Skip to content

Bump the production-dependencies group across 1 directory with 6 updates#1972

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/production-dependencies-a4e2824eac
Open

Bump the production-dependencies group across 1 directory with 6 updates#1972
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/production-dependencies-a4e2824eac

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 4, 2026

Bumps the production-dependencies group with 6 updates in the / directory:

Package From To
certifi 2026.2.25 2026.4.22
idna 3.11 3.13
pathspec 1.0.4 1.1.1
build 1.4.3 1.4.4
wheel 0.46.3 0.47.0
pip 26.0.1 26.1

Updates certifi from 2026.2.25 to 2026.4.22

Commits
  • 5dddfb0 2026.04.22 (#410)
  • f99eccd Bump peter-evans/create-pull-request from 8.1.0 to 8.1.1 (#404)
  • 918bed0 Bump actions/upload-artifact from 7.0.0 to 7.0.1 (#405)
  • 0a49067 Bump pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0 (#403)
  • acf6ce8 Bump actions/download-artifact from 8.0.0 to 8.0.1 (#398)
  • feb0ed2 Bump actions/download-artifact from 7.0.0 to 8.0.0 (#397)
  • d9c11a5 Bump actions/upload-artifact from 6.0.0 to 7.0.0 (#396)
  • See full diff in compare view

Updates idna from 3.11 to 3.13

Changelog

Sourced from idna's changelog.

3.13 (2026-04-22) +++++++++++++++++

  • Correct classification error for codepoint U+A7F1

3.12 (2026-04-21) +++++++++++++++++

  • Update to Unicode 17.0.0.
  • Issue a deprecation warning for the transitional argument.
  • Added lazy-loading to provide some performance improvements.
  • Removed vestiges of code related to Python 2 support, including segmentation of data structures specific to Jython.

Thanks to Rodrigo Nogueira for contributions to this release.

Commits
  • 89cdfd2 Release v3.13
  • 1eb0686 Pre-release 3.13
  • 5f20d1e Merge pull request #220 from kjd/unicode-next
  • 4ea8425 Regenerate idnadata.py with correct NFKC_CF data
  • fd47341 Use NFKC_CF from Unicode data files instead of Python's unicodedata module
  • a5304a4 Merge pull request #219 from kjd/release-3.12
  • d80d6f9 Release v3.12
  • 1bb44dd Merge pull request #218 from kjd/release-candidate-3.12rc0
  • 909c49d Release candidate for 3.12
  • c5459a1 Merge pull request #217 from kjd/housekeeping-2
  • Additional commits viewable in compare view

Updates pathspec from 1.0.4 to 1.1.1

Release notes

Sourced from pathspec's releases.

v1.1.1

Release v1.1.1. See CHANGES.rst.

v1.1.0

Release v1.1.0. See CHANGES.rst.

Changelog

Sourced from pathspec's changelog.

1.1.1 (2026-04-26)

Improvements:

  • Improved type checking with mypy and pyright.

Bug fixes:

  • Fixed typing on PathSpec[TPattern] to PathSpec[TPattern_co].
  • Added missing variant type-hint type[Pattern] to PathSpec.from_lines() parameter pattern_factory.
  • Fixed possible type error when using + and += operators on PathSpec.

1.1.0 (2026-04-22)

New features:

  • Issue [#108](https://github.com/cpburnz/python-pathspec/issues/108)_: Specialize pattern type for PathSpec as PathSpec[TPattern] for better debugging of PathSpec().patterns.

Bug fixes:

  • Issue [#93](https://github.com/cpburnz/python-pathspec/issues/93)_: Git discards invalid range notation. GitIgnoreSpecPattern now discards patterns with invalid range notation like Git.
  • Pull [#106](https://github.com/cpburnz/python-pathspec/issues/106)_: Fix escape() not escaping backslash characters.

Improvements:

  • Pull [#110](https://github.com/cpburnz/python-pathspec/issues/110)_: Nicer debug print outs (and str for regex pattern).

.. _Pull [#106](https://github.com/cpburnz/python-pathspec/issues/106): cpburnz/python-pathspec#106 .. _Issue [#108](https://github.com/cpburnz/python-pathspec/issues/108): cpburnz/python-pathspec#108 .. _Pull [#110](https://github.com/cpburnz/python-pathspec/issues/110): cpburnz/python-pathspec#110

Commits

Updates build from 1.4.3 to 1.4.4

Release notes

Sourced from build's releases.

1.4.4

What's Changed

Full Changelog: pypa/build@1.4.3...1.4.4

Changelog

Sourced from build's changelog.

#################### 1.5.0 (2026-04-30) ####################

Features

  • Drop Python 3.9 support - by :user:henryiii (:issue:1036)

Bugfixes

  • Make --ignore-installed opt-in from the API via fresh=True - by :user:henryiii (:issue:1056)

Miscellaneous

  • :issue:1033

#################### 1.4.4 (2026-04-22) ####################

Bugfixes

  • Fix release pipeline generating CHANGELOG.rst entries with inconsistent heading levels, which broke sphinx -W and pinned Read the Docs stable at 1.4.0 - by :user:gaborbernat. (:issue:1031)
  • Revert :pr:1039 from build 1.4.3, no longer check direct_url (for now) - by :user:henryiii (:issue:1039)
  • Add --ignore-installed to pip install command to prevent issues with packages already present in the isolated build environment - by :user:henryiii (:issue:1037) (:issue:1040)
  • Partial revert of :pr:973, keeping log messages in one entry, multiple lines. (:issue:1044)

Miscellaneous

  • :issue:1048, :issue:1049

#################### 1.4.3 (2026-04-10) ####################

Features

... (truncated)

Commits

Updates wheel from 0.46.3 to 0.47.0

Release notes

Sourced from wheel's releases.

0.47.0

  • Added the wheel info subcommand to display metadata about wheel files without unpacking them (#639)
  • Fixed WheelFile raising Missing RECORD file when the wheel filename contains uppercase characters (e.g. Django-3.2.5.whl) but the .dist-info directory inside uses normalized lowercase naming (#411)
Changelog

Sourced from wheel's changelog.

Release Notes

0.47.0 (2026-04-22)

  • Added the wheel info subcommand to display metadata about wheel files without unpacking them ([#639](https://github.com/pypa/wheel/issues/639) <https://github.com/pypa/wheel/issues/639>_)
  • Fixed WheelFile raising Missing RECORD file when the wheel filename contains uppercase characters (e.g. Django-3.2.5.whl) but the .dist-info directory inside uses normalized lowercase naming ([#411](https://github.com/pypa/wheel/issues/411) <https://github.com/pypa/wheel/issues/411>_)

0.46.3 (2026-01-22)

  • Fixed ImportError: cannot import name '_setuptools_logging' from 'wheel' when installed alongside an old version of setuptools and running the bdist_wheel command ([#676](https://github.com/pypa/wheel/issues/676) <https://github.com/pypa/wheel/issues/676>_)

0.46.2 (2026-01-22)

  • Restored the bdist_wheel command for compatibility with setuptools older than v70.1
  • Importing wheel.bdist_wheel now emits a FutureWarning instead of a DeprecationWarning
  • Fixed wheel unpack potentially altering the permissions of files outside of the destination tree with maliciously crafted wheels (CVE-2026-24049)

0.46.1 (2025-04-08)

  • Temporarily restored the wheel.macosx_libfile module ([#659](https://github.com/pypa/wheel/issues/659) <https://github.com/pypa/wheel/issues/659>_)

0.46.0 (2025-04-03)

  • Dropped support for Python 3.8
  • Removed the bdist_wheel setuptools command implementation and entry point. The wheel.bdist_wheel module is now just an alias to setuptools.command.bdist_wheel, emitting a deprecation warning on import.
  • Removed vendored packaging in favor of a run-time dependency on it
  • Made the wheel.metadata module private (with a deprecation warning if it's imported
  • Made the wheel.cli package private (no deprecation warning)
  • Fixed an exception when calling the convert command with an empty description field

0.45.1 (2024-11-23)

  • Fixed pure Python wheels converted from eggs and wininst files having the ABI tag in the file name

... (truncated)

Commits
  • efd83a7 Created a new release
  • bb69216 Reordered the changelog entries
  • d5a1763 fix(wheelfile): resolve .dist-info path case-insensitively when reading wheel...
  • 5718957 [pre-commit.ci] pre-commit autoupdate (#685)
  • 6258068 chore: log_level is better than log_cli_level (#684)
  • 2975deb Require tox >= 4.22
  • 47674ba chore: add check-sdist to checks (#681)
  • 56223f6 __package____spec__.parent (#679)
  • 0ce509e Added the wheel info subcommand (#669)
  • 39039c0 Improved the index page
  • Additional commits viewable in compare view

Updates pip from 26.0.1 to 26.1

Changelog

Sourced from pip's changelog.

26.1 (2026-04-26)

Deprecations and Removals

  • Drop support for Python 3.9. ([#13795](https://github.com/pypa/pip/issues/13795) <https://github.com/pypa/pip/issues/13795>_)

Features

  • Add experimental support to read requirements from standardized pylock.toml files (-r pylock.toml). ([#13876](https://github.com/pypa/pip/issues/13876) <https://github.com/pypa/pip/issues/13876>_)
  • Allow --uploaded-prior-to to accept a duration in days (e.g., P3D for 3 days ago). ([#13674](https://github.com/pypa/pip/issues/13674) <https://github.com/pypa/pip/issues/13674>_)

Enhancements

  • Speed up dependency resolution when there are complex conflicts. ([#13859](https://github.com/pypa/pip/issues/13859) <https://github.com/pypa/pip/issues/13859>_)
  • Reduce memory usage when resolving large dependency trees. ([#13843](https://github.com/pypa/pip/issues/13843) <https://github.com/pypa/pip/issues/13843>_)
  • Emit a deprecation warning when pip imports an unexpected module after installation of a distribution has started. ([#13912](https://github.com/pypa/pip/issues/13912) <https://github.com/pypa/pip/issues/13912>_)
  • Allow URL constraints to apply to requirements with extras. ([#12018](https://github.com/pypa/pip/issues/12018) <https://github.com/pypa/pip/issues/12018>_)
  • Allow unpinned requirements to use hashes from constraints. Constraints like {name}=={version} --hash=... feeds into hash verification for a corresponding requirement. ([#9243](https://github.com/pypa/pip/issues/9243) <https://github.com/pypa/pip/issues/9243>_)
  • Improve conflict reports that involve direct URLs. ([#13932](https://github.com/pypa/pip/issues/13932) <https://github.com/pypa/pip/issues/13932>_)
  • Show all errors instead of first error for faulty dependency_groups definitions. ([#13917](https://github.com/pypa/pip/issues/13917) <https://github.com/pypa/pip/issues/13917>_)

Bug Fixes

  • Fix recovery hint for missing RECORD file to use --ignore-installed instead of --force-reinstall. ([#12645](https://github.com/pypa/pip/issues/12645) <https://github.com/pypa/pip/issues/12645>_)
  • Fix misleading error message when a constraint file cannot be opened. ([#13226](https://github.com/pypa/pip/issues/13226) <https://github.com/pypa/pip/issues/13226>_)
  • Show the filename rather than the full URL when downloading files from non-PyPI indexes in non-verbose mode. ([#13494](https://github.com/pypa/pip/issues/13494) <https://github.com/pypa/pip/issues/13494>_)
  • Remove the adjacent __pycache__ directory when a .py file is removed. ([#13725](https://github.com/pypa/pip/issues/13725) <https://github.com/pypa/pip/issues/13725>_)
  • Force UTF-8 encoding for :pep:723 metadata. ([#13861](https://github.com/pypa/pip/issues/13861) <https://github.com/pypa/pip/issues/13861>_)
  • Minor performance improvement when filtering candidates during resolution. ([#13916](https://github.com/pypa/pip/issues/13916) <https://github.com/pypa/pip/issues/13916>_)
  • Fix a hang on Windows when stdout is closed during verbose output. ([#13927](https://github.com/pypa/pip/issues/13927) <https://github.com/pypa/pip/issues/13927>_)
  • Common path prefixes are determined by path segment, not character by character. ([#13847](https://github.com/pypa/pip/issues/13847) <https://github.com/pypa/pip/issues/13847>_)
  • Fix installing .tar.gz source distributions that look like a zip file. ([#13867](https://github.com/pypa/pip/issues/13867) <https://github.com/pypa/pip/issues/13867>_)

Vendored Libraries

  • Upgrade certifi to 2026.2.25
  • Upgrade packaging to 26.2
  • Upgrade requests to 2.33.1
  • Upgrade tomli to 2.3.1
  • Upgrade urllib3 to 2.6.3

... (truncated)

Commits
  • 90b2b3e Bump for release
  • 193f289 Update AUTHORS.txt
  • 63c3709 Merge pull request #13876 from sbidoul/install-from-pylock-reqs-sbi
  • e5fe702 Merge pull request #13949 from pypa/revert-13888-resolver-editable-links
  • 122a14a Revert "Allow editable installs to satisfy direct-URL dependencies (#13888)"
  • c335252 -r pylock.toml: add pip-wheel -r pylock.toml test
  • ba2fc12 -r pylock.toml: proper error with remote pylock.toml containing directory ent...
  • 747c4ae Merge pull request #13948 from ichard26/reword-news
  • 3517841 -r pylock: refine filename pylock-ness test
  • 2f7ad8c -r pylock.toml: fix crash with pip wheel and pip lock
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the production-dependencies group across 1 directory with 6 updates
c37472d 
Bumps the production-dependencies group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [certifi](https://github.com/certifi/python-certifi) | `2026.2.25` | `2026.4.22` |
| [idna](https://github.com/kjd/idna) | `3.11` | `3.13` |
| [pathspec](https://github.com/cpburnz/python-pathspec) | `1.0.4` | `1.1.1` |
| [build](https://github.com/pypa/build) | `1.4.3` | `1.4.4` |
| [wheel](https://github.com/pypa/wheel) | `0.46.3` | `0.47.0` |
| [pip](https://github.com/pypa/pip) | `26.0.1` | `26.1` |



Updates `certifi` from 2026.2.25 to 2026.4.22
- [Commits](certifi/python-certifi@2026.02.25...2026.04.22)

Updates `idna` from 3.11 to 3.13
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst)
- [Commits](kjd/idna@v3.11...v3.13)

Updates `pathspec` from 1.0.4 to 1.1.1
- [Release notes](https://github.com/cpburnz/python-pathspec/releases)
- [Changelog](https://github.com/cpburnz/python-pathspec/blob/master/CHANGES.rst)
- [Commits](cpburnz/python-pathspec@v1.0.4...v1.1.1)

Updates `build` from 1.4.3 to 1.4.4
- [Release notes](https://github.com/pypa/build/releases)
- [Changelog](https://github.com/pypa/build/blob/main/CHANGELOG.rst)
- [Commits](pypa/build@1.4.3...1.4.4)

Updates `wheel` from 0.46.3 to 0.47.0
- [Release notes](https://github.com/pypa/wheel/releases)
- [Changelog](https://github.com/pypa/wheel/blob/main/docs/news.rst)
- [Commits](pypa/wheel@0.46.3...0.47.0)

Updates `pip` from 26.0.1 to 26.1
- [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst)
- [Commits](pypa/pip@26.0.1...26.1)

---
updated-dependencies:
- dependency-name: certifi
  dependency-version: 2026.4.22
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: idna
  dependency-version: '3.13'
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: pathspec
  dependency-version: 1.1.1
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: build
  dependency-version: 1.4.4
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: wheel
  dependency-version: 0.47.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: pip
  dependency-version: '26.1'
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels May 4, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants