Skip to content

Bump the pip-deps group across 1 directory with 5 updates#3152

Open
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/pip/pip-deps-784cab299d
Open

Bump the pip-deps group across 1 directory with 5 updates#3152
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/pip/pip-deps-784cab299d

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps the pip-deps group with 5 updates in the / directory:

Package From To
boto3 1.43.33 1.43.36
ruff 0.15.18 0.15.20
setuptools-scm 10.0.5 10.2.0
openapi-spec-validator 0.8.5 0.9.0
cfn-lint 1.51.5 1.52.1

Updates boto3 from 1.43.33 to 1.43.36

Commits
  • 1d26f21 Merge branch 'release-1.43.36'
  • 111333b Bumping version to 1.43.36
  • 9d1fa23 Add changelog entries from botocore
  • 6d7f3c2 Update security docs to use newer versions of openssl and python (#4796)
  • c5b26ca Merge branch 'release-1.43.35'
  • c3750ac Merge branch 'release-1.43.35' into develop
  • 46e77cd Bumping version to 1.43.35
  • 9919ede Add changelog entries from botocore
  • 1820b7d Merge branch 'release-1.43.34'
  • 0065dbe Merge branch 'release-1.43.34' into develop
  • Additional commits viewable in compare view

Updates ruff from 0.15.18 to 0.15.20

Release notes

Sourced from ruff's releases.

0.15.20

Release Notes

Released on 2026-06-25.

Preview features

  • Allow human-readable names in rule selectors (#25887)
  • Emit a warning instead of an error for unknown rule selectors (#26113)
  • Match noqa shebang handling in ruff:ignore comments (#26286)
  • [ruff] Remove pytest-fixture-autouse (RUF076) (#26240, #26371)

Documentation

  • Add versioning sections to custom crate READMEs (#26317)
  • Update ruff_python_parser README for crates.io (#26315)
  • [perflint] Clarify that PERF402 applies to any iterable (#26242)

Contributors

Install ruff 0.15.20

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ruff/releases/download/0.15.20/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/ruff/releases/download/0.15.20/ruff-installer.ps1 | iex"

Download ruff 0.15.20

File Platform Checksum
ruff-aarch64-apple-darwin.tar.gz Apple Silicon macOS checksum
ruff-x86_64-apple-darwin.tar.gz Intel macOS checksum
ruff-aarch64-pc-windows-msvc.zip ARM64 Windows checksum
ruff-i686-pc-windows-msvc.zip x86 Windows checksum
ruff-x86_64-pc-windows-msvc.zip x64 Windows checksum
ruff-aarch64-unknown-linux-gnu.tar.gz ARM64 Linux checksum
ruff-i686-unknown-linux-gnu.tar.gz x86 Linux checksum

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.20

Released on 2026-06-25.

Preview features

  • Allow human-readable names in rule selectors (#25887)
  • Emit a warning instead of an error for unknown rule selectors (#26113)
  • Match noqa shebang handling in ruff:ignore comments (#26286)
  • [ruff] Remove pytest-fixture-autouse (RUF076) (#26240, #26371)

Documentation

  • Add versioning sections to custom crate READMEs (#26317)
  • Update ruff_python_parser README for crates.io (#26315)
  • [perflint] Clarify that PERF402 applies to any iterable (#26242)

Contributors

0.15.19

Released on 2026-06-23.

Preview features

  • Support human-readable names when hovering suppression comments and in code actions (#26114)

Bug fixes

  • Fall back to default settings when editor-only settings are invalid (#26244)
  • Fix panic when inserting text at a notebook cell boundary (#26111)

Rule changes

  • [pylint] Update fix suggestions for __floor__, __trunc__, __length_hint__, and __matmul__ variants (PLC2801) (#26239)

Performance

  • Avoid allocating when parsing single string literals (#26200)
  • Avoid reallocating singleton call arguments (#26223)
  • Lazily create source files for lint diagnostics (#26226)
  • Optimize formatter text width and indentation (#26236)
  • Reserve capacity for builtin bindings (#26229)
  • Skip repeated-key checks for singleton dictionaries (#26228)
  • Use ArrayVec for qualified name segments (#26224)

... (truncated)

Commits
  • f82a36b Bump 0.15.20 (#26376)
  • af32943 Improve the summarise-ecosystem-results skill (#26378)
  • 485ebab Remove RUF076 name from schema (#26371)
  • ef81835 [ty] Implement rust-analyzer's "Click for full compiler diagnostic" feature (...
  • 572b31e [ruff] Remove pytest-fixture-autouse (RUF076) (#26240)
  • f703f21 Allow human-readable names in rule selectors (#25887)
  • 0d726b2 [ty] Reuse equality semantics for membership compatibility (#25955)
  • dbe6e98 [ty] Infer definite equality comparison results (#26337)
  • e700ea3 [ty] Prove TypedDict structural patterns exhaustive (#26285)
  • 6a0d2ec [ty] Widen inferred class-valued instance attributes (#26338)
  • Additional commits viewable in compare view

Updates setuptools-scm from 10.0.5 to 10.2.0

Release notes

Sourced from setuptools-scm's releases.

setuptools-scm v10.2.0

Added

  • Restore Python 3.8 and 3.9 support, re-enabling use as a build dependency for projects like scikit-build that still support these versions. (#1445)

Miscellaneous

  • Move PKG-INFO discovery tests from vcs-versioning to setuptools-scm where the entry points are registered. (#1446)

setuptools-scm v10.1.2

Fixed

  • Fix DeprecationWarning leak by threading VcsEnvironment through VersionInferenceConfig and using env.make_reader() in _should_write_to_source. (#1424)

setuptools-scm v10.1.1

Fixed

  • Update CI to use PyPy 3.11 as cryptography has no PyPy 3.10 build available (#1421)

setuptools-scm v10.1.0

Added

  • Add backward-compatible shims in setuptools_scm.git, setuptools_scm.hg, setuptools_scm.hg_git, and setuptools_scm.scm_workdir so that external code calling get_scm_version(config) or run_describe(config) with an explicit Configuration continues to work. The shim automatically wires _config and VcsEnvironment onto the workdir. (#compat-shims)
  • Write scm_version.json and scm_file_list.json into egg-info directories during egg_info, enabling sdist fallback version inference when no VCS is present. Add ScmEggInfoMixin for workdir-based file finding in find_sources(). (#egg-info-metadata)
  • Add write_to_source pyproject.toml option to control whether version files are written to the source tree. When unset, a deprecation warning advises setting it explicitly before the default changes in a future major release. The SETUPTOOLS_SCM_WRITE_TO_SOURCE environment variable overrides this setting. (#1301)
  • Adopt the workdir-centric pipeline from vcs-versioning: version discovery now follows an explicit env → config → workdir → version chain instead of relying on ambient globals and parse entry points. The egg_info command writes scm_version.json and scm_file_list.json metadata so sdists can infer versions without a VCS checkout. Requires vcs-versioning >= 2.0.0.dev0. (#1378)

Fixed

  • Fix worktree file listing test to expect relative paths from the file finder. The test now passes on Linux; Windows remains xfail due to a subprocess limitation with worktree directories. (#620)
  • Remove the _warn_on_old_setuptools() check that incorrectly warned when a custom build-backend caused setuptools.__version__ to return the project version instead of setuptools' version. The minimum setuptools version is now enforced via build-system requirements. (#1192)
  • Wrap version in setuptools.sic() when normalize = false to prevent setuptools from re-normalizing the version after our hook returns. This preserves CalVer zero-padding (e.g. 2024.01.05) and other non-canonical version strings in dist.metadata.version. (#1354)
  • Skip writing non-package version files to build_lib, fixing incorrect inclusion of root-level version files in wheels. (#1364)

Documentation

  • Rewrite the GitHub Actions CI/CD example to use a dedicated build job (via build-and-inspect-python-package) and OIDC Trusted Publishers instead of building in publishing jobs with long-lived API tokens. (#1215)
Commits
  • a705891 Merge pull request #1448 from pypa/release/main
  • 630448e Prepare release: setuptools-scm v10.2.0, vcs-versioning v2.2.0
  • aaf4950 Merge pull request #1445 from RonnyPfannschmidt/python-legacy
  • dd60bf9 Merge pull request #1447 from RonnyPfannschmidt/fix/1446-move-pkginfo-tests
  • 535f5ff fix: move PKG-INFO discovery tests to setuptools-scm (#1446)
  • 3546a0e feat: restore Python 3.8 and 3.9 support
  • 0cde123 Merge pull request #1443 from pypa/release/main
  • 51bc391 Prepare release: vcs-versioning v2.1.2
  • 310f3c3 Merge pull request #1442 from RonnyPfannschmidt/fix/1439-metadata-workdir-cus...
  • b7b70a8 fix: don't re-parse stored tags through tag_regex in MetadataWorkdir (#1439)
  • Additional commits viewable in compare view

Updates openapi-spec-validator from 0.8.5 to 0.9.0

Release notes

Sourced from openapi-spec-validator's releases.

0.9.0

Upgrades

  • Upgrade schema-validator 0.9 #505
  • Upgrade jsonschema-path 0.5 #506

Backward incompatibilities

  • Validation results may change for specifications that previously relied on discriminator-based narrowing or on discriminator mapping resolution errors during validation. #505
Commits
  • 2121137 Version 0.9.0
  • ee4683b Merge pull request #506 from python-openapi/feature/upgrade-jsonschema-path-0.5
  • 692131c Upgrade jsonschema-path 0.5
  • 27cb341 Merge pull request #505 from python-openapi/feature/upgrade-schema-validator-...
  • 4413a52 Upgrade schema-validator 0.9
  • f407ed7 Merge pull request #484 from python-openapi/dependabot/pip/isort-8.0.1
  • 081f3be Bump isort from 8.0.0 to 8.0.1
  • d931faf Merge pull request #497 from python-openapi/dependabot/pip/mypy-1.20.2
  • f8c6261 Bump mypy from 1.19.1 to 2.1.0
  • 1b5dafd Merge pull request #500 from python-openapi/dependabot/pip/urllib3-2.7.0
  • Additional commits viewable in compare view

Updates cfn-lint from 1.51.5 to 1.52.1

Release notes

Sourced from cfn-lint's releases.

Release v1.52.1

What's Changed

New Contributors

Full Changelog: aws-cloudformation/cfn-lint@v1.52.0...v1.52.1

Release v1.52.0

What's Changed

Full Changelog: aws-cloudformation/cfn-lint@v1.51.5...v1.52.0

Changelog

Sourced from cfn-lint's changelog.

v1.52.1

What's Changed

New Contributors

Full Changelog: aws-cloudformation/cfn-lint@v1.52.0...v1.52.1

v1.52.0

What's Changed

Full Changelog: aws-cloudformation/cfn-lint@v1.51.5...v1.52.0

Commits
  • a936e5a Release v1.52.1 (#4561)
  • 9d2ce21 Update CloudFormation schemas to 2026-06-29 (#4559)
  • 36ca74b fix: Remove W3046 in favor of format-based validation (#4560)
  • 8f9ba99 Update CloudFormation schemas to 2026-06-26 (#4554)
  • 43ccef3 feat: Add rule W3046 for Route53 AliasTarget HostedZoneId references (#4527)
  • cc1c48f fix: Auto-download schemas when not present for pre-commit users (#4558)
  • f997c26 Release v1.52.0 (#4555)
  • 9489d7f fix: Add static test schemas so unit tests pass without cfn-lint -u (#4553)
  • 4f547c8 Update CloudFormation schemas to 2026-06-20 (#4549)
  • 6136d67 chore(deps): bump actions/checkout from 6 to 7 (#4552)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the pip-deps group across 1 directory with 5 updates
cfc07e3 
Bumps the pip-deps group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [boto3](https://github.com/boto/boto3) | `1.43.33` | `1.43.36` |
| [ruff](https://github.com/astral-sh/ruff) | `0.15.18` | `0.15.20` |
| [setuptools-scm](https://github.com/pypa/setuptools-scm) | `10.0.5` | `10.2.0` |
| [openapi-spec-validator](https://github.com/python-openapi/openapi-spec-validator) | `0.8.5` | `0.9.0` |
| [cfn-lint](https://github.com/aws-cloudformation/cfn-lint) | `1.51.5` | `1.52.1` |



Updates `boto3` from 1.43.33 to 1.43.36
- [Release notes](https://github.com/boto/boto3/releases)
- [Commits](boto/boto3@1.43.33...1.43.36)

Updates `ruff` from 0.15.18 to 0.15.20
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.18...0.15.20)

Updates `setuptools-scm` from 10.0.5 to 10.2.0
- [Release notes](https://github.com/pypa/setuptools-scm/releases)
- [Changelog](https://github.com/pypa/setuptools-scm/blob/main/RELEASE_SYSTEM.md)
- [Commits](pypa/setuptools-scm@setuptools-scm-v10.0.5...setuptools-scm-v10.2.0)

Updates `openapi-spec-validator` from 0.8.5 to 0.9.0
- [Release notes](https://github.com/python-openapi/openapi-spec-validator/releases)
- [Commits](python-openapi/openapi-spec-validator@0.8.5...0.9.0)

Updates `cfn-lint` from 1.51.5 to 1.52.1
- [Release notes](https://github.com/aws-cloudformation/cfn-lint/releases)
- [Changelog](https://github.com/aws-cloudformation/cfn-lint/blob/main/CHANGELOG.md)
- [Commits](aws-cloudformation/cfn-lint@v1.51.5...v1.52.1)

---
updated-dependencies:
- dependency-name: boto3
  dependency-version: 1.43.36
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: pip-deps
- dependency-name: ruff
  dependency-version: 0.15.20
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: pip-deps
- dependency-name: setuptools-scm
  dependency-version: 10.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip-deps
- dependency-name: openapi-spec-validator
  dependency-version: 0.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip-deps
- dependency-name: cfn-lint
  dependency-version: 1.52.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added bumpless Changes to documentation, CI/CD pipelines, etc that don't affect the project's version minor Bump the minor version number of this project labels Jun 29, 2026
@dependabot dependabot Bot requested review from a team as code owners June 29, 2026 19:43
@dependabot dependabot Bot added minor Bump the minor version number of this project bumpless Changes to documentation, CI/CD pipelines, etc that don't affect the project's version labels Jun 29, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

bumpless Changes to documentation, CI/CD pipelines, etc that don't affect the project's version minor Bump the minor version number of this project

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants