Skip to content

Bump the python-packages group across 1 directory with 13 updates#7085

Closed
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/pip/python-packages-1d26cf8282
Closed

Bump the python-packages group across 1 directory with 13 updates#7085
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/pip/python-packages-1d26cf8282

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 30, 2026

Copy link
Copy Markdown
Contributor

Bumps the python-packages group with 13 updates in the / directory:

Package From To
bracex 2.6 3.0
certifi 2026.2.25 2026.6.17
click 8.3.2 8.4.2
idna 3.11 3.18
packaging 26.0 26.2
pathspec 1.0.4 1.1.1
platformdirs 4.9.4 4.10.0
pymdown-extensions 10.21.2 11.0
regex 2026.4.4 2026.6.28
requests 2.33.1 2.34.2
urllib3 2.6.3 2.7.0
wcmatch 10.1 10.2
zipp 3.23.0 4.1.0

Updates bracex from 2.6 to 3.0

Release notes

Sourced from bracex's releases.

3.0

  • BREAK: If there are no expansions, bracex will not return an empty string by default in the list. This matches Bash. To get the old behavior, enable the new return_empty parameter to always return at least an empty string if expansion yields no expansions.
  • FIX: To better match Bash, empty expansions are not returned as empty strings.
  • FIX: No longer backtrack if a sequence is evaluated and is deemed to be invalid.

2.7

  • NEW: Drop support for Python 3.9.
  • FIX: Fix issue where the parsing of literal strings was slow.
  • FIX: Fix issue related to tracking the count of expansions when a set was specified with an empty slot.
  • FIX: Fix issue related to chaining expansions.
Commits

Updates certifi from 2026.2.25 to 2026.6.17

Commits

Updates click from 8.3.2 to 8.4.2

Release notes

Sourced from click's releases.

8.4.2

This is the Click 8.4.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/click/8.4.2/ Changes: https://click.palletsprojects.com/page/changes/#version-8-4-2 Milestone: https://github.com/pallets/click/milestone/34

  • Fix Fish shell completion broken in 8.4.0 by #3126. Newlines and tabs in option help text are now escaped, keeping the original completion format while still supporting multi-line help. #3502 #3043 #3504 #3508
  • Deprecated commands and options with empty or missing help text no longer render a stray leading space before the (DEPRECATED) label. #3509
  • A {class}Group with invoke_without_command=True marks its subcommand as optional in the usage help, showing [COMMAND] instead of COMMAND. #3059 #3507
  • echo_via_pager flushes after each write, so passing a generator streams output to the pager incrementally instead of staying hidden until the pipe buffer fills. #3242 #2542 #3534
  • echo_via_pager and get_pager_file no longer close a borrowed stdout stream when no external pager runs, completing the partial I/O operation on closed file fix from #3482. #3449 #3533
  • Fix CLI usage symopsis for optional arguments producing double square brackets [[a|b|c]]... whose type already brackets their metavar. #3578
  • {func}version_option resolves a package_name that does not match an installed distribution as an import (top-level module) name via {func}importlib.metadata.packages_distributions. Packages whose top-level module name differs from their distribution name (PIL vs Pillow, jwt vs PyJWT) no longer raise RuntimeError out of the box. #2331 #1884 #3125 #3582

8.4.1

This is the Click 8.4.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/click/8.4.1/ Changes: https://click.palletsprojects.com/page/changes/#version-8-4-1 Milestone: https://github.com/pallets/click/milestone/32

  • get_parameter_source() is available during eager callbacks and type conversion again. #3458 #3484
  • Zsh completion scripts parse correctly on Windows. #3277 # 3466
  • Shell completion of Choice Enum values produces a valid completion result. #3015
  • Fix empty byte-string handling in echo. #3487
  • Fix closed file error with echo_via_pager. #3449

8.4.0

This is the Click 8.4.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecation, or introduce potentially breaking changes.

We encourage everyone to upgrade. You can read more about our [Version Support Policy][version] on our website.

... (truncated)

Changelog

Sourced from click's changelog.

Version 8.4.2

Unreleased

  • Fix Fish shell completion broken in 8.4.0 by {pr}3126. Newlines and tabs in option help text are now escaped, keeping the original completion format while still supporting multi-line help. {issue}3502 {issue}3043 {pr}3504 {pr}3508
  • Deprecated commands and options with empty or missing help text no longer render a stray leading space before the (DEPRECATED) label. {pr}3509
  • A {class}Group with invoke_without_command=True marks its subcommand as optional in the usage help, showing [COMMAND] instead of COMMAND. {issue}3059 {pr}3507
  • echo_via_pager flushes after each write, so passing a generator streams output to the pager incrementally instead of staying hidden until the pipe buffer fills. {issue}3242 {issue}2542 {pr}3534
  • echo_via_pager and get_pager_file no longer close a borrowed stdout stream when no external pager runs, completing the partial I/O operation on closed file fix from {pr}3482. {issue}3449 {pr}3533

Version 8.4.1

Released 2026-05-21

  • get_parameter_source() is available during eager callbacks and type conversion again. {issue}3458 {pr}3484
  • Zsh completion scripts parse correctly on Windows. {issue}3277 {pr}3466
  • Shell completion of Enum values used as Choice options produces a valid completion result. {issue}3015 {pr}3471
  • Fix empty byte-string handling in echo. {issue}3487 {pr}3493
  • Fix closed file error with echo_via_pager. {issue}3449 {pr}3482
  • Fix open_url on Windows when the file path contains spaces. {issue}2994 {pr}3478

Version 8.4.0

Released 2026-05-17

  • {class}ParamType typing improvements. {pr}3371

    • {class}ParamType is now a generic abstract base class, parameterized by its converted value type.
    • {meth}~ParamType.convert return types are narrowed on all concrete types (str for {class}STRING, int for {class}INT, etc.).
    • {meth}~ParamType.to_info_dict returns specific {class}~typing.TypedDict subclasses instead of dict[str, Any].
    • {class}CompositeParamType and the number-range base are now

... (truncated)

Commits
  • b2e30a1 Release version 8.4.2
  • 7a16b20 Fix package_name resolution when module differs from distribution name (#3582)
  • bec5928 Fix package_name resolution when top-level module differs from distribution...
  • 916883a Fix tests to not rely on -Wdefault option (#3591)
  • 09195f6 Fix double-bracketing of choices in synopsis (#3578)
  • 1557e26 Check for warning exception with idiomatic context manager
  • d9ff133 Static typing improvements in click.shell_completion (#3460)
  • 762c97e Fix double-bracketing of choices in synopsis
  • 8929d39 Convert changes to markdown. (#3559)
  • 237be50 Move changes headings down a level.
  • Additional commits viewable in compare view

Updates idna from 3.11 to 3.18

Changelog

Sourced from idna's changelog.

3.18 (2026-06-02)

  • When decoding a domain, add a display argument that will pass through invalid labels rather than raising an exception.

3.17 (2026-05-28)

  • Substantial 75% reduction in memory usage through new data structures and some optimization in processing speed.
  • Added a general 1024-character input length cap to the public validation, conversion, and codec entry points. This is well above any legitimate domain or label and guards against pathological inputs.

3.16 (2026-05-22)

  • Add a command-line interface (python -m idna, also available as the idna script). Encodes or decodes one or more domains supplied as arguments or on standard input, with options to select A-label or U-label output and control error handling.
  • Raise the minimum supported Python version to 3.9
  • Various code quality improvements

3.15 (2026-05-12)

  • Enforce DNS-length cap on individual labels early in check_label, short-circuiting contextual-rule processing for oversized input while staying compatible with UTS 46 usage.
  • Tidy core helpers: hoist bidi category sets to module-level frozensets (avoiding per-codepoint list construction), simplify length checks, and reuse the shared _unicode_dots_re from idna.core in the codec module.
  • Use raise ... from err for proper exception chaining and switch internal string formatting to f-strings.
  • Allow flit_core 4.x in the build backend.
  • Expand the ruff lint set (flake8-bugbear, flake8-simplify, pyupgrade, perflint) and apply the surfaced fixes; pin lint CI to Python 3.14.
  • Add Dependabot configuration for GitHub Actions.
  • Convert README and HISTORY from reStructuredText to Markdown.
  • Reference CVE-2026-45409 for the 3.14 advisory in place of the initial GHSA identifier.

Thanks to Felix Yan, Stan Ulbrych, and metsw24-max for contributions to this release.

3.14 (2026-05-10)

  • Removed opportunity to process long inputs into quadratic time by rejecting oversize inputs up-front. Closes a bypass

... (truncated)

Commits
  • f39ea90 Release 3.18
  • 40f4e40 Pre-release 3.18rc0
  • 1a5bf80 Merge pull request #253 from kjd/lenient-decode
  • 5bbb26f Merge branch 'master' into lenient-decode
  • c532bae Rename decode() lenient= option to display= (issue #248)
  • 0b1758b Merge pull request #252 from kjd/release-3.17
  • f48619c Release 3.17
  • 7421ba8 Pre-release 3.17rc0
  • 22ebb73 Merge pull request #251 from kjd/structure-optimizations
  • 2a7ac0a Drop redundant parallel-arrays comment from uts46data
  • Additional commits viewable in compare view

Updates packaging from 26.0 to 26.2

Release notes

Sourced from packaging's releases.

26.2

What's Changed

Fixes:

Documentation:

Internal:

New Contributors

Full Changelog: pypa/packaging@26.1...26.2

26.1

Features:

Behavior adaptations:

... (truncated)

Changelog

Sourced from packaging's changelog.

26.2 - 2026-04-24


Fixes:
  • Fix incorrect sysconfig var name for pyemscripten in (:pull:1160)
  • Make Version, Specifier, SpecifierSet, Tag, Marker, and Requirement pickle-safe
    and backward-compatible with pickles created in 25.0-26.1 (including references to the removed
    packaging._structures module) (:pull:1163, :pull:1168, :pull:1170, :pull:1171)
  • Re-export ExceptionGroup in metadata for now in (:pull:1164)

Documentation:

  • Add errors section and fix missing details in (:pull:1159)
  • Document our property-based test suite in (:pull:1167)
  • Fix a DirectUrl typo in (:pull:1169)
  • Add example of is_unsatisfiable in (:pull:1166)

Internal:

  • Enable the auditor persona on zizmor in (:pull:1158)
  • Test new pickle guarantees in (:pull:1174)
  • Use new native ReadTheDocs uv integration in (:pull:1175)

26.1 - 2026-04-14

Features:

  • PEP 783: add handling for Emscripten wheel tags in (:pull:804) (old name used in implementation, fixed in next release)
  • PEP 803: add handling for the abi3.abi3t free-threading tag in (:pull:1099)
  • PEP 735: add packaging.dependency_groups module, based on the dependency-groups package in (:pull:1065)
  • Add the packaging.direct_url module in (:pull:944)
  • Add the packaging.errors module in (:pull:1071)
  • Add SpecifierSet.is_unsatisfiable using ranges (new internals that will be expanded in future versions) in (:pull:1119)
  • Add create_compatible_tags_selector to select compatible tags in (:pull:1110)
  • Add a key argument to SpecifierSet.filter() in (:pull:1068)
  • Support & and | for Marker's in (:pull:1146)
  • Normalize Version.__replace__ and add Version.from_parts in (:pull:1078)
  • Add an option to validate compressed tag set sort order in parse_wheel_filename in (:pull:1150)

Behavior adaptations:

  • Narrow exclusion of pre-releases for <V.postN to match spec in (:pull:1140)
  • Narrow exclusion of post-releases for >V to match spec in (:pull:1141)
  • Rename format_full_version to _format_full_version to make it visibly private in (:pull:1125)
  • Restrict local version to ASCII in (:pull:1102)

Pylock (PEP 751) updates:

... (truncated)

Commits

Updates pathspec from 1.0.4 to 1.1.1

Release notes

Sourced from pathspec's releases.

v1.1.1

Release v1.1.1. See CHANGES.rst.

v1.1.0

Release v1.1.0. See CHANGES.rst.

Changelog

Sourced from pathspec's changelog.

1.1.1 (2026-04-26)

Improvements:

  • Improved type checking with mypy and pyright.

Bug fixes:

  • Fixed typing on PathSpec[TPattern] to PathSpec[TPattern_co].
  • Added missing variant type-hint type[Pattern] to PathSpec.from_lines() parameter pattern_factory.
  • Fixed possible type error when using + and += operators on PathSpec.

1.1.0 (2026-04-22)

New features:

  • Issue [#108](https://github.com/cpburnz/python-pathspec/issues/108)_: Specialize pattern type for PathSpec as PathSpec[TPattern] for better debugging of PathSpec().patterns.

Bug fixes:

  • Issue [#93](https://github.com/cpburnz/python-pathspec/issues/93)_: Git discards invalid range notation. GitIgnoreSpecPattern now discards patterns with invalid range notation like Git.
  • Pull [#106](https://github.com/cpburnz/python-pathspec/issues/106)_: Fix escape() not escaping backslash characters.

Improvements:

  • Pull [#110](https://github.com/cpburnz/python-pathspec/issues/110)_: Nicer debug print outs (and str for regex pattern).

.. _Pull [#106](https://github.com/cpburnz/python-pathspec/issues/106): cpburnz/python-pathspec#106 .. _Issue [#108](https://github.com/cpburnz/python-pathspec/issues/108): cpburnz/python-pathspec#108 .. _Pull [#110](https://github.com/cpburnz/python-pathspec/issues/110): cpburnz/python-pathspec#110

Commits

Updates platformdirs from 4.9.4 to 4.10.0

Release notes

Sourced from platformdirs's releases.

4.10.0

What's Changed

New Contributors

Full Changelog: tox-dev/platformdirs@4.9.6...4.10.0

4.9.6

What's Changed

Full Changelog: tox-dev/platformdirs@4.9.5...4.9.6

Changelog

Sourced from platformdirs's changelog.

########### Changelog ###########


4.10.0 (2026-05-28)


  • ✨ feat: add user_publicshare_dir, user_templates_dir, user_fonts_dir, user_preference_dir :pr:491
  • ✨ feat: add user_projects_dir for $XDG_PROJECTS_DIR :pr:490
  • chore: improve platformdirs maintenance path :pr:488 - by :user:lphuc2250gma

4.9.6 (2026-04-09)


  • 🐛 fix(release): use double quotes for tag variable expansion :pr:477

4.9.5 (2026-04-06)


  • 📝 docs(appauthor): clarify None vs False on Windows :pr:476
  • Separates implementations of macOS dirs that share a default :pr:473 - by :user:Goddesen
  • Remove persist-credentials: false from release job :pr:472
  • fix: do not duplicate site dirs in Unix.iter_{config,site}_dirs() when use_site_for_root is active :pr:469 - by :user:viccie30
  • 🔧 fix(type): resolve ty 0.0.25 type errors :pr:468
  • 🔒 ci(workflows): add zizmor security auditing :pr:467
  • 🐛 fix(release): generate docstrfmt-compatible changelog entries :pr:463

4.9.4 (2026-03-05)


  • [pre-commit.ci] pre-commit autoupdate :pr:461 - by :user:pre-commit-ci[bot]
  • Update README.md
  • 📝 docs: add project logo to documentation :pr:459
  • Standardize .github files to .yaml suffix
  • build(deps): bump the all group with 2 updates :pr:457 - by :user:dependabot[bot]
  • Move SECURITY.md to .github/SECURITY.md
  • Add permissions to workflows :pr:455
  • Add security policy
  • [pre-commit.ci] pre-commit autoupdate :pr:454 - by :user:pre-commit-ci[bot]

4.9.2 (2026-02-16)


  • 📝 docs: restructure following Diataxis framework :pr:448

... (truncated)

Commits
  • 04cb136 Release 4.10.0
  • 078bc61 ✨ feat: add user_publicshare_dir, user_templates_dir, user_fonts_dir, user_pr...
  • d279747 ✨ feat: add user_projects_dir for $XDG_PROJECTS_DIR (#490)
  • 4116391 [pre-commit.ci] pre-commit autoupdate (#489)
  • dbc63f5 chore: improve platformdirs maintenance path (#488)
  • 9265108 [pre-commit.ci] pre-commit autoupdate (#487)
  • 9f857ec [pre-commit.ci] pre-commit autoupdate (#486)
  • a76e777 [pre-commit.ci] pre-commit autoupdate (#484)
  • 903fd9f [pre-commit.ci] pre-commit autoupdate (#483)
  • a5da35d build(deps): bump astral-sh/setup-uv from 8.0.0 to 8.1.0 in the all group (#482)
  • Additional commits viewable in compare view

Updates pymdown-extensions from 10.21.2 to 11.0

Release notes

Sourced from pymdown-extensions's releases.

11.0

  • BREAK: B64: Restricts relative links to base_path by default. Can be disabled by setting new restrict_path option to False. The new root_path can be specified if paths are desired to be restricted to a different location separate base_path which is also used as a relative base for image paths.
  • NEW: Drop Python 3.9 support.
  • FIX: Tabbed: Fix issue where an empty title would cause an exception.

10.21.3

  • FIX: Fix regression that allows a snippet to be loaded outside of the base path using directory traversal when restrict_base_path is enabled (the default). Found by @​gistrec.
Commits

Updates regex from 2026.4.4 to 2026.6.28

Changelog

Sourced from regex's changelog.

Version: 2026.6.28

Git issue 604: regex fails on free-threading python because setlocale is not thread-safe

Version: 2026.5.9

Reverse matching with full unicode casefolding could lead to out-of-range string indexes.

Version: 2026.4.4

A fix for older Python versions before free-threading was  supported.

Version: 2026.4.3

More fixes for free-threading.

Version: 2026.3.32

Fixed segfault.

Version: 2026.3.31

Fixed bug again.

Version: 2026.3.30

Fixed bug.

Version: 2026.3.28

Fixed version.

Version: 2026.3.27

Various fixes, including ones to improve free-threading support.

Version: 2026.2.28

Replaced atomic operations with mutex on pattern object for free-threaded Python.

Version: 2026.2.26

PR [#598](https://github.com/mrabarnett/mrab-regex/issues/598): Fix race condition in storage caching with atomic operations.

Replaced use of PyUnicode_GET_LENGTH with PyUnicode_GetLength.

Version: 2026.2.19

Added \z as alias of \Z, like in re module.

... (truncated)

Commits
  • b18daa6 Git issue 604: regex fails on free-threading python because setlocale is not ...
  • e57d185 Reverse matching with full unicode casefolding lead to out-of-range string in...
  • See full diff in compare view

Updates requests from 2.33.1 to 2.34.2

Release notes

Sourced from requests's releases.

v2.34.2

2.34.2 (2026-05-14)

  • Moved headers input type back to Mapping to avoid invariance issues with MutableMapping and inferred dict types. Users calling Request.headers.update() may need to narrow typing in their code. (#7441)

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14

v2.34.1

2.34.1 (2026-05-13)

Bugfixes

  • Widened json input type from dict and list to Mapping and Sequence. (#7436)
  • Changed headers input type to MutableMapping and removed None from Request.headers typing to improve handling for users. (#7431)
  • Response.reason moved from str | None to str to improve handling for users. (#7437)
  • Fixed a bug where some bodies with custom __getattr__ implementations weren't being properly detected as Iterables. (#7433)

New Contributors

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13

v2.34.0

2.34.0 (2026-05-11)

Announcements

  • Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue.

    Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for helping review and test the types ahead of the release. (#7272)

Improvements

  • Digest Auth hashing algorithms have added usedforsecurity=False to clarify security considerations. (#7310)
  • Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. (#7422)
  • Requests added support for Python 3.14t. (#7419)

Bugfixes

  • Response.history no longer contains a reference to itself, preventing accidental looping when traversing the history list. (#7328)
  • Requests no longer performs greedy matching on no_proxy domains. The

... (truncated)

Changelog

Sourced from requests's changelog.

2.34.2 (2026-05-14)

  • Moved headers input type back to Mapping to avoid invariance issues with MutableMapping and inferred dict types. Users calling Request.headers.update() may need to narrow typing in their code. (#7441)

2.34.1 (2026-05-13)

Bugfixes

  • Widened json input type from dict and list to Mapping and Sequence. (#7436)
  • Changed headers input type to MutableMapping and removed None from Request.headers typing to improve handling for users. (#7431)
  • Response.reason moved from str | None to str to improve handling for users. (#7437)
  • Fixed a bug where some bodies with custom __getattr__ implementations weren't being properly detected as Iterables. (#7433)

2.34.0 (2026-05-11)

Announcements

  • Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue.

    Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for helping review and test the types ahead of the release. (#7272)

Improvements

  • Digest Auth hashing algorithms have added usedforsecurity=False to clarify security considerations. (#7310)
  • Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. (#7422)
  • Requests added support for Python 3.14t. (#7419)

Bugfixes

  • Response.history no longer contains a reference to itself, preventing accidental looping when traversing the history list. (#7328)
  • Requests no longer performs greedy matching on no_proxy domains. The proxy_bypass implementation has been updated with CPython's fix from bpo-39057. (#7427)
  • Requests no longer incorrectly strips duplicate leading slashes in URI paths. This should address user issues with specific presigned URLs. Note the full fix requires urllib3 2.7.0+. (#7315)
Commits

Updates urllib3 from 2.6.3 to 2.7.0

Release notes

Sourced from urllib3's releases.

2.7.0

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Security

Addressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.

  • Decompression-bomb safeguards of the streaming API were bypassed:

    1. When HTTPResponse.drain_conn() was called after the response had been read and decompressed partially. (Reported by @​Cycloctane)
    2. During the second HTTPResponse.read(amt=N) or HTTPResponse.stream(amt=N) call when the response was decompressed using the official Brotli library. (Reported by @​kimkou2024)

    See GHSA-mf9v-mfxr-j63j for details.

  • HTTP pools created using ProxyManager.connection_from_url did not strip sensitive headers specified in Retry.remove_headers_on_redirect when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by @​christos-spearbit)

Deprecations and Removals

  • Used FutureWarning instead of DeprecationWarning for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (urllib3/urllib3#3763)
  • Removed support for end-of-life Python 3.9. (urllib3/urllib3#3720)
  • Removed support for end-of-life PyPy3.10. (urllib3/urllib3#4979)
  • Bumped the minimum supported pyOpenSSL version to 19.0.0. (urllib3/urllib3#3777)

Bugfixes

  • Fixed a bug where HTTPResponse.read(amt=None) was ignoring decompressed data buffered from previous partial reads. (urllib3/urllib3#3636)
  • Fixed a bug where HTTPResponse.read() could cache only part of the response after a partial read when cache_content=True. (urllib3/urllib3#4967)
  • Fixed HTTPResponse.stream() and HTTPResponse.read_chunked() to handle amt=0. (urllib3/urllib3#3793)
  • Updated _TYPE_BODY type alias to include missing Iterable[str], matching the documented and runtime behavior of chunked request bodies. (<...

    Description has been truncated

Bumps the python-packages group with 13 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [bracex](https://github.com/facelessuser/bracex) | `2.6` | `3.0` |
| [certifi](https://github.com/certifi/python-certifi) | `2026.2.25` | `2026.6.17` |
| [click](https://github.com/pallets/click) | `8.3.2` | `8.4.2` |
| [idna](https://github.com/kjd/idna) | `3.11` | `3.18` |
| [packaging](https://github.com/pypa/packaging) | `26.0` | `26.2` |
| [pathspec](https://github.com/cpburnz/python-pathspec) | `1.0.4` | `1.1.1` |
| [platformdirs](https://github.com/tox-dev/platformdirs) | `4.9.4` | `4.10.0` |
| [pymdown-extensions](https://github.com/facelessuser/pymdown-extensions) | `10.21.2` | `11.0` |
| [regex](https://github.com/mrabarnett/mrab-regex) | `2026.4.4` | `2026.6.28` |
| [requests](https://github.com/psf/requests) | `2.33.1` | `2.34.2` |
| [urllib3](https://github.com/urllib3/urllib3) | `2.6.3` | `2.7.0` |
| [wcmatch](https://github.com/facelessuser/wcmatch) | `10.1` | `10.2` |
| [zipp](https://github.com/jaraco/zipp) | `3.23.0` | `4.1.0` |



Updates `bracex` from 2.6 to 3.0
- [Release notes](https://github.com/facelessuser/bracex/releases)
- [Commits](facelessuser/bracex@2.6...3.0)

Updates `certifi` from 2026.2.25 to 2026.6.17
- [Commits](certifi/python-certifi@2026.02.25...2026.06.17)

Updates `click` from 8.3.2 to 8.4.2
- [Release notes](https://github.com/pallets/click/releases)
- [Changelog](https://github.com/pallets/click/blob/main/CHANGES.md)
- [Commits](pallets/click@8.3.2...8.4.2)

Updates `idna` from 3.11 to 3.18
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.md)
- [Commits](kjd/idna@v3.11...v3.18)

Updates `packaging` from 26.0 to 26.2
- [Release notes](https://github.com/pypa/packaging/releases)
- [Changelog](https://github.com/pypa/packaging/blob/main/CHANGELOG.rst)
- [Commits](pypa/packaging@26.0...26.2)

Updates `pathspec` from 1.0.4 to 1.1.1
- [Release notes](https://github.com/cpburnz/python-pathspec/releases)
- [Changelog](https://github.com/cpburnz/python-pathspec/blob/master/CHANGES.rst)
- [Commits](cpburnz/python-pathspec@v1.0.4...v1.1.1)

Updates `platformdirs` from 4.9.4 to 4.10.0
- [Release notes](https://github.com/tox-dev/platformdirs/releases)
- [Changelog](https://github.com/tox-dev/platformdirs/blob/main/docs/changelog.rst)
- [Commits](tox-dev/platformdirs@4.9.4...4.10.0)

Updates `pymdown-extensions` from 10.21.2 to 11.0
- [Release notes](https://github.com/facelessuser/pymdown-extensions/releases)
- [Commits](facelessuser/pymdown-extensions@10.21.2...11.0)

Updates `regex` from 2026.4.4 to 2026.6.28
- [Changelog](https://github.com/mrabarnett/mrab-regex/blob/hg/changelog.txt)
- [Commits](mrabarnett/mrab-regex@2026.4.4...2026.6.28)

Updates `requests` from 2.33.1 to 2.34.2
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.33.1...v2.34.2)

Updates `urllib3` from 2.6.3 to 2.7.0
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.6.3...2.7.0)

Updates `wcmatch` from 10.1 to 10.2
- [Release notes](https://github.com/facelessuser/wcmatch/releases)
- [Commits](facelessuser/wcmatch@10.1...10.2)

Updates `zipp` from 3.23.0 to 4.1.0
- [Release notes](https://github.com/jaraco/zipp/releases)
- [Changelog](https://github.com/jaraco/zipp/blob/main/NEWS.rst)
- [Commits](jaraco/zipp@v3.23.0...v4.1.0)

---
updated-dependencies:
- dependency-name: bracex
  dependency-version: '3.0'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: python-packages
- dependency-name: certifi
  dependency-version: 2026.6.17
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: click
  dependency-version: 8.4.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: idna
  dependency-version: '3.18'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: packaging
  dependency-version: '26.2'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: pathspec
  dependency-version: 1.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: platformdirs
  dependency-version: 4.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: pymdown-extensions
  dependency-version: '11.0'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: python-packages
- dependency-name: regex
  dependency-version: 2026.6.28
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: requests
  dependency-version: 2.34.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: urllib3
  dependency-version: 2.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: wcmatch
  dependency-version: '10.2'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: zipp
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: python-packages
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jun 30, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jul 7, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jul 7, 2026
@dependabot dependabot Bot deleted the dependabot/pip/python-packages-1d26cf8282 branch July 7, 2026 14:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants