Skip to content

Bump the python-requirements group across 1 directory with 16 updates#582

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/python-requirements-cfc0b2d9f3
Open

Bump the python-requirements group across 1 directory with 16 updates#582
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/python-requirements-cfc0b2d9f3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Updates the requirements on beautifulsoup4, requests, phonenumbers, boto3, coverage, mypy, tox, boto3-stubs, types-pyyaml, types-html5lib, types-openpyxl, types-python-dateutil, types-toml, types-xmltodict, certifi and idna to permit the latest version.
Updates beautifulsoup4 from 4.14.3 to 4.15.0

Updates requests from 2.33.1 to 2.34.2

Release notes

Sourced from requests's releases.

v2.34.2

2.34.2 (2026-05-14)

  • Moved headers input type back to Mapping to avoid invariance issues with MutableMapping and inferred dict types. Users calling Request.headers.update() may need to narrow typing in their code. (#7441)

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14

v2.34.1

2.34.1 (2026-05-13)

Bugfixes

  • Widened json input type from dict and list to Mapping and Sequence. (#7436)
  • Changed headers input type to MutableMapping and removed None from Request.headers typing to improve handling for users. (#7431)
  • Response.reason moved from str | None to str to improve handling for users. (#7437)
  • Fixed a bug where some bodies with custom __getattr__ implementations weren't being properly detected as Iterables. (#7433)

New Contributors

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13

v2.34.0

2.34.0 (2026-05-11)

Announcements

  • Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue.

    Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for helping review and test the types ahead of the release. (#7272)

Improvements

  • Digest Auth hashing algorithms have added usedforsecurity=False to clarify security considerations. (#7310)
  • Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. (#7422)
  • Requests added support for Python 3.14t. (#7419)

Bugfixes

  • Response.history no longer contains a reference to itself, preventing accidental looping when traversing the history list. (#7328)
  • Requests no longer performs greedy matching on no_proxy domains. The

... (truncated)

Changelog

Sourced from requests's changelog.

2.34.2 (2026-05-14)

  • Moved headers input type back to Mapping to avoid invariance issues with MutableMapping and inferred dict types. Users calling Request.headers.update() may need to narrow typing in their code. (#7441)

2.34.1 (2026-05-13)

Bugfixes

  • Widened json input type from dict and list to Mapping and Sequence. (#7436)
  • Changed headers input type to MutableMapping and removed None from Request.headers typing to improve handling for users. (#7431)
  • Response.reason moved from str | None to str to improve handling for users. (#7437)
  • Fixed a bug where some bodies with custom __getattr__ implementations weren't being properly detected as Iterables. (#7433)

2.34.0 (2026-05-11)

Announcements

  • Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue.

    Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for helping review and test the types ahead of the release. (#7272)

Improvements

  • Digest Auth hashing algorithms have added usedforsecurity=False to clarify security considerations. (#7310)
  • Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. (#7422)
  • Requests added support for Python 3.14t. (#7419)

Bugfixes

  • Response.history no longer contains a reference to itself, preventing accidental looping when traversing the history list. (#7328)
  • Requests no longer performs greedy matching on no_proxy domains. The proxy_bypass implementation has been updated with CPython's fix from bpo-39057. (#7427)
  • Requests no longer incorrectly strips duplicate leading slashes in URI paths. This should address user issues with specific presigned URLs. Note the full fix requires urllib3 2.7.0+. (#7315)
Commits

Updates phonenumbers from 9.0.30 to 9.0.33

Commits
  • 0efec90 Fix lint
  • 6400333 Prep for 9.0.33 release
  • 4419992 Generated files for metadata
  • 2e01d60 Merge metadata changes from upstream 9.0.33
  • bdee3ff Merge code changes from upstream v9.0.33
  • facd74c Prep for 9.0.32 release
  • 8ea3d6a Generated files for metadata
  • 1d40b76 Merge metadata changes from upstream 9.0.32
  • 43a9c86 Prep for 9.0.31 release
  • 98c625e Generated files for metadata
  • Additional commits viewable in compare view

Updates boto3 from 1.43.6 to 1.43.38

Commits

Updates coverage to 7.14.3

Changelog

Sourced from coverage's changelog.

Version 7.14.3 — 2026-06-22

  • Fix: the default ... exclusion rule now also matches function bodies whose closing return-type bracket is on its own line (for example, after a long -> dict[ ... ] annotation that a formatter has split over multiple lines). Closes issue 2185, thanks Mengjia Shang <pull 2196_>.

  • Fix: On 3.13t, we incorrectly issued Couldn't import C tracer errors. We can't import the C tracer because in 7.14.2 we stopped shipping compiled wheels for 3.13t. Thanks, Hugo van Kemenade <pull 2203_>_.

.. _issue 2185: coveragepy/coveragepy#2185 .. _pull 2196: coveragepy/coveragepy#2196 .. _pull 2203: coveragepy/coveragepy#2203

.. _changes_7-14-2:

Version 7.14.2 — 2026-06-20

  • Fix: some messages were being written to stdout, making coverage json -o - useless for capturing JSON output. Now messages are written to stderr, fixing issue 2197_.

  • Fix: CoverageData kept one SQLite connection per thread that recorded coverage, but never closed them when those threads terminated. On long runs with many short-lived threads this leaked one file descriptor per dead thread, eventually failing with OSError: [Errno 24] Too many open files. Connections belonging to terminated threads are now closed and dropped. Fixes issue 2192. Thanks, Matthew Lloyd <pull 2193_>.

  • Fix: when using sys.monitoring, we were assuming we could use the COVERAGE_ID tool id. But other tools might also assume they could use that id. Pre-allocated ids don't really make sense, so now we search for a usable one instead. Fixes issue 2187_.

  • Following the advice of cibuildwheel <no-13t_>_, we no longer distribute wheels for Python 3.13 free-threaded.

.. _issue 2187: coveragepy/coveragepy#2187 .. _issue 2192: coveragepy/coveragepy#2192 .. _pull 2193: coveragepy/coveragepy#2193 .. _issue 2197: coveragepy/coveragepy#2197 .. _no-13t: https://py-free-threading.github.io/ci/#building-free-threaded-wheels-with-cibuildwheel

.. _changes_7-14-1:

... (truncated)

Commits
  • 22f13ea docs: sample HTML for 7.14.3
  • 2ca4e5f docs: prep for 7.14.3
  • 01d714e docs: add changelog entry for #2203
  • f36248d fix: don't emit 'Couldn't import C tracer' warning for 3.13t (#2203)
  • 86d73d1 docs: thanks, Mengjia Shang
  • 3d4ae3c docs: add the #2196 pr link to CHANGES
  • f4b2b4d fix: exclude ... bodies after multi-line return-type annotations (#2185) (#...
  • 1980ed0 chore: bump sigstore/gh-action-sigstore-python (#2201)
  • bca3217 build: since we don't ship 3.13t, don't test it
  • 77550d8 docs: oops, mismatched pull requests
  • Additional commits viewable in compare view

Updates mypy to 2.1.0

Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next Release

Mypy 2.1

We’ve just uploaded mypy 2.1.0 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

librt.vecs: Fast Growable Array Type for Mypyc

The new librt.vecs module provides an efficient growable array type vec that is optimized for mypyc use. It provides fast, packed arrays with integer and floating point value types, which can be several times faster than list, and tens of times faster than array.array in code compiled using mypyc. It also supports nested vec objects and non-value-type items, such as vec[vec[str]].

Refer to the documentation for the details.

Contributed by Jukka Lehtosalo.

librt.random: Fast Pseudo-Random Number Generation

The new librt.random module provides fast pseudo-random number generation that is optimized for code compiled using mypyc. It can be 3x to 10x faster than the stdlib random module in compiled code.

Refer to the documentation for the details.

Contributed by Jukka Lehtosalo (PR 21433).

Mypyc Improvements

  • Enable incremental self-compilation (Vaggelis Danias, PR 21369)
  • Make compilation order with multiple files consistent (Piotr Sawicki, PR 21419)
  • Fix crash on accessing StopAsyncIteration (Piotr Sawicki, PR 21406)
  • Fix incremental compilation with separate flag (Vaggelis Danias, PR 21299)

Fixes to Crashes

  • Fix crash on partial type with --allow-redefinition and global declaration (Jukka Lehtosalo, PR 21428)
  • Fix broken awaitable generator patching (Ivan Levkivskyi, PR 21435)

... (truncated)

Commits

Updates tox to 4.56.1

Release notes

Sourced from tox's releases.

v4.56.1

What's Changed

New Contributors

Full Changelog: tox-dev/tox@4.56.0...4.56.1

Changelog

Sourced from tox's changelog.

Bug fixes - 4.56.1

  • Fix { replace = "if" ... extend = true } corrupting the resulting list when then or else is a scalar string (e.g. then = "-v"): a non-empty scalar string is now appended as a single element instead of being iterated character-by-character, while a false if with no else (yielding "") contributes nothing rather than an empty element, and list/set results are still spread into the parent. (:issue:3969)

v4.56.0 (2026-06-23)


Features - 4.56.0

  • Derive :ref:virtualenv_spec automatically: when an environment targets a Python version the installed :pypi:virtualenv can no longer create (e.g. py38 with virtualenv 21.5+), tox now pins the newest virtualenv that still supports it and bootstraps it for that environment only. The downgrade happens only when every base_python candidate is unsupported, so environments targeting current interpreters are unaffected. This fixes py38 (and other end-of-life interpreters) being silently skipped after a virtualenv upgrade - by :user:gaborbernat. (:issue:3965) (:issue:3965)

Bug fixes - 4.56.0

  • The default value of skip_missing_interpreters changed from True to False — missing interpreters now fail the run by default, matching tox 3 behavior. The tox 4 rewrite unintentionally changed this default. To restore the previous (incorrect) behavior, set skip_missing_interpreters = true in your tox configuration or pass --skip-missing-interpreters on the command line. (:issue:3965)

Improved documentation - 4.56.0

  • Fix nested list items being rendered with continued numbering instead of as sub-items in development.rst, onboarding.rst and explanation.rst. (:issue:3960)
  • Replace stale http://tox.readthedocs.org URL with https://tox.wiki in pyproject.toml (Homepage), .github/CONTRIBUTING.md, and .github/PULL_REQUEST_TEMPLATE.md. (:issue:3963)

v4.55.1 (2026-06-03)


Bug fixes - 4.55.1

  • TOX_OVERRIDE (and -x/--override) now propagates through configuration references. Previously, overriding a base value that was later referenced via {[section]key} (ini) or {replace = "ref", of = [...]} (toml) was ignored because reference resolution read the raw file value, bypassing the override system - by :user:tales-aparecida. (:issue:3950) (:issue:3950)

... (truncated)

Commits

Updates boto3-stubs from 1.43.6 to 1.43.38

Release notes

Sourced from boto3-stubs's releases.

8.8.0 - Python 3.8 runtime is back

Changed

  • [services] install_requires section is calculated based on dependencies in use, so typing-extensions version is set properly
  • [all] Replaced typing imports with collections.abc with a fallback to typing for Python <3.9
  • [all] Added aliases for builtins.list, builtins.set, builtins.dict, and builtins.type, so Python 3.8 runtime should work as expected again (reported by @​YHallouard in #340 and @​Omri-Ben-Yair in #336)
  • [all] Unions use the same type annotations as the rest of the structures due to proper fallbacks

Fixed

  • [services] Universal input/output shapes were not replaced properly in service subresources
  • [docs] Simplified doc links rendering for services
  • [services] Cleaned up unnecessary imports in client.pyi
  • [builder] Import records with fallback are always rendered
Commits

Updates types-pyyaml from 6.0.12.20260508 to 6.0.12.20260518

Commits

Updates types-html5lib from 1.1.11.20260508 to 1.1.11.20260518

Commits

Updates types-openpyxl from 3.1.5.20260508 to 3.1.5.20260518

Commits

Updates types-python-dateutil from 2.9.0.20260508 to 2.9.0.20260518

Commits

Updates types-toml from 0.10.8.20260508 to 0.10.8.20260518

Commits

Updates types-xmltodict from 1.0.1.20260508 to 1.0.1.20260518

Commits

Updates certifi to 2026.6.17

Commits

Updates idna to 3.18

Changelog

Sourced from idna's changelog.

3.18 (2026-06-02)

  • When decoding a domain, add a display argument that will pass through invalid labels rather than raising an exception.

3.17 (2026-05-28)

  • Substantial 75% reduction in memory usage through new data structures and some optimization in processing speed.
  • Added a general 1024-character input length cap to the public validation, conversion, and codec entry points. This is well above any legitimate domain or label and guards against pathological inputs.

3.16 (2026-05-22)

  • Add a command-line interface (python -m idna, also available as the idna script). Encodes or decodes one or more domains supplied as arguments or on standard input, with options to select A-label or U-label output and control error handling.
  • Raise the minimum supported Python version to 3.9
  • Various code quality improvements

3.15 (2026-05-12)

  • Enforce DNS-length cap on individual labels early in check_label, short-circuiting contextual-rule processing for oversized input while staying compatible with UTS 46 usage.
  • Tidy core helpers: hoist bidi category sets to module-level frozensets (avoiding per-codepoint list construction), simplify length checks, and reuse the shared _unicode_dots_re from idna.core in the codec module.
  • Use raise ... from err for proper exception chaining and switch internal string formatting to f-strings.
  • Allow flit_core 4.x in the build backend.
  • Expand the ruff lint set (flake8-bugbear, flake8-simplify, pyupgrade, perflint) and apply the surfaced fixes; pin lint CI to Python 3.14.
  • Add Dependabot configuration for GitHub Actions.
  • Convert README and HISTORY from reStructuredText to Markdown.
  • Reference CVE-2026-45409 for the 3.14 advisory in place of the initial GHSA identifier.

Thanks to Felix Yan, Stan Ulbrych, and metsw24-max for contributions to this release.

3.14 (2026-05-10)

  • Removed opportunity to process long inputs into quadratic time by rejecting oversize inputs up-front. Closes a bypass

... (truncated)

Commits
  • f39ea90 Release 3.18
  • 40f4e40 Pre-release 3.18rc0
  • 1a5bf80 Merge pull request #253 from kjd/lenient-decode
  • 5bbb26f Merge branch 'master' into lenient-decode
  • c532bae Rename decode() lenient= option to display= (issue #248)
  • 0b1758b Merge pull request #252 from kjd/release-3.17
  • f48619c Release 3.17
  • 7421ba8 Pre-release 3.17rc0
  • 22ebb73 Merge pull request #251 from kjd/structure-optimizations
  • 2a7ac0a Drop redundant parallel-arrays comment from uts46data
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Updates the requirements on [beautifulsoup4](https://www.crummy.com/software/BeautifulSoup/bs4/), [requests](https://github.com/psf/requests), [phonenumbers](https://github.com/daviddrysdale/python-phonenumbers), [boto3](https://github.com/boto/boto3), [coverage](https://github.com/coveragepy/coveragepy), [mypy](https://github.com/python/mypy), [tox](https://github.com/tox-dev/tox), [boto3-stubs](https://github.com/youtype/mypy_boto3_builder), [types-pyyaml](https://github.com/python/typeshed), [types-html5lib](https://github.com/python/typeshed), [types-openpyxl](https://github.com/python/typeshed), [types-python-dateutil](https://github.com/python/typeshed), [types-toml](https://github.com/python/typeshed), [types-xmltodict](https://github.com/python/typeshed), [certifi](https://github.com/certifi/python-certifi) and [idna](https://github.com/kjd/idna) to permit the latest version.

Updates `beautifulsoup4` from 4.14.3 to 4.15.0

Updates `requests` from 2.33.1 to 2.34.2
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.33.1...v2.34.2)

Updates `phonenumbers` from 9.0.30 to 9.0.33
- [Commits](daviddrysdale/python-phonenumbers@v9.0.30...v9.0.33)

Updates `boto3` from 1.43.6 to 1.43.38
- [Release notes](https://github.com/boto/boto3/releases)
- [Commits](boto/boto3@1.43.6...1.43.38)

Updates `coverage` to 7.14.3
- [Release notes](https://github.com/coveragepy/coveragepy/releases)
- [Changelog](https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst)
- [Commits](coveragepy/coveragepy@7.13.0...7.14.3)

Updates `mypy` to 2.1.0
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md)
- [Commits](python/mypy@v2.0.0...v2.1.0)

Updates `tox` to 4.56.1
- [Release notes](https://github.com/tox-dev/tox/releases)
- [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst)
- [Commits](tox-dev/tox@4.53.0...4.56.1)

Updates `boto3-stubs` from 1.43.6 to 1.43.38
- [Release notes](https://github.com/youtype/mypy_boto3_builder/releases)
- [Commits](https://github.com/youtype/mypy_boto3_builder/commits)

Updates `types-pyyaml` from 6.0.12.20260508 to 6.0.12.20260518
- [Commits](https://github.com/python/typeshed/commits)

Updates `types-html5lib` from 1.1.11.20260508 to 1.1.11.20260518
- [Commits](https://github.com/python/typeshed/commits)

Updates `types-openpyxl` from 3.1.5.20260508 to 3.1.5.20260518
- [Commits](https://github.com/python/typeshed/commits)

Updates `types-python-dateutil` from 2.9.0.20260508 to 2.9.0.20260518
- [Commits](https://github.com/python/typeshed/commits)

Updates `types-toml` from 0.10.8.20260508 to 0.10.8.20260518
- [Commits](https://github.com/python/typeshed/commits)

Updates `types-xmltodict` from 1.0.1.20260508 to 1.0.1.20260518
- [Commits](https://github.com/python/typeshed/commits)

Updates `certifi` to 2026.6.17
- [Commits](certifi/python-certifi@2026.04.22...2026.06.17)

Updates `idna` to 3.18
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.md)
- [Commits](kjd/idna@v3.13...v3.18)

---
updated-dependencies:
- dependency-name: beautifulsoup4
  dependency-version: 4.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-requirements
- dependency-name: requests
  dependency-version: 2.34.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-requirements
- dependency-name: phonenumbers
  dependency-version: 9.0.33
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-requirements
- dependency-name: boto3
  dependency-version: 1.43.38
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-requirements
- dependency-name: coverage
  dependency-version: 7.14.3
  dependency-type: direct:production
  dependency-group: python-requirements
- dependency-name: mypy
  dependency-version: 2.1.0
  dependency-type: direct:production
  dependency-group: python-requirements
- dependency-name: tox
  dependency-version: 4.56.1
  dependency-type: direct:production
  dependency-group: python-requirements
- dependency-name: boto3-stubs
  dependency-version: 1.43.38
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-requirements
- dependency-name: types-pyyaml
  dependency-version: 6.0.12.20260518
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-requirements
- dependency-name: types-html5lib
  dependency-version: 1.1.11.20260518
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-requirements
- dependency-name: types-openpyxl
  dependency-version: 3.1.5.20260518
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-requirements
- dependency-name: types-python-dateutil
  dependency-version: 2.9.0.20260518
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-requirements
- dependency-name: types-toml
  dependency-version: 0.10.8.20260518
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-requirements
- dependency-name: types-xmltodict
  dependency-version: 1.0.1.20260518
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-requirements
- dependency-name: certifi
  dependency-version: 2026.6.17
  dependency-type: direct:production
  dependency-group: python-requirements
- dependency-name: idna
  dependency-version: '3.18'
  dependency-type: direct:production
  dependency-group: python-requirements
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jul 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants