Skip to content

Improve presentation of non-verbose downloads with non-PyPI indexes#13494

Merged
pradyunsg merged 2 commits intopypa:mainfrom
pradyunsg:improve-presentation-of-non-pypi-files
Apr 24, 2026
Merged

Improve presentation of non-verbose downloads with non-PyPI indexes#13494
pradyunsg merged 2 commits intopypa:mainfrom
pradyunsg:improve-presentation-of-non-pypi-files

Conversation

@pradyunsg
Copy link
Copy Markdown
Member

@pradyunsg pradyunsg commented Jul 20, 2025
edited
Loading

Before:

❯ pip download --index-url https://www.piwheels.org/simple --dest /tmp/throwaway revpy
Looking in indexes: https://www.piwheels.org/simple
Collecting revpy
  Using cached https://archive1.piwheels.org/simple/revpy/revpy-0.1.1-py3-none-any.whl (11 kB)
Saved /private/tmp/throwaway/revpy-0.1.1-py3-none-any.whl
Successfully downloaded revpy

After:

❯ pip download --index-url https://www.piwheels.org/simple --dest /tmp/throwaway revpy
Looking in indexes: https://www.piwheels.org/simple
Collecting revpy
  Downloading revpy-0.1.1-py3-none-any.whl (11 kB)
Saved /private/tmp/throwaway/revpy-0.1.1-py3-none-any.whl
Successfully downloaded revpy

This is a notable improvement if you end up mirroring PyPI's artifact structure in a different index, and end up with URLs like https://files.pythonhosted.org/packages/29/a2/d40fb2460e883eca5199c62cfc2463fd261f760556ae6290f88488c362c0/pip-25.1.1-py3-none-any.whl that end up being really verbose for long install sessions.

@pradyunsg pradyunsg force-pushed the improve-presentation-of-non-pypi-files branch 2 times, most recently from a6c05fd to 791068a Compare July 20, 2025 10:33
ichard26
ichard26 approved these changes Aug 14, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@ichard26 ichard26 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm a little worried that this will lead to user confusion when multiple indexes are in use and pip downloads packages from several indexes1, but I suppose it doesn't matter too much in practice. They can still enable verbose mode and get the full URL.

Could you add a changelog entry? Thanks!

Footnotes

  1. We had an issue filed because pip was downloading full wheels during dependency resolution. The root problem was that they were using a third-party index which had not implemented PEP 658 yet.

@notatallshaw notatallshaw added this to the 25.3 milestone Oct 15, 2025
@notatallshaw
Copy link
Copy Markdown
Member

notatallshaw commented Oct 18, 2025

@pradyunsg are you still interested in merging this?

@pradyunsg
Copy link
Copy Markdown
Member Author

pradyunsg commented Oct 18, 2025

Interested, yes.

Will I have the bandwidth in the near future? Sadly, no.

If someone else would like to pick this up, please feel welcome to do so!

@notatallshaw notatallshaw modified the milestones: 25.3, 26.0 Oct 23, 2025
@notatallshaw notatallshaw added the state: up for grabs (PR) Good idea, but needs a new champion as the PR author is busy or unreachable. label Jan 17, 2026
@notatallshaw notatallshaw modified the milestones: 26.0, 26.1 Jan 17, 2026
@sbidoul sbidoul removed this from the 26.1 milestone Apr 12, 2026
@pradyunsg pradyunsg force-pushed the improve-presentation-of-non-pypi-files branch from 791068a to 7116360 Compare April 24, 2026 07:24
@pradyunsg pradyunsg removed the state: up for grabs (PR) Good idea, but needs a new champion as the PR author is busy or unreachable. label Apr 24, 2026
@pradyunsg
Copy link
Copy Markdown
Member Author

pradyunsg commented Apr 24, 2026

I'm a little worried that this will lead to user confusion when multiple indexes are in use and pip downloads packages from several indexes1, but I suppose it doesn't matter too much in practice.

I think we can cover this by evolving show_url to do a better job of disambiguating those.

@pradyunsg pradyunsg enabled auto-merge (squash) April 24, 2026 07:25
@pradyunsg pradyunsg merged commit 71713a6 into pypa:main Apr 24, 2026
37 checks passed
@pradyunsg pradyunsg deleted the improve-presentation-of-non-pypi-files branch April 24, 2026 08:36
bilalobe pushed a commit to bilalobe/trackone that referenced this pull request Apr 26, 2026
@dependabot
chore(deps): bump pip from 26.0.1 to 26.1 (#262)
b330eaf 
Bumps [pip](https://github.com/pypa/pip) from 26.0.1 to 26.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>26.1 (2026-04-26)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Drop support for Python 3.9.
(<code>[#13795](pypa/pip#13795)
&lt;https://github.com/pypa/pip/issues/13795&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Add experimental support to read requirements from standardized
pylock.toml files (<code>-r pylock.toml</code>).
(<code>[#13876](pypa/pip#13876)
&lt;https://github.com/pypa/pip/issues/13876&gt;</code>_)</li>
<li>Allow <code>--uploaded-prior-to</code> to accept a duration in days
(e.g., <code>P3D</code> for 3 days ago).
(<code>[#13674](pypa/pip#13674)
&lt;https://github.com/pypa/pip/issues/13674&gt;</code>_)</li>
</ul>
<h2>Enhancements</h2>
<ul>
<li>Speed up dependency resolution when there are complex conflicts.
(<code>[#13859](pypa/pip#13859)
&lt;https://github.com/pypa/pip/issues/13859&gt;</code>_)</li>
<li>Reduce memory usage when resolving large dependency trees.
(<code>[#13843](pypa/pip#13843)
&lt;https://github.com/pypa/pip/issues/13843&gt;</code>_)</li>
<li>Emit a deprecation warning when pip imports an unexpected module
after
installation of a distribution has started.
(<code>[#13912](pypa/pip#13912)
&lt;https://github.com/pypa/pip/issues/13912&gt;</code>_)</li>
<li>Allow URL constraints to apply to requirements with extras.
(<code>[#12018](pypa/pip#12018)
&lt;https://github.com/pypa/pip/issues/12018&gt;</code>_)</li>
<li>Allow unpinned requirements to use hashes from constraints.
Constraints
like <code>{name}=={version} --hash=...</code> feeds into hash
verification for
a corresponding requirement.
(<code>[#9243](pypa/pip#9243)
&lt;https://github.com/pypa/pip/issues/9243&gt;</code>_)</li>
<li>Improve conflict reports that involve direct URLs.
(<code>[#13932](pypa/pip#13932)
&lt;https://github.com/pypa/pip/issues/13932&gt;</code>_)</li>
<li>Show all errors instead of first error for faulty
<code>dependency_groups</code> definitions.
(<code>[#13917](pypa/pip#13917)
&lt;https://github.com/pypa/pip/issues/13917&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Fix recovery hint for missing RECORD file to use
<code>--ignore-installed</code>
instead of <code>--force-reinstall</code>.
(<code>[#12645](pypa/pip#12645)
&lt;https://github.com/pypa/pip/issues/12645&gt;</code>_)</li>
<li>Fix misleading error message when a constraint file cannot be
opened. (<code>[#13226](pypa/pip#13226)
&lt;https://github.com/pypa/pip/issues/13226&gt;</code>_)</li>
<li>Show the filename rather than the full URL when downloading files
from non-PyPI indexes in non-verbose mode.
(<code>[#13494](pypa/pip#13494)
&lt;https://github.com/pypa/pip/issues/13494&gt;</code>_)</li>
<li>Remove the adjacent <code>__pycache__</code> directory when a .py
file is removed.
(<code>[#13725](pypa/pip#13725)
&lt;https://github.com/pypa/pip/issues/13725&gt;</code>_)</li>
<li>Force UTF-8 encoding for :pep:<code>723</code> metadata.
(<code>[#13861](pypa/pip#13861)
&lt;https://github.com/pypa/pip/issues/13861&gt;</code>_)</li>
<li>Minor performance improvement when filtering candidates during
resolution. (<code>[#13916](pypa/pip#13916)
&lt;https://github.com/pypa/pip/issues/13916&gt;</code>_)</li>
<li>Fix a hang on Windows when stdout is closed during verbose output.
(<code>[#13927](pypa/pip#13927)
&lt;https://github.com/pypa/pip/issues/13927&gt;</code>_)</li>
<li>Common path prefixes are determined by path segment, not character
by character. (<code>[#13847](pypa/pip#13847)
&lt;https://github.com/pypa/pip/issues/13847&gt;</code>_)</li>
<li>Fix installing <code>.tar.gz</code> source distributions that look
like a zip file.
(<code>[#13867](pypa/pip#13867)
&lt;https://github.com/pypa/pip/issues/13867&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade certifi to 2026.2.25</li>
<li>Upgrade packaging to 26.2</li>
<li>Upgrade requests to 2.33.1</li>
<li>Upgrade tomli to 2.3.1</li>
<li>Upgrade urllib3 to 2.6.3</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/90b2b3e0f7ef75c485155716d904e51654575803"><code>90b2b3e</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/193f289a6201f801b23885297332461ac8a65b6b"><code>193f289</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/63c3709071c9596d7f4676502a90a3b06f241772"><code>63c3709</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13876">#13876</a> from
sbidoul/install-from-pylock-reqs-sbi</li>
<li><a
href="https://github.com/pypa/pip/commit/e5fe7023ffe74a5895571eaf57bdd2989018fbf2"><code>e5fe702</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13949">#13949</a> from
pypa/revert-13888-resolver-editable-links</li>
<li><a
href="https://github.com/pypa/pip/commit/122a14a8cd3dae7b3e959641f0b45849d4b21618"><code>122a14a</code></a>
Revert &quot;Allow editable installs to satisfy direct-URL dependencies
(<a
href="https://redirect.github.com/pypa/pip/issues/13888">#13888</a>)&quot;</li>
<li><a
href="https://github.com/pypa/pip/commit/c3352524aae95ae959d4727dda5b5c65752261b3"><code>c335252</code></a>
-r pylock.toml: add pip-wheel -r pylock.toml test</li>
<li><a
href="https://github.com/pypa/pip/commit/ba2fc12b7f386d89e233bdfd49e7b89d1af57ad1"><code>ba2fc12</code></a>
-r pylock.toml: proper error with remote pylock.toml containing
directory ent...</li>
<li><a
href="https://github.com/pypa/pip/commit/747c4ae88837a8bb13946fe9d1b612c162a2e3df"><code>747c4ae</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13948">#13948</a> from
ichard26/reword-news</li>
<li><a
href="https://github.com/pypa/pip/commit/3517841c5e2d92e04dbef52c61a8fa967c059efa"><code>3517841</code></a>
-r pylock: refine filename pylock-ness test</li>
<li><a
href="https://github.com/pypa/pip/commit/2f7ad8caeed4471e63958df6cacba3a66a215588"><code>2f7ad8c</code></a>
-r pylock.toml: fix crash with pip wheel and pip lock</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/26.0.1...26.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=uv&previous-version=26.0.1&new-version=26.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/bilalobe/trackone/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
github-actions Bot pushed a commit to awslabs/aurora-dsql-orms that referenced this pull request Apr 27, 2026
@dependabot
build(deps-dev): bump the python-django group in /python/django with …
aa10ce4 
…4 updates (#408)

Bumps the python-django group in /python/django with 4 updates:
[pip](https://github.com/pypa/pip),
[psycopg2-binary](https://github.com/psycopg/psycopg2),
[ruff](https://github.com/astral-sh/ruff) and
[wheel](https://github.com/pypa/wheel).

Updates `pip` from 26.0.1 to 26.1
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>26.1 (2026-04-26)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Drop support for Python 3.9.
(<code>[#13795](pypa/pip#13795)
&lt;https://github.com/pypa/pip/issues/13795&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Add experimental support to read requirements from standardized
pylock.toml files (<code>-r pylock.toml</code>).
(<code>[#13876](pypa/pip#13876)
&lt;https://github.com/pypa/pip/issues/13876&gt;</code>_)</li>
<li>Allow <code>--uploaded-prior-to</code> to accept a duration in days
(e.g., <code>P3D</code> for 3 days ago).
(<code>[#13674](pypa/pip#13674)
&lt;https://github.com/pypa/pip/issues/13674&gt;</code>_)</li>
</ul>
<h2>Enhancements</h2>
<ul>
<li>Speed up dependency resolution when there are complex conflicts.
(<code>[#13859](pypa/pip#13859)
&lt;https://github.com/pypa/pip/issues/13859&gt;</code>_)</li>
<li>Reduce memory usage when resolving large dependency trees.
(<code>[#13843](pypa/pip#13843)
&lt;https://github.com/pypa/pip/issues/13843&gt;</code>_)</li>
<li>Emit a deprecation warning when pip imports an unexpected module
after
installation of a distribution has started.
(<code>[#13912](pypa/pip#13912)
&lt;https://github.com/pypa/pip/issues/13912&gt;</code>_)</li>
<li>Allow URL constraints to apply to requirements with extras.
(<code>[#12018](pypa/pip#12018)
&lt;https://github.com/pypa/pip/issues/12018&gt;</code>_)</li>
<li>Allow unpinned requirements to use hashes from constraints.
Constraints
like <code>{name}=={version} --hash=...</code> feeds into hash
verification for
a corresponding requirement.
(<code>[#9243](pypa/pip#9243)
&lt;https://github.com/pypa/pip/issues/9243&gt;</code>_)</li>
<li>Improve conflict reports that involve direct URLs.
(<code>[#13932](pypa/pip#13932)
&lt;https://github.com/pypa/pip/issues/13932&gt;</code>_)</li>
<li>Show all errors instead of first error for faulty
<code>dependency_groups</code> definitions.
(<code>[#13917](pypa/pip#13917)
&lt;https://github.com/pypa/pip/issues/13917&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Fix recovery hint for missing RECORD file to use
<code>--ignore-installed</code>
instead of <code>--force-reinstall</code>.
(<code>[#12645](pypa/pip#12645)
&lt;https://github.com/pypa/pip/issues/12645&gt;</code>_)</li>
<li>Fix misleading error message when a constraint file cannot be
opened. (<code>[#13226](pypa/pip#13226)
&lt;https://github.com/pypa/pip/issues/13226&gt;</code>_)</li>
<li>Show the filename rather than the full URL when downloading files
from non-PyPI indexes in non-verbose mode.
(<code>[#13494](pypa/pip#13494)
&lt;https://github.com/pypa/pip/issues/13494&gt;</code>_)</li>
<li>Remove the adjacent <code>__pycache__</code> directory when a .py
file is removed.
(<code>[#13725](pypa/pip#13725)
&lt;https://github.com/pypa/pip/issues/13725&gt;</code>_)</li>
<li>Force UTF-8 encoding for :pep:<code>723</code> metadata.
(<code>[#13861](pypa/pip#13861)
&lt;https://github.com/pypa/pip/issues/13861&gt;</code>_)</li>
<li>Minor performance improvement when filtering candidates during
resolution. (<code>[#13916](pypa/pip#13916)
&lt;https://github.com/pypa/pip/issues/13916&gt;</code>_)</li>
<li>Fix a hang on Windows when stdout is closed during verbose output.
(<code>[#13927](pypa/pip#13927)
&lt;https://github.com/pypa/pip/issues/13927&gt;</code>_)</li>
<li>Common path prefixes are determined by path segment, not character
by character. (<code>[#13847](pypa/pip#13847)
&lt;https://github.com/pypa/pip/issues/13847&gt;</code>_)</li>
<li>Fix installing <code>.tar.gz</code> source distributions that look
like a zip file.
(<code>[#13867](pypa/pip#13867)
&lt;https://github.com/pypa/pip/issues/13867&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade certifi to 2026.2.25</li>
<li>Upgrade packaging to 26.2</li>
<li>Upgrade requests to 2.33.1</li>
<li>Upgrade tomli to 2.3.1</li>
<li>Upgrade urllib3 to 2.6.3</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/90b2b3e0f7ef75c485155716d904e51654575803"><code>90b2b3e</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/193f289a6201f801b23885297332461ac8a65b6b"><code>193f289</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/63c3709071c9596d7f4676502a90a3b06f241772"><code>63c3709</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13876">#13876</a> from
sbidoul/install-from-pylock-reqs-sbi</li>
<li><a
href="https://github.com/pypa/pip/commit/e5fe7023ffe74a5895571eaf57bdd2989018fbf2"><code>e5fe702</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13949">#13949</a> from
pypa/revert-13888-resolver-editable-links</li>
<li><a
href="https://github.com/pypa/pip/commit/122a14a8cd3dae7b3e959641f0b45849d4b21618"><code>122a14a</code></a>
Revert &quot;Allow editable installs to satisfy direct-URL dependencies
(<a
href="https://redirect.github.com/pypa/pip/issues/13888">#13888</a>)&quot;</li>
<li><a
href="https://github.com/pypa/pip/commit/c3352524aae95ae959d4727dda5b5c65752261b3"><code>c335252</code></a>
-r pylock.toml: add pip-wheel -r pylock.toml test</li>
<li><a
href="https://github.com/pypa/pip/commit/ba2fc12b7f386d89e233bdfd49e7b89d1af57ad1"><code>ba2fc12</code></a>
-r pylock.toml: proper error with remote pylock.toml containing
directory ent...</li>
<li><a
href="https://github.com/pypa/pip/commit/747c4ae88837a8bb13946fe9d1b612c162a2e3df"><code>747c4ae</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13948">#13948</a> from
ichard26/reword-news</li>
<li><a
href="https://github.com/pypa/pip/commit/3517841c5e2d92e04dbef52c61a8fa967c059efa"><code>3517841</code></a>
-r pylock: refine filename pylock-ness test</li>
<li><a
href="https://github.com/pypa/pip/commit/2f7ad8caeed4471e63958df6cacba3a66a215588"><code>2f7ad8c</code></a>
-r pylock.toml: fix crash with pip wheel and pip lock</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/26.0.1...26.1">compare
view</a></li>
</ul>
</details>
<br />

Updates `psycopg2-binary` from 2.9.11 to 2.9.12
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/psycopg/psycopg2/blob/master/NEWS">psycopg2-binary's
changelog</a>.</em></p>
<blockquote>
<h2>Current release</h2>
<p>What's new in psycopg 2.9.12
^^^^^^^^^^^^^^^^^^^^^^^^^^^^</p>
<ul>
<li>Fix infinite loop with malformed interval
(:ticket:<code>1835</code>).</li>
</ul>
<p>What's new in psycopg 2.9.11
^^^^^^^^^^^^^^^^^^^^^^^^^^^^</p>
<ul>
<li>Add support for Python 3.14.</li>
<li>Avoid a segfault passing more arguments than placeholders if Python
is built
with assertions enabled
(:ticket:<code>[#1791](https://github.com/psycopg/psycopg2/issues/1791)</code>).</li>
<li>Add riscv64 platform binary packages
(:ticket:<code>[#1813](https://github.com/psycopg/psycopg2/issues/1813)</code>).</li>
<li><code>~psycopg2.errorcodes</code> map and
<code>~psycopg2.errors</code> classes updated to
PostgreSQL 18.</li>
<li>Drop support for Python 3.8.</li>
</ul>
<p>What's new in psycopg 2.9.10
^^^^^^^^^^^^^^^^^^^^^^^^^^^^</p>
<ul>
<li>Add support for Python 3.13.</li>
<li>Receive notifications on commit
(:ticket:<code>[#1728](https://github.com/psycopg/psycopg2/issues/1728)</code>).</li>
<li><code>~psycopg2.errorcodes</code> map and
<code>~psycopg2.errors</code> classes updated to
PostgreSQL 17.</li>
<li>Drop support for Python 3.7.</li>
</ul>
<p>What's new in psycopg 2.9.9
^^^^^^^^^^^^^^^^^^^^^^^^^^^</p>
<ul>
<li>Add support for Python 3.12.</li>
<li>Drop support for Python 3.6.</li>
</ul>
<p>What's new in psycopg 2.9.8
^^^^^^^^^^^^^^^^^^^^^^^^^^^</p>
<ul>
<li>Wheel package bundled with PostgreSQL 16 libpq in order to add
support for
recent features, such as <code>sslcertmode</code>.</li>
</ul>
<p>What's new in psycopg 2.9.7
^^^^^^^^^^^^^^^^^^^^^^^^^^^</p>
<ul>
<li>Fix propagation of exceptions raised during module initialization

(:ticket:<code>[#1598](https://github.com/psycopg/psycopg2/issues/1598)</code>).</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/psycopg/psycopg2/commit/3a6d9d6ddc6b53eaa80b712f5fa6b23abbdc38db"><code>3a6d9d6</code></a>
ci: include almalinux in whieel building</li>
<li><a
href="https://github.com/psycopg/psycopg2/commit/ebca6bf0f86bc6cbdc86de1eb3a53eaf49966d86"><code>ebca6bf</code></a>
chore: bump to version 3.9.12</li>
<li><a
href="https://github.com/psycopg/psycopg2/commit/0196f02cc9512df8de3c941f87d27bda98f9f7af"><code>0196f02</code></a>
build(deps): bump pypa/cibuildwheel from 3.3.1 to 3.4.0</li>
<li><a
href="https://github.com/psycopg/psycopg2/commit/d157bdc2235a42dc1742936dbb0f5cfc8e4d2eb7"><code>d157bdc</code></a>
build(deps): bump docker/setup-qemu-action from 3 to 4</li>
<li><a
href="https://github.com/psycopg/psycopg2/commit/7fccc0f5066a40dea530512abbf02621f4182b81"><code>7fccc0f</code></a>
build(deps): bump actions/upload-artifact from 6 to 7</li>
<li><a
href="https://github.com/psycopg/psycopg2/commit/d52a61eb2e6095fc1b9891bfcca44ebfac509e55"><code>d52a61e</code></a>
chore: bump dependency libraries</li>
<li><a
href="https://github.com/psycopg/psycopg2/commit/b231d726a01d55e07ec3620b2b82f4a2da37ba62"><code>b231d72</code></a>
chore: fix building binary images</li>
<li><a
href="https://github.com/psycopg/psycopg2/commit/6d76e8479f0f522c2e07ce0e2701030d8fd63785"><code>6d76e84</code></a>
Merge pull request <a
href="https://redirect.github.com/psycopg/psycopg2/issues/1836">#1836</a>
from psycopg/fix-1835</li>
<li><a
href="https://github.com/psycopg/psycopg2/commit/f7e314c7ab418ab9b9956e694956089a49c5c3b9"><code>f7e314c</code></a>
fix: overflow in malformed interval</li>
<li><a
href="https://github.com/psycopg/psycopg2/commit/eb905c124b75f2a5183d22177b85af20914b0f17"><code>eb905c1</code></a>
docs: replace bare except clause with except Exception</li>
<li>Additional commits viewable in <a
href="https://github.com/psycopg/psycopg2/compare/2.9.11...2.9.12">compare
view</a></li>
</ul>
</details>
<br />

Updates `ruff` from 0.15.11 to 0.15.12
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/astral-sh/ruff/releases">ruff's
releases</a>.</em></p>
<blockquote>
<h2>0.15.12</h2>
<h2>Release Notes</h2>
<p>Released on 2026-04-24.</p>
<h3>Preview features</h3>
<ul>
<li>Implement <code>#ruff:file-ignore</code> file-level suppressions (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23599">#23599</a>)</li>
<li>Implement <code>#ruff:ignore</code> logical-line suppressions (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23404">#23404</a>)</li>
<li>Revert preview changes to displayed diagnostic severity in LSP (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24789">#24789</a>)</li>
<li>[<code>airflow</code>] Implement
<code>task-branch-as-short-circuit</code> (<code>AIR004</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23579">#23579</a>)</li>
<li>[<code>flake8-bugbear</code>] Fix
<code>break</code>/<code>continue</code> handling in
<code>loop-iterator-mutation</code> (<code>B909</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24440">#24440</a>)</li>
<li>[<code>pylint</code>] Fix <code>PLC2701</code> for type parameter
scopes (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24576">#24576</a>)</li>
</ul>
<h3>Rule changes</h3>
<ul>
<li>[<code>pandas-vet</code>] Suggest <code>.array</code> as well in
<code>PD011</code> (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24805">#24805</a>)</li>
</ul>
<h3>CLI</h3>
<ul>
<li>Respect default Unix permissions for cache files (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24794">#24794</a>)</li>
</ul>
<h3>Documentation</h3>
<ul>
<li>[<code>pylint</code>] Fix <code>PLR0124</code> description not to
claim self-comparison always returns the same value (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24749">#24749</a>)</li>
<li>[<code>pyupgrade</code>] Expand docs on reusable
<code>TypeVar</code>s and scoping (<code>UP046</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24153">#24153</a>)</li>
<li>Improve rules table accessibility (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24711">#24711</a>)</li>
</ul>
<h3>Contributors</h3>
<ul>
<li><a href="https://github.com/dylwil3"><code>@​dylwil3</code></a></li>
<li><a
href="https://github.com/AlexWaygood"><code>@​AlexWaygood</code></a></li>
<li><a
href="https://github.com/woodruffw"><code>@​woodruffw</code></a></li>
<li><a
href="https://github.com/avasis-ai"><code>@​avasis-ai</code></a></li>
<li><a href="https://github.com/Dev-iL"><code>@​Dev-iL</code></a></li>
<li><a
href="https://github.com/denyszhak"><code>@​denyszhak</code></a></li>
<li><a
href="https://github.com/ShipItAndPray"><code>@​ShipItAndPray</code></a></li>
<li><a
href="https://github.com/anishgirianish"><code>@​anishgirianish</code></a></li>
<li><a
href="https://github.com/augustelalande"><code>@​augustelalande</code></a></li>
<li><a
href="https://github.com/amyreese"><code>@​amyreese</code></a></li>
<li><a
href="https://github.com/majiayu000"><code>@​majiayu000</code></a></li>
</ul>
<h2>Install ruff 0.15.12</h2>
<h3>Install prebuilt binaries via shell script</h3>
<pre lang="sh"><code>curl --proto '=https' --tlsv1.2 -LsSf
https://releases.astral.sh/github/ruff/releases/download/0.15.12/ruff-installer.sh
| sh
</code></pre>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md">ruff's
changelog</a>.</em></p>
<blockquote>
<h2>0.15.12</h2>
<p>Released on 2026-04-24.</p>
<h3>Preview features</h3>
<ul>
<li>Implement <code>#ruff:file-ignore</code> file-level suppressions (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23599">#23599</a>)</li>
<li>Implement <code>#ruff:ignore</code> logical-line suppressions (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23404">#23404</a>)</li>
<li>Revert preview changes to displayed diagnostic severity in LSP (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24789">#24789</a>)</li>
<li>[<code>airflow</code>] Implement
<code>task-branch-as-short-circuit</code> (<code>AIR004</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23579">#23579</a>)</li>
<li>[<code>flake8-bugbear</code>] Fix
<code>break</code>/<code>continue</code> handling in
<code>loop-iterator-mutation</code> (<code>B909</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24440">#24440</a>)</li>
<li>[<code>pylint</code>] Fix <code>PLC2701</code> for type parameter
scopes (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24576">#24576</a>)</li>
</ul>
<h3>Rule changes</h3>
<ul>
<li>[<code>pandas-vet</code>] Suggest <code>.array</code> as well in
<code>PD011</code> (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24805">#24805</a>)</li>
</ul>
<h3>CLI</h3>
<ul>
<li>Respect default Unix permissions for cache files (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24794">#24794</a>)</li>
</ul>
<h3>Documentation</h3>
<ul>
<li>[<code>pylint</code>] Fix <code>PLR0124</code> description not to
claim self-comparison always returns the same value (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24749">#24749</a>)</li>
<li>[<code>pyupgrade</code>] Expand docs on reusable
<code>TypeVar</code>s and scoping (<code>UP046</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24153">#24153</a>)</li>
<li>Improve rules table accessibility (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24711">#24711</a>)</li>
</ul>
<h3>Contributors</h3>
<ul>
<li><a href="https://github.com/dylwil3"><code>@​dylwil3</code></a></li>
<li><a
href="https://github.com/AlexWaygood"><code>@​AlexWaygood</code></a></li>
<li><a
href="https://github.com/woodruffw"><code>@​woodruffw</code></a></li>
<li><a
href="https://github.com/avasis-ai"><code>@​avasis-ai</code></a></li>
<li><a href="https://github.com/Dev-iL"><code>@​Dev-iL</code></a></li>
<li><a
href="https://github.com/denyszhak"><code>@​denyszhak</code></a></li>
<li><a
href="https://github.com/ShipItAndPray"><code>@​ShipItAndPray</code></a></li>
<li><a
href="https://github.com/anishgirianish"><code>@​anishgirianish</code></a></li>
<li><a
href="https://github.com/augustelalande"><code>@​augustelalande</code></a></li>
<li><a
href="https://github.com/amyreese"><code>@​amyreese</code></a></li>
<li><a
href="https://github.com/majiayu000"><code>@​majiayu000</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/astral-sh/ruff/commit/66f93cf7ed4d36325f35a452e4afa28268fbcd28"><code>66f93cf</code></a>
Bump 0.15.12 (<a
href="https://redirect.github.com/astral-sh/ruff/issues/24815">#24815</a>)</li>
<li><a
href="https://github.com/astral-sh/ruff/commit/476a4d02e8e3b6c157ac39979d8b698a1b6baa91"><code>476a4d0</code></a>
[ty] Complete support for more detailed diagnostics on possibly unbound
error...</li>
<li><a
href="https://github.com/astral-sh/ruff/commit/ed669eab30095d6c51fe6cdef6050fb01276bcb3"><code>ed669ea</code></a>
Implement <code>#ruff:file-ignore</code> file-level suppressions (<a
href="https://redirect.github.com/astral-sh/ruff/issues/23599">#23599</a>)</li>
<li><a
href="https://github.com/astral-sh/ruff/commit/e73d952e43feb51356ee740c5a973fce81396ff6"><code>e73d952</code></a>
[ty] Include inferred type in <code>invalid-key</code> concise
diagnostic for union/inte...</li>
<li><a
href="https://github.com/astral-sh/ruff/commit/80feb29b31cd98c093316df2e0407b0c70c01b55"><code>80feb29</code></a>
[ty] report only dead annotation-only locals as unused (<a
href="https://redirect.github.com/astral-sh/ruff/issues/24811">#24811</a>)</li>
<li><a
href="https://github.com/astral-sh/ruff/commit/0fbf2bc27336a3d17d39af52cf89b78dcda8c7c8"><code>0fbf2bc</code></a>
Drop deprecated license classifier (<a
href="https://redirect.github.com/astral-sh/ruff/issues/24808">#24808</a>)</li>
<li><a
href="https://github.com/astral-sh/ruff/commit/43b174cc7f2fcb0080bb1d4843cd4bf6b72bbe27"><code>43b174c</code></a>
[ty] Infer lambda parameter types with <code>Callable</code> type
context (<a
href="https://redirect.github.com/astral-sh/ruff/issues/24317">#24317</a>)</li>
<li><a
href="https://github.com/astral-sh/ruff/commit/4f449ae4a2377569330a5ab94799d389357b5a3f"><code>4f449ae</code></a>
[ty] Add error context for intersection types (<a
href="https://redirect.github.com/astral-sh/ruff/issues/24772">#24772</a>)</li>
<li><a
href="https://github.com/astral-sh/ruff/commit/5b4e753acb46e96ad408e4904c15308e33efe307"><code>5b4e753</code></a>
[ty] Add support for goto in literal enum member inlay hint (<a
href="https://redirect.github.com/astral-sh/ruff/issues/24792">#24792</a>)</li>
<li><a
href="https://github.com/astral-sh/ruff/commit/e7cc76275a758ce1c636ea1c2d091fd576aac794"><code>e7cc762</code></a>
[ty] Add error context for TypedDict assignments (<a
href="https://redirect.github.com/astral-sh/ruff/issues/24790">#24790</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/astral-sh/ruff/compare/0.15.11...0.15.12">compare
view</a></li>
</ul>
</details>
<br />

Updates `wheel` from 0.46.3 to 0.47.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/wheel/releases">wheel's
releases</a>.</em></p>
<blockquote>
<h2>0.47.0</h2>
<ul>
<li>Added the <code>wheel info</code> subcommand to display metadata
about wheel files without unpacking them (<a
href="https://redirect.github.com/pypa/wheel/issues/639">#639</a>)</li>
<li>Fixed <code>WheelFile</code> raising <code>Missing RECORD
file</code> when the wheel filename contains uppercase characters (e.g.
<code>Django-3.2.5.whl</code>) but the <code>.dist-info</code> directory
inside uses normalized lowercase naming (<a
href="https://redirect.github.com/pypa/wheel/issues/411">#411</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/wheel/blob/main/docs/news.rst">wheel's
changelog</a>.</em></p>
<blockquote>
<h1>Release Notes</h1>
<p><strong>0.47.0 (2026-04-22)</strong></p>
<ul>
<li>Added the <code>wheel info</code> subcommand to display metadata
about wheel files without
unpacking them (<code>[#639](pypa/wheel#639)
&lt;https://github.com/pypa/wheel/issues/639&gt;</code>_)</li>
<li>Fixed <code>WheelFile</code> raising <code>Missing RECORD
file</code> when the wheel filename contains
uppercase characters (e.g. <code>Django-3.2.5.whl</code>) but the
<code>.dist-info</code> directory
inside uses normalized lowercase naming
(<code>[#411](pypa/wheel#411)
&lt;https://github.com/pypa/wheel/issues/411&gt;</code>_)</li>
</ul>
<p><strong>0.46.3 (2026-01-22)</strong></p>
<ul>
<li>Fixed <code>ImportError: cannot import name '_setuptools_logging'
from 'wheel'</code> when
installed alongside an old version of setuptools and running the
<code>bdist_wheel</code>
command (<code>[#676](pypa/wheel#676)
&lt;https://github.com/pypa/wheel/issues/676&gt;</code>_)</li>
</ul>
<p><strong>0.46.2 (2026-01-22)</strong></p>
<ul>
<li>Restored the <code>bdist_wheel</code> command for compatibility with
<code>setuptools</code> older than
v70.1</li>
<li>Importing <code>wheel.bdist_wheel</code> now emits a
<code>FutureWarning</code> instead of a
<code>DeprecationWarning</code></li>
<li>Fixed <code>wheel unpack</code> potentially altering the permissions
of files outside of the
destination tree with maliciously crafted wheels (CVE-2026-24049)</li>
</ul>
<p><strong>0.46.1 (2025-04-08)</strong></p>
<ul>
<li>Temporarily restored the <code>wheel.macosx_libfile</code> module
(<code>[#659](pypa/wheel#659)
&lt;https://github.com/pypa/wheel/issues/659&gt;</code>_)</li>
</ul>
<p><strong>0.46.0 (2025-04-03)</strong></p>
<ul>
<li>Dropped support for Python 3.8</li>
<li>Removed the <code>bdist_wheel</code> setuptools command
implementation and entry point.
The <code>wheel.bdist_wheel</code> module is now just an alias to
<code>setuptools.command.bdist_wheel</code>, emitting a deprecation
warning on import.</li>
<li>Removed vendored <code>packaging</code> in favor of a run-time
dependency on it</li>
<li>Made the <code>wheel.metadata</code> module private (with a
deprecation warning if it's
imported</li>
<li>Made the <code>wheel.cli</code> package private (no deprecation
warning)</li>
<li>Fixed an exception when calling the <code>convert</code> command
with an empty description
field</li>
</ul>
<p><strong>0.45.1 (2024-11-23)</strong></p>
<ul>
<li>Fixed pure Python wheels converted from eggs and wininst files
having the ABI tag in
the file name</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/wheel/commit/efd83a750f07a33462ea2eed365fd8dac9e51442"><code>efd83a7</code></a>
Created a new release</li>
<li><a
href="https://github.com/pypa/wheel/commit/bb69216d35588c2a0febc2d9a130727fe6e46ee3"><code>bb69216</code></a>
Reordered the changelog entries</li>
<li><a
href="https://github.com/pypa/wheel/commit/d5a1763ce927618bfa7d82abe334d0d14a93cc37"><code>d5a1763</code></a>
fix(wheelfile): resolve .dist-info path case-insensitively when reading
wheel...</li>
<li><a
href="https://github.com/pypa/wheel/commit/5718957928ece25eb0d1c12023c71dea4fcb5cf9"><code>5718957</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/pypa/wheel/issues/685">#685</a>)</li>
<li><a
href="https://github.com/pypa/wheel/commit/625806845ae5756be3cc0f9d44832c29079c0954"><code>6258068</code></a>
chore: log_level is better than log_cli_level (<a
href="https://redirect.github.com/pypa/wheel/issues/684">#684</a>)</li>
<li><a
href="https://github.com/pypa/wheel/commit/2975debc789682b3a448b134611acc6962a93eb3"><code>2975deb</code></a>
Require tox &gt;= 4.22</li>
<li><a
href="https://github.com/pypa/wheel/commit/47674ba770e5ee72d679b7eb32b558e0c177640d"><code>47674ba</code></a>
chore: add check-sdist to checks (<a
href="https://redirect.github.com/pypa/wheel/issues/681">#681</a>)</li>
<li><a
href="https://github.com/pypa/wheel/commit/56223f6f8dfa8d3d40923f24dcf159204698d7b6"><code>56223f6</code></a>
<code>__package__</code> → <code>__spec__.parent</code> (<a
href="https://redirect.github.com/pypa/wheel/issues/679">#679</a>)</li>
<li><a
href="https://github.com/pypa/wheel/commit/0ce509e02dc3cd1b7b0bdf868482de062b3c21c3"><code>0ce509e</code></a>
Added the wheel info subcommand (<a
href="https://redirect.github.com/pypa/wheel/issues/669">#669</a>)</li>
<li><a
href="https://github.com/pypa/wheel/commit/39039c0f3446c1ed5ec52621e98bc2bad8178a06"><code>39039c0</code></a>
Improved the index page</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/wheel/compare/0.46.3...0.47.0">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
github-actions Bot pushed a commit to awslabs/aurora-dsql-orms that referenced this pull request Apr 27, 2026
@dependabot
build(deps-dev): bump the python-tortoise group in /python/tortoise-o…
cceac06 
…rm with 4 updates (#406)

Bumps the python-tortoise group in /python/tortoise-orm with 4 updates:
[pip](https://github.com/pypa/pip),
[pre-commit](https://github.com/pre-commit/pre-commit),
[pyright](https://github.com/RobertCraigie/pyright-python) and
[ruff](https://github.com/astral-sh/ruff).

Updates `pip` from 26.0.1 to 26.1
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>26.1 (2026-04-26)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Drop support for Python 3.9.
(<code>[#13795](pypa/pip#13795)
&lt;https://github.com/pypa/pip/issues/13795&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Add experimental support to read requirements from standardized
pylock.toml files (<code>-r pylock.toml</code>).
(<code>[#13876](pypa/pip#13876)
&lt;https://github.com/pypa/pip/issues/13876&gt;</code>_)</li>
<li>Allow <code>--uploaded-prior-to</code> to accept a duration in days
(e.g., <code>P3D</code> for 3 days ago).
(<code>[#13674](pypa/pip#13674)
&lt;https://github.com/pypa/pip/issues/13674&gt;</code>_)</li>
</ul>
<h2>Enhancements</h2>
<ul>
<li>Speed up dependency resolution when there are complex conflicts.
(<code>[#13859](pypa/pip#13859)
&lt;https://github.com/pypa/pip/issues/13859&gt;</code>_)</li>
<li>Reduce memory usage when resolving large dependency trees.
(<code>[#13843](pypa/pip#13843)
&lt;https://github.com/pypa/pip/issues/13843&gt;</code>_)</li>
<li>Emit a deprecation warning when pip imports an unexpected module
after
installation of a distribution has started.
(<code>[#13912](pypa/pip#13912)
&lt;https://github.com/pypa/pip/issues/13912&gt;</code>_)</li>
<li>Allow URL constraints to apply to requirements with extras.
(<code>[#12018](pypa/pip#12018)
&lt;https://github.com/pypa/pip/issues/12018&gt;</code>_)</li>
<li>Allow unpinned requirements to use hashes from constraints.
Constraints
like <code>{name}=={version} --hash=...</code> feeds into hash
verification for
a corresponding requirement.
(<code>[#9243](pypa/pip#9243)
&lt;https://github.com/pypa/pip/issues/9243&gt;</code>_)</li>
<li>Improve conflict reports that involve direct URLs.
(<code>[#13932](pypa/pip#13932)
&lt;https://github.com/pypa/pip/issues/13932&gt;</code>_)</li>
<li>Show all errors instead of first error for faulty
<code>dependency_groups</code> definitions.
(<code>[#13917](pypa/pip#13917)
&lt;https://github.com/pypa/pip/issues/13917&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Fix recovery hint for missing RECORD file to use
<code>--ignore-installed</code>
instead of <code>--force-reinstall</code>.
(<code>[#12645](pypa/pip#12645)
&lt;https://github.com/pypa/pip/issues/12645&gt;</code>_)</li>
<li>Fix misleading error message when a constraint file cannot be
opened. (<code>[#13226](pypa/pip#13226)
&lt;https://github.com/pypa/pip/issues/13226&gt;</code>_)</li>
<li>Show the filename rather than the full URL when downloading files
from non-PyPI indexes in non-verbose mode.
(<code>[#13494](pypa/pip#13494)
&lt;https://github.com/pypa/pip/issues/13494&gt;</code>_)</li>
<li>Remove the adjacent <code>__pycache__</code> directory when a .py
file is removed.
(<code>[#13725](pypa/pip#13725)
&lt;https://github.com/pypa/pip/issues/13725&gt;</code>_)</li>
<li>Force UTF-8 encoding for :pep:<code>723</code> metadata.
(<code>[#13861](pypa/pip#13861)
&lt;https://github.com/pypa/pip/issues/13861&gt;</code>_)</li>
<li>Minor performance improvement when filtering candidates during
resolution. (<code>[#13916](pypa/pip#13916)
&lt;https://github.com/pypa/pip/issues/13916&gt;</code>_)</li>
<li>Fix a hang on Windows when stdout is closed during verbose output.
(<code>[#13927](pypa/pip#13927)
&lt;https://github.com/pypa/pip/issues/13927&gt;</code>_)</li>
<li>Common path prefixes are determined by path segment, not character
by character. (<code>[#13847](pypa/pip#13847)
&lt;https://github.com/pypa/pip/issues/13847&gt;</code>_)</li>
<li>Fix installing <code>.tar.gz</code> source distributions that look
like a zip file.
(<code>[#13867](pypa/pip#13867)
&lt;https://github.com/pypa/pip/issues/13867&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade certifi to 2026.2.25</li>
<li>Upgrade packaging to 26.2</li>
<li>Upgrade requests to 2.33.1</li>
<li>Upgrade tomli to 2.3.1</li>
<li>Upgrade urllib3 to 2.6.3</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/90b2b3e0f7ef75c485155716d904e51654575803"><code>90b2b3e</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/193f289a6201f801b23885297332461ac8a65b6b"><code>193f289</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/63c3709071c9596d7f4676502a90a3b06f241772"><code>63c3709</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13876">#13876</a> from
sbidoul/install-from-pylock-reqs-sbi</li>
<li><a
href="https://github.com/pypa/pip/commit/e5fe7023ffe74a5895571eaf57bdd2989018fbf2"><code>e5fe702</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13949">#13949</a> from
pypa/revert-13888-resolver-editable-links</li>
<li><a
href="https://github.com/pypa/pip/commit/122a14a8cd3dae7b3e959641f0b45849d4b21618"><code>122a14a</code></a>
Revert &quot;Allow editable installs to satisfy direct-URL dependencies
(<a
href="https://redirect.github.com/pypa/pip/issues/13888">#13888</a>)&quot;</li>
<li><a
href="https://github.com/pypa/pip/commit/c3352524aae95ae959d4727dda5b5c65752261b3"><code>c335252</code></a>
-r pylock.toml: add pip-wheel -r pylock.toml test</li>
<li><a
href="https://github.com/pypa/pip/commit/ba2fc12b7f386d89e233bdfd49e7b89d1af57ad1"><code>ba2fc12</code></a>
-r pylock.toml: proper error with remote pylock.toml containing
directory ent...</li>
<li><a
href="https://github.com/pypa/pip/commit/747c4ae88837a8bb13946fe9d1b612c162a2e3df"><code>747c4ae</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13948">#13948</a> from
ichard26/reword-news</li>
<li><a
href="https://github.com/pypa/pip/commit/3517841c5e2d92e04dbef52c61a8fa967c059efa"><code>3517841</code></a>
-r pylock: refine filename pylock-ness test</li>
<li><a
href="https://github.com/pypa/pip/commit/2f7ad8caeed4471e63958df6cacba3a66a215588"><code>2f7ad8c</code></a>
-r pylock.toml: fix crash with pip wheel and pip lock</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/26.0.1...26.1">compare
view</a></li>
</ul>
</details>
<br />

Updates `pre-commit` from 4.5.1 to 4.6.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pre-commit/pre-commit/releases">pre-commit's
releases</a>.</em></p>
<blockquote>
<h2>pre-commit v4.6.0</h2>
<h3>Features</h3>
<ul>
<li><code>pre-commit hook-impl</code>: allow <code>--hook-dir</code> to
be missing to enable easier usage with <code>git</code> 2.54+ git hooks.
<ul>
<li><a
href="https://redirect.github.com/pre-commit/pre-commit/issues/3662">#3662</a>
PR by <a
href="https://github.com/asottile"><code>@​asottile</code></a>.</li>
</ul>
</li>
</ul>
<h3>Fixes</h3>
<ul>
<li><code>pre-commit hook-impl</code>: <code>--hook-type</code> is
required.
<ul>
<li><a
href="https://redirect.github.com/pre-commit/pre-commit/issues/3661">#3661</a>
PR by <a
href="https://github.com/asottile"><code>@​asottile</code></a>.</li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pre-commit/pre-commit/blob/main/CHANGELOG.md">pre-commit's
changelog</a>.</em></p>
<blockquote>
<h1>4.6.0 - 2026-04-21</h1>
<h3>Features</h3>
<ul>
<li><code>pre-commit hook-impl</code>: allow <code>--hook-dir</code> to
be missing to enable easier
usage with <code>git</code> 2.54+ git hooks.
<ul>
<li><a
href="https://redirect.github.com/pre-commit/pre-commit/issues/3662">#3662</a>
PR by <a
href="https://github.com/asottile"><code>@​asottile</code></a>.</li>
</ul>
</li>
</ul>
<h3>Fixes</h3>
<ul>
<li><code>pre-commit hook-impl</code>: <code>--hook-type</code> is
required.
<ul>
<li><a
href="https://redirect.github.com/pre-commit/pre-commit/issues/3661">#3661</a>
PR by <a
href="https://github.com/asottile"><code>@​asottile</code></a>.</li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pre-commit/pre-commit/commit/f35134b05028ec938ac605ae500fdf95462655d3"><code>f35134b</code></a>
v4.6.0</li>
<li><a
href="https://github.com/pre-commit/pre-commit/commit/2a51ffcb81f6c8ed2e6467913c3343a8800f3ab9"><code>2a51ffc</code></a>
Merge pull request <a
href="https://redirect.github.com/pre-commit/pre-commit/issues/3662">#3662</a>
from pre-commit/hook-impl-optional-hook-dir</li>
<li><a
href="https://github.com/pre-commit/pre-commit/commit/d7dee322abfc765b042f2e3b872aab3c3a867610"><code>d7dee32</code></a>
make --hook-dir optional for hook-impl</li>
<li><a
href="https://github.com/pre-commit/pre-commit/commit/965aeb1c680e8b526342153547f0ec014484c63d"><code>965aeb1</code></a>
Merge pull request <a
href="https://redirect.github.com/pre-commit/pre-commit/issues/3661">#3661</a>
from pre-commit/hook-impl-required</li>
<li><a
href="https://github.com/pre-commit/pre-commit/commit/2eacc064aa9b5bb33d3a0d84a234b475e34f3096"><code>2eacc06</code></a>
--hook-type is required for hook-impl</li>
<li><a
href="https://github.com/pre-commit/pre-commit/commit/f5678bf4ac35cffc0ff7174ad85f7fdc2a5c977e"><code>f5678bf</code></a>
Merge pull request <a
href="https://redirect.github.com/pre-commit/pre-commit/issues/3657">#3657</a>
from pre-commit/pre-commit-ci-update-config</li>
<li><a
href="https://github.com/pre-commit/pre-commit/commit/054cc5bd6bb1b20faa1eefe09f0de3b68fceee94"><code>054cc5b</code></a>
[pre-commit.ci] pre-commit autoupdate</li>
<li><a
href="https://github.com/pre-commit/pre-commit/commit/5c0f3024d2524f6e029a4c333392fd9be9fb27f6"><code>5c0f302</code></a>
Merge pull request <a
href="https://redirect.github.com/pre-commit/pre-commit/issues/3652">#3652</a>
from pre-commit/pre-commit-ci-update-config</li>
<li><a
href="https://github.com/pre-commit/pre-commit/commit/a5d91142676630f8130020b35e166e0c0e92b8f4"><code>a5d9114</code></a>
[pre-commit.ci] pre-commit autoupdate</li>
<li><a
href="https://github.com/pre-commit/pre-commit/commit/129a1f5ca1eaee0c952a5e7a07faae305c5e15bc"><code>129a1f5</code></a>
Merge pull request <a
href="https://redirect.github.com/pre-commit/pre-commit/issues/3641">#3641</a>
from pre-commit/mxr-patch-1</li>
<li>Additional commits viewable in <a
href="https://github.com/pre-commit/pre-commit/compare/v4.5.1...v4.6.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `pyright` from 1.1.408 to 1.1.409
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/RobertCraigie/pyright-python/commit/d7508e5425d3d02761d70dab1f9a2086573af429"><code>d7508e5</code></a>
[pyright updated to 1.1.409] Update Version (<a
href="https://redirect.github.com/RobertCraigie/pyright-python/issues/359">#359</a>)</li>
<li>See full diff in <a
href="https://github.com/RobertCraigie/pyright-python/compare/v1.1.408...v1.1.409">compare
view</a></li>
</ul>
</details>
<br />

Updates `ruff` from 0.15.11 to 0.15.12
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/astral-sh/ruff/releases">ruff's
releases</a>.</em></p>
<blockquote>
<h2>0.15.12</h2>
<h2>Release Notes</h2>
<p>Released on 2026-04-24.</p>
<h3>Preview features</h3>
<ul>
<li>Implement <code>#ruff:file-ignore</code> file-level suppressions (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23599">#23599</a>)</li>
<li>Implement <code>#ruff:ignore</code> logical-line suppressions (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23404">#23404</a>)</li>
<li>Revert preview changes to displayed diagnostic severity in LSP (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24789">#24789</a>)</li>
<li>[<code>airflow</code>] Implement
<code>task-branch-as-short-circuit</code> (<code>AIR004</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23579">#23579</a>)</li>
<li>[<code>flake8-bugbear</code>] Fix
<code>break</code>/<code>continue</code> handling in
<code>loop-iterator-mutation</code> (<code>B909</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24440">#24440</a>)</li>
<li>[<code>pylint</code>] Fix <code>PLC2701</code> for type parameter
scopes (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24576">#24576</a>)</li>
</ul>
<h3>Rule changes</h3>
<ul>
<li>[<code>pandas-vet</code>] Suggest <code>.array</code> as well in
<code>PD011</code> (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24805">#24805</a>)</li>
</ul>
<h3>CLI</h3>
<ul>
<li>Respect default Unix permissions for cache files (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24794">#24794</a>)</li>
</ul>
<h3>Documentation</h3>
<ul>
<li>[<code>pylint</code>] Fix <code>PLR0124</code> description not to
claim self-comparison always returns the same value (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24749">#24749</a>)</li>
<li>[<code>pyupgrade</code>] Expand docs on reusable
<code>TypeVar</code>s and scoping (<code>UP046</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24153">#24153</a>)</li>
<li>Improve rules table accessibility (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24711">#24711</a>)</li>
</ul>
<h3>Contributors</h3>
<ul>
<li><a href="https://github.com/dylwil3"><code>@​dylwil3</code></a></li>
<li><a
href="https://github.com/AlexWaygood"><code>@​AlexWaygood</code></a></li>
<li><a
href="https://github.com/woodruffw"><code>@​woodruffw</code></a></li>
<li><a
href="https://github.com/avasis-ai"><code>@​avasis-ai</code></a></li>
<li><a href="https://github.com/Dev-iL"><code>@​Dev-iL</code></a></li>
<li><a
href="https://github.com/denyszhak"><code>@​denyszhak</code></a></li>
<li><a
href="https://github.com/ShipItAndPray"><code>@​ShipItAndPray</code></a></li>
<li><a
href="https://github.com/anishgirianish"><code>@​anishgirianish</code></a></li>
<li><a
href="https://github.com/augustelalande"><code>@​augustelalande</code></a></li>
<li><a
href="https://github.com/amyreese"><code>@​amyreese</code></a></li>
<li><a
href="https://github.com/majiayu000"><code>@​majiayu000</code></a></li>
</ul>
<h2>Install ruff 0.15.12</h2>
<h3>Install prebuilt binaries via shell script</h3>
<pre lang="sh"><code>curl --proto '=https' --tlsv1.2 -LsSf
https://releases.astral.sh/github/ruff/releases/download/0.15.12/ruff-installer.sh
| sh
</code></pre>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md">ruff's
changelog</a>.</em></p>
<blockquote>
<h2>0.15.12</h2>
<p>Released on 2026-04-24.</p>
<h3>Preview features</h3>
<ul>
<li>Implement <code>#ruff:file-ignore</code> file-level suppressions (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23599">#23599</a>)</li>
<li>Implement <code>#ruff:ignore</code> logical-line suppressions (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23404">#23404</a>)</li>
<li>Revert preview changes to displayed diagnostic severity in LSP (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24789">#24789</a>)</li>
<li>[<code>airflow</code>] Implement
<code>task-branch-as-short-circuit</code> (<code>AIR004</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/23579">#23579</a>)</li>
<li>[<code>flake8-bugbear</code>] Fix
<code>break</code>/<code>continue</code> handling in
<code>loop-iterator-mutation</code> (<code>B909</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24440">#24440</a>)</li>
<li>[<code>pylint</code>] Fix <code>PLC2701</code> for type parameter
scopes (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24576">#24576</a>)</li>
</ul>
<h3>Rule changes</h3>
<ul>
<li>[<code>pandas-vet</code>] Suggest <code>.array</code> as well in
<code>PD011</code> (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24805">#24805</a>)</li>
</ul>
<h3>CLI</h3>
<ul>
<li>Respect default Unix permissions for cache files (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24794">#24794</a>)</li>
</ul>
<h3>Documentation</h3>
<ul>
<li>[<code>pylint</code>] Fix <code>PLR0124</code> description not to
claim self-comparison always returns the same value (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24749">#24749</a>)</li>
<li>[<code>pyupgrade</code>] Expand docs on reusable
<code>TypeVar</code>s and scoping (<code>UP046</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24153">#24153</a>)</li>
<li>Improve rules table accessibility (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24711">#24711</a>)</li>
</ul>
<h3>Contributors</h3>
<ul>
<li><a href="https://github.com/dylwil3"><code>@​dylwil3</code></a></li>
<li><a
href="https://github.com/AlexWaygood"><code>@​AlexWaygood</code></a></li>
<li><a
href="https://github.com/woodruffw"><code>@​woodruffw</code></a></li>
<li><a
href="https://github.com/avasis-ai"><code>@​avasis-ai</code></a></li>
<li><a href="https://github.com/Dev-iL"><code>@​Dev-iL</code></a></li>
<li><a
href="https://github.com/denyszhak"><code>@​denyszhak</code></a></li>
<li><a
href="https://github.com/ShipItAndPray"><code>@​ShipItAndPray</code></a></li>
<li><a
href="https://github.com/anishgirianish"><code>@​anishgirianish</code></a></li>
<li><a
href="https://github.com/augustelalande"><code>@​augustelalande</code></a></li>
<li><a
href="https://github.com/amyreese"><code>@​amyreese</code></a></li>
<li><a
href="https://github.com/majiayu000"><code>@​majiayu000</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/astral-sh/ruff/commit/66f93cf7ed4d36325f35a452e4afa28268fbcd28"><code>66f93cf</code></a>
Bump 0.15.12 (<a
href="https://redirect.github.com/astral-sh/ruff/issues/24815">#24815</a>)</li>
<li><a
href="https://github.com/astral-sh/ruff/commit/476a4d02e8e3b6c157ac39979d8b698a1b6baa91"><code>476a4d0</code></a>
[ty] Complete support for more detailed diagnostics on possibly unbound
error...</li>
<li><a
href="https://github.com/astral-sh/ruff/commit/ed669eab30095d6c51fe6cdef6050fb01276bcb3"><code>ed669ea</code></a>
Implement <code>#ruff:file-ignore</code> file-level suppressions (<a
href="https://redirect.github.com/astral-sh/ruff/issues/23599">#23599</a>)</li>
<li><a
href="https://github.com/astral-sh/ruff/commit/e73d952e43feb51356ee740c5a973fce81396ff6"><code>e73d952</code></a>
[ty] Include inferred type in <code>invalid-key</code> concise
diagnostic for union/inte...</li>
<li><a
href="https://github.com/astral-sh/ruff/commit/80feb29b31cd98c093316df2e0407b0c70c01b55"><code>80feb29</code></a>
[ty] report only dead annotation-only locals as unused (<a
href="https://redirect.github.com/astral-sh/ruff/issues/24811">#24811</a>)</li>
<li><a
href="https://github.com/astral-sh/ruff/commit/0fbf2bc27336a3d17d39af52cf89b78dcda8c7c8"><code>0fbf2bc</code></a>
Drop deprecated license classifier (<a
href="https://redirect.github.com/astral-sh/ruff/issues/24808">#24808</a>)</li>
<li><a
href="https://github.com/astral-sh/ruff/commit/43b174cc7f2fcb0080bb1d4843cd4bf6b72bbe27"><code>43b174c</code></a>
[ty] Infer lambda parameter types with <code>Callable</code> type
context (<a
href="https://redirect.github.com/astral-sh/ruff/issues/24317">#24317</a>)</li>
<li><a
href="https://github.com/astral-sh/ruff/commit/4f449ae4a2377569330a5ab94799d389357b5a3f"><code>4f449ae</code></a>
[ty] Add error context for intersection types (<a
href="https://redirect.github.com/astral-sh/ruff/issues/24772">#24772</a>)</li>
<li><a
href="https://github.com/astral-sh/ruff/commit/5b4e753acb46e96ad408e4904c15308e33efe307"><code>5b4e753</code></a>
[ty] Add support for goto in literal enum member inlay hint (<a
href="https://redirect.github.com/astral-sh/ruff/issues/24792">#24792</a>)</li>
<li><a
href="https://github.com/astral-sh/ruff/commit/e7cc76275a758ce1c636ea1c2d091fd576aac794"><code>e7cc762</code></a>
[ty] Add error context for TypedDict assignments (<a
href="https://redirect.github.com/astral-sh/ruff/issues/24790">#24790</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/astral-sh/ruff/compare/0.15.11...0.15.12">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
github-actions Bot pushed a commit to aio-libs/aiohttp that referenced this pull request Apr 27, 2026
@dependabot
Bump pip from 26.0.1 to 26.1 (#12427)
ae60c81 
Bumps [pip](https://github.com/pypa/pip) from 26.0.1 to 26.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>26.1 (2026-04-26)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Drop support for Python 3.9.
(<code>[#13795](pypa/pip#13795)
&lt;https://github.com/pypa/pip/issues/13795&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Add experimental support to read requirements from standardized
pylock.toml files (<code>-r pylock.toml</code>).
(<code>[#13876](pypa/pip#13876)
&lt;https://github.com/pypa/pip/issues/13876&gt;</code>_)</li>
<li>Allow <code>--uploaded-prior-to</code> to accept a duration in days
(e.g., <code>P3D</code> for 3 days ago).
(<code>[#13674](pypa/pip#13674)
&lt;https://github.com/pypa/pip/issues/13674&gt;</code>_)</li>
</ul>
<h2>Enhancements</h2>
<ul>
<li>Speed up dependency resolution when there are complex conflicts.
(<code>[#13859](pypa/pip#13859)
&lt;https://github.com/pypa/pip/issues/13859&gt;</code>_)</li>
<li>Reduce memory usage when resolving large dependency trees.
(<code>[#13843](pypa/pip#13843)
&lt;https://github.com/pypa/pip/issues/13843&gt;</code>_)</li>
<li>Emit a deprecation warning when pip imports an unexpected module
after
installation of a distribution has started.
(<code>[#13912](pypa/pip#13912)
&lt;https://github.com/pypa/pip/issues/13912&gt;</code>_)</li>
<li>Allow URL constraints to apply to requirements with extras.
(<code>[#12018](pypa/pip#12018)
&lt;https://github.com/pypa/pip/issues/12018&gt;</code>_)</li>
<li>Allow unpinned requirements to use hashes from constraints.
Constraints
like <code>{name}=={version} --hash=...</code> feeds into hash
verification for
a corresponding requirement.
(<code>[#9243](pypa/pip#9243)
&lt;https://github.com/pypa/pip/issues/9243&gt;</code>_)</li>
<li>Improve conflict reports that involve direct URLs.
(<code>[#13932](pypa/pip#13932)
&lt;https://github.com/pypa/pip/issues/13932&gt;</code>_)</li>
<li>Show all errors instead of first error for faulty
<code>dependency_groups</code> definitions.
(<code>[#13917](pypa/pip#13917)
&lt;https://github.com/pypa/pip/issues/13917&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Fix recovery hint for missing RECORD file to use
<code>--ignore-installed</code>
instead of <code>--force-reinstall</code>.
(<code>[#12645](pypa/pip#12645)
&lt;https://github.com/pypa/pip/issues/12645&gt;</code>_)</li>
<li>Fix misleading error message when a constraint file cannot be
opened. (<code>[#13226](pypa/pip#13226)
&lt;https://github.com/pypa/pip/issues/13226&gt;</code>_)</li>
<li>Show the filename rather than the full URL when downloading files
from non-PyPI indexes in non-verbose mode.
(<code>[#13494](pypa/pip#13494)
&lt;https://github.com/pypa/pip/issues/13494&gt;</code>_)</li>
<li>Remove the adjacent <code>__pycache__</code> directory when a .py
file is removed.
(<code>[#13725](pypa/pip#13725)
&lt;https://github.com/pypa/pip/issues/13725&gt;</code>_)</li>
<li>Force UTF-8 encoding for :pep:<code>723</code> metadata.
(<code>[#13861](pypa/pip#13861)
&lt;https://github.com/pypa/pip/issues/13861&gt;</code>_)</li>
<li>Minor performance improvement when filtering candidates during
resolution. (<code>[#13916](pypa/pip#13916)
&lt;https://github.com/pypa/pip/issues/13916&gt;</code>_)</li>
<li>Fix a hang on Windows when stdout is closed during verbose output.
(<code>[#13927](pypa/pip#13927)
&lt;https://github.com/pypa/pip/issues/13927&gt;</code>_)</li>
<li>Common path prefixes are determined by path segment, not character
by character. (<code>[#13847](pypa/pip#13847)
&lt;https://github.com/pypa/pip/issues/13847&gt;</code>_)</li>
<li>Fix installing <code>.tar.gz</code> source distributions that look
like a zip file.
(<code>[#13867](pypa/pip#13867)
&lt;https://github.com/pypa/pip/issues/13867&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade certifi to 2026.2.25</li>
<li>Upgrade packaging to 26.2</li>
<li>Upgrade requests to 2.33.1</li>
<li>Upgrade tomli to 2.3.1</li>
<li>Upgrade urllib3 to 2.6.3</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/90b2b3e0f7ef75c485155716d904e51654575803"><code>90b2b3e</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/193f289a6201f801b23885297332461ac8a65b6b"><code>193f289</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/63c3709071c9596d7f4676502a90a3b06f241772"><code>63c3709</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13876">#13876</a> from
sbidoul/install-from-pylock-reqs-sbi</li>
<li><a
href="https://github.com/pypa/pip/commit/e5fe7023ffe74a5895571eaf57bdd2989018fbf2"><code>e5fe702</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13949">#13949</a> from
pypa/revert-13888-resolver-editable-links</li>
<li><a
href="https://github.com/pypa/pip/commit/122a14a8cd3dae7b3e959641f0b45849d4b21618"><code>122a14a</code></a>
Revert &quot;Allow editable installs to satisfy direct-URL dependencies
(<a
href="https://redirect.github.com/pypa/pip/issues/13888">#13888</a>)&quot;</li>
<li><a
href="https://github.com/pypa/pip/commit/c3352524aae95ae959d4727dda5b5c65752261b3"><code>c335252</code></a>
-r pylock.toml: add pip-wheel -r pylock.toml test</li>
<li><a
href="https://github.com/pypa/pip/commit/ba2fc12b7f386d89e233bdfd49e7b89d1af57ad1"><code>ba2fc12</code></a>
-r pylock.toml: proper error with remote pylock.toml containing
directory ent...</li>
<li><a
href="https://github.com/pypa/pip/commit/747c4ae88837a8bb13946fe9d1b612c162a2e3df"><code>747c4ae</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13948">#13948</a> from
ichard26/reword-news</li>
<li><a
href="https://github.com/pypa/pip/commit/3517841c5e2d92e04dbef52c61a8fa967c059efa"><code>3517841</code></a>
-r pylock: refine filename pylock-ness test</li>
<li><a
href="https://github.com/pypa/pip/commit/2f7ad8caeed4471e63958df6cacba3a66a215588"><code>2f7ad8c</code></a>
-r pylock.toml: fix crash with pip wheel and pip lock</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/26.0.1...26.1">compare
view</a></li>
</ul>
</details>
<br />

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
parthea added a commit to googleapis/google-cloud-python that referenced this pull request Apr 27, 2026
@dependabot @parthea
chore(deps): bump pip from 25.0.1 to 26.1 in /packages/google-crc32c/…
6102268 
…scripts (#16825)

Bumps [pip](https://github.com/pypa/pip) from 25.0.1 to 26.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>26.1 (2026-04-26)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Drop support for Python 3.9.
(<code>[#13795](pypa/pip#13795)
&lt;https://github.com/pypa/pip/issues/13795&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Add experimental support to read requirements from standardized
pylock.toml files (<code>-r pylock.toml</code>).
(<code>[#13876](pypa/pip#13876)
&lt;https://github.com/pypa/pip/issues/13876&gt;</code>_)</li>
<li>Allow <code>--uploaded-prior-to</code> to accept a duration in days
(e.g., <code>P3D</code> for 3 days ago).
(<code>[#13674](pypa/pip#13674)
&lt;https://github.com/pypa/pip/issues/13674&gt;</code>_)</li>
</ul>
<h2>Enhancements</h2>
<ul>
<li>Speed up dependency resolution when there are complex conflicts.
(<code>[#13859](pypa/pip#13859)
&lt;https://github.com/pypa/pip/issues/13859&gt;</code>_)</li>
<li>Reduce memory usage when resolving large dependency trees.
(<code>[#13843](pypa/pip#13843)
&lt;https://github.com/pypa/pip/issues/13843&gt;</code>_)</li>
<li>Emit a deprecation warning when pip imports an unexpected module
after
installation of a distribution has started.
(<code>[#13912](pypa/pip#13912)
&lt;https://github.com/pypa/pip/issues/13912&gt;</code>_)</li>
<li>Allow URL constraints to apply to requirements with extras.
(<code>[#12018](pypa/pip#12018)
&lt;https://github.com/pypa/pip/issues/12018&gt;</code>_)</li>
<li>Allow unpinned requirements to use hashes from constraints.
Constraints
like <code>{name}=={version} --hash=...</code> feeds into hash
verification for
a corresponding requirement.
(<code>[#9243](pypa/pip#9243)
&lt;https://github.com/pypa/pip/issues/9243&gt;</code>_)</li>
<li>Improve conflict reports that involve direct URLs.
(<code>[#13932](pypa/pip#13932)
&lt;https://github.com/pypa/pip/issues/13932&gt;</code>_)</li>
<li>Show all errors instead of first error for faulty
<code>dependency_groups</code> definitions.
(<code>[#13917](pypa/pip#13917)
&lt;https://github.com/pypa/pip/issues/13917&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Fix recovery hint for missing RECORD file to use
<code>--ignore-installed</code>
instead of <code>--force-reinstall</code>.
(<code>[#12645](pypa/pip#12645)
&lt;https://github.com/pypa/pip/issues/12645&gt;</code>_)</li>
<li>Fix misleading error message when a constraint file cannot be
opened. (<code>[#13226](pypa/pip#13226)
&lt;https://github.com/pypa/pip/issues/13226&gt;</code>_)</li>
<li>Show the filename rather than the full URL when downloading files
from non-PyPI indexes in non-verbose mode.
(<code>[#13494](pypa/pip#13494)
&lt;https://github.com/pypa/pip/issues/13494&gt;</code>_)</li>
<li>Remove the adjacent <code>__pycache__</code> directory when a .py
file is removed.
(<code>[#13725](pypa/pip#13725)
&lt;https://github.com/pypa/pip/issues/13725&gt;</code>_)</li>
<li>Force UTF-8 encoding for :pep:<code>723</code> metadata.
(<code>[#13861](pypa/pip#13861)
&lt;https://github.com/pypa/pip/issues/13861&gt;</code>_)</li>
<li>Minor performance improvement when filtering candidates during
resolution. (<code>[#13916](pypa/pip#13916)
&lt;https://github.com/pypa/pip/issues/13916&gt;</code>_)</li>
<li>Fix a hang on Windows when stdout is closed during verbose output.
(<code>[#13927](pypa/pip#13927)
&lt;https://github.com/pypa/pip/issues/13927&gt;</code>_)</li>
<li>Common path prefixes are determined by path segment, not character
by character. (<code>[#13847](pypa/pip#13847)
&lt;https://github.com/pypa/pip/issues/13847&gt;</code>_)</li>
<li>Fix installing <code>.tar.gz</code> source distributions that look
like a zip file.
(<code>[#13867](pypa/pip#13867)
&lt;https://github.com/pypa/pip/issues/13867&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade certifi to 2026.2.25</li>
<li>Upgrade packaging to 26.2</li>
<li>Upgrade requests to 2.33.1</li>
<li>Upgrade tomli to 2.3.1</li>
<li>Upgrade urllib3 to 2.6.3</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/90b2b3e0f7ef75c485155716d904e51654575803"><code>90b2b3e</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/193f289a6201f801b23885297332461ac8a65b6b"><code>193f289</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/63c3709071c9596d7f4676502a90a3b06f241772"><code>63c3709</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13876">#13876</a> from
sbidoul/install-from-pylock-reqs-sbi</li>
<li><a
href="https://github.com/pypa/pip/commit/e5fe7023ffe74a5895571eaf57bdd2989018fbf2"><code>e5fe702</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13949">#13949</a> from
pypa/revert-13888-resolver-editable-links</li>
<li><a
href="https://github.com/pypa/pip/commit/122a14a8cd3dae7b3e959641f0b45849d4b21618"><code>122a14a</code></a>
Revert &quot;Allow editable installs to satisfy direct-URL dependencies
(<a
href="https://redirect.github.com/pypa/pip/issues/13888">#13888</a>)&quot;</li>
<li><a
href="https://github.com/pypa/pip/commit/c3352524aae95ae959d4727dda5b5c65752261b3"><code>c335252</code></a>
-r pylock.toml: add pip-wheel -r pylock.toml test</li>
<li><a
href="https://github.com/pypa/pip/commit/ba2fc12b7f386d89e233bdfd49e7b89d1af57ad1"><code>ba2fc12</code></a>
-r pylock.toml: proper error with remote pylock.toml containing
directory ent...</li>
<li><a
href="https://github.com/pypa/pip/commit/747c4ae88837a8bb13946fe9d1b612c162a2e3df"><code>747c4ae</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13948">#13948</a> from
ichard26/reword-news</li>
<li><a
href="https://github.com/pypa/pip/commit/3517841c5e2d92e04dbef52c61a8fa967c059efa"><code>3517841</code></a>
-r pylock: refine filename pylock-ness test</li>
<li><a
href="https://github.com/pypa/pip/commit/2f7ad8caeed4471e63958df6cacba3a66a215588"><code>2f7ad8c</code></a>
-r pylock.toml: fix crash with pip wheel and pip lock</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/25.0.1...26.1">compare
view</a></li>
</ul>
</details>
<br />

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Anthonios Partheniou <partheniou@google.com>
hu3mann added a commit to DDD-Enterprises/dopemux-mvp that referenced this pull request Apr 28, 2026
@hu3mann
chore(deps): bump the uv group across 1 directory with 3 updates (#533)
3fc43d1 
Bumps the uv group with 2 updates in the / directory:
[litellm](https://github.com/BerriAI/litellm) and
[pip](https://github.com/pypa/pip).

Updates `litellm` from 1.83.0 to 1.83.7
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/BerriAI/litellm/commits">compare view</a></li>
</ul>
</details>
<br />

Updates `fastmcp` from 2.14.0 to 1.0
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/PrefectHQ/fastmcp/blob/main/docs/changelog.mdx">fastmcp's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/PrefectHQ/fastmcp/releases/tag/v2.11.0">v2.11.0:
Auth to a Good Start</a></h2>
<p>FastMCP 2.11 doubles down on what developers need most: speed and
simplicity. This massive release delivers significant performance
improvements and a dramatically better developer experience.</p>
<p>🔐 <strong>Enterprise-Ready Authentication</strong> brings
comprehensive OAuth 2.1 support with WorkOS's AuthKit integration. The
new AuthProvider interface leverages MCP's support for separate resource
and authorization servers, handling API keys and remote authentication
with Dynamic Client Registration. AuthKit integration means you can plug
into existing enterprise identity systems without rebuilding your auth
stack, setting the stage for plug-and-play auth that doesn't require
users to become security experts overnight.</p>
<p>⚡ The <strong>Experimental OpenAPI Parser</strong> delivers dramatic
performance improvements through single-pass schema processing and
optimized memory usage. OpenAPI integrations are now significantly
faster, with cleaner, more maintainable code. <em>(Note: the
experimental parser is disabled by default, set
<code>FASTMCPEXPERIMENTALENABLENEWOPENAPIPARSER=1</code> to enable it. A
message will be shown to all users on the legacy parser encouraging them
to try the new one before it becomes the default.)</em></p>
<p>🧠 <strong>Context State Management</strong> finally gives you
persistent state across tool calls with a simple dict interface, while
enhanced meta support lets you expose rich component metadata to
clients. Combined with improved type annotations, string-based argument
descriptions, and UV transport support, this release makes FastMCP feel
more intuitive than ever.</p>
<p>This release represents a TON of community contributions and sets the
foundation for even more ambitious features ahead.</p>
<h2>What's Changed</h2>
<h3>New Features 🎉</h3>
<ul>
<li>Introduce experimental OpenAPI parser with improved performance and
maintainability by <a
href="https://github.com/jlowin"><code>@​jlowin</code></a> in <a
href="https://redirect.github.com/PrefectHQ/fastmcp/pull/1209">#1209</a></li>
<li>Add state dict to Context (<a
href="https://redirect.github.com/PrefectHQ/fastmcp/issues/1118">#1118</a>)
by <a
href="https://github.com/mukulmurthy"><code>@​mukulmurthy</code></a> in
<a
href="https://redirect.github.com/PrefectHQ/fastmcp/pull/1160">#1160</a></li>
<li>Expose FastMCP tags to clients via component <code>meta</code> dict
by <a href="https://github.com/jlowin"><code>@​jlowin</code></a> in <a
href="https://redirect.github.com/PrefectHQ/fastmcp/pull/1281">#1281</a></li>
<li>Add _fastmcp meta namespace by <a
href="https://github.com/jlowin"><code>@​jlowin</code></a> in <a
href="https://redirect.github.com/PrefectHQ/fastmcp/pull/1290">#1290</a></li>
<li>Add TokenVerifier protocol support alongside existing OAuthProvider
authentication by <a
href="https://github.com/jlowin"><code>@​jlowin</code></a> in <a
href="https://redirect.github.com/PrefectHQ/fastmcp/pull/1297">#1297</a></li>
<li>Add comprehensive OAuth 2.1 authentication system with WorkOS
integration by <a
href="https://github.com/jlowin"><code>@​jlowin</code></a> in <a
href="https://redirect.github.com/PrefectHQ/fastmcp/pull/1327">#1327</a></li>
</ul>
<h3>Enhancements 🔧</h3>
<ul>
<li>[🐶] Transform MCP Server Tools by <a
href="https://github.com/strawgate"><code>@​strawgate</code></a> in <a
href="https://redirect.github.com/PrefectHQ/fastmcp/pull/1132">#1132</a></li>
<li>Add --python, --project, and --with-requirements options to CLI
commands by <a
href="https://github.com/jlowin"><code>@​jlowin</code></a> in <a
href="https://redirect.github.com/PrefectHQ/fastmcp/pull/1190">#1190</a></li>
<li>Support <code>fastmcp run mcp.json</code> by <a
href="https://github.com/strawgate"><code>@​strawgate</code></a> in <a
href="https://redirect.github.com/PrefectHQ/fastmcp/pull/1138">#1138</a></li>
<li>Support from <strong>future</strong> import annotations by <a
href="https://github.com/jlowin"><code>@​jlowin</code></a> in <a
href="https://redirect.github.com/PrefectHQ/fastmcp/pull/1199">#1199</a></li>
<li>Optimize OpenAPI parser performance with single-pass schema
processing by <a
href="https://github.com/jlowin"><code>@​jlowin</code></a> in <a
href="https://redirect.github.com/PrefectHQ/fastmcp/pull/1214">#1214</a></li>
<li>Log tool name on transform validation error by <a
href="https://github.com/strawgate"><code>@​strawgate</code></a> in <a
href="https://redirect.github.com/PrefectHQ/fastmcp/pull/1238">#1238</a></li>
<li>Refactor <code>get_http_request</code> and
<code>context.session_id</code> by <a
href="https://github.com/hopeful0"><code>@​hopeful0</code></a> in <a
href="https://redirect.github.com/PrefectHQ/fastmcp/pull/1242">#1242</a></li>
<li>Support creating tool argument descriptions from string annotations
by <a href="https://github.com/jlowin"><code>@​jlowin</code></a> in <a
href="https://redirect.github.com/PrefectHQ/fastmcp/pull/1255">#1255</a></li>
<li>feat: Add Annotations support for resources and resource templates
by <a href="https://github.com/chughtapan"><code>@​chughtapan</code></a>
in <a
href="https://redirect.github.com/PrefectHQ/fastmcp/pull/1260">#1260</a></li>
<li>Add UV Transport by <a
href="https://github.com/strawgate"><code>@​strawgate</code></a> in <a
href="https://redirect.github.com/PrefectHQ/fastmcp/pull/1270">#1270</a></li>
<li>Improve OpenAPI-to-JSONSchema conversion utilities by <a
href="https://github.com/jlowin"><code>@​jlowin</code></a> in <a
href="https://redirect.github.com/PrefectHQ/fastmcp/pull/1283">#1283</a></li>
<li>Ensure proxy components forward meta dicts by <a
href="https://github.com/jlowin"><code>@​jlowin</code></a> in <a
href="https://redirect.github.com/PrefectHQ/fastmcp/pull/1282">#1282</a></li>
<li>fix: server argument passing in CLI run command by <a
href="https://github.com/chughtapan"><code>@​chughtapan</code></a> in <a
href="https://redirect.github.com/PrefectHQ/fastmcp/pull/1293">#1293</a></li>
<li>Add meta support to tool transformation utilities by <a
href="https://github.com/jlowin"><code>@​jlowin</code></a> in <a
href="https://redirect.github.com/PrefectHQ/fastmcp/pull/1295">#1295</a></li>
<li>feat: Allow Resource Metadata URL as field in OAuthProvider by <a
href="https://github.com/dacamposol"><code>@​dacamposol</code></a> in <a
href="https://redirect.github.com/PrefectHQ/fastmcp/pull/1287">#1287</a></li>
<li>Use a simple overwrite instead of a merge for meta by <a
href="https://github.com/jlowin"><code>@​jlowin</code></a> in <a
href="https://redirect.github.com/PrefectHQ/fastmcp/pull/1296">#1296</a></li>
<li>Remove unused TimedCache by <a
href="https://github.com/strawgate"><code>@​strawgate</code></a> in <a
href="https://redirect.github.com/PrefectHQ/fastmcp/pull/1303">#1303</a></li>
<li>refactor: standardize logging usage across OpenAPI utilities by <a
href="https://github.com/chi2liu"><code>@​chi2liu</code></a> in <a
href="https://redirect.github.com/PrefectHQ/fastmcp/pull/1322">#1322</a></li>
<li>perf: optimize OpenAPI parsing by reducing dict copy operations by
<a href="https://github.com/chi2liu"><code>@​chi2liu</code></a> in <a
href="https://redirect.github.com/PrefectHQ/fastmcp/pull/1321">#1321</a></li>
<li>Structured client-side logging by <a
href="https://github.com/cjermain"><code>@​cjermain</code></a> in <a
href="https://redirect.github.com/PrefectHQ/fastmcp/pull/1326">#1326</a></li>
</ul>
<h3>Fixes 🐞</h3>
<ul>
<li>fix: preserve def reference when referenced in allOf / oneOf / anyOf
by <a href="https://github.com/algirdasci"><code>@​algirdasci</code></a>
in <a
href="https://redirect.github.com/PrefectHQ/fastmcp/pull/1208">#1208</a></li>
<li>fix: add type hint to custom_route decorator by <a
href="https://github.com/zzstoatzz"><code>@​zzstoatzz</code></a> in <a
href="https://redirect.github.com/PrefectHQ/fastmcp/pull/1210">#1210</a></li>
<li>chore: typo by <a
href="https://github.com/richardkmichael"><code>@​richardkmichael</code></a>
in <a
href="https://redirect.github.com/PrefectHQ/fastmcp/pull/1216">#1216</a></li>
<li>fix: handle non-string $ref values in experimental OpenAPI parser by
<a href="https://github.com/jlowin"><code>@​jlowin</code></a> in <a
href="https://redirect.github.com/PrefectHQ/fastmcp/pull/1217">#1217</a></li>
<li>Skip repeated type conversion and validation in proxy client
elicitation handler by <a
href="https://github.com/chughtapan"><code>@​chughtapan</code></a> in <a
href="https://redirect.github.com/PrefectHQ/fastmcp/pull/1222">#1222</a></li>
<li>Ensure default fields are not marked nullable by <a
href="https://github.com/jlowin"><code>@​jlowin</code></a> in <a
href="https://redirect.github.com/PrefectHQ/fastmcp/pull/1224">#1224</a></li>
<li>Fix stateful proxy client mixing in multi-proxies sessions by <a
href="https://github.com/hopeful0"><code>@​hopeful0</code></a> in <a
href="https://redirect.github.com/PrefectHQ/fastmcp/pull/1245">#1245</a></li>
<li>Fix invalid async context manager usage in proxy documentation by <a
href="https://github.com/zzstoatzz"><code>@​zzstoatzz</code></a> in <a
href="https://redirect.github.com/PrefectHQ/fastmcp/pull/1246">#1246</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/PrefectHQ/fastmcp/commit/654397bf0aa75bdddbbedd8c5bec440492e1147b"><code>654397b</code></a>
Merge pull request <a
href="https://redirect.github.com/PrefectHQ/fastmcp/issues/77">#77</a>
from samihamine/fix/sse-transport-mount</li>
<li><a
href="https://github.com/PrefectHQ/fastmcp/commit/80c328b3dc0b949f010456ee0e85cc5c90e3305f"><code>80c328b</code></a>
Merge pull request <a
href="https://redirect.github.com/PrefectHQ/fastmcp/issues/79">#79</a>
from jlowin/jlowin-patch-1</li>
<li><a
href="https://github.com/PrefectHQ/fastmcp/commit/eed3af8064e16679cb6d043b723fc94c20862fda"><code>eed3af8</code></a>
Update README.md</li>
<li><a
href="https://github.com/PrefectHQ/fastmcp/commit/505b861058bfc1d535c0692c28a255a3daaf5988"><code>505b861</code></a>
fix: use Mount instead of Route for SSE message handling</li>
<li><a
href="https://github.com/PrefectHQ/fastmcp/commit/baa30086dad60a7dd530faee809d36d6ff7f5fa4"><code>baa3008</code></a>
Merge pull request <a
href="https://redirect.github.com/PrefectHQ/fastmcp/issues/56">#56</a>
from jurasofish/decorator_typing</li>
<li><a
href="https://github.com/PrefectHQ/fastmcp/commit/fa5ebd707af772925842a696b05ae4550f4561fd"><code>fa5ebd7</code></a>
Merge pull request <a
href="https://redirect.github.com/PrefectHQ/fastmcp/issues/57">#57</a>
from jurasofish/Avoid-new-try_eval_type-unavailable-on...</li>
<li><a
href="https://github.com/PrefectHQ/fastmcp/commit/85188167f42ccf0433a30c08debd081550ddbff4"><code>8518816</code></a>
Merge pull request <a
href="https://redirect.github.com/PrefectHQ/fastmcp/issues/63">#63</a>
from sd2k/handle-string-args-containing-numbers</li>
<li><a
href="https://github.com/PrefectHQ/fastmcp/commit/c950b7231c6d1f30349f64e0094d703b6cc37473"><code>c950b72</code></a>
Merge pull request <a
href="https://redirect.github.com/PrefectHQ/fastmcp/issues/67">#67</a>
from leonkozlowski/patch/update-pyproject-license</li>
<li><a
href="https://github.com/PrefectHQ/fastmcp/commit/ee5695e3302fc0d95c28b907e8346aa286567358"><code>ee5695e</code></a>
patch: use plain MIT</li>
<li><a
href="https://github.com/PrefectHQ/fastmcp/commit/00977e6466454bf245ac719316bdeae2a968ff30"><code>00977e6</code></a>
patch: change license to MIT</li>
<li>Additional commits viewable in <a
href="https://github.com/PrefectHQ/fastmcp/compare/v2.14.0...v1.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `pip` from 26.0.1 to 26.1
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>26.1 (2026-04-26)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Drop support for Python 3.9.
(<code>[#13795](pypa/pip#13795)
&lt;https://github.com/pypa/pip/issues/13795&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Add experimental support to read requirements from standardized
pylock.toml files (<code>-r pylock.toml</code>).
(<code>[#13876](pypa/pip#13876)
&lt;https://github.com/pypa/pip/issues/13876&gt;</code>_)</li>
<li>Allow <code>--uploaded-prior-to</code> to accept a duration in days
(e.g., <code>P3D</code> for 3 days ago).
(<code>[#13674](pypa/pip#13674)
&lt;https://github.com/pypa/pip/issues/13674&gt;</code>_)</li>
</ul>
<h2>Enhancements</h2>
<ul>
<li>Speed up dependency resolution when there are complex conflicts.
(<code>[#13859](pypa/pip#13859)
&lt;https://github.com/pypa/pip/issues/13859&gt;</code>_)</li>
<li>Reduce memory usage when resolving large dependency trees.
(<code>[#13843](pypa/pip#13843)
&lt;https://github.com/pypa/pip/issues/13843&gt;</code>_)</li>
<li>Emit a deprecation warning when pip imports an unexpected module
after
installation of a distribution has started.
(<code>[#13912](pypa/pip#13912)
&lt;https://github.com/pypa/pip/issues/13912&gt;</code>_)</li>
<li>Allow URL constraints to apply to requirements with extras.
(<code>[#12018](pypa/pip#12018)
&lt;https://github.com/pypa/pip/issues/12018&gt;</code>_)</li>
<li>Allow unpinned requirements to use hashes from constraints.
Constraints
like <code>{name}=={version} --hash=...</code> feeds into hash
verification for
a corresponding requirement.
(<code>[#9243](pypa/pip#9243)
&lt;https://github.com/pypa/pip/issues/9243&gt;</code>_)</li>
<li>Improve conflict reports that involve direct URLs.
(<code>[#13932](pypa/pip#13932)
&lt;https://github.com/pypa/pip/issues/13932&gt;</code>_)</li>
<li>Show all errors instead of first error for faulty
<code>dependency_groups</code> definitions.
(<code>[#13917](pypa/pip#13917)
&lt;https://github.com/pypa/pip/issues/13917&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Fix recovery hint for missing RECORD file to use
<code>--ignore-installed</code>
instead of <code>--force-reinstall</code>.
(<code>[#12645](pypa/pip#12645)
&lt;https://github.com/pypa/pip/issues/12645&gt;</code>_)</li>
<li>Fix misleading error message when a constraint file cannot be
opened. (<code>[#13226](pypa/pip#13226)
&lt;https://github.com/pypa/pip/issues/13226&gt;</code>_)</li>
<li>Show the filename rather than the full URL when downloading files
from non-PyPI indexes in non-verbose mode.
(<code>[#13494](pypa/pip#13494)
&lt;https://github.com/pypa/pip/issues/13494&gt;</code>_)</li>
<li>Remove the adjacent <code>__pycache__</code> directory when a .py
file is removed.
(<code>[#13725](pypa/pip#13725)
&lt;https://github.com/pypa/pip/issues/13725&gt;</code>_)</li>
<li>Force UTF-8 encoding for :pep:<code>723</code> metadata.
(<code>[#13861](pypa/pip#13861)
&lt;https://github.com/pypa/pip/issues/13861&gt;</code>_)</li>
<li>Minor performance improvement when filtering candidates during
resolution. (<code>[#13916](pypa/pip#13916)
&lt;https://github.com/pypa/pip/issues/13916&gt;</code>_)</li>
<li>Fix a hang on Windows when stdout is closed during verbose output.
(<code>[#13927](pypa/pip#13927)
&lt;https://github.com/pypa/pip/issues/13927&gt;</code>_)</li>
<li>Common path prefixes are determined by path segment, not character
by character. (<code>[#13847](pypa/pip#13847)
&lt;https://github.com/pypa/pip/issues/13847&gt;</code>_)</li>
<li>Fix installing <code>.tar.gz</code> source distributions that look
like a zip file.
(<code>[#13867](pypa/pip#13867)
&lt;https://github.com/pypa/pip/issues/13867&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade certifi to 2026.2.25</li>
<li>Upgrade packaging to 26.2</li>
<li>Upgrade requests to 2.33.1</li>
<li>Upgrade tomli to 2.3.1</li>
<li>Upgrade urllib3 to 2.6.3</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/90b2b3e0f7ef75c485155716d904e51654575803"><code>90b2b3e</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/193f289a6201f801b23885297332461ac8a65b6b"><code>193f289</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/63c3709071c9596d7f4676502a90a3b06f241772"><code>63c3709</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13876">#13876</a> from
sbidoul/install-from-pylock-reqs-sbi</li>
<li><a
href="https://github.com/pypa/pip/commit/e5fe7023ffe74a5895571eaf57bdd2989018fbf2"><code>e5fe702</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13949">#13949</a> from
pypa/revert-13888-resolver-editable-links</li>
<li><a
href="https://github.com/pypa/pip/commit/122a14a8cd3dae7b3e959641f0b45849d4b21618"><code>122a14a</code></a>
Revert &quot;Allow editable installs to satisfy direct-URL dependencies
(<a
href="https://redirect.github.com/pypa/pip/issues/13888">#13888</a>)&quot;</li>
<li><a
href="https://github.com/pypa/pip/commit/c3352524aae95ae959d4727dda5b5c65752261b3"><code>c335252</code></a>
-r pylock.toml: add pip-wheel -r pylock.toml test</li>
<li><a
href="https://github.com/pypa/pip/commit/ba2fc12b7f386d89e233bdfd49e7b89d1af57ad1"><code>ba2fc12</code></a>
-r pylock.toml: proper error with remote pylock.toml containing
directory ent...</li>
<li><a
href="https://github.com/pypa/pip/commit/747c4ae88837a8bb13946fe9d1b612c162a2e3df"><code>747c4ae</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13948">#13948</a> from
ichard26/reword-news</li>
<li><a
href="https://github.com/pypa/pip/commit/3517841c5e2d92e04dbef52c61a8fa967c059efa"><code>3517841</code></a>
-r pylock: refine filename pylock-ness test</li>
<li><a
href="https://github.com/pypa/pip/commit/2f7ad8caeed4471e63958df6cacba3a66a215588"><code>2f7ad8c</code></a>
-r pylock.toml: fix crash with pip wheel and pip lock</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/26.0.1...26.1">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/DDD-Enterprises/dopemux-mvp/network/alerts).

</details>
inmantaci pushed a commit to inmanta/inmanta-core that referenced this pull request Apr 28, 2026
@dependabot @inmantaci
Bump pip from 26.0.1 to 26.1 (PR #10329)
9f5518b 
Bumps [pip](https://github.com/pypa/pip) from 26.0.1 to 26.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p>
<blockquote>
<h1>26.1 (2026-04-26)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Drop support for Python 3.9. (<code>[#13795](pypa/pip#13795) &lt;https://github.com/pypa/pip/issues/13795&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Add experimental support to read requirements from standardized pylock.toml files (<code>-r pylock.toml</code>). (<code>[#13876](pypa/pip#13876) &lt;https://github.com/pypa/pip/issues/13876&gt;</code>_)</li>
<li>Allow <code>--uploaded-prior-to</code> to accept a duration in days (e.g., <code>P3D</code> for 3 days ago). (<code>[#13674](pypa/pip#13674) &lt;https://github.com/pypa/pip/issues/13674&gt;</code>_)</li>
</ul>
<h2>Enhancements</h2>
<ul>
<li>Speed up dependency resolution when there are complex conflicts. (<code>[#13859](pypa/pip#13859) &lt;https://github.com/pypa/pip/issues/13859&gt;</code>_)</li>
<li>Reduce memory usage when resolving large dependency trees. (<code>[#13843](pypa/pip#13843) &lt;https://github.com/pypa/pip/issues/13843&gt;</code>_)</li>
<li>Emit a deprecation warning when pip imports an unexpected module after
installation of a distribution has started. (<code>[#13912](pypa/pip#13912) &lt;https://github.com/pypa/pip/issues/13912&gt;</code>_)</li>
<li>Allow URL constraints to apply to requirements with extras. (<code>[#12018](pypa/pip#12018) &lt;https://github.com/pypa/pip/issues/12018&gt;</code>_)</li>
<li>Allow unpinned requirements to use hashes from constraints. Constraints
like <code>{name}=={version} --hash=...</code> feeds into hash verification for
a corresponding requirement. (<code>[#9243](pypa/pip#9243) &lt;https://github.com/pypa/pip/issues/9243&gt;</code>_)</li>
<li>Improve conflict reports that involve direct URLs. (<code>[#13932](pypa/pip#13932) &lt;https://github.com/pypa/pip/issues/13932&gt;</code>_)</li>
<li>Show all errors instead of first error for faulty <code>dependency_groups</code> definitions. (<code>[#13917](pypa/pip#13917) &lt;https://github.com/pypa/pip/issues/13917&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Fix recovery hint for missing RECORD file to use <code>--ignore-installed</code>
instead of <code>--force-reinstall</code>. (<code>[#12645](pypa/pip#12645) &lt;https://github.com/pypa/pip/issues/12645&gt;</code>_)</li>
<li>Fix misleading error message when a constraint file cannot be opened. (<code>[#13226](pypa/pip#13226) &lt;https://github.com/pypa/pip/issues/13226&gt;</code>_)</li>
<li>Show the filename rather than the full URL when downloading files from non-PyPI indexes in non-verbose mode. (<code>[#13494](pypa/pip#13494) &lt;https://github.com/pypa/pip/issues/13494&gt;</code>_)</li>
<li>Remove the adjacent <code>__pycache__</code> directory when a .py file is removed. (<code>[#13725](pypa/pip#13725) &lt;https://github.com/pypa/pip/issues/13725&gt;</code>_)</li>
<li>Force UTF-8 encoding for :pep:<code>723</code> metadata. (<code>[#13861](pypa/pip#13861) &lt;https://github.com/pypa/pip/issues/13861&gt;</code>_)</li>
<li>Minor performance improvement when filtering candidates during resolution. (<code>[#13916](pypa/pip#13916) &lt;https://github.com/pypa/pip/issues/13916&gt;</code>_)</li>
<li>Fix a hang on Windows when stdout is closed during verbose output. (<code>[#13927](pypa/pip#13927) &lt;https://github.com/pypa/pip/issues/13927&gt;</code>_)</li>
<li>Common path prefixes are determined by path segment, not character by character. (<code>[#13847](pypa/pip#13847) &lt;https://github.com/pypa/pip/issues/13847&gt;</code>_)</li>
<li>Fix installing <code>.tar.gz</code> source distributions that look like a zip file. (<code>[#13867](pypa/pip#13867) &lt;https://github.com/pypa/pip/issues/13867&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade certifi to 2026.2.25</li>
<li>Upgrade packaging to 26.2</li>
<li>Upgrade requests to 2.33.1</li>
<li>Upgrade tomli to 2.3.1</li>
<li>Upgrade urllib3 to 2.6.3</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/pip/commit/90b2b3e0f7ef75c485155716d904e51654575803"><code>90b2b3e</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/193f289a6201f801b23885297332461ac8a65b6b"><code>193f289</code></a> Update AUTHORS.txt</li>
<li><a href="https://github.com/pypa/pip/commit/63c3709071c9596d7f4676502a90a3b06f241772"><code>63c3709</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13876">#13876</a> from sbidoul/install-from-pylock-reqs-sbi</li>
<li><a href="https://github.com/pypa/pip/commit/e5fe7023ffe74a5895571eaf57bdd2989018fbf2"><code>e5fe702</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13949">#13949</a> from pypa/revert-13888-resolver-editable-links</li>
<li><a href="https://github.com/pypa/pip/commit/122a14a8cd3dae7b3e959641f0b45849d4b21618"><code>122a14a</code></a> Revert &quot;Allow editable installs to satisfy direct-URL dependencies (<a href="https://redirect.github.com/pypa/pip/issues/13888">#13888</a>)&quot;</li>
<li><a href="https://github.com/pypa/pip/commit/c3352524aae95ae959d4727dda5b5c65752261b3"><code>c335252</code></a> -r pylock.toml: add pip-wheel -r pylock.toml test</li>
<li><a href="https://github.com/pypa/pip/commit/ba2fc12b7f386d89e233bdfd49e7b89d1af57ad1"><code>ba2fc12</code></a> -r pylock.toml: proper error with remote pylock.toml containing directory ent...</li>
<li><a href="https://github.com/pypa/pip/commit/747c4ae88837a8bb13946fe9d1b612c162a2e3df"><code>747c4ae</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13948">#13948</a> from ichard26/reword-news</li>
<li><a href="https://github.com/pypa/pip/commit/3517841c5e2d92e04dbef52c61a8fa967c059efa"><code>3517841</code></a> -r pylock: refine filename pylock-ness test</li>
<li><a href="https://github.com/pypa/pip/commit/2f7ad8caeed4471e63958df6cacba3a66a215588"><code>2f7ad8c</code></a> -r pylock.toml: fix crash with pip wheel and pip lock</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/26.0.1...26.1">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=26.0.1&new-version=26.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
wsxrdv pushed a commit to wsxrdv/scaaml that referenced this pull request Apr 28, 2026
@dependabot
Bump the dependabot group with 6 updates (google#516)
bcb6665 
Bumps the dependabot group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [certifi](https://github.com/certifi/python-certifi) | `2026.2.25` |
`2026.4.22` |
| [cryptography](https://github.com/pyca/cryptography) | `46.0.7` |
`47.0.0` |
| [idna](https://github.com/kjd/idna) | `3.11` | `3.13` |
| [packaging](https://github.com/pypa/packaging) | `26.1` | `26.2` |
| [pip](https://github.com/pypa/pip) | `26.0` | `26.1` |
| [wheel](https://github.com/pypa/wheel) | `0.46.2` | `0.47.0` |

Updates `certifi` from 2026.2.25 to 2026.4.22
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/certifi/python-certifi/commit/5dddfb072243da27adde885b73ba9b809c3224ca"><code>5dddfb0</code></a>
2026.04.22 (<a
href="https://redirect.github.com/certifi/python-certifi/issues/410">#410</a>)</li>
<li><a
href="https://github.com/certifi/python-certifi/commit/f99eccdaf87f7c10e521a58a700ca3eb94a0787e"><code>f99eccd</code></a>
Bump peter-evans/create-pull-request from 8.1.0 to 8.1.1 (<a
href="https://redirect.github.com/certifi/python-certifi/issues/404">#404</a>)</li>
<li><a
href="https://github.com/certifi/python-certifi/commit/918bed055f7291719512af186c1c24710f845660"><code>918bed0</code></a>
Bump actions/upload-artifact from 7.0.0 to 7.0.1 (<a
href="https://redirect.github.com/certifi/python-certifi/issues/405">#405</a>)</li>
<li><a
href="https://github.com/certifi/python-certifi/commit/0a49067eb434e53e1f8df5f7707d5dc05ef9def4"><code>0a49067</code></a>
Bump pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0 (<a
href="https://redirect.github.com/certifi/python-certifi/issues/403">#403</a>)</li>
<li><a
href="https://github.com/certifi/python-certifi/commit/acf6ce8e39e3b125f4349e11904295e4fe4c1bed"><code>acf6ce8</code></a>
Bump actions/download-artifact from 8.0.0 to 8.0.1 (<a
href="https://redirect.github.com/certifi/python-certifi/issues/398">#398</a>)</li>
<li><a
href="https://github.com/certifi/python-certifi/commit/feb0ed26163a9417ea0fb8eb52d47e79fcf202ab"><code>feb0ed2</code></a>
Bump actions/download-artifact from 7.0.0 to 8.0.0 (<a
href="https://redirect.github.com/certifi/python-certifi/issues/397">#397</a>)</li>
<li><a
href="https://github.com/certifi/python-certifi/commit/d9c11a50369cc377abb40f7909ded3d6da4d98a3"><code>d9c11a5</code></a>
Bump actions/upload-artifact from 6.0.0 to 7.0.0 (<a
href="https://redirect.github.com/certifi/python-certifi/issues/396">#396</a>)</li>
<li>See full diff in <a
href="https://github.com/certifi/python-certifi/compare/2026.02.25...2026.04.22">compare
view</a></li>
</ul>
</details>
<br />

Updates `cryptography` from 46.0.7 to 47.0.0
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst">cryptography's
changelog</a>.</em></p>
<blockquote>
<p>47.0.0 - 2026-04-24</p>
<pre><code>
* Support for Python 3.8 is deprecated and will be removed in the next
  ``cryptography`` release.
* **BACKWARDS INCOMPATIBLE:** Support for binary elliptic curves
  (``SECT*`` classes) has been removed. These curves are rarely used and
  have additional security considerations that make them undesirable.
* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL 1.1.x has been
removed.
OpenSSL 3.0.0 or later is now required. LibreSSL, BoringSSL, and AWS-LC
  continue to be supported.
* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL &lt; 4.1.
* **BACKWARDS INCOMPATIBLE:** Loading keys with unsupported algorithms
or
  keys with unsupported explicit curve encodings now raises
  :class:`~cryptography.exceptions.UnsupportedAlgorithm` instead of
  ``ValueError``. This change affects

:func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key`,

:func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`,

:func:`~cryptography.hazmat.primitives.serialization.load_pem_public_key`,

:func:`~cryptography.hazmat.primitives.serialization.load_der_public_key`,
  and :meth:`~cryptography.x509.Certificate.public_key` when called on
  certificates with unsupported public key algorithms.
* **BACKWARDS INCOMPATIBLE:** When parsing elliptic curve private keys,
we now
reject keys that incorrectly encode a private key of the wrong length
because
such keys are impossible to process in a constant-time manner. We do not
believe keys with this problem are in wide use, however we may revert
this
  change based on the feedback we receive.
* Deprecated passing 64-bit (8-byte) and 128-bit (16-byte) keys to
:class:`~cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES`. In
a
future release, only 192-bit (24-byte) keys will be accepted. Users
should
expand shorter keys themselves (e.g., for single DES: ``key + key +
key``,
  for two-key: ``key + key[:8]``).
* Updated the minimum supported Rust version (MSRV) to 1.83.0, from
1.74.0.
* Support for ``x86_64`` macOS (including publishing wheels) is
deprecated
and will be removed in the next release. We will switch to publishing an
  ``arm64`` only wheel for macOS.
* Support for 32-bit Windows (including publishing wheels) is deprecated
  and will be removed in the next release. Users should move to a 64-bit
  Python installation.
* ``public_bytes`` and ``private_bytes`` methods on keys now raise
``TypeError`` (instead of ``ValueError``) if an invalid encoding is
provided
  for the given ``format``.
* Moved :class:`~cryptography.hazmat.decrepit.ciphers.modes.CFB`,
  :class:`~cryptography.hazmat.decrepit.ciphers.modes.OFB`, and
  :class:`~cryptography.hazmat.decrepit.ciphers.modes.CFB8` into
:doc:`/hazmat/decrepit/index` and deprecated them in the ``modes``
module.
  They will be removed from the ``modes`` module in 49.0.0.
* Moved
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.Camellia`
into :doc:`/hazmat/decrepit/index` and deprecated it in the ``cipher``
module.
  It will be removed from the ``cipher`` module in 49.0.0.
&lt;/tr&gt;&lt;/table&gt; 
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pyca/cryptography/commit/59c5f5e4b9395f32d407f66467d59ccea9f9829f"><code>59c5f5e</code></a>
bump for 47.0.0 release (<a
href="https://redirect.github.com/pyca/cryptography/issues/14730">#14730</a>)</li>
<li><a
href="https://github.com/pyca/cryptography/commit/9025578c87f14096f9332264881f5370a1c64e93"><code>9025578</code></a>
Add MLKEM1024-P384 hybrid KEM support in HPKE (<a
href="https://redirect.github.com/pyca/cryptography/issues/14722">#14722</a>)</li>
<li><a
href="https://github.com/pyca/cryptography/commit/ef66de49e0bd281da86750178ab2fb4b5b104162"><code>ef66de4</code></a>
Recommend Argon2id over PBKDF2HMAC as KDF (<a
href="https://redirect.github.com/pyca/cryptography/issues/14724">#14724</a>)</li>
<li><a
href="https://github.com/pyca/cryptography/commit/d996a37666524c606419e71de15eb527bae655aa"><code>d996a37</code></a>
Add ubuntu-resolute to CI workflow (<a
href="https://redirect.github.com/pyca/cryptography/issues/14729">#14729</a>)</li>
<li><a
href="https://github.com/pyca/cryptography/commit/e86da41ff7e21a04529a933856dc27dacd9e7fc0"><code>e86da41</code></a>
chore(deps): bump libc from 0.2.185 to 0.2.186 (<a
href="https://redirect.github.com/pyca/cryptography/issues/14725">#14725</a>)</li>
<li><a
href="https://github.com/pyca/cryptography/commit/1c33c9a5d96a7b1a975ab5a465a75517e0ebadd6"><code>1c33c9a</code></a>
Bump downstream dependencies in CI (<a
href="https://redirect.github.com/pyca/cryptography/issues/14728">#14728</a>)</li>
<li><a
href="https://github.com/pyca/cryptography/commit/67fb6be685bbc0952a47cf18e9ee4533b411cd8b"><code>67fb6be</code></a>
Bump x509-limbo and/or wycheproof in CI (<a
href="https://redirect.github.com/pyca/cryptography/issues/14727">#14727</a>)</li>
<li><a
href="https://github.com/pyca/cryptography/commit/6cb20b3141c6391ae11075f30b992375c05adad5"><code>6cb20b3</code></a>
Bump BoringSSL, OpenSSL, AWS-LC in CI (<a
href="https://redirect.github.com/pyca/cryptography/issues/14726">#14726</a>)</li>
<li><a
href="https://github.com/pyca/cryptography/commit/d6f372d7ea7f7df96aeda240252a23b6ed46bc71"><code>d6f372d</code></a>
Update supported OpenSSL versions in installation docs (<a
href="https://redirect.github.com/pyca/cryptography/issues/14721">#14721</a>)</li>
<li><a
href="https://github.com/pyca/cryptography/commit/ebd26194cd6a3315b122a44d2ee5aeb138bee55b"><code>ebd2619</code></a>
openssl 3.3 is out of upstream support (<a
href="https://redirect.github.com/pyca/cryptography/issues/14720">#14720</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/pyca/cryptography/compare/46.0.7...47.0.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `idna` from 3.11 to 3.13
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/kjd/idna/blob/master/HISTORY.rst">idna's
changelog</a>.</em></p>
<blockquote>
<p>3.13 (2026-04-22)
+++++++++++++++++</p>
<ul>
<li>Correct classification error for codepoint U+A7F1</li>
</ul>
<p>3.12 (2026-04-21)
+++++++++++++++++</p>
<ul>
<li>Update to Unicode 17.0.0.</li>
<li>Issue a deprecation warning for the transitional argument.</li>
<li>Added lazy-loading to provide some performance improvements.</li>
<li>Removed vestiges of code related to Python 2 support, including
segmentation of data structures specific to Jython.</li>
</ul>
<p>Thanks to Rodrigo Nogueira for contributions to this release.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/kjd/idna/commit/89cdfd27338896cee6b1ee18e64c96ac28684ce0"><code>89cdfd2</code></a>
Release v3.13</li>
<li><a
href="https://github.com/kjd/idna/commit/1eb068687543118147417a8d8a70674e2c172891"><code>1eb0686</code></a>
Pre-release 3.13</li>
<li><a
href="https://github.com/kjd/idna/commit/5f20d1e41eea3b3873d18d83d7a384784f72a92e"><code>5f20d1e</code></a>
Merge pull request <a
href="https://redirect.github.com/kjd/idna/issues/220">#220</a> from
kjd/unicode-next</li>
<li><a
href="https://github.com/kjd/idna/commit/4ea84252ab21e62a79e5a3273746112b5dcfb810"><code>4ea8425</code></a>
Regenerate idnadata.py with correct NFKC_CF data</li>
<li><a
href="https://github.com/kjd/idna/commit/fd47341a08bbdcffda33694211ca4de10170cd41"><code>fd47341</code></a>
Use NFKC_CF from Unicode data files instead of Python's unicodedata
module</li>
<li><a
href="https://github.com/kjd/idna/commit/a5304a4cdbd7b31595f8ac42ffdfa88f5b936467"><code>a5304a4</code></a>
Merge pull request <a
href="https://redirect.github.com/kjd/idna/issues/219">#219</a> from
kjd/release-3.12</li>
<li><a
href="https://github.com/kjd/idna/commit/d80d6f9254d699961fa2c669a1534cde9d4ee5b6"><code>d80d6f9</code></a>
Release v3.12</li>
<li><a
href="https://github.com/kjd/idna/commit/1bb44ddb3f2a9dcf97a6ac11aba34e5b6ed31291"><code>1bb44dd</code></a>
Merge pull request <a
href="https://redirect.github.com/kjd/idna/issues/218">#218</a> from
kjd/release-candidate-3.12rc0</li>
<li><a
href="https://github.com/kjd/idna/commit/909c49d15b8d159be163bccc7972116baffdb47b"><code>909c49d</code></a>
Release candidate for 3.12</li>
<li><a
href="https://github.com/kjd/idna/commit/c5459a10370f005dc09921aee3201b5a45699f9d"><code>c5459a1</code></a>
Merge pull request <a
href="https://redirect.github.com/kjd/idna/issues/217">#217</a> from
kjd/housekeeping-2</li>
<li>Additional commits viewable in <a
href="https://github.com/kjd/idna/compare/v3.11...v3.13">compare
view</a></li>
</ul>
</details>
<br />

Updates `packaging` from 26.1 to 26.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/packaging/releases">packaging's
releases</a>.</em></p>
<blockquote>
<h2>26.2</h2>
<h2>What's Changed</h2>
<p>Fixes:</p>
<ul>
<li>Fix incorrect sysconfig var name for pyemscripten by <a
href="https://github.com/ryanking13"><code>@​ryanking13</code></a> in <a
href="https://redirect.github.com/pypa/packaging/pull/1160">pypa/packaging#1160</a></li>
<li>Make <code>Version</code>, <code>Specifier</code>,
<code>SpecifierSet</code>, <code>Tag</code>, <code>Marker</code>, and
<code>Requirement</code> pickle-safe
and backward-compatible with pickles created in 25.0-26.1 (including
references to the removed
<code>packaging._structures</code> module) by <a
href="https://github.com/eachimei"><code>@​eachimei</code></a> and <a
href="https://github.com/henryiii"><code>@​henryiii</code></a> in <a
href="https://redirect.github.com/pypa/packaging/pull/1163">pypa/packaging#1163</a>,
<a
href="https://redirect.github.com/pypa/packaging/pull/1168">pypa/packaging#1168</a>,
<a
href="https://redirect.github.com/pypa/packaging/pull/1170">pypa/packaging#1170</a>,
and <a
href="https://redirect.github.com/pypa/packaging/pull/1171">pypa/packaging#1171</a></li>
<li>fix: re-export ExceptionGroup for now by <a
href="https://github.com/henryiii"><code>@​henryiii</code></a> in <a
href="https://redirect.github.com/pypa/packaging/pull/1164">pypa/packaging#1164</a></li>
</ul>
<p>Documentation:</p>
<ul>
<li>docs: add errors section and fix missing details by <a
href="https://github.com/henryiii"><code>@​henryiii</code></a> in <a
href="https://redirect.github.com/pypa/packaging/pull/1159">pypa/packaging#1159</a></li>
<li>docs(dev): document property-based test suite by <a
href="https://github.com/r266-tech"><code>@​r266-tech</code></a> in <a
href="https://redirect.github.com/pypa/packaging/pull/1167">pypa/packaging#1167</a></li>
<li>Fix typo in DirectUrl documentation by <a
href="https://github.com/sbidoul"><code>@​sbidoul</code></a> in <a
href="https://redirect.github.com/pypa/packaging/pull/1169">pypa/packaging#1169</a></li>
<li>docs(specifiers): add is_unsatisfiable() usage example by <a
href="https://github.com/r266-tech"><code>@​r266-tech</code></a> in <a
href="https://redirect.github.com/pypa/packaging/pull/1166">pypa/packaging#1166</a></li>
</ul>
<p>Internal:</p>
<ul>
<li>Enable the auditor persona on zizmor by <a
href="https://github.com/henryiii"><code>@​henryiii</code></a> in <a
href="https://redirect.github.com/pypa/packaging/pull/1158">pypa/packaging#1158</a></li>
<li>Test new pickle guarantees by <a
href="https://github.com/henryiii"><code>@​henryiii</code></a> in <a
href="https://redirect.github.com/pypa/packaging/pull/1174">pypa/packaging#1174</a></li>
<li>Use native uv integration in rtd by <a
href="https://github.com/henryiii"><code>@​henryiii</code></a> in <a
href="https://redirect.github.com/pypa/packaging/pull/1175">pypa/packaging#1175</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/ryanking13"><code>@​ryanking13</code></a> made
their first contribution in <a
href="https://redirect.github.com/pypa/packaging/pull/1160">pypa/packaging#1160</a></li>
<li><a href="https://github.com/eachimei"><code>@​eachimei</code></a>
made their first contribution in <a
href="https://redirect.github.com/pypa/packaging/pull/1163">pypa/packaging#1163</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/pypa/packaging/compare/26.1...26.2">https://github.com/pypa/packaging/compare/26.1...26.2</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/packaging/blob/main/CHANGELOG.rst">packaging's
changelog</a>.</em></p>
<blockquote>
<p>26.2 - 2026-04-24</p>
<pre><code>
Fixes:
<ul>
<li>Fix incorrect sysconfig var name for pyemscripten in
(:pull:<code>1160</code>)</li>
<li>Make <code>Version</code>, <code>Specifier</code>,
<code>SpecifierSet</code>, <code>Tag</code>, <code>Marker</code>, and
<code>Requirement</code> pickle-safe<br />
and backward-compatible with pickles created in 25.0-26.1 (including
references to the removed<br />
<code>packaging._structures</code> module) (:pull:<code>1163</code>,
:pull:<code>1168</code>, :pull:<code>1170</code>,
:pull:<code>1171</code>)</li>
<li>Re-export <code>ExceptionGroup</code> in metadata for now in
(:pull:<code>1164</code>)</li>
</ul>
<p>Documentation:</p>
<ul>
<li>Add errors section and fix missing details in
(:pull:<code>1159</code>)</li>
<li>Document our property-based test suite in
(:pull:<code>1167</code>)</li>
<li>Fix a <code>DirectUrl</code> typo in (:pull:<code>1167</code>)</li>
<li>Add example of <code>is_unsatisfiable</code> in
(:pull:<code>1166</code>)</li>
</ul>
<p>Internal:</p>
<ul>
<li>Enable the auditor persona on zizmor in
(:pull:<code>1158</code>)</li>
<li>Test new pickle guarantees in (:pull:<code>1174</code>)</li>
<li>Use new native ReadTheDocs uv integration in
(:pull:<code>1175</code>)<br />
</code></pre></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/packaging/commit/84a87ee42483d7352f9502d78a9553da8859aa7a"><code>84a87ee</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/packaging/commit/4a616b65bed23c8c6d58e6b0fc1a4434d4ff1f14"><code>4a616b6</code></a>
docs: a few more updates to prepare for 26.2 (<a
href="https://redirect.github.com/pypa/packaging/issues/1176">#1176</a>)</li>
<li><a
href="https://github.com/pypa/packaging/commit/9de6f44f1e82d4595edf3aad1c4f6f98c85935a0"><code>9de6f44</code></a>
ci: use native uv integration in rtd (<a
href="https://redirect.github.com/pypa/packaging/issues/1175">#1175</a>)</li>
<li><a
href="https://github.com/pypa/packaging/commit/bc76e14debd1a2799d1ca8f9d9c9823f35bfa466"><code>bc76e14</code></a>
chore: update changelog for 26.2 (<a
href="https://redirect.github.com/pypa/packaging/issues/1161">#1161</a>)</li>
<li><a
href="https://github.com/pypa/packaging/commit/3f00091c08f0aa830e33ed7db00f16f11c8ac97f"><code>3f00091</code></a>
tests: add a pickle check (<a
href="https://redirect.github.com/pypa/packaging/issues/1174">#1174</a>)</li>
<li><a
href="https://github.com/pypa/packaging/commit/48a8a069805291186522de3eff73ea80a8ca96ad"><code>48a8a06</code></a>
fix: make Requirements/Markers pickle-safe (<a
href="https://redirect.github.com/pypa/packaging/issues/1171">#1171</a>)</li>
<li><a
href="https://github.com/pypa/packaging/commit/823b44ed1f904084a77ae3adf0ef130af6365f84"><code>823b44e</code></a>
fix: make Tags pickle-safe (<a
href="https://redirect.github.com/pypa/packaging/issues/1170">#1170</a>)</li>
<li><a
href="https://github.com/pypa/packaging/commit/4bed32d920ca7211dd65fdf0a1ee06376e9c4733"><code>4bed32d</code></a>
fix: make Specifier / SpecifierSet pickle-safe (<a
href="https://redirect.github.com/pypa/packaging/issues/1168">#1168</a>)</li>
<li><a
href="https://github.com/pypa/packaging/commit/963118e37caae97bc8b72f72956c7fb4ca9857ec"><code>963118e</code></a>
fix: re-export ExceptionGroup for now (<a
href="https://redirect.github.com/pypa/packaging/issues/1164">#1164</a>)</li>
<li><a
href="https://github.com/pypa/packaging/commit/66e34a80256c96dea11da143682950c84b8133bb"><code>66e34a8</code></a>
docs(specifiers): add is_unsatisfiable() usage example (<a
href="https://redirect.github.com/pypa/packaging/issues/1166">#1166</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/packaging/compare/26.1...26.2">compare
view</a></li>
</ul>
</details>
<br />

Updates `pip` from 26.0 to 26.1
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>26.1 (2026-04-26)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Drop support for Python 3.9.
(<code>[#13795](pypa/pip#13795)
&lt;https://github.com/pypa/pip/issues/13795&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Add experimental support to read requirements from standardized
pylock.toml files (<code>-r pylock.toml</code>).
(<code>[#13876](pypa/pip#13876)
&lt;https://github.com/pypa/pip/issues/13876&gt;</code>_)</li>
<li>Allow <code>--uploaded-prior-to</code> to accept a duration in days
(e.g., <code>P3D</code> for 3 days ago).
(<code>[#13674](pypa/pip#13674)
&lt;https://github.com/pypa/pip/issues/13674&gt;</code>_)</li>
</ul>
<h2>Enhancements</h2>
<ul>
<li>Speed up dependency resolution when there are complex conflicts.
(<code>[#13859](pypa/pip#13859)
&lt;https://github.com/pypa/pip/issues/13859&gt;</code>_)</li>
<li>Reduce memory usage when resolving large dependency trees.
(<code>[#13843](pypa/pip#13843)
&lt;https://github.com/pypa/pip/issues/13843&gt;</code>_)</li>
<li>Emit a deprecation warning when pip imports an unexpected module
after
installation of a distribution has started.
(<code>[#13912](pypa/pip#13912)
&lt;https://github.com/pypa/pip/issues/13912&gt;</code>_)</li>
<li>Allow URL constraints to apply to requirements with extras.
(<code>[#12018](pypa/pip#12018)
&lt;https://github.com/pypa/pip/issues/12018&gt;</code>_)</li>
<li>Allow unpinned requirements to use hashes from constraints.
Constraints
like <code>{name}=={version} --hash=...</code> feeds into hash
verification for
a corresponding requirement.
(<code>[#9243](pypa/pip#9243)
&lt;https://github.com/pypa/pip/issues/9243&gt;</code>_)</li>
<li>Improve conflict reports that involve direct URLs.
(<code>[#13932](pypa/pip#13932)
&lt;https://github.com/pypa/pip/issues/13932&gt;</code>_)</li>
<li>Show all errors instead of first error for faulty
<code>dependency_groups</code> definitions.
(<code>[#13917](pypa/pip#13917)
&lt;https://github.com/pypa/pip/issues/13917&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Fix recovery hint for missing RECORD file to use
<code>--ignore-installed</code>
instead of <code>--force-reinstall</code>.
(<code>[#12645](pypa/pip#12645)
&lt;https://github.com/pypa/pip/issues/12645&gt;</code>_)</li>
<li>Fix misleading error message when a constraint file cannot be
opened. (<code>[#13226](pypa/pip#13226)
&lt;https://github.com/pypa/pip/issues/13226&gt;</code>_)</li>
<li>Show the filename rather than the full URL when downloading files
from non-PyPI indexes in non-verbose mode.
(<code>[#13494](pypa/pip#13494)
&lt;https://github.com/pypa/pip/issues/13494&gt;</code>_)</li>
<li>Remove the adjacent <code>__pycache__</code> directory when a .py
file is removed.
(<code>[#13725](pypa/pip#13725)
&lt;https://github.com/pypa/pip/issues/13725&gt;</code>_)</li>
<li>Force UTF-8 encoding for :pep:<code>723</code> metadata.
(<code>[#13861](pypa/pip#13861)
&lt;https://github.com/pypa/pip/issues/13861&gt;</code>_)</li>
<li>Minor performance improvement when filtering candidates during
resolution. (<code>[#13916](pypa/pip#13916)
&lt;https://github.com/pypa/pip/issues/13916&gt;</code>_)</li>
<li>Fix a hang on Windows when stdout is closed during verbose output.
(<code>[#13927](pypa/pip#13927)
&lt;https://github.com/pypa/pip/issues/13927&gt;</code>_)</li>
<li>Common path prefixes are determined by path segment, not character
by character. (<code>[#13847](pypa/pip#13847)
&lt;https://github.com/pypa/pip/issues/13847&gt;</code>_)</li>
<li>Fix installing <code>.tar.gz</code> source distributions that look
like a zip file.
(<code>[#13867](pypa/pip#13867)
&lt;https://github.com/pypa/pip/issues/13867&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade certifi to 2026.2.25</li>
<li>Upgrade packaging to 26.2</li>
<li>Upgrade requests to 2.33.1</li>
<li>Upgrade tomli to 2.3.1</li>
<li>Upgrade urllib3 to 2.6.3</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/90b2b3e0f7ef75c485155716d904e51654575803"><code>90b2b3e</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/193f289a6201f801b23885297332461ac8a65b6b"><code>193f289</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/63c3709071c9596d7f4676502a90a3b06f241772"><code>63c3709</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13876">#13876</a> from
sbidoul/install-from-pylock-reqs-sbi</li>
<li><a
href="https://github.com/pypa/pip/commit/e5fe7023ffe74a5895571eaf57bdd2989018fbf2"><code>e5fe702</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13949">#13949</a> from
pypa/revert-13888-resolver-editable-links</li>
<li><a
href="https://github.com/pypa/pip/commit/122a14a8cd3dae7b3e959641f0b45849d4b21618"><code>122a14a</code></a>
Revert &quot;Allow editable installs to satisfy direct-URL dependencies
(<a
href="https://redirect.github.com/pypa/pip/issues/13888">#13888</a>)&quot;</li>
<li><a
href="https://github.com/pypa/pip/commit/c3352524aae95ae959d4727dda5b5c65752261b3"><code>c335252</code></a>
-r pylock.toml: add pip-wheel -r pylock.toml test</li>
<li><a
href="https://github.com/pypa/pip/commit/ba2fc12b7f386d89e233bdfd49e7b89d1af57ad1"><code>ba2fc12</code></a>
-r pylock.toml: proper error with remote pylock.toml containing
directory ent...</li>
<li><a
href="https://github.com/pypa/pip/commit/747c4ae88837a8bb13946fe9d1b612c162a2e3df"><code>747c4ae</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13948">#13948</a> from
ichard26/reword-news</li>
<li><a
href="https://github.com/pypa/pip/commit/3517841c5e2d92e04dbef52c61a8fa967c059efa"><code>3517841</code></a>
-r pylock: refine filename pylock-ness test</li>
<li><a
href="https://github.com/pypa/pip/commit/2f7ad8caeed4471e63958df6cacba3a66a215588"><code>2f7ad8c</code></a>
-r pylock.toml: fix crash with pip wheel and pip lock</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/26.0...26.1">compare
view</a></li>
</ul>
</details>
<br />

Updates `wheel` from 0.46.2 to 0.47.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/wheel/releases">wheel's
releases</a>.</em></p>
<blockquote>
<h2>0.47.0</h2>
<ul>
<li>Added the <code>wheel info</code> subcommand to display metadata
about wheel files without unpacking them (<a
href="https://redirect.github.com/pypa/wheel/issues/639">#639</a>)</li>
<li>Fixed <code>WheelFile</code> raising <code>Missing RECORD
file</code> when the wheel filename contains uppercase characters (e.g.
<code>Django-3.2.5.whl</code>) but the <code>.dist-info</code> directory
inside uses normalized lowercase naming (<a
href="https://redirect.github.com/pypa/wheel/issues/411">#411</a>)</li>
</ul>
<h2>0.46.3</h2>
<ul>
<li>Fixed <code>ImportError: cannot import name '_setuptools_logging'
from 'wheel'</code> when installed alongside an old version of
setuptools and running the <code>bdist_wheel</code> command (<a
href="https://redirect.github.com/pypa/wheel/issues/676">#676</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/wheel/blob/main/docs/news.rst">wheel's
changelog</a>.</em></p>
<blockquote>
<h1>Release Notes</h1>
<p><strong>0.47.0 (2026-04-22)</strong></p>
<ul>
<li>Added the <code>wheel info</code> subcommand to display metadata
about wheel files without
unpacking them (<code>[#639](pypa/wheel#639)
&lt;https://github.com/pypa/wheel/issues/639&gt;</code>_)</li>
<li>Fixed <code>WheelFile</code> raising <code>Missing RECORD
file</code> when the wheel filename contains
uppercase characters (e.g. <code>Django-3.2.5.whl</code>) but the
<code>.dist-info</code> directory
inside uses normalized lowercase naming
(<code>[google#411](pypa/wheel#411)
&lt;https://github.com/pypa/wheel/issues/411&gt;</code>_)</li>
</ul>
<p><strong>0.46.3 (2026-01-22)</strong></p>
<ul>
<li>Fixed <code>ImportError: cannot import name '_setuptools_logging'
from 'wheel'</code> when
installed alongside an old version of setuptools and running the
<code>bdist_wheel</code>
command (<code>[#676](pypa/wheel#676)
&lt;https://github.com/pypa/wheel/issues/676&gt;</code>_)</li>
</ul>
<p><strong>0.46.2 (2026-01-22)</strong></p>
<ul>
<li>Restored the <code>bdist_wheel</code> command for compatibility with
<code>setuptools</code> older than
v70.1</li>
<li>Importing <code>wheel.bdist_wheel</code> now emits a
<code>FutureWarning</code> instead of a
<code>DeprecationWarning</code></li>
<li>Fixed <code>wheel unpack</code> potentially altering the permissions
of files outside of the
destination tree with maliciously crafted wheels (CVE-2026-24049)</li>
</ul>
<p><strong>0.46.1 (2025-04-08)</strong></p>
<ul>
<li>Temporarily restored the <code>wheel.macosx_libfile</code> module
(<code>[#659](pypa/wheel#659)
&lt;https://github.com/pypa/wheel/issues/659&gt;</code>_)</li>
</ul>
<p><strong>0.46.0 (2025-04-03)</strong></p>
<ul>
<li>Dropped support for Python 3.8</li>
<li>Removed the <code>bdist_wheel</code> setuptools command
implementation and entry point.
The <code>wheel.bdist_wheel</code> module is now just an alias to
<code>setuptools.command.bdist_wheel</code>, emitting a deprecation
warning on import.</li>
<li>Removed vendored <code>packaging</code> in favor of a run-time
dependency on it</li>
<li>Made the <code>wheel.metadata</code> module private (with a
deprecation warning if it's
imported</li>
<li>Made the <code>wheel.cli</code> package private (no deprecation
warning)</li>
<li>Fixed an exception when calling the <code>convert</code> command
with an empty description
field</li>
</ul>
<p><strong>0.45.1 (2024-11-23)</strong></p>
<ul>
<li>Fixed pure Python wheels converted from eggs and wininst files
having the ABI tag in
the file name</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/wheel/commit/efd83a750f07a33462ea2eed365fd8dac9e51442"><code>efd83a7</code></a>
Created a new release</li>
<li><a
href="https://github.com/pypa/wheel/commit/bb69216d35588c2a0febc2d9a130727fe6e46ee3"><code>bb69216</code></a>
Reordered the changelog entries</li>
<li><a
href="https://github.com/pypa/wheel/commit/d5a1763ce927618bfa7d82abe334d0d14a93cc37"><code>d5a1763</code></a>
fix(wheelfile): resolve .dist-info path case-insensitively when reading
wheel...</li>
<li><a
href="https://github.com/pypa/wheel/commit/5718957928ece25eb0d1c12023c71dea4fcb5cf9"><code>5718957</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/pypa/wheel/issues/685">#685</a>)</li>
<li><a
href="https://github.com/pypa/wheel/commit/625806845ae5756be3cc0f9d44832c29079c0954"><code>6258068</code></a>
chore: log_level is better than log_cli_level (<a
href="https://redirect.github.com/pypa/wheel/issues/684">#684</a>)</li>
<li><a
href="https://github.com/pypa/wheel/commit/2975debc789682b3a448b134611acc6962a93eb3"><code>2975deb</code></a>
Require tox &gt;= 4.22</li>
<li><a
href="https://github.com/pypa/wheel/commit/47674ba770e5ee72d679b7eb32b558e0c177640d"><code>47674ba</code></a>
chore: add check-sdist to checks (<a
href="https://redirect.github.com/pypa/wheel/issues/681">#681</a>)</li>
<li><a
href="https://github.com/pypa/wheel/commit/56223f6f8dfa8d3d40923f24dcf159204698d7b6"><code>56223f6</code></a>
<code>__package__</code> → <code>__spec__.parent</code> (<a
href="https://redirect.github.com/pypa/wheel/issues/679">#679</a>)</li>
<li><a
href="https://github.com/pypa/wheel/commit/0ce509e02dc3cd1b7b0bdf868482de062b3c21c3"><code>0ce509e</code></a>
Added the wheel info subcommand (<a
href="https://redirect.github.com/pypa/wheel/issues/669">#669</a>)</li>
<li><a
href="https://github.com/pypa/wheel/commit/39039c0f3446c1ed5ec52621e98bc2bad8178a06"><code>39039c0</code></a>
Improved the index page</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/wheel/compare/0.46.2...0.47.0">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
ptr727 pushed a commit to ptr727/homeassistant-purpleair that referenced this pull request Apr 29, 2026
@dependabot
Update pip requirement from >=21.3.1 to >=26.1 (#6)
68bdf0e 
Updates the requirements on [pip](https://github.com/pypa/pip) to permit
the latest version.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>26.1 (2026-04-26)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Drop support for Python 3.9.
(<code>[#13795](pypa/pip#13795)
&lt;https://github.com/pypa/pip/issues/13795&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Add experimental support to read requirements from standardized
pylock.toml files (<code>-r pylock.toml</code>).
(<code>[#13876](pypa/pip#13876)
&lt;https://github.com/pypa/pip/issues/13876&gt;</code>_)</li>
<li>Allow <code>--uploaded-prior-to</code> to accept a duration in days
(e.g., <code>P3D</code> for 3 days ago).
(<code>[#13674](pypa/pip#13674)
&lt;https://github.com/pypa/pip/issues/13674&gt;</code>_)</li>
</ul>
<h2>Enhancements</h2>
<ul>
<li>Speed up dependency resolution when there are complex conflicts.
(<code>[#13859](pypa/pip#13859)
&lt;https://github.com/pypa/pip/issues/13859&gt;</code>_)</li>
<li>Reduce memory usage when resolving large dependency trees.
(<code>[#13843](pypa/pip#13843)
&lt;https://github.com/pypa/pip/issues/13843&gt;</code>_)</li>
<li>Emit a deprecation warning when pip imports an unexpected module
after
installation of a distribution has started.
(<code>[#13912](pypa/pip#13912)
&lt;https://github.com/pypa/pip/issues/13912&gt;</code>_)</li>
<li>Allow URL constraints to apply to requirements with extras.
(<code>[#12018](pypa/pip#12018)
&lt;https://github.com/pypa/pip/issues/12018&gt;</code>_)</li>
<li>Allow unpinned requirements to use hashes from constraints.
Constraints
like <code>{name}=={version} --hash=...</code> feeds into hash
verification for
a corresponding requirement.
(<code>[#9243](pypa/pip#9243)
&lt;https://github.com/pypa/pip/issues/9243&gt;</code>_)</li>
<li>Improve conflict reports that involve direct URLs.
(<code>[#13932](pypa/pip#13932)
&lt;https://github.com/pypa/pip/issues/13932&gt;</code>_)</li>
<li>Show all errors instead of first error for faulty
<code>dependency_groups</code> definitions.
(<code>[#13917](pypa/pip#13917)
&lt;https://github.com/pypa/pip/issues/13917&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Fix recovery hint for missing RECORD file to use
<code>--ignore-installed</code>
instead of <code>--force-reinstall</code>.
(<code>[#12645](pypa/pip#12645)
&lt;https://github.com/pypa/pip/issues/12645&gt;</code>_)</li>
<li>Fix misleading error message when a constraint file cannot be
opened. (<code>[#13226](pypa/pip#13226)
&lt;https://github.com/pypa/pip/issues/13226&gt;</code>_)</li>
<li>Show the filename rather than the full URL when downloading files
from non-PyPI indexes in non-verbose mode.
(<code>[#13494](pypa/pip#13494)
&lt;https://github.com/pypa/pip/issues/13494&gt;</code>_)</li>
<li>Remove the adjacent <code>__pycache__</code> directory when a .py
file is removed.
(<code>[#13725](pypa/pip#13725)
&lt;https://github.com/pypa/pip/issues/13725&gt;</code>_)</li>
<li>Force UTF-8 encoding for :pep:<code>723</code> metadata.
(<code>[#13861](pypa/pip#13861)
&lt;https://github.com/pypa/pip/issues/13861&gt;</code>_)</li>
<li>Minor performance improvement when filtering candidates during
resolution. (<code>[#13916](pypa/pip#13916)
&lt;https://github.com/pypa/pip/issues/13916&gt;</code>_)</li>
<li>Fix a hang on Windows when stdout is closed during verbose output.
(<code>[#13927](pypa/pip#13927)
&lt;https://github.com/pypa/pip/issues/13927&gt;</code>_)</li>
<li>Common path prefixes are determined by path segment, not character
by character. (<code>[#13847](pypa/pip#13847)
&lt;https://github.com/pypa/pip/issues/13847&gt;</code>_)</li>
<li>Fix installing <code>.tar.gz</code> source distributions that look
like a zip file.
(<code>[#13867](pypa/pip#13867)
&lt;https://github.com/pypa/pip/issues/13867&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade certifi to 2026.2.25</li>
<li>Upgrade packaging to 26.2</li>
<li>Upgrade requests to 2.33.1</li>
<li>Upgrade tomli to 2.3.1</li>
<li>Upgrade urllib3 to 2.6.3</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/90b2b3e0f7ef75c485155716d904e51654575803"><code>90b2b3e</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/193f289a6201f801b23885297332461ac8a65b6b"><code>193f289</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/63c3709071c9596d7f4676502a90a3b06f241772"><code>63c3709</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13876">#13876</a> from
sbidoul/install-from-pylock-reqs-sbi</li>
<li><a
href="https://github.com/pypa/pip/commit/e5fe7023ffe74a5895571eaf57bdd2989018fbf2"><code>e5fe702</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13949">#13949</a> from
pypa/revert-13888-resolver-editable-links</li>
<li><a
href="https://github.com/pypa/pip/commit/122a14a8cd3dae7b3e959641f0b45849d4b21618"><code>122a14a</code></a>
Revert &quot;Allow editable installs to satisfy direct-URL dependencies
(<a
href="https://redirect.github.com/pypa/pip/issues/13888">#13888</a>)&quot;</li>
<li><a
href="https://github.com/pypa/pip/commit/c3352524aae95ae959d4727dda5b5c65752261b3"><code>c335252</code></a>
-r pylock.toml: add pip-wheel -r pylock.toml test</li>
<li><a
href="https://github.com/pypa/pip/commit/ba2fc12b7f386d89e233bdfd49e7b89d1af57ad1"><code>ba2fc12</code></a>
-r pylock.toml: proper error with remote pylock.toml containing
directory ent...</li>
<li><a
href="https://github.com/pypa/pip/commit/747c4ae88837a8bb13946fe9d1b612c162a2e3df"><code>747c4ae</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13948">#13948</a> from
ichard26/reword-news</li>
<li><a
href="https://github.com/pypa/pip/commit/3517841c5e2d92e04dbef52c61a8fa967c059efa"><code>3517841</code></a>
-r pylock: refine filename pylock-ness test</li>
<li><a
href="https://github.com/pypa/pip/commit/2f7ad8caeed4471e63958df6cacba3a66a215588"><code>2f7ad8c</code></a>
-r pylock.toml: fix crash with pip wheel and pip lock</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/21.3.1...26.1">compare
view</a></li>
</ul>
</details>
<br />

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
github-actions Bot added a commit to LPvdT/mlflow-3-tutorials that referenced this pull request Apr 30, 2026
@github-actions
Bump the uv group across 1 directory with 3 updates (#201)
ad14d25 
Bumps the uv group with 3 updates in the / directory:
[pip](https://github.com/pypa/pip),
[notebook](https://github.com/jupyter/notebook) and
[pyopenssl](https://github.com/pyca/pyopenssl).

Updates `pip` from 26.0.1 to 26.1
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>26.1 (2026-04-26)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Drop support for Python 3.9.
(<code>[#13795](pypa/pip#13795)
&lt;https://github.com/pypa/pip/issues/13795&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Add experimental support to read requirements from standardized
pylock.toml files (<code>-r pylock.toml</code>).
(<code>[#13876](pypa/pip#13876)
&lt;https://github.com/pypa/pip/issues/13876&gt;</code>_)</li>
<li>Allow <code>--uploaded-prior-to</code> to accept a duration in days
(e.g., <code>P3D</code> for 3 days ago).
(<code>[#13674](pypa/pip#13674)
&lt;https://github.com/pypa/pip/issues/13674&gt;</code>_)</li>
</ul>
<h2>Enhancements</h2>
<ul>
<li>Speed up dependency resolution when there are complex conflicts.
(<code>[#13859](pypa/pip#13859)
&lt;https://github.com/pypa/pip/issues/13859&gt;</code>_)</li>
<li>Reduce memory usage when resolving large dependency trees.
(<code>[#13843](pypa/pip#13843)
&lt;https://github.com/pypa/pip/issues/13843&gt;</code>_)</li>
<li>Emit a deprecation warning when pip imports an unexpected module
after
installation of a distribution has started.
(<code>[#13912](pypa/pip#13912)
&lt;https://github.com/pypa/pip/issues/13912&gt;</code>_)</li>
<li>Allow URL constraints to apply to requirements with extras.
(<code>[#12018](pypa/pip#12018)
&lt;https://github.com/pypa/pip/issues/12018&gt;</code>_)</li>
<li>Allow unpinned requirements to use hashes from constraints.
Constraints
like <code>{name}=={version} --hash=...</code> feeds into hash
verification for
a corresponding requirement.
(<code>[#9243](pypa/pip#9243)
&lt;https://github.com/pypa/pip/issues/9243&gt;</code>_)</li>
<li>Improve conflict reports that involve direct URLs.
(<code>[#13932](pypa/pip#13932)
&lt;https://github.com/pypa/pip/issues/13932&gt;</code>_)</li>
<li>Show all errors instead of first error for faulty
<code>dependency_groups</code> definitions.
(<code>[#13917](pypa/pip#13917)
&lt;https://github.com/pypa/pip/issues/13917&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Fix recovery hint for missing RECORD file to use
<code>--ignore-installed</code>
instead of <code>--force-reinstall</code>.
(<code>[#12645](pypa/pip#12645)
&lt;https://github.com/pypa/pip/issues/12645&gt;</code>_)</li>
<li>Fix misleading error message when a constraint file cannot be
opened. (<code>[#13226](pypa/pip#13226)
&lt;https://github.com/pypa/pip/issues/13226&gt;</code>_)</li>
<li>Show the filename rather than the full URL when downloading files
from non-PyPI indexes in non-verbose mode.
(<code>[#13494](pypa/pip#13494)
&lt;https://github.com/pypa/pip/issues/13494&gt;</code>_)</li>
<li>Remove the adjacent <code>__pycache__</code> directory when a .py
file is removed.
(<code>[#13725](pypa/pip#13725)
&lt;https://github.com/pypa/pip/issues/13725&gt;</code>_)</li>
<li>Force UTF-8 encoding for :pep:<code>723</code> metadata.
(<code>[#13861](pypa/pip#13861)
&lt;https://github.com/pypa/pip/issues/13861&gt;</code>_)</li>
<li>Minor performance improvement when filtering candidates during
resolution. (<code>[#13916](pypa/pip#13916)
&lt;https://github.com/pypa/pip/issues/13916&gt;</code>_)</li>
<li>Fix a hang on Windows when stdout is closed during verbose output.
(<code>[#13927](pypa/pip#13927)
&lt;https://github.com/pypa/pip/issues/13927&gt;</code>_)</li>
<li>Common path prefixes are determined by path segment, not character
by character. (<code>[#13847](pypa/pip#13847)
&lt;https://github.com/pypa/pip/issues/13847&gt;</code>_)</li>
<li>Fix installing <code>.tar.gz</code> source distributions that look
like a zip file.
(<code>[#13867](pypa/pip#13867)
&lt;https://github.com/pypa/pip/issues/13867&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade certifi to 2026.2.25</li>
<li>Upgrade packaging to 26.2</li>
<li>Upgrade requests to 2.33.1</li>
<li>Upgrade tomli to 2.3.1</li>
<li>Upgrade urllib3 to 2.6.3</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/90b2b3e0f7ef75c485155716d904e51654575803"><code>90b2b3e</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/193f289a6201f801b23885297332461ac8a65b6b"><code>193f289</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/63c3709071c9596d7f4676502a90a3b06f241772"><code>63c3709</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13876">#13876</a> from
sbidoul/install-from-pylock-reqs-sbi</li>
<li><a
href="https://github.com/pypa/pip/commit/e5fe7023ffe74a5895571eaf57bdd2989018fbf2"><code>e5fe702</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13949">#13949</a> from
pypa/revert-13888-resolver-editable-links</li>
<li><a
href="https://github.com/pypa/pip/commit/122a14a8cd3dae7b3e959641f0b45849d4b21618"><code>122a14a</code></a>
Revert &quot;Allow editable installs to satisfy direct-URL dependencies
(<a
href="https://redirect.github.com/pypa/pip/issues/13888">#13888</a>)&quot;</li>
<li><a
href="https://github.com/pypa/pip/commit/c3352524aae95ae959d4727dda5b5c65752261b3"><code>c335252</code></a>
-r pylock.toml: add pip-wheel -r pylock.toml test</li>
<li><a
href="https://github.com/pypa/pip/commit/ba2fc12b7f386d89e233bdfd49e7b89d1af57ad1"><code>ba2fc12</code></a>
-r pylock.toml: proper error with remote pylock.toml containing
directory ent...</li>
<li><a
href="https://github.com/pypa/pip/commit/747c4ae88837a8bb13946fe9d1b612c162a2e3df"><code>747c4ae</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13948">#13948</a> from
ichard26/reword-news</li>
<li><a
href="https://github.com/pypa/pip/commit/3517841c5e2d92e04dbef52c61a8fa967c059efa"><code>3517841</code></a>
-r pylock: refine filename pylock-ness test</li>
<li><a
href="https://github.com/pypa/pip/commit/2f7ad8caeed4471e63958df6cacba3a66a215588"><code>2f7ad8c</code></a>
-r pylock.toml: fix crash with pip wheel and pip lock</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/26.0.1...26.1">compare
view</a></li>
</ul>
</details>
<br />

Updates `notebook` from 7.5.5 to 7.5.6
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/jupyter/notebook/releases">notebook's
releases</a>.</em></p>
<blockquote>
<h2>v7.5.6</h2>
<h2>7.5.6</h2>
<p>(<a
href="https://github.com/jupyter/notebook/compare/@jupyter-notebook/application-extension@7.5.5...2e642f0cb10be314ba5d97d709cffe41bf992d9e">Full
Changelog</a>)</p>
<h3>Security patches</h3>
<ul>
<li>CVE-2026-42557 <a
href="https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-mqcg-5x36-vfcg">https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-mqcg-5x36-vfcg</a></li>
<li>CVE-2026-40171 <a
href="https://github.com/jupyter/notebook/security/advisories/GHSA-rch3-82jr-f9w9">https://github.com/jupyter/notebook/security/advisories/GHSA-rch3-82jr-f9w9</a></li>
</ul>
<h3>Maintenance and upkeep improvements</h3>
<ul>
<li>Update to JupyterLab v4.5.7 <a
href="https://redirect.github.com/jupyter/notebook/pull/7902">#7902</a>
(<a href="https://github.com/jtpio"><code>@​jtpio</code></a>)</li>
</ul>
<h3>Documentation improvements</h3>
<ul>
<li>docs: Fix broken links in troubleshooting and migration docs <a
href="https://redirect.github.com/jupyter/notebook/pull/7824">#7824</a>
(<a
href="https://github.com/RamiNoodle733"><code>@​RamiNoodle733</code></a>)</li>
</ul>
<h3>Contributors to this release</h3>
<p>The following people contributed discussions, new ideas, code and
documentation contributions, and review.
See <a
href="https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports">our
definition of contributors</a>.</p>
<p>(<a
href="https://github.com/jupyter/notebook/graphs/contributors?from=2026-03-11&amp;to=2026-04-30&amp;type=c">GitHub
contributors page for this release</a>)</p>
<p><a href="https://github.com/jtpio"><code>@​jtpio</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnotebook+involves%3Ajtpio+updated%3A2026-03-11..2026-04-30&amp;type=Issues">activity</a>)
| <a
href="https://github.com/RamiNoodle733"><code>@​RamiNoodle733</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnotebook+involves%3ARamiNoodle733+updated%3A2026-03-11..2026-04-30&amp;type=Issues">activity</a>)</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/jupyter/notebook/blob/@jupyter-notebook/tree@7.5.6/CHANGELOG.md">notebook's
changelog</a>.</em></p>
<blockquote>
<h2>7.5.6</h2>
<p>(<a
href="https://github.com/jupyter/notebook/compare/@jupyter-notebook/application-extension@7.5.5...2e642f0cb10be314ba5d97d709cffe41bf992d9e">Full
Changelog</a>)</p>
<h3>Maintenance and upkeep improvements</h3>
<ul>
<li>Update to JupyterLab v4.5.7 <a
href="https://redirect.github.com/jupyter/notebook/pull/7902">#7902</a>
(<a href="https://github.com/jtpio"><code>@​jtpio</code></a>)</li>
</ul>
<h3>Documentation improvements</h3>
<ul>
<li>docs: Fix broken links in troubleshooting and migration docs <a
href="https://redirect.github.com/jupyter/notebook/pull/7824">#7824</a>
(<a
href="https://github.com/RamiNoodle733"><code>@​RamiNoodle733</code></a>)</li>
</ul>
<h3>Contributors to this release</h3>
<p>The following people contributed discussions, new ideas, code and
documentation contributions, and review.
See <a
href="https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports">our
definition of contributors</a>.</p>
<p>(<a
href="https://github.com/jupyter/notebook/graphs/contributors?from=2026-03-11&amp;to=2026-04-30&amp;type=c">GitHub
contributors page for this release</a>)</p>
<p><a href="https://github.com/jtpio"><code>@​jtpio</code></a> (<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnotebook+involves%3Ajtpio+updated%3A2026-03-11..2026-04-30&amp;type=Issues">activity</a>)
| <a
href="https://github.com/RamiNoodle733"><code>@​RamiNoodle733</code></a>
(<a
href="https://github.com/search?q=repo%3Ajupyter%2Fnotebook+involves%3ARamiNoodle733+updated%3A2026-03-11..2026-04-30&amp;type=Issues">activity</a>)</p>
<!-- raw HTML omitted -->
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/jupyter/notebook/commit/1ab2d2b99261996e94069ca53dd3d74b8b2ee1ba"><code>1ab2d2b</code></a>
Publish 7.5.6</li>
<li><a
href="https://github.com/jupyter/notebook/commit/50e5222c9670121c3369900c7dce01aae53823fc"><code>50e5222</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/jupyter/notebook/commit/2e642f0cb10be314ba5d97d709cffe41bf992d9e"><code>2e642f0</code></a>
Update to JupyterLab v4.5.7 (<a
href="https://redirect.github.com/jupyter/notebook/issues/7902">#7902</a>)</li>
<li><a
href="https://github.com/jupyter/notebook/commit/4b93f98b5a6e57027a2e1d58694b56e2ebd793a3"><code>4b93f98</code></a>
Backport PR <a
href="https://redirect.github.com/jupyter/notebook/issues/7824">#7824</a>:
docs: Fix broken links in troubleshooting and migration do...</li>
<li>See full diff in <a
href="https://github.com/jupyter/notebook/compare/@jupyter-notebook/tree@7.5.5...@jupyter-notebook/tree@7.5.6">compare
view</a></li>
</ul>
</details>
<br />

Updates `pyopenssl` from 25.3.0 to 26.0.0
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst">pyopenssl's
changelog</a>.</em></p>
<blockquote>
<h2>26.0.0 (2026-03-15)</h2>
<p>Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^</p>
<ul>
<li>Dropped support for Python 3.7.</li>
<li>The minimum <code>cryptography</code> version is now 46.0.0.</li>
</ul>
<p>Deprecations:
^^^^^^^^^^^^^</p>
<p>Changes:
^^^^^^^^</p>
<ul>
<li>Added support for using aws-lc instead of OpenSSL.</li>
<li>Properly raise an error if a DTLS cookie callback returned a cookie
longer than <code>DTLS1_COOKIE_LENGTH</code> bytes. Previously this
would result in a buffer-overflow. Credit to <strong>dark_haxor</strong>
for reporting the issue. <strong>CVE-2026-27459</strong></li>
<li>Added <code>OpenSSL.SSL.Connection.get_group_name</code> to
determine which group name was negotiated.</li>
<li><code>Context.set_tlsext_servername_callback</code> now handles
exceptions raised in the callback by calling <code>sys.excepthook</code>
and returning a fatal TLS alert. Previously, exceptions were silently
swallowed and the handshake would proceed as if the callback had
succeeded. Credit to <strong>Leury Castillo</strong> for reporting this
issue. <strong>CVE-2026-27448</strong></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pyca/pyopenssl/commit/358cbf29c4e364c59930e53a270116249581eaa3"><code>358cbf2</code></a>
Prepare for 26.0.0 release (<a
href="https://redirect.github.com/pyca/pyopenssl/issues/1487">#1487</a>)</li>
<li><a
href="https://github.com/pyca/pyopenssl/commit/a8d28e7069ca213049ccfbcc227ed9ef6080a15b"><code>a8d28e7</code></a>
Bump actions/cache from 4 to 5 (<a
href="https://redirect.github.com/pyca/pyopenssl/issues/1486">#1486</a>)</li>
<li><a
href="https://github.com/pyca/pyopenssl/commit/6fefff05561c0a5e8f668b4e029a6ba3adb7d89e"><code>6fefff0</code></a>
Add aws-lc compatibility to tests and CI (<a
href="https://redirect.github.com/pyca/pyopenssl/issues/1476">#1476</a>)</li>
<li><a
href="https://github.com/pyca/pyopenssl/commit/a739f9661d09ec6cda448ad71ca3e6df0dce9d75"><code>a739f96</code></a>
Bump actions/download-artifact from 8.0.0 to 8.0.1 (<a
href="https://redirect.github.com/pyca/pyopenssl/issues/1485">#1485</a>)</li>
<li><a
href="https://github.com/pyca/pyopenssl/commit/8b4c66b1b5649ce046665b151772d40c1cddd66a"><code>8b4c66b</code></a>
Bump actions/upload-artifact in /.github/actions/upload-coverage (<a
href="https://redirect.github.com/pyca/pyopenssl/issues/1484">#1484</a>)</li>
<li><a
href="https://github.com/pyca/pyopenssl/commit/02a5c78435cd445a7d5ef20b354dba2b6abdac64"><code>02a5c78</code></a>
Bump actions/upload-artifact from 6.0.0 to 7.0.0 (<a
href="https://redirect.github.com/pyca/pyopenssl/issues/1483">#1483</a>)</li>
<li><a
href="https://github.com/pyca/pyopenssl/commit/d9733878d67ee2ad94327768bb6dc416f7827443"><code>d973387</code></a>
Bump actions/download-artifact from 7.0.0 to 8.0.0 (<a
href="https://redirect.github.com/pyca/pyopenssl/issues/1482">#1482</a>)</li>
<li><a
href="https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408"><code>57f09bb</code></a>
Fix buffer overflow in DTLS cookie generation callback (<a
href="https://redirect.github.com/pyca/pyopenssl/issues/1479">#1479</a>)</li>
<li><a
href="https://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85aa0"><code>d41a814</code></a>
Handle exceptions in set_tlsext_servername_callback callbacks (<a
href="https://redirect.github.com/pyca/pyopenssl/issues/1478">#1478</a>)</li>
<li><a
href="https://github.com/pyca/pyopenssl/commit/7b29beba7759f0b810b5d5375a50469c4f8947b3"><code>7b29beb</code></a>
Fix not using a cryptography wheel on uv (<a
href="https://redirect.github.com/pyca/pyopenssl/issues/1475">#1475</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/pyca/pyopenssl/compare/25.3.0...26.0.0">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/LPvdT/mlflow-3-tutorials/network/alerts).

</details>
Zeitsperre added a commit to Ouranosinc/xclim that referenced this pull request Apr 30, 2026
@Zeitsperre
Bump pip from 25.3 to 26.1 in /CI (#2350)
450a6d6 
Bumps [pip](https://github.com/pypa/pip) from 25.3 to 26.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>26.1 (2026-04-26)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Drop support for Python 3.9.
(<code>[#13795](pypa/pip#13795)
&lt;https://github.com/pypa/pip/issues/13795&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Add experimental support to read requirements from standardized
pylock.toml files (<code>-r pylock.toml</code>).
(<code>[#13876](pypa/pip#13876)
&lt;https://github.com/pypa/pip/issues/13876&gt;</code>_)</li>
<li>Allow <code>--uploaded-prior-to</code> to accept a duration in days
(e.g., <code>P3D</code> for 3 days ago).
(<code>[#13674](pypa/pip#13674)
&lt;https://github.com/pypa/pip/issues/13674&gt;</code>_)</li>
</ul>
<h2>Enhancements</h2>
<ul>
<li>Speed up dependency resolution when there are complex conflicts.
(<code>[#13859](pypa/pip#13859)
&lt;https://github.com/pypa/pip/issues/13859&gt;</code>_)</li>
<li>Reduce memory usage when resolving large dependency trees.
(<code>[#13843](pypa/pip#13843)
&lt;https://github.com/pypa/pip/issues/13843&gt;</code>_)</li>
<li>Emit a deprecation warning when pip imports an unexpected module
after
installation of a distribution has started.
(<code>[#13912](pypa/pip#13912)
&lt;https://github.com/pypa/pip/issues/13912&gt;</code>_)</li>
<li>Allow URL constraints to apply to requirements with extras.
(<code>[#12018](pypa/pip#12018)
&lt;https://github.com/pypa/pip/issues/12018&gt;</code>_)</li>
<li>Allow unpinned requirements to use hashes from constraints.
Constraints
like <code>{name}=={version} --hash=...</code> feeds into hash
verification for
a corresponding requirement.
(<code>[#9243](pypa/pip#9243)
&lt;https://github.com/pypa/pip/issues/9243&gt;</code>_)</li>
<li>Improve conflict reports that involve direct URLs.
(<code>[#13932](pypa/pip#13932)
&lt;https://github.com/pypa/pip/issues/13932&gt;</code>_)</li>
<li>Show all errors instead of first error for faulty
<code>dependency_groups</code> definitions.
(<code>[#13917](pypa/pip#13917)
&lt;https://github.com/pypa/pip/issues/13917&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Fix recovery hint for missing RECORD file to use
<code>--ignore-installed</code>
instead of <code>--force-reinstall</code>.
(<code>[#12645](pypa/pip#12645)
&lt;https://github.com/pypa/pip/issues/12645&gt;</code>_)</li>
<li>Fix misleading error message when a constraint file cannot be
opened. (<code>[#13226](pypa/pip#13226)
&lt;https://github.com/pypa/pip/issues/13226&gt;</code>_)</li>
<li>Show the filename rather than the full URL when downloading files
from non-PyPI indexes in non-verbose mode.
(<code>[#13494](pypa/pip#13494)
&lt;https://github.com/pypa/pip/issues/13494&gt;</code>_)</li>
<li>Remove the adjacent <code>__pycache__</code> directory when a .py
file is removed.
(<code>[#13725](pypa/pip#13725)
&lt;https://github.com/pypa/pip/issues/13725&gt;</code>_)</li>
<li>Force UTF-8 encoding for :pep:<code>723</code> metadata.
(<code>[#13861](pypa/pip#13861)
&lt;https://github.com/pypa/pip/issues/13861&gt;</code>_)</li>
<li>Minor performance improvement when filtering candidates during
resolution. (<code>[#13916](pypa/pip#13916)
&lt;https://github.com/pypa/pip/issues/13916&gt;</code>_)</li>
<li>Fix a hang on Windows when stdout is closed during verbose output.
(<code>[#13927](pypa/pip#13927)
&lt;https://github.com/pypa/pip/issues/13927&gt;</code>_)</li>
<li>Common path prefixes are determined by path segment, not character
by character. (<code>[#13847](pypa/pip#13847)
&lt;https://github.com/pypa/pip/issues/13847&gt;</code>_)</li>
<li>Fix installing <code>.tar.gz</code> source distributions that look
like a zip file.
(<code>[#13867](pypa/pip#13867)
&lt;https://github.com/pypa/pip/issues/13867&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade certifi to 2026.2.25</li>
<li>Upgrade packaging to 26.2</li>
<li>Upgrade requests to 2.33.1</li>
<li>Upgrade tomli to 2.3.1</li>
<li>Upgrade urllib3 to 2.6.3</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/90b2b3e0f7ef75c485155716d904e51654575803"><code>90b2b3e</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/193f289a6201f801b23885297332461ac8a65b6b"><code>193f289</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/63c3709071c9596d7f4676502a90a3b06f241772"><code>63c3709</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13876">#13876</a> from
sbidoul/install-from-pylock-reqs-sbi</li>
<li><a
href="https://github.com/pypa/pip/commit/e5fe7023ffe74a5895571eaf57bdd2989018fbf2"><code>e5fe702</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13949">#13949</a> from
pypa/revert-13888-resolver-editable-links</li>
<li><a
href="https://github.com/pypa/pip/commit/122a14a8cd3dae7b3e959641f0b45849d4b21618"><code>122a14a</code></a>
Revert &quot;Allow editable installs to satisfy direct-URL dependencies
(<a
href="https://redirect.github.com/pypa/pip/issues/13888">#13888</a>)&quot;</li>
<li><a
href="https://github.com/pypa/pip/commit/c3352524aae95ae959d4727dda5b5c65752261b3"><code>c335252</code></a>
-r pylock.toml: add pip-wheel -r pylock.toml test</li>
<li><a
href="https://github.com/pypa/pip/commit/ba2fc12b7f386d89e233bdfd49e7b89d1af57ad1"><code>ba2fc12</code></a>
-r pylock.toml: proper error with remote pylock.toml containing
directory ent...</li>
<li><a
href="https://github.com/pypa/pip/commit/747c4ae88837a8bb13946fe9d1b612c162a2e3df"><code>747c4ae</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13948">#13948</a> from
ichard26/reword-news</li>
<li><a
href="https://github.com/pypa/pip/commit/3517841c5e2d92e04dbef52c61a8fa967c059efa"><code>3517841</code></a>
-r pylock: refine filename pylock-ness test</li>
<li><a
href="https://github.com/pypa/pip/commit/2f7ad8caeed4471e63958df6cacba3a66a215588"><code>2f7ad8c</code></a>
-r pylock.toml: fix crash with pip wheel and pip lock</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/25.3...26.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=25.3&new-version=26.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/Ouranosinc/xclim/network/alerts).

</details>
wsxrdv pushed a commit to wsxrdv/sedpack that referenced this pull request May 4, 2026
@dependabot
Bump the dependabot group with 6 updates (google#357)
060a998 
Bumps the dependabot group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [certifi](https://github.com/certifi/python-certifi) | `2026.2.25` |
`2026.4.22` |
| [idna](https://github.com/kjd/idna) | `3.12` | `3.13` |
| [packaging](https://github.com/pypa/packaging) | `26.1` | `26.2` |
| [wheel](https://github.com/pypa/wheel) | `0.46.2` | `0.47.0` |
| [xxhash](https://github.com/ifduyue/python-xxhash) | `3.6.0` | `3.7.0`
|
| [pip](https://github.com/pypa/pip) | `26.0` | `26.1` |

Updates `certifi` from 2026.2.25 to 2026.4.22
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/certifi/python-certifi/commit/5dddfb072243da27adde885b73ba9b809c3224ca"><code>5dddfb0</code></a>
2026.04.22 (<a
href="https://redirect.github.com/certifi/python-certifi/issues/410">#410</a>)</li>
<li><a
href="https://github.com/certifi/python-certifi/commit/f99eccdaf87f7c10e521a58a700ca3eb94a0787e"><code>f99eccd</code></a>
Bump peter-evans/create-pull-request from 8.1.0 to 8.1.1 (<a
href="https://redirect.github.com/certifi/python-certifi/issues/404">#404</a>)</li>
<li><a
href="https://github.com/certifi/python-certifi/commit/918bed055f7291719512af186c1c24710f845660"><code>918bed0</code></a>
Bump actions/upload-artifact from 7.0.0 to 7.0.1 (<a
href="https://redirect.github.com/certifi/python-certifi/issues/405">#405</a>)</li>
<li><a
href="https://github.com/certifi/python-certifi/commit/0a49067eb434e53e1f8df5f7707d5dc05ef9def4"><code>0a49067</code></a>
Bump pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0 (<a
href="https://redirect.github.com/certifi/python-certifi/issues/403">#403</a>)</li>
<li><a
href="https://github.com/certifi/python-certifi/commit/acf6ce8e39e3b125f4349e11904295e4fe4c1bed"><code>acf6ce8</code></a>
Bump actions/download-artifact from 8.0.0 to 8.0.1 (<a
href="https://redirect.github.com/certifi/python-certifi/issues/398">#398</a>)</li>
<li><a
href="https://github.com/certifi/python-certifi/commit/feb0ed26163a9417ea0fb8eb52d47e79fcf202ab"><code>feb0ed2</code></a>
Bump actions/download-artifact from 7.0.0 to 8.0.0 (<a
href="https://redirect.github.com/certifi/python-certifi/issues/397">#397</a>)</li>
<li><a
href="https://github.com/certifi/python-certifi/commit/d9c11a50369cc377abb40f7909ded3d6da4d98a3"><code>d9c11a5</code></a>
Bump actions/upload-artifact from 6.0.0 to 7.0.0 (<a
href="https://redirect.github.com/certifi/python-certifi/issues/396">#396</a>)</li>
<li>See full diff in <a
href="https://github.com/certifi/python-certifi/compare/2026.02.25...2026.04.22">compare
view</a></li>
</ul>
</details>
<br />

Updates `idna` from 3.12 to 3.13
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/kjd/idna/blob/master/HISTORY.rst">idna's
changelog</a>.</em></p>
<blockquote>
<p>3.13 (2026-04-22)
+++++++++++++++++</p>
<ul>
<li>Correct classification error for codepoint U+A7F1</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/kjd/idna/commit/89cdfd27338896cee6b1ee18e64c96ac28684ce0"><code>89cdfd2</code></a>
Release v3.13</li>
<li><a
href="https://github.com/kjd/idna/commit/1eb068687543118147417a8d8a70674e2c172891"><code>1eb0686</code></a>
Pre-release 3.13</li>
<li><a
href="https://github.com/kjd/idna/commit/5f20d1e41eea3b3873d18d83d7a384784f72a92e"><code>5f20d1e</code></a>
Merge pull request <a
href="https://redirect.github.com/kjd/idna/issues/220">#220</a> from
kjd/unicode-next</li>
<li><a
href="https://github.com/kjd/idna/commit/4ea84252ab21e62a79e5a3273746112b5dcfb810"><code>4ea8425</code></a>
Regenerate idnadata.py with correct NFKC_CF data</li>
<li><a
href="https://github.com/kjd/idna/commit/fd47341a08bbdcffda33694211ca4de10170cd41"><code>fd47341</code></a>
Use NFKC_CF from Unicode data files instead of Python's unicodedata
module</li>
<li><a
href="https://github.com/kjd/idna/commit/a5304a4cdbd7b31595f8ac42ffdfa88f5b936467"><code>a5304a4</code></a>
Merge pull request <a
href="https://redirect.github.com/kjd/idna/issues/219">#219</a> from
kjd/release-3.12</li>
<li>See full diff in <a
href="https://github.com/kjd/idna/compare/v3.12...v3.13">compare
view</a></li>
</ul>
</details>
<br />

Updates `packaging` from 26.1 to 26.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/packaging/releases">packaging's
releases</a>.</em></p>
<blockquote>
<h2>26.2</h2>
<h2>What's Changed</h2>
<p>Fixes:</p>
<ul>
<li>Fix incorrect sysconfig var name for pyemscripten by <a
href="https://github.com/ryanking13"><code>@​ryanking13</code></a> in <a
href="https://redirect.github.com/pypa/packaging/pull/1160">pypa/packaging#1160</a></li>
<li>Make <code>Version</code>, <code>Specifier</code>,
<code>SpecifierSet</code>, <code>Tag</code>, <code>Marker</code>, and
<code>Requirement</code> pickle-safe
and backward-compatible with pickles created in 25.0-26.1 (including
references to the removed
<code>packaging._structures</code> module) by <a
href="https://github.com/eachimei"><code>@​eachimei</code></a> and <a
href="https://github.com/henryiii"><code>@​henryiii</code></a> in <a
href="https://redirect.github.com/pypa/packaging/pull/1163">pypa/packaging#1163</a>,
<a
href="https://redirect.github.com/pypa/packaging/pull/1168">pypa/packaging#1168</a>,
<a
href="https://redirect.github.com/pypa/packaging/pull/1170">pypa/packaging#1170</a>,
and <a
href="https://redirect.github.com/pypa/packaging/pull/1171">pypa/packaging#1171</a></li>
<li>fix: re-export ExceptionGroup for now by <a
href="https://github.com/henryiii"><code>@​henryiii</code></a> in <a
href="https://redirect.github.com/pypa/packaging/pull/1164">pypa/packaging#1164</a></li>
</ul>
<p>Documentation:</p>
<ul>
<li>docs: add errors section and fix missing details by <a
href="https://github.com/henryiii"><code>@​henryiii</code></a> in <a
href="https://redirect.github.com/pypa/packaging/pull/1159">pypa/packaging#1159</a></li>
<li>docs(dev): document property-based test suite by <a
href="https://github.com/r266-tech"><code>@​r266-tech</code></a> in <a
href="https://redirect.github.com/pypa/packaging/pull/1167">pypa/packaging#1167</a></li>
<li>Fix typo in DirectUrl documentation by <a
href="https://github.com/sbidoul"><code>@​sbidoul</code></a> in <a
href="https://redirect.github.com/pypa/packaging/pull/1169">pypa/packaging#1169</a></li>
<li>docs(specifiers): add is_unsatisfiable() usage example by <a
href="https://github.com/r266-tech"><code>@​r266-tech</code></a> in <a
href="https://redirect.github.com/pypa/packaging/pull/1166">pypa/packaging#1166</a></li>
</ul>
<p>Internal:</p>
<ul>
<li>Enable the auditor persona on zizmor by <a
href="https://github.com/henryiii"><code>@​henryiii</code></a> in <a
href="https://redirect.github.com/pypa/packaging/pull/1158">pypa/packaging#1158</a></li>
<li>Test new pickle guarantees by <a
href="https://github.com/henryiii"><code>@​henryiii</code></a> in <a
href="https://redirect.github.com/pypa/packaging/pull/1174">pypa/packaging#1174</a></li>
<li>Use native uv integration in rtd by <a
href="https://github.com/henryiii"><code>@​henryiii</code></a> in <a
href="https://redirect.github.com/pypa/packaging/pull/1175">pypa/packaging#1175</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/ryanking13"><code>@​ryanking13</code></a> made
their first contribution in <a
href="https://redirect.github.com/pypa/packaging/pull/1160">pypa/packaging#1160</a></li>
<li><a href="https://github.com/eachimei"><code>@​eachimei</code></a>
made their first contribution in <a
href="https://redirect.github.com/pypa/packaging/pull/1163">pypa/packaging#1163</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/pypa/packaging/compare/26.1...26.2">https://github.com/pypa/packaging/compare/26.1...26.2</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/packaging/blob/main/CHANGELOG.rst">packaging's
changelog</a>.</em></p>
<blockquote>
<p>26.2 - 2026-04-24</p>
<pre><code>
Fixes:
<ul>
<li>Fix incorrect sysconfig var name for pyemscripten in
(:pull:<code>1160</code>)</li>
<li>Make <code>Version</code>, <code>Specifier</code>,
<code>SpecifierSet</code>, <code>Tag</code>, <code>Marker</code>, and
<code>Requirement</code> pickle-safe<br />
and backward-compatible with pickles created in 25.0-26.1 (including
references to the removed<br />
<code>packaging._structures</code> module) (:pull:<code>1163</code>,
:pull:<code>1168</code>, :pull:<code>1170</code>,
:pull:<code>1171</code>)</li>
<li>Re-export <code>ExceptionGroup</code> in metadata for now in
(:pull:<code>1164</code>)</li>
</ul>
<p>Documentation:</p>
<ul>
<li>Add errors section and fix missing details in
(:pull:<code>1159</code>)</li>
<li>Document our property-based test suite in
(:pull:<code>1167</code>)</li>
<li>Fix a <code>DirectUrl</code> typo in (:pull:<code>1167</code>)</li>
<li>Add example of <code>is_unsatisfiable</code> in
(:pull:<code>1166</code>)</li>
</ul>
<p>Internal:</p>
<ul>
<li>Enable the auditor persona on zizmor in
(:pull:<code>1158</code>)</li>
<li>Test new pickle guarantees in (:pull:<code>1174</code>)</li>
<li>Use new native ReadTheDocs uv integration in
(:pull:<code>1175</code>)<br />
</code></pre></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/packaging/commit/84a87ee42483d7352f9502d78a9553da8859aa7a"><code>84a87ee</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/packaging/commit/4a616b65bed23c8c6d58e6b0fc1a4434d4ff1f14"><code>4a616b6</code></a>
docs: a few more updates to prepare for 26.2 (<a
href="https://redirect.github.com/pypa/packaging/issues/1176">#1176</a>)</li>
<li><a
href="https://github.com/pypa/packaging/commit/9de6f44f1e82d4595edf3aad1c4f6f98c85935a0"><code>9de6f44</code></a>
ci: use native uv integration in rtd (<a
href="https://redirect.github.com/pypa/packaging/issues/1175">#1175</a>)</li>
<li><a
href="https://github.com/pypa/packaging/commit/bc76e14debd1a2799d1ca8f9d9c9823f35bfa466"><code>bc76e14</code></a>
chore: update changelog for 26.2 (<a
href="https://redirect.github.com/pypa/packaging/issues/1161">#1161</a>)</li>
<li><a
href="https://github.com/pypa/packaging/commit/3f00091c08f0aa830e33ed7db00f16f11c8ac97f"><code>3f00091</code></a>
tests: add a pickle check (<a
href="https://redirect.github.com/pypa/packaging/issues/1174">#1174</a>)</li>
<li><a
href="https://github.com/pypa/packaging/commit/48a8a069805291186522de3eff73ea80a8ca96ad"><code>48a8a06</code></a>
fix: make Requirements/Markers pickle-safe (<a
href="https://redirect.github.com/pypa/packaging/issues/1171">#1171</a>)</li>
<li><a
href="https://github.com/pypa/packaging/commit/823b44ed1f904084a77ae3adf0ef130af6365f84"><code>823b44e</code></a>
fix: make Tags pickle-safe (<a
href="https://redirect.github.com/pypa/packaging/issues/1170">#1170</a>)</li>
<li><a
href="https://github.com/pypa/packaging/commit/4bed32d920ca7211dd65fdf0a1ee06376e9c4733"><code>4bed32d</code></a>
fix: make Specifier / SpecifierSet pickle-safe (<a
href="https://redirect.github.com/pypa/packaging/issues/1168">#1168</a>)</li>
<li><a
href="https://github.com/pypa/packaging/commit/963118e37caae97bc8b72f72956c7fb4ca9857ec"><code>963118e</code></a>
fix: re-export ExceptionGroup for now (<a
href="https://redirect.github.com/pypa/packaging/issues/1164">#1164</a>)</li>
<li><a
href="https://github.com/pypa/packaging/commit/66e34a80256c96dea11da143682950c84b8133bb"><code>66e34a8</code></a>
docs(specifiers): add is_unsatisfiable() usage example (<a
href="https://redirect.github.com/pypa/packaging/issues/1166">#1166</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/packaging/compare/26.1...26.2">compare
view</a></li>
</ul>
</details>
<br />

Updates `wheel` from 0.46.2 to 0.47.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/wheel/releases">wheel's
releases</a>.</em></p>
<blockquote>
<h2>0.47.0</h2>
<ul>
<li>Added the <code>wheel info</code> subcommand to display metadata
about wheel files without unpacking them (<a
href="https://redirect.github.com/pypa/wheel/issues/639">#639</a>)</li>
<li>Fixed <code>WheelFile</code> raising <code>Missing RECORD
file</code> when the wheel filename contains uppercase characters (e.g.
<code>Django-3.2.5.whl</code>) but the <code>.dist-info</code> directory
inside uses normalized lowercase naming (<a
href="https://redirect.github.com/pypa/wheel/issues/411">#411</a>)</li>
</ul>
<h2>0.46.3</h2>
<ul>
<li>Fixed <code>ImportError: cannot import name '_setuptools_logging'
from 'wheel'</code> when installed alongside an old version of
setuptools and running the <code>bdist_wheel</code> command (<a
href="https://redirect.github.com/pypa/wheel/issues/676">#676</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/wheel/blob/main/docs/news.rst">wheel's
changelog</a>.</em></p>
<blockquote>
<h1>Release Notes</h1>
<p><strong>0.47.0 (2026-04-22)</strong></p>
<ul>
<li>Added the <code>wheel info</code> subcommand to display metadata
about wheel files without
unpacking them (<code>[#639](pypa/wheel#639)
&lt;https://github.com/pypa/wheel/issues/639&gt;</code>_)</li>
<li>Fixed <code>WheelFile</code> raising <code>Missing RECORD
file</code> when the wheel filename contains
uppercase characters (e.g. <code>Django-3.2.5.whl</code>) but the
<code>.dist-info</code> directory
inside uses normalized lowercase naming
(<code>[#411](pypa/wheel#411)
&lt;https://github.com/pypa/wheel/issues/411&gt;</code>_)</li>
</ul>
<p><strong>0.46.3 (2026-01-22)</strong></p>
<ul>
<li>Fixed <code>ImportError: cannot import name '_setuptools_logging'
from 'wheel'</code> when
installed alongside an old version of setuptools and running the
<code>bdist_wheel</code>
command (<code>[#676](pypa/wheel#676)
&lt;https://github.com/pypa/wheel/issues/676&gt;</code>_)</li>
</ul>
<p><strong>0.46.2 (2026-01-22)</strong></p>
<ul>
<li>Restored the <code>bdist_wheel</code> command for compatibility with
<code>setuptools</code> older than
v70.1</li>
<li>Importing <code>wheel.bdist_wheel</code> now emits a
<code>FutureWarning</code> instead of a
<code>DeprecationWarning</code></li>
<li>Fixed <code>wheel unpack</code> potentially altering the permissions
of files outside of the
destination tree with maliciously crafted wheels (CVE-2026-24049)</li>
</ul>
<p><strong>0.46.1 (2025-04-08)</strong></p>
<ul>
<li>Temporarily restored the <code>wheel.macosx_libfile</code> module
(<code>[#659](pypa/wheel#659)
&lt;https://github.com/pypa/wheel/issues/659&gt;</code>_)</li>
</ul>
<p><strong>0.46.0 (2025-04-03)</strong></p>
<ul>
<li>Dropped support for Python 3.8</li>
<li>Removed the <code>bdist_wheel</code> setuptools command
implementation and entry point.
The <code>wheel.bdist_wheel</code> module is now just an alias to
<code>setuptools.command.bdist_wheel</code>, emitting a deprecation
warning on import.</li>
<li>Removed vendored <code>packaging</code> in favor of a run-time
dependency on it</li>
<li>Made the <code>wheel.metadata</code> module private (with a
deprecation warning if it's
imported</li>
<li>Made the <code>wheel.cli</code> package private (no deprecation
warning)</li>
<li>Fixed an exception when calling the <code>convert</code> command
with an empty description
field</li>
</ul>
<p><strong>0.45.1 (2024-11-23)</strong></p>
<ul>
<li>Fixed pure Python wheels converted from eggs and wininst files
having the ABI tag in
the file name</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/wheel/commit/efd83a750f07a33462ea2eed365fd8dac9e51442"><code>efd83a7</code></a>
Created a new release</li>
<li><a
href="https://github.com/pypa/wheel/commit/bb69216d35588c2a0febc2d9a130727fe6e46ee3"><code>bb69216</code></a>
Reordered the changelog entries</li>
<li><a
href="https://github.com/pypa/wheel/commit/d5a1763ce927618bfa7d82abe334d0d14a93cc37"><code>d5a1763</code></a>
fix(wheelfile): resolve .dist-info path case-insensitively when reading
wheel...</li>
<li><a
href="https://github.com/pypa/wheel/commit/5718957928ece25eb0d1c12023c71dea4fcb5cf9"><code>5718957</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/pypa/wheel/issues/685">#685</a>)</li>
<li><a
href="https://github.com/pypa/wheel/commit/625806845ae5756be3cc0f9d44832c29079c0954"><code>6258068</code></a>
chore: log_level is better than log_cli_level (<a
href="https://redirect.github.com/pypa/wheel/issues/684">#684</a>)</li>
<li><a
href="https://github.com/pypa/wheel/commit/2975debc789682b3a448b134611acc6962a93eb3"><code>2975deb</code></a>
Require tox &gt;= 4.22</li>
<li><a
href="https://github.com/pypa/wheel/commit/47674ba770e5ee72d679b7eb32b558e0c177640d"><code>47674ba</code></a>
chore: add check-sdist to checks (<a
href="https://redirect.github.com/pypa/wheel/issues/681">#681</a>)</li>
<li><a
href="https://github.com/pypa/wheel/commit/56223f6f8dfa8d3d40923f24dcf159204698d7b6"><code>56223f6</code></a>
<code>__package__</code> → <code>__spec__.parent</code> (<a
href="https://redirect.github.com/pypa/wheel/issues/679">#679</a>)</li>
<li><a
href="https://github.com/pypa/wheel/commit/0ce509e02dc3cd1b7b0bdf868482de062b3c21c3"><code>0ce509e</code></a>
Added the wheel info subcommand (<a
href="https://redirect.github.com/pypa/wheel/issues/669">#669</a>)</li>
<li><a
href="https://github.com/pypa/wheel/commit/39039c0f3446c1ed5ec52621e98bc2bad8178a06"><code>39039c0</code></a>
Improved the index page</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/wheel/compare/0.46.2...0.47.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `xxhash` from 3.6.0 to 3.7.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/ifduyue/python-xxhash/releases">xxhash's
releases</a>.</em></p>
<blockquote>
<h2>v3.7.0</h2>
<ul>
<li>Drop support for Python 3.7</li>
<li>Build armv7l manylinux/musllinux wheels</li>
<li>Build riscv64 manylinux/musllinux wheels</li>
<li>Build android and ios wheels</li>
</ul>
<hr />
<p>Full list of changes: <a
href="https://github.com/ifduyue/python-xxhash/compare/v3.6.0...v3.7.0">https://github.com/ifduyue/python-xxhash/compare/v3.6.0...v3.7.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/ifduyue/python-xxhash/blob/master/CHANGELOG.rst">xxhash's
changelog</a>.</em></p>
<blockquote>
<p>v3.7.0 2025-04-25</p>
<pre><code>
- Drop support for Python 3.7
- Build armv7l manylinux/musllinux wheels
- Build riscv64 manylinux/musllinux wheels
- Build android and ios wheels
</code></pre>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/ifduyue/python-xxhash/commit/404589e3d5735591755d2e7f32c87a15f8724c02"><code>404589e</code></a>
Prepare 3.7.0</li>
<li><a
href="https://github.com/ifduyue/python-xxhash/commit/d3cd66446da1bea6de24b4edebc31a84cee45aab"><code>d3cd664</code></a>
Bump pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0</li>
<li><a
href="https://github.com/ifduyue/python-xxhash/commit/0d7d943288e3ad86988d57002ec5ebd3ce8e61da"><code>0d7d943</code></a>
Bump pypa/cibuildwheel from 3.4.0 to 3.4.1</li>
<li><a
href="https://github.com/ifduyue/python-xxhash/commit/c4b8775fe0fd60598e4244ea0c522134cc3c3cf5"><code>c4b8775</code></a>
Bump actions/download-artifact from 7 to 8</li>
<li><a
href="https://github.com/ifduyue/python-xxhash/commit/1ae3e5b60e4cf1f5f78278183dde90dba932962a"><code>1ae3e5b</code></a>
Bump actions/upload-artifact from 6 to 7</li>
<li><a
href="https://github.com/ifduyue/python-xxhash/commit/8faaa340c9a647dd78ce1c6515097b28f744352b"><code>8faaa34</code></a>
Bump pypa/cibuildwheel from 3.3.1 to 3.4.0</li>
<li><a
href="https://github.com/ifduyue/python-xxhash/commit/4ba9b0cc343c50f903ff67918032971e0d9842c3"><code>4ba9b0c</code></a>
Bump docker/setup-qemu-action from 3 to 4</li>
<li><a
href="https://github.com/ifduyue/python-xxhash/commit/43bb2030f1a7fd389cc876037e653674b850e9e7"><code>43bb203</code></a>
Bump actions/download-artifact from 6 to 7</li>
<li><a
href="https://github.com/ifduyue/python-xxhash/commit/a7a3bd22f2a536220bd08c5765e2fe06e9210ba8"><code>a7a3bd2</code></a>
Bump actions/upload-artifact from 5 to 6</li>
<li><a
href="https://github.com/ifduyue/python-xxhash/commit/c35bf0125bfe2a11794d7d5440159ed8b124e0e1"><code>c35bf01</code></a>
Bump pypa/cibuildwheel from 3.3.0 to 3.3.1</li>
<li>Additional commits viewable in <a
href="https://github.com/ifduyue/python-xxhash/compare/v3.6.0...v3.7.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `pip` from 26.0 to 26.1
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>26.1 (2026-04-26)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Drop support for Python 3.9.
(<code>[#13795](pypa/pip#13795)
&lt;https://github.com/pypa/pip/issues/13795&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Add experimental support to read requirements from standardized
pylock.toml files (<code>-r pylock.toml</code>).
(<code>[#13876](pypa/pip#13876)
&lt;https://github.com/pypa/pip/issues/13876&gt;</code>_)</li>
<li>Allow <code>--uploaded-prior-to</code> to accept a duration in days
(e.g., <code>P3D</code> for 3 days ago).
(<code>[#13674](pypa/pip#13674)
&lt;https://github.com/pypa/pip/issues/13674&gt;</code>_)</li>
</ul>
<h2>Enhancements</h2>
<ul>
<li>Speed up dependency resolution when there are complex conflicts.
(<code>[#13859](pypa/pip#13859)
&lt;https://github.com/pypa/pip/issues/13859&gt;</code>_)</li>
<li>Reduce memory usage when resolving large dependency trees.
(<code>[#13843](pypa/pip#13843)
&lt;https://github.com/pypa/pip/issues/13843&gt;</code>_)</li>
<li>Emit a deprecation warning when pip imports an unexpected module
after
installation of a distribution has started.
(<code>[#13912](pypa/pip#13912)
&lt;https://github.com/pypa/pip/issues/13912&gt;</code>_)</li>
<li>Allow URL constraints to apply to requirements with extras.
(<code>[#12018](pypa/pip#12018)
&lt;https://github.com/pypa/pip/issues/12018&gt;</code>_)</li>
<li>Allow unpinned requirements to use hashes from constraints.
Constraints
like <code>{name}=={version} --hash=...</code> feeds into hash
verification for
a corresponding requirement.
(<code>[#9243](pypa/pip#9243)
&lt;https://github.com/pypa/pip/issues/9243&gt;</code>_)</li>
<li>Improve conflict reports that involve direct URLs.
(<code>[#13932](pypa/pip#13932)
&lt;https://github.com/pypa/pip/issues/13932&gt;</code>_)</li>
<li>Show all errors instead of first error for faulty
<code>dependency_groups</code> definitions.
(<code>[#13917](pypa/pip#13917)
&lt;https://github.com/pypa/pip/issues/13917&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Fix recovery hint for missing RECORD file to use
<code>--ignore-installed</code>
instead of <code>--force-reinstall</code>.
(<code>[#12645](pypa/pip#12645)
&lt;https://github.com/pypa/pip/issues/12645&gt;</code>_)</li>
<li>Fix misleading error message when a constraint file cannot be
opened. (<code>[#13226](pypa/pip#13226)
&lt;https://github.com/pypa/pip/issues/13226&gt;</code>_)</li>
<li>Show the filename rather than the full URL when downloading files
from non-PyPI indexes in non-verbose mode.
(<code>[#13494](pypa/pip#13494)
&lt;https://github.com/pypa/pip/issues/13494&gt;</code>_)</li>
<li>Remove the adjacent <code>__pycache__</code> directory when a .py
file is removed.
(<code>[#13725](pypa/pip#13725)
&lt;https://github.com/pypa/pip/issues/13725&gt;</code>_)</li>
<li>Force UTF-8 encoding for :pep:<code>723</code> metadata.
(<code>[#13861](pypa/pip#13861)
&lt;https://github.com/pypa/pip/issues/13861&gt;</code>_)</li>
<li>Minor performance improvement when filtering candidates during
resolution. (<code>[#13916](pypa/pip#13916)
&lt;https://github.com/pypa/pip/issues/13916&gt;</code>_)</li>
<li>Fix a hang on Windows when stdout is closed during verbose output.
(<code>[#13927](pypa/pip#13927)
&lt;https://github.com/pypa/pip/issues/13927&gt;</code>_)</li>
<li>Common path prefixes are determined by path segment, not character
by character. (<code>[#13847](pypa/pip#13847)
&lt;https://github.com/pypa/pip/issues/13847&gt;</code>_)</li>
<li>Fix installing <code>.tar.gz</code> source distributions that look
like a zip file.
(<code>[#13867](pypa/pip#13867)
&lt;https://github.com/pypa/pip/issues/13867&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade certifi to 2026.2.25</li>
<li>Upgrade packaging to 26.2</li>
<li>Upgrade requests to 2.33.1</li>
<li>Upgrade tomli to 2.3.1</li>
<li>Upgrade urllib3 to 2.6.3</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/90b2b3e0f7ef75c485155716d904e51654575803"><code>90b2b3e</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/193f289a6201f801b23885297332461ac8a65b6b"><code>193f289</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/63c3709071c9596d7f4676502a90a3b06f241772"><code>63c3709</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13876">#13876</a> from
sbidoul/install-from-pylock-reqs-sbi</li>
<li><a
href="https://github.com/pypa/pip/commit/e5fe7023ffe74a5895571eaf57bdd2989018fbf2"><code>e5fe702</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13949">#13949</a> from
pypa/revert-13888-resolver-editable-links</li>
<li><a
href="https://github.com/pypa/pip/commit/122a14a8cd3dae7b3e959641f0b45849d4b21618"><code>122a14a</code></a>
Revert &quot;Allow editable installs to satisfy direct-URL dependencies
(<a
href="https://redirect.github.com/pypa/pip/issues/13888">#13888</a>)&quot;</li>
<li><a
href="https://github.com/pypa/pip/commit/c3352524aae95ae959d4727dda5b5c65752261b3"><code>c335252</code></a>
-r pylock.toml: add pip-wheel -r pylock.toml test</li>
<li><a
href="https://github.com/pypa/pip/commit/ba2fc12b7f386d89e233bdfd49e7b89d1af57ad1"><code>ba2fc12</code></a>
-r pylock.toml: proper error with remote pylock.toml containing
directory ent...</li>
<li><a
href="https://github.com/pypa/pip/commit/747c4ae88837a8bb13946fe9d1b612c162a2e3df"><code>747c4ae</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13948">#13948</a> from
ichard26/reword-news</li>
<li><a
href="https://github.com/pypa/pip/commit/3517841c5e2d92e04dbef52c61a8fa967c059efa"><code>3517841</code></a>
-r pylock: refine filename pylock-ness test</li>
<li><a
href="https://github.com/pypa/pip/commit/2f7ad8caeed4471e63958df6cacba3a66a215588"><code>2f7ad8c</code></a>
-r pylock.toml: fix crash with pip wheel and pip lock</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/26.0...26.1">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
jkennedyvz pushed a commit to langchain-ai/langchain-mongodb that referenced this pull request May 5, 2026
@dependabot
Bump pip from 26.0 to 26.1 in /libs/langchain-mongodb in the uv group…
0373a5a 
… across 1 directory (#381)

Bumps the uv group with 1 update in the /libs/langchain-mongodb
directory: [pip](https://github.com/pypa/pip).

Updates `pip` from 26.0 to 26.1
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>26.1 (2026-04-26)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Drop support for Python 3.9.
(<code>[#13795](pypa/pip#13795)
&lt;https://github.com/pypa/pip/issues/13795&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Add experimental support to read requirements from standardized
pylock.toml files (<code>-r pylock.toml</code>).
(<code>[#13876](pypa/pip#13876)
&lt;https://github.com/pypa/pip/issues/13876&gt;</code>_)</li>
<li>Allow <code>--uploaded-prior-to</code> to accept a duration in days
(e.g., <code>P3D</code> for 3 days ago).
(<code>[#13674](pypa/pip#13674)
&lt;https://github.com/pypa/pip/issues/13674&gt;</code>_)</li>
</ul>
<h2>Enhancements</h2>
<ul>
<li>Speed up dependency resolution when there are complex conflicts.
(<code>[#13859](pypa/pip#13859)
&lt;https://github.com/pypa/pip/issues/13859&gt;</code>_)</li>
<li>Reduce memory usage when resolving large dependency trees.
(<code>[#13843](pypa/pip#13843)
&lt;https://github.com/pypa/pip/issues/13843&gt;</code>_)</li>
<li>Emit a deprecation warning when pip imports an unexpected module
after
installation of a distribution has started.
(<code>[#13912](pypa/pip#13912)
&lt;https://github.com/pypa/pip/issues/13912&gt;</code>_)</li>
<li>Allow URL constraints to apply to requirements with extras.
(<code>[#12018](pypa/pip#12018)
&lt;https://github.com/pypa/pip/issues/12018&gt;</code>_)</li>
<li>Allow unpinned requirements to use hashes from constraints.
Constraints
like <code>{name}=={version} --hash=...</code> feeds into hash
verification for
a corresponding requirement.
(<code>[#9243](pypa/pip#9243)
&lt;https://github.com/pypa/pip/issues/9243&gt;</code>_)</li>
<li>Improve conflict reports that involve direct URLs.
(<code>[#13932](pypa/pip#13932)
&lt;https://github.com/pypa/pip/issues/13932&gt;</code>_)</li>
<li>Show all errors instead of first error for faulty
<code>dependency_groups</code> definitions.
(<code>[#13917](pypa/pip#13917)
&lt;https://github.com/pypa/pip/issues/13917&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Fix recovery hint for missing RECORD file to use
<code>--ignore-installed</code>
instead of <code>--force-reinstall</code>.
(<code>[#12645](pypa/pip#12645)
&lt;https://github.com/pypa/pip/issues/12645&gt;</code>_)</li>
<li>Fix misleading error message when a constraint file cannot be
opened. (<code>[#13226](pypa/pip#13226)
&lt;https://github.com/pypa/pip/issues/13226&gt;</code>_)</li>
<li>Show the filename rather than the full URL when downloading files
from non-PyPI indexes in non-verbose mode.
(<code>[#13494](pypa/pip#13494)
&lt;https://github.com/pypa/pip/issues/13494&gt;</code>_)</li>
<li>Remove the adjacent <code>__pycache__</code> directory when a .py
file is removed.
(<code>[#13725](pypa/pip#13725)
&lt;https://github.com/pypa/pip/issues/13725&gt;</code>_)</li>
<li>Force UTF-8 encoding for :pep:<code>723</code> metadata.
(<code>[#13861](pypa/pip#13861)
&lt;https://github.com/pypa/pip/issues/13861&gt;</code>_)</li>
<li>Minor performance improvement when filtering candidates during
resolution. (<code>[#13916](pypa/pip#13916)
&lt;https://github.com/pypa/pip/issues/13916&gt;</code>_)</li>
<li>Fix a hang on Windows when stdout is closed during verbose output.
(<code>[#13927](pypa/pip#13927)
&lt;https://github.com/pypa/pip/issues/13927&gt;</code>_)</li>
<li>Common path prefixes are determined by path segment, not character
by character. (<code>[#13847](pypa/pip#13847)
&lt;https://github.com/pypa/pip/issues/13847&gt;</code>_)</li>
<li>Fix installing <code>.tar.gz</code> source distributions that look
like a zip file.
(<code>[#13867](pypa/pip#13867)
&lt;https://github.com/pypa/pip/issues/13867&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade certifi to 2026.2.25</li>
<li>Upgrade packaging to 26.2</li>
<li>Upgrade requests to 2.33.1</li>
<li>Upgrade tomli to 2.3.1</li>
<li>Upgrade urllib3 to 2.6.3</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/90b2b3e0f7ef75c485155716d904e51654575803"><code>90b2b3e</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/193f289a6201f801b23885297332461ac8a65b6b"><code>193f289</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/63c3709071c9596d7f4676502a90a3b06f241772"><code>63c3709</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13876">#13876</a> from
sbidoul/install-from-pylock-reqs-sbi</li>
<li><a
href="https://github.com/pypa/pip/commit/e5fe7023ffe74a5895571eaf57bdd2989018fbf2"><code>e5fe702</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13949">#13949</a> from
pypa/revert-13888-resolver-editable-links</li>
<li><a
href="https://github.com/pypa/pip/commit/122a14a8cd3dae7b3e959641f0b45849d4b21618"><code>122a14a</code></a>
Revert &quot;Allow editable installs to satisfy direct-URL dependencies
(<a
href="https://redirect.github.com/pypa/pip/issues/13888">#13888</a>)&quot;</li>
<li><a
href="https://github.com/pypa/pip/commit/c3352524aae95ae959d4727dda5b5c65752261b3"><code>c335252</code></a>
-r pylock.toml: add pip-wheel -r pylock.toml test</li>
<li><a
href="https://github.com/pypa/pip/commit/ba2fc12b7f386d89e233bdfd49e7b89d1af57ad1"><code>ba2fc12</code></a>
-r pylock.toml: proper error with remote pylock.toml containing
directory ent...</li>
<li><a
href="https://github.com/pypa/pip/commit/747c4ae88837a8bb13946fe9d1b612c162a2e3df"><code>747c4ae</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13948">#13948</a> from
ichard26/reword-news</li>
<li><a
href="https://github.com/pypa/pip/commit/3517841c5e2d92e04dbef52c61a8fa967c059efa"><code>3517841</code></a>
-r pylock: refine filename pylock-ness test</li>
<li><a
href="https://github.com/pypa/pip/commit/2f7ad8caeed4471e63958df6cacba3a66a215588"><code>2f7ad8c</code></a>
-r pylock.toml: fix crash with pip wheel and pip lock</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/26.0...26.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=uv&previous-version=26.0&new-version=26.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/langchain-ai/langchain-mongodb/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
apereocas-bot pushed a commit to apereo/cas that referenced this pull request May 6, 2026
@dependabot
chore(deps): bump pip from 26.0 to 26.1 in /etc/loadtests/locust in t…
00f8c69 
…he pip group across 1 directory

Bumps the pip group with 1 update in the /etc/loadtests/locust directory: [pip](https://github.com/pypa/pip).

Updates `pip` from 26.0 to 26.1
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p>
<blockquote>
<h1>26.1 (2026-04-26)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Drop support for Python 3.9. (<code>[#13795](pypa/pip#13795) &lt;https://github.com/pypa/pip/issues/13795&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Add experimental support to read requirements from standardized pylock.toml files (<code>-r pylock.toml</code>). (<code>[#13876](pypa/pip#13876) &lt;https://github.com/pypa/pip/issues/13876&gt;</code>_)</li>
<li>Allow <code>--uploaded-prior-to</code> to accept a duration in days (e.g., <code>P3D</code> for 3 days ago). (<code>[#13674](pypa/pip#13674) &lt;https://github.com/pypa/pip/issues/13674&gt;</code>_)</li>
</ul>
<h2>Enhancements</h2>
<ul>
<li>Speed up dependency resolution when there are complex conflicts. (<code>[#13859](pypa/pip#13859) &lt;https://github.com/pypa/pip/issues/13859&gt;</code>_)</li>
<li>Reduce memory usage when resolving large dependency trees. (<code>[#13843](pypa/pip#13843) &lt;https://github.com/pypa/pip/issues/13843&gt;</code>_)</li>
<li>Emit a deprecation warning when pip imports an unexpected module after
installation of a distribution has started. (<code>[#13912](pypa/pip#13912) &lt;https://github.com/pypa/pip/issues/13912&gt;</code>_)</li>
<li>Allow URL constraints to apply to requirements with extras. (<code>[#12018](pypa/pip#12018) &lt;https://github.com/pypa/pip/issues/12018&gt;</code>_)</li>
<li>Allow unpinned requirements to use hashes from constraints. Constraints
like <code>{name}=={version} --hash=...</code> feeds into hash verification for
a corresponding requirement. (<code>[#9243](pypa/pip#9243) &lt;https://github.com/pypa/pip/issues/9243&gt;</code>_)</li>
<li>Improve conflict reports that involve direct URLs. (<code>[#13932](pypa/pip#13932) &lt;https://github.com/pypa/pip/issues/13932&gt;</code>_)</li>
<li>Show all errors instead of first error for faulty <code>dependency_groups</code> definitions. (<code>[#13917](pypa/pip#13917) &lt;https://github.com/pypa/pip/issues/13917&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Fix recovery hint for missing RECORD file to use <code>--ignore-installed</code>
instead of <code>--force-reinstall</code>. (<code>[#12645](pypa/pip#12645) &lt;https://github.com/pypa/pip/issues/12645&gt;</code>_)</li>
<li>Fix misleading error message when a constraint file cannot be opened. (<code>[#13226](pypa/pip#13226) &lt;https://github.com/pypa/pip/issues/13226&gt;</code>_)</li>
<li>Show the filename rather than the full URL when downloading files from non-PyPI indexes in non-verbose mode. (<code>[#13494](pypa/pip#13494) &lt;https://github.com/pypa/pip/issues/13494&gt;</code>_)</li>
<li>Remove the adjacent <code>__pycache__</code> directory when a .py file is removed. (<code>[#13725](pypa/pip#13725) &lt;https://github.com/pypa/pip/issues/13725&gt;</code>_)</li>
<li>Force UTF-8 encoding for :pep:<code>723</code> metadata. (<code>[#13861](pypa/pip#13861) &lt;https://github.com/pypa/pip/issues/13861&gt;</code>_)</li>
<li>Minor performance improvement when filtering candidates during resolution. (<code>[#13916](pypa/pip#13916) &lt;https://github.com/pypa/pip/issues/13916&gt;</code>_)</li>
<li>Fix a hang on Windows when stdout is closed during verbose output. (<code>[#13927](pypa/pip#13927) &lt;https://github.com/pypa/pip/issues/13927&gt;</code>_)</li>
<li>Common path prefixes are determined by path segment, not character by character. (<code>[#13847](pypa/pip#13847) &lt;https://github.com/pypa/pip/issues/13847&gt;</code>_)</li>
<li>Fix installing <code>.tar.gz</code> source distributions that look like a zip file. (<code>[#13867](pypa/pip#13867) &lt;https://github.com/pypa/pip/issues/13867&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade certifi to 2026.2.25</li>
<li>Upgrade packaging to 26.2</li>
<li>Upgrade requests to 2.33.1</li>
<li>Upgrade tomli to 2.3.1</li>
<li>Upgrade urllib3 to 2.6.3</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/pip/commit/90b2b3e0f7ef75c485155716d904e51654575803"><code>90b2b3e</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/193f289a6201f801b23885297332461ac8a65b6b"><code>193f289</code></a> Update AUTHORS.txt</li>
<li><a href="https://github.com/pypa/pip/commit/63c3709071c9596d7f4676502a90a3b06f241772"><code>63c3709</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13876">#13876</a> from sbidoul/install-from-pylock-reqs-sbi</li>
<li><a href="https://github.com/pypa/pip/commit/e5fe7023ffe74a5895571eaf57bdd2989018fbf2"><code>e5fe702</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13949">#13949</a> from pypa/revert-13888-resolver-editable-links</li>
<li><a href="https://github.com/pypa/pip/commit/122a14a8cd3dae7b3e959641f0b45849d4b21618"><code>122a14a</code></a> Revert &quot;Allow editable installs to satisfy direct-URL dependencies (<a href="https://redirect.github.com/pypa/pip/issues/13888">#13888</a>)&quot;</li>
<li><a href="https://github.com/pypa/pip/commit/c3352524aae95ae959d4727dda5b5c65752261b3"><code>c335252</code></a> -r pylock.toml: add pip-wheel -r pylock.toml test</li>
<li><a href="https://github.com/pypa/pip/commit/ba2fc12b7f386d89e233bdfd49e7b89d1af57ad1"><code>ba2fc12</code></a> -r pylock.toml: proper error with remote pylock.toml containing directory ent...</li>
<li><a href="https://github.com/pypa/pip/commit/747c4ae88837a8bb13946fe9d1b612c162a2e3df"><code>747c4ae</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13948">#13948</a> from ichard26/reword-news</li>
<li><a href="https://github.com/pypa/pip/commit/3517841c5e2d92e04dbef52c61a8fa967c059efa"><code>3517841</code></a> -r pylock: refine filename pylock-ness test</li>
<li><a href="https://github.com/pypa/pip/commit/2f7ad8caeed4471e63958df6cacba3a66a215588"><code>2f7ad8c</code></a> -r pylock.toml: fix crash with pip wheel and pip lock</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/26.0...26.1">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=26.0&new-version=26.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apereo/cas/network/alerts).

</details>
mmoayyed pushed a commit to mmoayyed/cas that referenced this pull request May 6, 2026
@dependabot
chore(deps): bump pip from 26.0 to 26.1 in /etc/loadtests/locust in t…
6b1378b 
…he pip group across 1 directory

Bumps the pip group with 1 update in the /etc/loadtests/locust directory: [pip](https://github.com/pypa/pip).

Updates `pip` from 26.0 to 26.1
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p>
<blockquote>
<h1>26.1 (2026-04-26)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Drop support for Python 3.9. (<code>[#13795](pypa/pip#13795) &lt;https://github.com/pypa/pip/issues/13795&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Add experimental support to read requirements from standardized pylock.toml files (<code>-r pylock.toml</code>). (<code>[#13876](pypa/pip#13876) &lt;https://github.com/pypa/pip/issues/13876&gt;</code>_)</li>
<li>Allow <code>--uploaded-prior-to</code> to accept a duration in days (e.g., <code>P3D</code> for 3 days ago). (<code>[#13674](pypa/pip#13674) &lt;https://github.com/pypa/pip/issues/13674&gt;</code>_)</li>
</ul>
<h2>Enhancements</h2>
<ul>
<li>Speed up dependency resolution when there are complex conflicts. (<code>[#13859](pypa/pip#13859) &lt;https://github.com/pypa/pip/issues/13859&gt;</code>_)</li>
<li>Reduce memory usage when resolving large dependency trees. (<code>[#13843](pypa/pip#13843) &lt;https://github.com/pypa/pip/issues/13843&gt;</code>_)</li>
<li>Emit a deprecation warning when pip imports an unexpected module after
installation of a distribution has started. (<code>[#13912](pypa/pip#13912) &lt;https://github.com/pypa/pip/issues/13912&gt;</code>_)</li>
<li>Allow URL constraints to apply to requirements with extras. (<code>[#12018](pypa/pip#12018) &lt;https://github.com/pypa/pip/issues/12018&gt;</code>_)</li>
<li>Allow unpinned requirements to use hashes from constraints. Constraints
like <code>{name}=={version} --hash=...</code> feeds into hash verification for
a corresponding requirement. (<code>[#9243](pypa/pip#9243) &lt;https://github.com/pypa/pip/issues/9243&gt;</code>_)</li>
<li>Improve conflict reports that involve direct URLs. (<code>[#13932](pypa/pip#13932) &lt;https://github.com/pypa/pip/issues/13932&gt;</code>_)</li>
<li>Show all errors instead of first error for faulty <code>dependency_groups</code> definitions. (<code>[#13917](pypa/pip#13917) &lt;https://github.com/pypa/pip/issues/13917&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Fix recovery hint for missing RECORD file to use <code>--ignore-installed</code>
instead of <code>--force-reinstall</code>. (<code>[#12645](pypa/pip#12645) &lt;https://github.com/pypa/pip/issues/12645&gt;</code>_)</li>
<li>Fix misleading error message when a constraint file cannot be opened. (<code>[#13226](pypa/pip#13226) &lt;https://github.com/pypa/pip/issues/13226&gt;</code>_)</li>
<li>Show the filename rather than the full URL when downloading files from non-PyPI indexes in non-verbose mode. (<code>[#13494](pypa/pip#13494) &lt;https://github.com/pypa/pip/issues/13494&gt;</code>_)</li>
<li>Remove the adjacent <code>__pycache__</code> directory when a .py file is removed. (<code>[#13725](pypa/pip#13725) &lt;https://github.com/pypa/pip/issues/13725&gt;</code>_)</li>
<li>Force UTF-8 encoding for :pep:<code>723</code> metadata. (<code>[#13861](pypa/pip#13861) &lt;https://github.com/pypa/pip/issues/13861&gt;</code>_)</li>
<li>Minor performance improvement when filtering candidates during resolution. (<code>[#13916](pypa/pip#13916) &lt;https://github.com/pypa/pip/issues/13916&gt;</code>_)</li>
<li>Fix a hang on Windows when stdout is closed during verbose output. (<code>[#13927](pypa/pip#13927) &lt;https://github.com/pypa/pip/issues/13927&gt;</code>_)</li>
<li>Common path prefixes are determined by path segment, not character by character. (<code>[#13847](pypa/pip#13847) &lt;https://github.com/pypa/pip/issues/13847&gt;</code>_)</li>
<li>Fix installing <code>.tar.gz</code> source distributions that look like a zip file. (<code>[#13867](pypa/pip#13867) &lt;https://github.com/pypa/pip/issues/13867&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade certifi to 2026.2.25</li>
<li>Upgrade packaging to 26.2</li>
<li>Upgrade requests to 2.33.1</li>
<li>Upgrade tomli to 2.3.1</li>
<li>Upgrade urllib3 to 2.6.3</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/pip/commit/90b2b3e0f7ef75c485155716d904e51654575803"><code>90b2b3e</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/193f289a6201f801b23885297332461ac8a65b6b"><code>193f289</code></a> Update AUTHORS.txt</li>
<li><a href="https://github.com/pypa/pip/commit/63c3709071c9596d7f4676502a90a3b06f241772"><code>63c3709</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13876">#13876</a> from sbidoul/install-from-pylock-reqs-sbi</li>
<li><a href="https://github.com/pypa/pip/commit/e5fe7023ffe74a5895571eaf57bdd2989018fbf2"><code>e5fe702</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13949">#13949</a> from pypa/revert-13888-resolver-editable-links</li>
<li><a href="https://github.com/pypa/pip/commit/122a14a8cd3dae7b3e959641f0b45849d4b21618"><code>122a14a</code></a> Revert &quot;Allow editable installs to satisfy direct-URL dependencies (<a href="https://redirect.github.com/pypa/pip/issues/13888">#13888</a>)&quot;</li>
<li><a href="https://github.com/pypa/pip/commit/c3352524aae95ae959d4727dda5b5c65752261b3"><code>c335252</code></a> -r pylock.toml: add pip-wheel -r pylock.toml test</li>
<li><a href="https://github.com/pypa/pip/commit/ba2fc12b7f386d89e233bdfd49e7b89d1af57ad1"><code>ba2fc12</code></a> -r pylock.toml: proper error with remote pylock.toml containing directory ent...</li>
<li><a href="https://github.com/pypa/pip/commit/747c4ae88837a8bb13946fe9d1b612c162a2e3df"><code>747c4ae</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13948">#13948</a> from ichard26/reword-news</li>
<li><a href="https://github.com/pypa/pip/commit/3517841c5e2d92e04dbef52c61a8fa967c059efa"><code>3517841</code></a> -r pylock: refine filename pylock-ness test</li>
<li><a href="https://github.com/pypa/pip/commit/2f7ad8caeed4471e63958df6cacba3a66a215588"><code>2f7ad8c</code></a> -r pylock.toml: fix crash with pip wheel and pip lock</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/26.0...26.1">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=26.0&new-version=26.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/mmoayyed/cas/network/alerts).

</details>
ouranos-helper-bot Bot added a commit to Ouranosinc/miranda that referenced this pull request May 6, 2026
@ouranos-helper-bot
Bump pip from 26.0.1 to 26.1 in /CI (#351)
2ca587d 
Bumps [pip](https://github.com/pypa/pip) from 26.0.1 to 26.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's
changelog</a>.</em></p>
<blockquote>
<h1>26.1 (2026-04-26)</h1>
<h2>Deprecations and Removals</h2>
<ul>
<li>Drop support for Python 3.9.
(<code>[#13795](pypa/pip#13795)
&lt;https://github.com/pypa/pip/issues/13795&gt;</code>_)</li>
</ul>
<h2>Features</h2>
<ul>
<li>Add experimental support to read requirements from standardized
pylock.toml files (<code>-r pylock.toml</code>).
(<code>[#13876](pypa/pip#13876)
&lt;https://github.com/pypa/pip/issues/13876&gt;</code>_)</li>
<li>Allow <code>--uploaded-prior-to</code> to accept a duration in days
(e.g., <code>P3D</code> for 3 days ago).
(<code>[#13674](pypa/pip#13674)
&lt;https://github.com/pypa/pip/issues/13674&gt;</code>_)</li>
</ul>
<h2>Enhancements</h2>
<ul>
<li>Speed up dependency resolution when there are complex conflicts.
(<code>[#13859](pypa/pip#13859)
&lt;https://github.com/pypa/pip/issues/13859&gt;</code>_)</li>
<li>Reduce memory usage when resolving large dependency trees.
(<code>[#13843](pypa/pip#13843)
&lt;https://github.com/pypa/pip/issues/13843&gt;</code>_)</li>
<li>Emit a deprecation warning when pip imports an unexpected module
after
installation of a distribution has started.
(<code>[#13912](pypa/pip#13912)
&lt;https://github.com/pypa/pip/issues/13912&gt;</code>_)</li>
<li>Allow URL constraints to apply to requirements with extras.
(<code>[#12018](pypa/pip#12018)
&lt;https://github.com/pypa/pip/issues/12018&gt;</code>_)</li>
<li>Allow unpinned requirements to use hashes from constraints.
Constraints
like <code>{name}=={version} --hash=...</code> feeds into hash
verification for
a corresponding requirement.
(<code>[#9243](pypa/pip#9243)
&lt;https://github.com/pypa/pip/issues/9243&gt;</code>_)</li>
<li>Improve conflict reports that involve direct URLs.
(<code>[#13932](pypa/pip#13932)
&lt;https://github.com/pypa/pip/issues/13932&gt;</code>_)</li>
<li>Show all errors instead of first error for faulty
<code>dependency_groups</code> definitions.
(<code>[#13917](pypa/pip#13917)
&lt;https://github.com/pypa/pip/issues/13917&gt;</code>_)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Fix recovery hint for missing RECORD file to use
<code>--ignore-installed</code>
instead of <code>--force-reinstall</code>.
(<code>[#12645](pypa/pip#12645)
&lt;https://github.com/pypa/pip/issues/12645&gt;</code>_)</li>
<li>Fix misleading error message when a constraint file cannot be
opened. (<code>[#13226](pypa/pip#13226)
&lt;https://github.com/pypa/pip/issues/13226&gt;</code>_)</li>
<li>Show the filename rather than the full URL when downloading files
from non-PyPI indexes in non-verbose mode.
(<code>[#13494](pypa/pip#13494)
&lt;https://github.com/pypa/pip/issues/13494&gt;</code>_)</li>
<li>Remove the adjacent <code>__pycache__</code> directory when a .py
file is removed.
(<code>[#13725](pypa/pip#13725)
&lt;https://github.com/pypa/pip/issues/13725&gt;</code>_)</li>
<li>Force UTF-8 encoding for :pep:<code>723</code> metadata.
(<code>[#13861](pypa/pip#13861)
&lt;https://github.com/pypa/pip/issues/13861&gt;</code>_)</li>
<li>Minor performance improvement when filtering candidates during
resolution. (<code>[#13916](pypa/pip#13916)
&lt;https://github.com/pypa/pip/issues/13916&gt;</code>_)</li>
<li>Fix a hang on Windows when stdout is closed during verbose output.
(<code>[#13927](pypa/pip#13927)
&lt;https://github.com/pypa/pip/issues/13927&gt;</code>_)</li>
<li>Common path prefixes are determined by path segment, not character
by character. (<code>[#13847](pypa/pip#13847)
&lt;https://github.com/pypa/pip/issues/13847&gt;</code>_)</li>
<li>Fix installing <code>.tar.gz</code> source distributions that look
like a zip file.
(<code>[#13867](pypa/pip#13867)
&lt;https://github.com/pypa/pip/issues/13867&gt;</code>_)</li>
</ul>
<h2>Vendored Libraries</h2>
<ul>
<li>Upgrade certifi to 2026.2.25</li>
<li>Upgrade packaging to 26.2</li>
<li>Upgrade requests to 2.33.1</li>
<li>Upgrade tomli to 2.3.1</li>
<li>Upgrade urllib3 to 2.6.3</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/pip/commit/90b2b3e0f7ef75c485155716d904e51654575803"><code>90b2b3e</code></a>
Bump for release</li>
<li><a
href="https://github.com/pypa/pip/commit/193f289a6201f801b23885297332461ac8a65b6b"><code>193f289</code></a>
Update AUTHORS.txt</li>
<li><a
href="https://github.com/pypa/pip/commit/63c3709071c9596d7f4676502a90a3b06f241772"><code>63c3709</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13876">#13876</a> from
sbidoul/install-from-pylock-reqs-sbi</li>
<li><a
href="https://github.com/pypa/pip/commit/e5fe7023ffe74a5895571eaf57bdd2989018fbf2"><code>e5fe702</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13949">#13949</a> from
pypa/revert-13888-resolver-editable-links</li>
<li><a
href="https://github.com/pypa/pip/commit/122a14a8cd3dae7b3e959641f0b45849d4b21618"><code>122a14a</code></a>
Revert &quot;Allow editable installs to satisfy direct-URL dependencies
(<a
href="https://redirect.github.com/pypa/pip/issues/13888">#13888</a>)&quot;</li>
<li><a
href="https://github.com/pypa/pip/commit/c3352524aae95ae959d4727dda5b5c65752261b3"><code>c335252</code></a>
-r pylock.toml: add pip-wheel -r pylock.toml test</li>
<li><a
href="https://github.com/pypa/pip/commit/ba2fc12b7f386d89e233bdfd49e7b89d1af57ad1"><code>ba2fc12</code></a>
-r pylock.toml: proper error with remote pylock.toml containing
directory ent...</li>
<li><a
href="https://github.com/pypa/pip/commit/747c4ae88837a8bb13946fe9d1b612c162a2e3df"><code>747c4ae</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/pip/issues/13948">#13948</a> from
ichard26/reword-news</li>
<li><a
href="https://github.com/pypa/pip/commit/3517841c5e2d92e04dbef52c61a8fa967c059efa"><code>3517841</code></a>
-r pylock: refine filename pylock-ness test</li>
<li><a
href="https://github.com/pypa/pip/commit/2f7ad8caeed4471e63958df6cacba3a66a215588"><code>2f7ad8c</code></a>
-r pylock.toml: fix crash with pip wheel and pip lock</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/pip/compare/26.0.1...26.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=26.0.1&new-version=26.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/Ouranosinc/miranda/network/alerts).

</details>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ichard26 ichard26 ichard26 approved these changes

Assignees

No one assigned

Labels

bot:chronographer:provided

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@pradyunsg @notatallshaw @ichard26 @sbidoul