted between calls to a function. This bug won't realistically manifest in real world Snowball code.

  • Optimisations:

    • Inline some routines which are only used once. This is done for routines consisting of a single non-compound command (or cases such as not <boolean> and goto <grouping> which we internally synthesise a non-compound command for). Localisation of variables happens after inlining, so variables can now be localised in more cases.

    • test next and not next are both now simplified to a comparison between cursor and limit (like not atlimit and atlimit). We already normalise hop 1 to next, so test hop 1 and not hop 1 are also simplified in this way.

    • Simplify not applied to an integer test by removing the not and flipping the sense of the test (e.g. not $(x > y) becomes $(x <= y)) which results in simpler generated code. More usefully in real world code, this also results in simpler generated code for not atlimit (since atlimit is converted $(cursor >= limit) or $(cursor <= limit) (depending on the current direction).

... (truncated)

Commits
  • cd195b5 Update for 3.1.1
  • 80d885c NEWS: Update draft entry
  • 5346c74 C++: Compile runtime as C++
  • 537f970 python: Add classifier for 3.14
  • 3aeb013 python: Skip Natural Language :: Sesotho classifier
  • 91fa20b NEWS: Update draft entry
  • a04abeb Don't use extern "C" for functions which can throw
  • 49bb623 C++: Hook up properly
  • 7ab50ed CI: Fix coverage job
  • 5f0a33c NEWS: Add draft entry
  • Additional commits viewable in compare view

Updates beautifulsoup4 from 4.14.3 to 4.15.0

Updates docutils from 0.22.4 to 0.23

Commits

Updates ruamel-yaml from 0.18.16 to 0.19.1

Updates sphinx-tabs from 3.4.5 to 3.4.7

Release notes

Sourced from sphinx-tabs's releases.

Version 3.4.7

As previous release, but with working deployment to PyPI

Version 3.4.6

What's Changed

New Contributors

Full Changelog: executablebooks/sphinx-tabs@v3.4.5...v3.4.6

Changelog

Sourced from sphinx-tabs's changelog.

Change Log

3.5.0 - 2026-03-02

  • Adding support for up to Sphinx 9.1 and dropped support for versions <7.
  • Adding support for docutils 0.22.
  • Adding support for up to Python 3.14 and dropped support for versions <3.10.
Commits

Updates sphinx-toolbox from 4.1.2 to 4.2.0

Release notes

Sourced from sphinx-toolbox's releases.

Version 4.2.0

Automatically copied from PyPI.

Powered by OctoCheese
📝 docs | :octocat: repo | 🙋 issues | 🏪 marketplace

Version 4.2.0rc1

Automatically copied from PyPI.

Powered by OctoCheese
📝 docs | :octocat: repo | 🙋 issues | 🏪 marketplace

Changelog

Sourced from sphinx-toolbox's changelog.

4.2.0

  • Remove cap on ruamel.yaml (:pr:214)
  • Updates to more_autodoc for Sphinx 9 compatibility.

4.1.0

General compatibility updates

4.0.0

The :mod:sphinx_toolbox.source module no longer enables the :mod:sphinx_toolbox.github extension automatically. If you have :confval:source_link_target set to 'GitHub' you may need to enable the extension manually.

3.10.0

Allow GitHub branch to be specified for :rst:dir:installation directive.

3.9.0

Improved support for Sphinx 8.1+

3.8.2

(BUG) Fix GitHub issue title parsing.

3.8.0

Improved support for Sphinx 7.3+

3.7.0

  • Add :class:sphinx_toolbox.more_autodoc.variables.PropertyDocumenter.
  • Use sphinx's HTML5Translator over HTMLTranslator.

... (truncated)

Commits

Updates standard-imghdr from 3.10.14 to 3.13.0

Commits
  • eb25886 release workflow
  • 4dcb009 Prepare 3.13-compatible release
  • 2af39a1 Merge pull request #36 from youknowone/remove-distutils
  • 48dbc68 Strike distutils from README
  • 90f6422 Remove distutils from test
  • 3318056 Improve test helper script
  • 5218c79 Revert aifc changes to use chunkmuncher and add standard-chunk
  • fa65973 Merge pull request #33 from youknowone/distutils-3.11
  • d8eb34d distutils 3.11.9
  • 925bc8e distutils 3.10.14
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the ci-constraints group across 1 directory with 9 updates
59725e9 
Bumps the ci-constraints group with 9 updates in the /ci directory:

| Package | From | To |
| --- | --- | --- |
| [cyclonedx-python-lib](https://github.com/CycloneDX/cyclonedx-python-lib) | `11.7.0` | `11.9.0` |
| [idna](https://github.com/kjd/idna) | `3.16` | `3.18` |
| [snowballstemmer](https://github.com/snowballstem/snowball) | `3.1.0` | `3.1.1` |
| [beautifulsoup4](https://www.crummy.com/software/BeautifulSoup/bs4/) | `4.14.3` | `4.15.0` |
| [docutils](https://github.com/rtfd/recommonmark) | `0.22.4` | `0.23` |
| ruamel-yaml | `0.18.16` | `0.19.1` |
| [sphinx-tabs](https://github.com/executablebooks/sphinx-tabs) | `3.4.5` | `3.4.7` |
| [sphinx-toolbox](https://github.com/sphinx-toolbox/sphinx-toolbox) | `4.1.2` | `4.2.0` |
| [standard-imghdr](https://github.com/youknowone/python-deadlib) | `3.10.14` | `3.13.0` |



Updates `cyclonedx-python-lib` from 11.7.0 to 11.9.0
- [Release notes](https://github.com/CycloneDX/cyclonedx-python-lib/releases)
- [Changelog](https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md)
- [Commits](CycloneDX/cyclonedx-python-lib@v11.7.0...v11.9.0)

Updates `idna` from 3.16 to 3.18
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.md)
- [Commits](kjd/idna@v3.16...v3.18)

Updates `snowballstemmer` from 3.1.0 to 3.1.1
- [Changelog](https://github.com/snowballstem/snowball/blob/main/NEWS)
- [Commits](snowballstem/snowball@v3.1.0...v3.1.1)

Updates `beautifulsoup4` from 4.14.3 to 4.15.0

Updates `docutils` from 0.22.4 to 0.23
- [Changelog](https://github.com/readthedocs/recommonmark/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rtfd/recommonmark/commits)

Updates `ruamel-yaml` from 0.18.16 to 0.19.1

Updates `sphinx-tabs` from 3.4.5 to 3.4.7
- [Release notes](https://github.com/executablebooks/sphinx-tabs/releases)
- [Changelog](https://github.com/executablebooks/sphinx-tabs/blob/main/CHANGELOG.md)
- [Commits](executablebooks/sphinx-tabs@v3.4.5...v3.4.7)

Updates `sphinx-toolbox` from 4.1.2 to 4.2.0
- [Release notes](https://github.com/sphinx-toolbox/sphinx-toolbox/releases)
- [Changelog](https://github.com/sphinx-toolbox/sphinx-toolbox/blob/master/doc-source/changelog.rst)
- [Commits](sphinx-toolbox/sphinx-toolbox@v4.1.2...v4.2.0)

Updates `standard-imghdr` from 3.10.14 to 3.13.0
- [Release notes](https://github.com/youknowone/python-deadlib/releases)
- [Commits](youknowone/python-deadlib@v3.10.14...v3.13.0)

---
updated-dependencies:
- dependency-name: cyclonedx-python-lib
  dependency-version: 11.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ci-constraints
- dependency-name: idna
  dependency-version: '3.18'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ci-constraints
- dependency-name: snowballstemmer
  dependency-version: 3.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: ci-constraints
- dependency-name: beautifulsoup4
  dependency-version: 4.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ci-constraints
- dependency-name: docutils
  dependency-version: '0.23'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ci-constraints
- dependency-name: ruamel-yaml
  dependency-version: 0.19.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ci-constraints
- dependency-name: sphinx-tabs
  dependency-version: 3.4.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: ci-constraints
- dependency-name: sphinx-toolbox
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ci-constraints
- dependency-name: standard-imghdr
  dependency-version: 3.13.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ci-constraints
...

Signed-off-by: dependabot[bot] <support@github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

ci dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants