Skip to content

Bump the direct-deps group across 1 directory with 8 updates#545

Closed
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/uv/direct-deps-3a46c98fb4
Closed

Bump the direct-deps group across 1 directory with 8 updates#545
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/uv/direct-deps-3a46c98fb4

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 2, 2026
edited
Loading

Bumps the direct-deps group with 8 updates in the / directory:

Package From To
exchange-calendars 4.13.1 4.13.2
attrs 25.4.0 26.1.0
hypothesis 6.151.5 6.151.10
pytz 2025.2 2026.1.post1
mypy 1.19.1 1.20.0
certifi 2026.1.4 2026.2.25
charset-normalizer 3.4.4 3.4.6
requests 2.32.5 2.33.1

Updates exchange-calendars from 4.13.1 to 4.13.2

Release notes

Sourced from exchange-calendars's releases.

4.13.2 🌈

What’s Changed

Commits

Updates attrs from 25.4.0 to 26.1.0

Release notes

Sourced from attrs's releases.

26.1.0

Highlights

The main outward change here only affects people using field transformers, but it should be a nice quality of life improvement!

Full changelog below!

Special Thanks

This release would not be possible without my generous sponsors! Thank you to all of you making sustainable maintenance possible! If you would like to join them, go to https://github.com/sponsors/hynek and check out the sweet perks!

Above and Beyond

Variomedia AG (@variomedia), Tidelift (@tidelift), Kraken Tech (@kraken-tech), Privacy Solutions GmbH (@privacy-solutions), FilePreviews (@filepreviews), Ecosystems (@ecosyste-ms), TestMu AI Open Source Office (Formerly LambdaTest) (@LambdaTest-Inc), Doist (@Doist), Daniel Fortunov (@asqui), and Kevin P. Fleming (@kpfleming).

Maintenance Sustainers

Buttondown (@buttondown), Christopher Dignam (@chdsbd), Magnus Watn (@magnuswatn), David Cramer (@dcramer), Rivo Laks (@rivol), Polar (@polarsource), Mike Fiedler (@miketheman), Duncan Hill (@cricalix), Colin Marquardt (@cmarqu), Pieter Swinkels (@swinkels), Nick Libertini (@libertininick), Brian M. Dennis (@crossjam), Celebrity News AG (@celebritynewsag), The Westervelt Company (@westerveltco), Sławomir Ehlert (@slafs), Mostafa Khalil (@khadrawy), Filip Mularczyk (@mukiblejlok), Thomas Klinger (@thmsklngr), Andreas Poehlmann (@ap--), August Trapper Bigelow (@atbigelow), Carlton Gibson (@carltongibson), and Roboflow (@roboflow).

Full Changelog

Backwards-incompatible Changes

  • Field aliases are now resolved before calling field_transformer, so transformers receive fully populated Attribute objects with usable alias values instead of None. The new Attribute.alias_is_default flag indicates whether the alias was auto-generated (True) or explicitly set by the user (False). #1509

Changes

  • Fix type annotations for attrs.validators.optional(), so it no longer rejects tuples with more than one validator. #1496
  • The attrs.validators.disabled() contextmanager can now be nested. #1513
  • Frozen classes can set on_setattr=attrs.setters.NO_OP in addition to None. #1515
  • It's now possible to pass attrs instances in addition to attrs classes to attrs.fields(). #1529

This release contains contributions from @​bysiber, @​DavidCEllis, @​finite-state-machine, @​hynek, @​veeceey, and @​vstinner.

Artifact Attestations

You can verify this release's artifact attestions using GitHub's CLI tool by downloading the sdist and wheel from PyPI and running:

$ gh attestation verify --owner python-attrs attrs-26.1.0.tar.gz

... (truncated)

Changelog

Sourced from attrs's changelog.

26.1.0 - 2026-03-19

Backwards-incompatible Changes

  • Field aliases are now resolved before calling field_transformer, so transformers receive fully populated Attribute objects with usable alias values instead of None. The new Attribute.alias_is_default flag indicates whether the alias was auto-generated (True) or explicitly set by the user (False). #1509

Changes

  • Fix type annotations for attrs.validators.optional(), so it no longer rejects tuples with more than one validator. #1496
  • The attrs.validators.disabled() contextmanager can now be nested. #1513
  • Frozen classes can set on_setattr=attrs.setters.NO_OP in addition to None. #1515
  • It's now possible to pass attrs instances in addition to attrs classes to attrs.fields(). #1529
Commits
  • 7bfc49e Prepare 26.1.0
  • 31e0286 Update test_validators.py for Python 3.15a7 (#1530)
  • 48b8611 Add instance support to attrs.fields() (#1529)
  • 3a68d49 dev: document missing git tags failure mode
  • a572c3a Allow field(on_setattr=NO_OP) on frozen classes
  • af9c510 Fix validators.disabled() to save/restore state on nesting (#1513)
  • ab7f8b2 update dev
  • ce89f5d Fix message passing in frozen errors
  • eccd966 Fix optional validator to accept tuples of len > 1 (#1496)
  • e92fe52 policies: tighten screws (#1528)
  • Additional commits viewable in compare view

Updates hypothesis from 6.151.5 to 6.151.10

Release notes

Sourced from hypothesis's releases.

Hypothesis for Python - version 6.151.10

When shrinking takes more than five minutes, Hypothesis now prints the "@​seed" decorator alongside the slow-shrinking warning so you can reproduce the failure.

Thanks to Ian Hunt-Isaak for this contribution!

The canonical version of these notes (with links) is on readthedocs.

Hypothesis for Python - version 6.151.9

Remove some old unused code.

The canonical version of these notes (with links) is on readthedocs.

Hypothesis for Python - version 6.151.8

This patch fixes a crash when "sys.modules" contains unhashable values, such as "SimpleNamespace" objects (issue #4660).

The canonical version of these notes (with links) is on readthedocs.

Hypothesis for Python - version 6.151.7

This patch updates our vendored list of top-level domains, which is used by the provisional "domains()" strategy.

The canonical version of these notes (with links) is on readthedocs.

Hypothesis for Python - version 6.151.6

This patch fixes several duplicate word typos in comments and documentation.

The canonical version of these notes (with links) is on readthedocs.

Commits
  • dd619a8 Bump hypothesis-python version to 6.151.10 and update changelog
  • 47bf92e Merge pull request #4685 from HypothesisWorks/create-pull-request/patch
  • e87b8ba Update pinned dependencies
  • d2a9a59 Merge pull request #4677 from ianhi/slow-shrink-seed
  • 1d6046a format
  • 36c2cae refactor and reword
  • 3d54cdc Merge remote-tracking branch 'upstream/master' into slow-shrink-seed
  • c1d70b8 Merge pull request #4679 from HypothesisWorks/create-pull-request/patch
  • e1e0ba1 Update pinned dependencies
  • 9fe714d Merge pull request #4678 from HypothesisWorks/create-pull-request/patch
  • Additional commits viewable in compare view

Updates pytz from 2025.2 to 2026.1.post1

Commits
  • 02509d0 Update test runners for new Pythons and github actions
  • 43c1cb2 Bump version number to 2026.1.post1
  • 6ee7e56 Try to access resource using importlib.resources
  • 95fe75d Bump version number to 2026.1 (2026a)
  • 7034275 Updates for upstream directory layout changes
  • 4dd79d3 IANA 2026a
  • 08d7e76 Squashed 'tz/' changes from 7e1145bfdb..e23c045f8f
  • b07d947 try to access resource using importlib.resources
  • See full diff in compare view

Updates mypy from 1.19.1 to 1.20.0

Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next Release

Mypy 1.20

We’ve just uploaded mypy 1.20.0 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

Planned Changes to Defaults and Flags in Mypy 2.0

As a reminder, we are planning to enable --local-partial-types by default in mypy 2.0, which will likely be the next feature release. This will often require at least minor code changes. This option is implicitly enabled by mypy daemon, so this makes the behavior of daemon and non-daemon modes consistent.

Note that this release improves the compatibility of --local-partial-types significantly to make the switch easier (see below for more).

This can also be configured in a mypy configuration file (use False to disable):

local_partial_types = True

For more information, refer to the documentation.

We will also enable --strict-bytes by default in mypy 2.0. This usually requires at most minor code changes to adopt. For more information, refer to the documentation.

Finally, --allow-redefinition-new will be renamed to --allow-redefinition. If you want to continue using the older --allow-redefinition semantics which are less flexible (e.g. limited support for conditional redefinitions), you can switch to --allow-redefinition-old, which is currently supported as an alias to the legacy --allow-redefinition behavior. To use --allow-redefinition in the upcoming mypy 2.0, you can't use --no-local-partial-types. For more information, refer to the documentation.

Better Type Narrowing

Mypy's implementation of narrowing has been substantially reworked. Mypy will now narrow more aggressively, more consistently, and more correctly. In particular, you are likely to notice new narrowing behavior in equality expressions (==), containment expressions (in),

... (truncated)

Commits
  • 770d3ca Remove +dev from version
  • 4738ffa Changelog updates for 1.20 (#21109)
  • b4f07a7 Use 'native-parser' instead of 'native-parse' for optional dependency (#21115)
  • 7bec7b7 [mypyc] Document librt and librt.base64 (#21114)
  • c482596 --allow-redefinition-new is no longer experimental (#21110)
  • c916ca3 sdist: include misc/{diff-cache,apply-cache-diff}.py for `mypy/test/test_di...
  • b137e4e [mypyc] Speed up native-to-native imports within the same group (#21101)
  • 978b711 [mypyc] Fix range loop variable off-by-one after loop exit (#21098)
  • 67ada30 [stubtest] Check runtime availability of private types not marked `@type_chec...
  • bdef6ef librt cache tests: build respecting MYPY_TEST_PREFIX (#21097)
  • Additional commits viewable in compare view

Updates certifi from 2026.1.4 to 2026.2.25

Commits

Updates charset-normalizer from 3.4.4 to 3.4.6

Release notes

Sourced from charset-normalizer's releases.

Version 3.4.6

3.4.6 (2026-03-15)

Changed

  • Flattened the logic in charset_normalizer.md for higher performance. Removed eligible(..) and feed(...) in favor of feed_info(...).
  • Raised upper bound for mypy[c] to 1.20, for our optimized version.
  • Updated UNICODE_RANGES_COMBINED using Unicode blocks v17.

Fixed

  • Edge case where noise difference between two candidates can be almost insignificant. (#672)
  • CLI --normalize writing to wrong path when passing multiple files in. (#702)

Misc

  • Freethreaded pre-built wheels now shipped in PyPI starting with 3.14t. (#616)

Version 3.4.5

3.4.5 (2026-03-06)

Changed

  • Update setuptools constraint to setuptools>=68,<=82.
  • Raised upper bound of mypyc for the optional pre-built extension to v1.19.1

Fixed

  • Add explicit link to lib math in our optimized build. (#692)
  • Logger level not restored correctly for empty byte sequences. (#701)
  • TypeError when passing bytearray to from_bytes. (#703)

Misc

  • Applied safe micro-optimizations in both our noise detector and language detector.
  • Rewrote the query_yes_no function (inside CLI) to avoid using ambiguous licensed code.
  • Added cd.py submodule into mypyc optional compilation to reduce further the performance impact.

[!WARNING]
mypyc changed the usual binary output for the optimized wheel. Beware, especially if using PyInstaller or alike. See jawah/charset_normalizer#714

Changelog

Sourced from charset-normalizer's changelog.

3.4.6 (2026-03-15)

Changed

  • Flattened the logic in charset_normalizer.md for higher performance. Removed eligible(..) and feed(...) in favor of feed_info(...).
  • Raised upper bound for mypy[c] to 1.20, for our optimized version.
  • Updated UNICODE_RANGES_COMBINED using Unicode blocks v17.

Fixed

  • Edge case where noise difference between two candidates can be almost insignificant. (#672)
  • CLI --normalize writing to wrong path when passing multiple files in. (#702)

Misc

  • Freethreaded pre-built wheels now shipped in PyPI starting with 3.14t. (#616)

3.4.5 (2026-03-06)

Changed

  • Update setuptools constraint to setuptools>=68,<=82.
  • Raised upper bound of mypyc for the optional pre-built extension to v1.19.1

Fixed

  • Add explicit link to lib math in our optimized build. (#692)
  • Logger level not restored correctly for empty byte sequences. (#701)
  • TypeError when passing bytearray to from_bytes. (#703)

Misc

  • Applied safe micro-optimizations in both our noise detector and language detector.
  • Rewrote the query_yes_no function (inside CLI) to avoid using ambiguous licensed code.
  • Added cd.py submodule into mypyc optional compilation to reduce further the performance impact.
Commits
  • 5478b84 Merge pull request #715 from jawah/release-3.4.6
  • 5c0a09e ✔️ add confidence for threading usage, mostly due to lru_cach...
  • ef826b2 📝 update changelog
  • 5564f1a 📝 update docs accordingly
  • 0f2cf7d 📝 update changelog
  • 54a1894 🐛 fix --normalize writing to wrong path with multiple files
  • 2177e28 📝 update changelog
  • b2497a5 🐛 edge case where noise difference between two candidates can be almost i...
  • 13a5d0b 🔧 upgrade ci requirements
  • b9ffbd4 🔧 enable 3.14t nox mypyc session
  • Additional commits viewable in compare view

Updates requests from 2.32.5 to 2.33.1

Release notes

Sourced from requests's releases.

v2.33.1

2.33.1 (2026-03-30)

Bugfixes

  • Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)
  • Fixed Content-Type header parsing for malformed values. (#7309)
  • Improved error consistency for malformed header values. (#7308)

New Contributors

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2331-2026-03-30

v2.33.0

2.33.0 (2026-03-25)

Announcements

  • 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

  • CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

  • Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

  • Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

  • Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

  • Various typo fixes and doc improvements.

New Contributors

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25

Changelog

Sourced from requests's changelog.

2.33.1 (2026-03-30)

Bugfixes

  • Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)
  • Fixed Content-Type header parsing for malformed values. (#7309)
  • Improved error consistency for malformed header values. (#7308)

2.33.0 (2026-03-25)

Announcements

  • 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

  • CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

  • Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

  • Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

  • Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

  • Various typo fixes and doc improvements.
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the direct-deps group across 1 directory with 8 updates
c716478 
Bumps the direct-deps group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [exchange-calendars](https://github.com/gerrymanoim/exchange_calendars) | `4.13.1` | `4.13.2` |
| [attrs](https://github.com/python-attrs/attrs) | `25.4.0` | `26.1.0` |
| [hypothesis](https://github.com/HypothesisWorks/hypothesis) | `6.151.5` | `6.151.10` |
| [pytz](https://github.com/stub42/pytz) | `2025.2` | `2026.1.post1` |
| [mypy](https://github.com/python/mypy) | `1.19.1` | `1.20.0` |
| [certifi](https://github.com/certifi/python-certifi) | `2026.1.4` | `2026.2.25` |
| [charset-normalizer](https://github.com/jawah/charset_normalizer) | `3.4.4` | `3.4.6` |
| [requests](https://github.com/psf/requests) | `2.32.5` | `2.33.1` |



Updates `exchange-calendars` from 4.13.1 to 4.13.2
- [Release notes](https://github.com/gerrymanoim/exchange_calendars/releases)
- [Changelog](https://github.com/gerrymanoim/exchange_calendars/blob/master/docs/changes_archive.md)
- [Commits](gerrymanoim/exchange_calendars@4.13.1...4.13.2)

Updates `attrs` from 25.4.0 to 26.1.0
- [Release notes](https://github.com/python-attrs/attrs/releases)
- [Changelog](https://github.com/python-attrs/attrs/blob/main/CHANGELOG.md)
- [Commits](python-attrs/attrs@25.4.0...26.1.0)

Updates `hypothesis` from 6.151.5 to 6.151.10
- [Release notes](https://github.com/HypothesisWorks/hypothesis/releases)
- [Commits](HypothesisWorks/hypothesis@hypothesis-python-6.151.5...hypothesis-python-6.151.10)

Updates `pytz` from 2025.2 to 2026.1.post1
- [Release notes](https://github.com/stub42/pytz/releases)
- [Commits](stub42/pytz@release_2025.2...release_2026.1.post1)

Updates `mypy` from 1.19.1 to 1.20.0
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md)
- [Commits](python/mypy@v1.19.1...v1.20.0)

Updates `certifi` from 2026.1.4 to 2026.2.25
- [Commits](certifi/python-certifi@2026.01.04...2026.02.25)

Updates `charset-normalizer` from 3.4.4 to 3.4.6
- [Release notes](https://github.com/jawah/charset_normalizer/releases)
- [Changelog](https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md)
- [Commits](jawah/charset_normalizer@3.4.4...3.4.6)

Updates `requests` from 2.32.5 to 2.33.1
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.32.5...v2.33.1)

---
updated-dependencies:
- dependency-name: exchange-calendars
  dependency-version: 4.13.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: direct-deps
- dependency-name: attrs
  dependency-version: 26.1.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: direct-deps
- dependency-name: hypothesis
  dependency-version: 6.151.10
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: direct-deps
- dependency-name: pytz
  dependency-version: 2026.1.post1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: direct-deps
- dependency-name: mypy
  dependency-version: 1.20.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: direct-deps
- dependency-name: certifi
  dependency-version: 2026.2.25
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: direct-deps
- dependency-name: charset-normalizer
  dependency-version: 3.4.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: direct-deps
- dependency-name: requests
  dependency-version: 2.33.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: direct-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Apr 2, 2026
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Apr 22, 2026

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Apr 22, 2026
@dependabot dependabot Bot deleted the dependabot/uv/direct-deps-3a46c98fb4 branch April 22, 2026 13:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants