dependabot[bot] opened a new pull request, #67746: URL: https://github.com/apache/airflow/pull/67746
> [!WARNING] > Dependabot will stop supporting `python v3.9`! > > Please upgrade to one of the following versions: `v3.9`, `v3.10`, `v3.11`, `v3.12`, `v3.13`, or `v3.14`. > Updates the requirements on [filelock](https://github.com/tox-dev/py-filelock), [packaging](https://github.com/pypa/packaging), [pathspec](https://github.com/cpburnz/python-pathspec), [trove-classifiers](https://github.com/pypa/trove-classifiers), [virtualenv](https://github.com/pypa/virtualenv), [click](https://github.com/pallets/click), [jinja2](https://github.com/pallets/jinja), [pytest](https://github.com/pytest-dev/pytest), [requests](https://github.com/psf/requests) and [python-on-whales](https://github.com/gabrieldemarmiesse/python-on-whales) to permit the latest version. Updates `filelock` from 3.25.2 to 3.29.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tox-dev/py-filelock/releases";>filelock's releases</a>.</em></p> <blockquote> <h2>3.29.0</h2> <!-- raw HTML omitted --> <h2>What's Changed</h2> <ul> <li>🐛 fix(async): use single-thread executor for lock consistency by <a href="https://github.com/gaborbernat";><code>@gaborbernat</code></a> in <a href="https://redirect.github.com/tox-dev/filelock/pull/533";>tox-dev/filelock#533</a></li> <li>✨ feat(soft): enable stale lock detection on Windows by <a href="https://github.com/gaborbernat";><code>@gaborbernat</code></a> in <a href="https://redirect.github.com/tox-dev/filelock/pull/534";>tox-dev/filelock#534</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/tox-dev/filelock/compare/3.28.0...3.29.0";>https://github.com/tox-dev/filelock/compare/3.28.0...3.29.0</a></p> <h2>3.28.0</h2> <!-- raw HTML omitted --> <h2>What's Changed</h2> <ul> <li>🐛 fix(ci): unbreak release workflow, publish to PyPI again by <a href="https://github.com/gaborbernat";><code>@gaborbernat</code></a> in <a href="https://redirect.github.com/tox-dev/filelock/pull/529";>tox-dev/filelock#529</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/tox-dev/filelock/compare/3.27.0...3.28.0";>https://github.com/tox-dev/filelock/compare/3.27.0...3.28.0</a></p> <h2>3.27.0</h2> <!-- raw HTML omitted --> <h2>What's Changed</h2> <ul> <li>✨ feat(rw): add SoftReadWriteLock for NFS and HPC clusters by <a href="https://github.com/gaborbernat";><code>@gaborbernat</code></a> in <a href="https://redirect.github.com/tox-dev/filelock/pull/528";>tox-dev/filelock#528</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/tox-dev/filelock/compare/3.26.1...3.27.0";>https://github.com/tox-dev/filelock/compare/3.26.1...3.27.0</a></p> <h2>3.26.1</h2> <!-- raw HTML omitted --> <h2>What's Changed</h2> <ul> <li>🐛 fix(asyncio): add <strong>exit</strong> to BaseAsyncFileLock and fix <strong>del</strong> loop handling by <a href="https://github.com/naarob";><code>@naarob</code></a> in <a href="https://redirect.github.com/tox-dev/filelock/pull/518";>tox-dev/filelock#518</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/naarob";><code>@naarob</code></a> made their first contribution in <a href="https://redirect.github.com/tox-dev/filelock/pull/518";>tox-dev/filelock#518</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/tox-dev/filelock/compare/3.26.0...3.26.1";>https://github.com/tox-dev/filelock/compare/3.26.0...3.26.1</a></p> <h2>3.26.0</h2> <!-- raw HTML omitted --> <h2>What's Changed</h2> <ul> <li>🔒 ci(workflows): add zizmor security auditing by <a href="https://github.com/gaborbernat";><code>@gaborbernat</code></a> in <a href="https://redirect.github.com/tox-dev/filelock/pull/517";>tox-dev/filelock#517</a></li> <li>🔧 fix(ci): restore git credentials for release job by <a href="https://github.com/gaborbernat";><code>@gaborbernat</code></a> in <a href="https://redirect.github.com/tox-dev/filelock/pull/520";>tox-dev/filelock#520</a></li> <li>✨ feat(soft): add PID inspection and lock breaking by <a href="https://github.com/gaborbernat";><code>@gaborbernat</code></a> in <a href="https://redirect.github.com/tox-dev/filelock/pull/524";>tox-dev/filelock#524</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/tox-dev/filelock/compare/3.25.2...3.26.0";>https://github.com/tox-dev/filelock/compare/3.25.2...3.26.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst";>filelock's changelog</a>.</em></p> <blockquote> <p>########### Changelog ###########</p> <hr /> <p>3.29.0 (2026-04-19)</p> <hr /> <ul> <li>✨ feat(soft): enable stale lock detection on Windows :pr:<code>534</code></li> <li>🐛 fix(async): use single-thread executor for lock consistency :pr:<code>533</code></li> <li>build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 :pr:<code>530</code> - by :user:<code>dependabot[bot]</code></li> </ul> <hr /> <p>3.28.0 (2026-04-14)</p> <hr /> <ul> <li>🐛 fix(ci): unbreak release workflow, publish to PyPI again :pr:<code>529</code></li> </ul> <hr /> <p>3.26.1 (2026-04-09)</p> <hr /> <ul> <li>🐛 fix(asyncio): add <strong>exit</strong> to BaseAsyncFileLock and fix <strong>del</strong> loop handling :pr:<code>518</code> - by :user:<code>naarob</code></li> <li>build(deps): bump pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0 :pr:<code>525</code> - by :user:<code>dependabot[bot]</code></li> </ul> <hr /> <p>3.26.0 (2026-04-06)</p> <hr /> <ul> <li>✨ feat(soft): add PID inspection and lock breaking :pr:<code>524</code></li> <li>[pre-commit.ci] pre-commit autoupdate :pr:<code>523</code> - by :user:<code>pre-commit-ci[bot]</code></li> <li>build(deps): bump astral-sh/setup-uv from 7.6.0 to 8.0.0 :pr:<code>522</code> - by :user:<code>dependabot[bot]</code></li> <li>Remove persist-credentials: false from release job :pr:<code>520</code></li> <li>[pre-commit.ci] pre-commit autoupdate :pr:<code>519</code> - by :user:<code>pre-commit-ci[bot]</code></li> <li>🔒 ci(workflows): add zizmor security auditing :pr:<code>517</code></li> <li>[pre-commit.ci] pre-commit autoupdate :pr:<code>516</code> - by :user:<code>pre-commit-ci[bot]</code></li> <li>[pre-commit.ci] pre-commit autoupdate :pr:<code>514</code> - by :user:<code>pre-commit-ci[bot]</code></li> </ul> <hr /> <p>3.25.2 (2026-03-11)</p> <hr /> <ul> <li>🐛 fix(unix): suppress EIO on close in Docker bind mounts :pr:<code>513</code></li> </ul> <hr /> <p>3.25.1 (2026-03-09)</p> <hr /> <ul> <li>[pre-commit.ci] pre-commit autoupdate :pr:<code>510</code> - by :user:<code>pre-commit-ci[bot]</code></li> <li>🐛 fix(win): restore best-effort lock file cleanup on release :pr:<code>511</code></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tox-dev/filelock/commit/469b47f192b0a9f8c8b795d9b9f57212c716959b";><code>469b47f</code></a> Release 3.29.0</li> <li><a href="https://github.com/tox-dev/filelock/commit/e85d07281987e0855ba67c03dfdef342ec1097d5";><code>e85d072</code></a> ✨ feat(soft): enable stale lock detection on Windows (<a href="https://redirect.github.com/tox-dev/py-filelock/issues/534";>#534</a>)</li> <li><a href="https://github.com/tox-dev/filelock/commit/f5ee1712ced6916b2768812ee378183319339944";><code>f5ee171</code></a> 🐛 fix(async): use single-thread executor for lock consistency (<a href="https://redirect.github.com/tox-dev/py-filelock/issues/533";>#533</a>)</li> <li><a href="https://github.com/tox-dev/filelock/commit/2a954588cdf462a786835eeb102240ce79fecc8b";><code>2a95458</code></a> build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 (<a href="https://redirect.github.com/tox-dev/py-filelock/issues/530";>#530</a>)</li> <li><a href="https://github.com/tox-dev/filelock/commit/55de20c0819652362881906fa289feff5a323c19";><code>55de20c</code></a> Release 3.28.0</li> <li><a href="https://github.com/tox-dev/filelock/commit/476b0e4a92776fe530b5d993247342f039004174";><code>476b0e4</code></a> 🐛 fix(ci): unbreak release workflow, publish to PyPI again (<a href="https://redirect.github.com/tox-dev/py-filelock/issues/529";>#529</a>)</li> <li><a href="https://github.com/tox-dev/filelock/commit/824713edc32b54efd66566907f97c1238502810e";><code>824713e</code></a> ✨ feat(rw): add SoftReadWriteLock for NFS and HPC clusters (<a href="https://redirect.github.com/tox-dev/py-filelock/issues/528";>#528</a>)</li> <li><a href="https://github.com/tox-dev/filelock/commit/9879de9298db93ffba0a9f58d9de75e9e2a00fc1";><code>9879de9</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://redirect.github.com/tox-dev/py-filelock/issues/527";>#527</a>)</li> <li><a href="https://github.com/tox-dev/filelock/commit/4cfab498b6916f89be46152efa4a72e9731be98f";><code>4cfab49</code></a> Release 3.26.1</li> <li><a href="https://github.com/tox-dev/filelock/commit/734c9f26e8107ad24886129fc68865f0b46cf71f";><code>734c9f2</code></a> 🐛 fix(asyncio): add <strong>exit</strong> to BaseAsyncFileLock and fix <strong>del</strong> loop handli...</li> <li>Additional commits viewable in <a href="https://github.com/tox-dev/py-filelock/compare/3.25.2...3.29.0";>compare view</a></li> </ul> </details> <br /> Updates `packaging` from 26.0 to 26.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pypa/packaging/releases";>packaging's releases</a>.</em></p> <blockquote> <h2>26.2</h2> <h2>What's Changed</h2> <p>Fixes:</p> <ul> <li>Fix incorrect sysconfig var name for pyemscripten by <a href="https://github.com/ryanking13";><code>@ryanking13</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1160";>pypa/packaging#1160</a></li> <li>Make <code>Version</code>, <code>Specifier</code>, <code>SpecifierSet</code>, <code>Tag</code>, <code>Marker</code>, and <code>Requirement</code> pickle-safe and backward-compatible with pickles created in 25.0-26.1 (including references to the removed <code>packaging._structures</code> module) by <a href="https://github.com/eachimei";><code>@eachimei</code></a> and <a href="https://github.com/henryiii";><code>@henryiii</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1163";>pypa/packaging#1163</a>, <a href="https://redirect.github.com/pypa/packaging/pull/1168";>pypa/packaging#1168</a>, <a href="https://redirect.github.com/pypa/packaging/pull/1170";>pypa/packaging#1170</a>, and <a href="https://redirect.github.com/pypa/packaging/pull/1171";>pypa/packaging#1171</a></li> <li>fix: re-export ExceptionGroup for now by <a href="https://github.com/henryiii";><code>@henryiii</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1164";>pypa/packaging#1164</a></li> </ul> <p>Documentation:</p> <ul> <li>docs: add errors section and fix missing details by <a href="https://github.com/henryiii";><code>@henryiii</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1159";>pypa/packaging#1159</a></li> <li>docs(dev): document property-based test suite by <a href="https://github.com/r266-tech";><code>@r266-tech</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1167";>pypa/packaging#1167</a></li> <li>Fix typo in DirectUrl documentation by <a href="https://github.com/sbidoul";><code>@sbidoul</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1169";>pypa/packaging#1169</a></li> <li>docs(specifiers): add is_unsatisfiable() usage example by <a href="https://github.com/r266-tech";><code>@r266-tech</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1166";>pypa/packaging#1166</a></li> </ul> <p>Internal:</p> <ul> <li>Enable the auditor persona on zizmor by <a href="https://github.com/henryiii";><code>@henryiii</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1158";>pypa/packaging#1158</a></li> <li>Test new pickle guarantees by <a href="https://github.com/henryiii";><code>@henryiii</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1174";>pypa/packaging#1174</a></li> <li>Use native uv integration in rtd by <a href="https://github.com/henryiii";><code>@henryiii</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1175";>pypa/packaging#1175</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/ryanking13";><code>@ryanking13</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/packaging/pull/1160";>pypa/packaging#1160</a></li> <li><a href="https://github.com/eachimei";><code>@eachimei</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/packaging/pull/1163";>pypa/packaging#1163</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/pypa/packaging/compare/26.1...26.2";>https://github.com/pypa/packaging/compare/26.1...26.2</a></p> <h2>26.1</h2> <p>Features:</p> <ul> <li><del>PEP 783: add handling for Emscripten wheel tags by <a href="https://github.com/hoodmane";><code>@hoodmane</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/804";>pypa/packaging#804</a></del> (old name used in implementation, will be fixed in next release)</li> <li>PEP 803: add handling for the <code>abi3.abi3t</code> free-threading tag by <a href="https://github.com/ngoldbaum";><code>@ngoldbaum</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1099";>pypa/packaging#1099</a></li> <li>PEP 723: add <code>packaging.dependency_groups</code> module, based on the <code>dependency-groups</code> package by <a href="https://github.com/sirosen";><code>@sirosen</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1065";>pypa/packaging#1065</a></li> <li>Add the <code>packaging.direct_url</code> module by <a href="https://github.com/sbidoul";><code>@sbidoul</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/944";>pypa/packaging#944</a></li> <li>Add the <code>packaging.errors</code> module by <a href="https://github.com/henryiii";><code>@henryiii</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1071";>pypa/packaging#1071</a></li> <li>Add <code>SpecifierSet.is_unsatisfiable</code> using ranges (new internals that will be expanded in future versions) by <a href="https://github.com/notatallshaw";><code>@notatallshaw</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1119";>pypa/packaging#1119</a></li> <li>Add <code>create_compatible_tags_selector</code> to select compatible tags by <a href="https://github.com/sbidoul";><code>@sbidoul</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1110";>pypa/packaging#1110</a></li> <li>Add a <code>key</code> argument to <code>SpecifierSet.filter()</code> by <a href="https://github.com/frostming";><code>@frostming</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1068";>pypa/packaging#1068</a></li> <li>Support <code>&</code> and <code>|</code> for <code>Marker</code>'s by <a href="https://github.com/henryiii";><code>@henryiii</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1146";>pypa/packaging#1146</a></li> <li>Normalize <code>Version.__replace__</code> and add <code>Version.from_parts</code> by <a href="https://github.com/henryiii";><code>@henryiii</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1078";>pypa/packaging#1078</a></li> <li>Add an option to validate compressed tag set sort order in <code>parse_wheel_filename</code> by <a href="https://github.com/r266-tech";><code>@r266-tech</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1150";>pypa/packaging#1150</a></li> </ul> <p>Behavior adaptations:</p> <ul> <li>Narrow exclusion of pre-releases for <code><V.postN</code> to match spec by <a href="https://github.com/notatallshaw";><code>@notatallshaw</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1140";>pypa/packaging#1140</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/packaging/blob/main/CHANGELOG.rst";>packaging's changelog</a>.</em></p> <blockquote> <p>26.2 - 2026-04-24</p> <pre><code> Fixes: <ul> <li>Fix incorrect sysconfig var name for pyemscripten in (:pull:<code>1160</code>)</li> <li>Make <code>Version</code>, <code>Specifier</code>, <code>SpecifierSet</code>, <code>Tag</code>, <code>Marker</code>, and <code>Requirement</code> pickle-safe<br /> and backward-compatible with pickles created in 25.0-26.1 (including references to the removed<br /> <code>packaging._structures</code> module) (:pull:<code>1163</code>, :pull:<code>1168</code>, :pull:<code>1170</code>, :pull:<code>1171</code>)</li> <li>Re-export <code>ExceptionGroup</code> in metadata for now in (:pull:<code>1164</code>)</li> </ul> <p>Documentation:</p> <ul> <li>Add errors section and fix missing details in (:pull:<code>1159</code>)</li> <li>Document our property-based test suite in (:pull:<code>1167</code>)</li> <li>Fix a <code>DirectUrl</code> typo in (:pull:<code>1169</code>)</li> <li>Add example of <code>is_unsatisfiable</code> in (:pull:<code>1166</code>)</li> </ul> <p>Internal:</p> <ul> <li>Enable the auditor persona on zizmor in (:pull:<code>1158</code>)</li> <li>Test new pickle guarantees in (:pull:<code>1174</code>)</li> <li>Use new native ReadTheDocs uv integration in (:pull:<code>1175</code>)</li> </ul> <p>26.1 - 2026-04-14<br /> </code></pre></p> <p>Features:</p> <ul> <li>PEP 783: add handling for Emscripten wheel tags in (:pull:<code>804</code>) (old name used in implementation, fixed in next release)</li> <li>PEP 803: add handling for the <code>abi3.abi3t</code> free-threading tag in (:pull:<code>1099</code>)</li> <li>PEP 723: add <code>packaging.dependency_groups</code> module, based on the <code>dependency-groups</code> package in (:pull:<code>1065</code>)</li> <li>Add the <code>packaging.direct_url</code> module in (:pull:<code>944</code>)</li> <li>Add the <code>packaging.errors</code> module in (:pull:<code>1071</code>)</li> <li>Add <code>SpecifierSet.is_unsatisfiable</code> using ranges (new internals that will be expanded in future versions) in (:pull:<code>1119</code>)</li> <li>Add <code>create_compatible_tags_selector</code> to select compatible tags in (:pull:<code>1110</code>)</li> <li>Add a <code>key</code> argument to <code>SpecifierSet.filter()</code> in (:pull:<code>1068</code>)</li> <li>Support <code>&</code> and <code>|</code> for <code>Marker</code>'s in (:pull:<code>1146</code>)</li> <li>Normalize <code>Version.__replace__</code> and add <code>Version.from_parts</code> in (:pull:<code>1078</code>)</li> <li>Add an option to validate compressed tag set sort order in <code>parse_wheel_filename</code> in (:pull:<code>1150</code>)</li> </ul> <p>Behavior adaptations:</p> <ul> <li>Narrow exclusion of pre-releases for <code><V.postN</code> to match spec in (:pull:<code>1140</code>)</li> <li>Narrow exclusion of post-releases for <code>>V</code> to match spec in (:pull:<code>1141</code>)</li> <li>Rename <code>format_full_version</code> to <code>_format_full_version</code> to make it visibly private in (:pull:<code>1125</code>)</li> <li>Restrict local version to ASCII in (:pull:<code>1102</code>)</li> </ul> <p>Pylock (PEP 751) updates:</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/packaging/commit/84a87ee42483d7352f9502d78a9553da8859aa7a";><code>84a87ee</code></a> Bump for release</li> <li><a href="https://github.com/pypa/packaging/commit/4a616b65bed23c8c6d58e6b0fc1a4434d4ff1f14";><code>4a616b6</code></a> docs: a few more updates to prepare for 26.2 (<a href="https://redirect.github.com/pypa/packaging/issues/1176";>#1176</a>)</li> <li><a href="https://github.com/pypa/packaging/commit/9de6f44f1e82d4595edf3aad1c4f6f98c85935a0";><code>9de6f44</code></a> ci: use native uv integration in rtd (<a href="https://redirect.github.com/pypa/packaging/issues/1175";>#1175</a>)</li> <li><a href="https://github.com/pypa/packaging/commit/bc76e14debd1a2799d1ca8f9d9c9823f35bfa466";><code>bc76e14</code></a> chore: update changelog for 26.2 (<a href="https://redirect.github.com/pypa/packaging/issues/1161";>#1161</a>)</li> <li><a href="https://github.com/pypa/packaging/commit/3f00091c08f0aa830e33ed7db00f16f11c8ac97f";><code>3f00091</code></a> tests: add a pickle check (<a href="https://redirect.github.com/pypa/packaging/issues/1174";>#1174</a>)</li> <li><a href="https://github.com/pypa/packaging/commit/48a8a069805291186522de3eff73ea80a8ca96ad";><code>48a8a06</code></a> fix: make Requirements/Markers pickle-safe (<a href="https://redirect.github.com/pypa/packaging/issues/1171";>#1171</a>)</li> <li><a href="https://github.com/pypa/packaging/commit/823b44ed1f904084a77ae3adf0ef130af6365f84";><code>823b44e</code></a> fix: make Tags pickle-safe (<a href="https://redirect.github.com/pypa/packaging/issues/1170";>#1170</a>)</li> <li><a href="https://github.com/pypa/packaging/commit/4bed32d920ca7211dd65fdf0a1ee06376e9c4733";><code>4bed32d</code></a> fix: make Specifier / SpecifierSet pickle-safe (<a href="https://redirect.github.com/pypa/packaging/issues/1168";>#1168</a>)</li> <li><a href="https://github.com/pypa/packaging/commit/963118e37caae97bc8b72f72956c7fb4ca9857ec";><code>963118e</code></a> fix: re-export ExceptionGroup for now (<a href="https://redirect.github.com/pypa/packaging/issues/1164";>#1164</a>)</li> <li><a href="https://github.com/pypa/packaging/commit/66e34a80256c96dea11da143682950c84b8133bb";><code>66e34a8</code></a> docs(specifiers): add is_unsatisfiable() usage example (<a href="https://redirect.github.com/pypa/packaging/issues/1166";>#1166</a>)</li> <li>Additional commits viewable in <a href="https://github.com/pypa/packaging/compare/26.0...26.2";>compare view</a></li> </ul> </details> <br /> Updates `pathspec` from 1.0.4 to 1.1.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/cpburnz/python-pathspec/releases";>pathspec's releases</a>.</em></p> <blockquote> <h2>v1.1.1</h2> <p>Release v1.1.1. See <a href="https://github.com/cpburnz/python-pathspec/blob/v1.1.1/CHANGES.rst";>CHANGES.rst</a>.</p> <h2>v1.1.0</h2> <p>Release v1.1.0. See <a href="https://github.com/cpburnz/python-pathspec/blob/v1.1.0/CHANGES.rst";>CHANGES.rst</a>.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/cpburnz/python-pathspec/blob/master/CHANGES.rst";>pathspec's changelog</a>.</em></p> <blockquote> <h2>1.1.1 (2026-04-26)</h2> <p>Improvements:</p> <ul> <li>Improved type checking with mypy and pyright.</li> </ul> <p>Bug fixes:</p> <ul> <li>Fixed typing on <code>PathSpec[TPattern]</code> to <code>PathSpec[TPattern_co]</code>.</li> <li>Added missing variant type-hint <code>type[Pattern]</code> to <code>PathSpec.from_lines()</code> parameter <code>pattern_factory</code>.</li> <li>Fixed possible type error when using <code>+</code> and <code>+=</code> operators on <code>PathSpec</code>.</li> </ul> <h2>1.1.0 (2026-04-22)</h2> <p>New features:</p> <ul> <li><code>Issue [#108](https://github.com/cpburnz/python-pathspec/issues/108)</code>_: Specialize pattern type for <code>PathSpec</code> as <code>PathSpec[TPattern]</code> for better debugging of <code>PathSpec().patterns</code>.</li> </ul> <p>Bug fixes:</p> <ul> <li><code>Issue [#93](https://github.com/cpburnz/python-pathspec/issues/93)</code>_: Git discards invalid range notation. <code>GitIgnoreSpecPattern</code> now discards patterns with invalid range notation like Git.</li> <li><code>Pull [#106](https://github.com/cpburnz/python-pathspec/issues/106)</code>_: Fix escape() not escaping backslash characters.</li> </ul> <p>Improvements:</p> <ul> <li><code>Pull [#110](https://github.com/cpburnz/python-pathspec/issues/110)</code>_: Nicer debug print outs (and str for regex pattern).</li> </ul> <p>.. _<code>Pull [#106](https://github.com/cpburnz/python-pathspec/issues/106)</code>: <a href="https://redirect.github.com/cpburnz/python-pathspec/pull/106";>cpburnz/python-pathspec#106</a> .. _<code>Issue [#108](https://github.com/cpburnz/python-pathspec/issues/108)</code>: <a href="https://redirect.github.com/cpburnz/python-pathspec/issues/108";>cpburnz/python-pathspec#108</a> .. _<code>Pull [#110](https://github.com/cpburnz/python-pathspec/issues/110)</code>: <a href="https://redirect.github.com/cpburnz/python-pathspec/pull/110";>cpburnz/python-pathspec#110</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/cpburnz/python-pathspec/commit/ecf71a99ca739479d450b9830f43416ea0c519c7";><code>ecf71a9</code></a> Release v1.1.1</li> <li><a href="https://github.com/cpburnz/python-pathspec/commit/6727491ff877e570e450b078c345d9346db7e531";><code>6727491</code></a> Improve type checking with mypy and pyright</li> <li><a href="https://github.com/cpburnz/python-pathspec/commit/c9249c8b4ca165ca8c5eea191cea4c0e6f3aa827";><code>c9249c8</code></a> Release v1.1.0</li> <li><a href="https://github.com/cpburnz/python-pathspec/commit/a1abeba97f1fdbc3bc0e64e6c4d7ee9b63c4cf77";><code>a1abeba</code></a> Test Iron Proxy for CI</li> <li><a href="https://github.com/cpburnz/python-pathspec/commit/0b04daeafaea8c82a6fa3e86090061dc47c61ea6";><code>0b04dae</code></a> Test Iron Proxy for CI</li> <li><a href="https://github.com/cpburnz/python-pathspec/commit/ccaedca31c5cd904c5bb55df0f0045c675f77b7f";><code>ccaedca</code></a> Test Iron Proxy for CI</li> <li><a href="https://github.com/cpburnz/python-pathspec/commit/06391d861d68ba4763e8c377c8bb1b9392bcc76a";><code>06391d8</code></a> Test Iron Proxy for CI</li> <li><a href="https://github.com/cpburnz/python-pathspec/commit/45907bf50a5cabe525306b99e85779639d9ca55e";><code>45907bf</code></a> Test Iron Proxy for CI</li> <li><a href="https://github.com/cpburnz/python-pathspec/commit/0d7c7deb138050c8586000682134d820a176bc10";><code>0d7c7de</code></a> Pin all Github actions</li> <li><a href="https://github.com/cpburnz/python-pathspec/commit/36faddae807a997d04ccfc8cf00931819464260c";><code>36fadda</code></a> Specialize patterns</li> <li>Additional commits viewable in <a href="https://github.com/cpburnz/python-pathspec/compare/v1.0.4...v1.1.1";>compare view</a></li> </ul> </details> <br /> Updates `trove-classifiers` from 2026.1.14.14 to 2026.5.22.10 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/trove-classifiers/commit/521e36a9d16f53a2fec5364e158047b73a4e3461";><code>521e36a</code></a> Add Plone 6.3 classifier. (<a href="https://redirect.github.com/pypa/trove-classifiers/issues/247";>#247</a>)</li> <li><a href="https://github.com/pypa/trove-classifiers/commit/d406a8b11b9dd3ee3725f5e4ad37b8e623a7deee";><code>d406a8b</code></a> Add classifier for Django 6.1 (<a href="https://redirect.github.com/pypa/trove-classifiers/issues/245";>#245</a>)</li> <li><a href="https://github.com/pypa/trove-classifiers/commit/19b58474c4461174d77fc54e75b6b752755411c5";><code>19b5847</code></a> Add classifier for Wagtail 8 (<a href="https://redirect.github.com/pypa/trove-classifiers/issues/244";>#244</a>)</li> <li><a href="https://github.com/pypa/trove-classifiers/commit/a1105aa00670c8fc241e0bc2149a236b8be43b7a";><code>a1105aa</code></a> Add Trove classifier for Python 3.16 (<a href="https://redirect.github.com/pypa/trove-classifiers/issues/243";>#243</a>)</li> <li><a href="https://github.com/pypa/trove-classifiers/commit/eca370658f6e81c8911567eab8209aaca2924493";><code>eca3706</code></a> feat: add <code>litestar</code> classifier (<a href="https://redirect.github.com/pypa/trove-classifiers/issues/148";>#148</a>)</li> <li>See full diff in <a href="https://github.com/pypa/trove-classifiers/compare/2026.1.14.14...2026.5.22.10";>compare view</a></li> </ul> </details> <br /> Updates `virtualenv` from 21.2.0 to 21.3.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pypa/virtualenv/releases";>virtualenv's releases</a>.</em></p> <blockquote> <h2>21.3.3</h2> <!-- raw HTML omitted --> <h2>What's Changed</h2> <ul> <li>Accept GraalPy implementation name. by <a href="https://github.com/timfel";><code>@timfel</code></a> in <a href="https://redirect.github.com/pypa/virtualenv/pull/3144";>pypa/virtualenv#3144</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/pypa/virtualenv/compare/21.3.2...21.3.3";>https://github.com/pypa/virtualenv/compare/21.3.2...21.3.3</a></p> <h2>21.3.2</h2> <!-- raw HTML omitted --> <h2>What's Changed</h2> <ul> <li>add 3.16 to embedded wheel versions by <a href="https://github.com/asottile";><code>@asottile</code></a> in <a href="https://redirect.github.com/pypa/virtualenv/pull/3140";>pypa/virtualenv#3140</a></li> <li>🐛 fix(upgrade): regen embedded init with correct MAX and 3.16 by <a href="https://github.com/gaborbernat";><code>@gaborbernat</code></a> in <a href="https://redirect.github.com/pypa/virtualenv/pull/3143";>pypa/virtualenv#3143</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/pypa/virtualenv/compare/21.3.1...21.3.2";>https://github.com/pypa/virtualenv/compare/21.3.1...21.3.2</a></p> <h2>21.3.1</h2> <!-- raw HTML omitted --> <h2>What's Changed</h2> <ul> <li>👷 ci: retry transient apt failures on Linux by <a href="https://github.com/gaborbernat";><code>@gaborbernat</code></a> in <a href="https://redirect.github.com/pypa/virtualenv/pull/3139";>pypa/virtualenv#3139</a></li> <li>🐛 fix(seed): bump embedded pip to 26.1.1 by <a href="https://github.com/gaborbernat";><code>@gaborbernat</code></a> in <a href="https://redirect.github.com/pypa/virtualenv/pull/3138";>pypa/virtualenv#3138</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/pypa/virtualenv/compare/21.3.0...21.3.1";>https://github.com/pypa/virtualenv/compare/21.3.0...21.3.1</a></p> <h2>21.3.0</h2> <!-- raw HTML omitted --> <h2>What's Changed</h2> <ul> <li>🐛 fix(type): stop ty flagging default_source on Action by <a href="https://github.com/gaborbernat";><code>@gaborbernat</code></a> in <a href="https://redirect.github.com/pypa/virtualenv/pull/3124";>pypa/virtualenv#3124</a></li> <li>feat: Reintroduce xonsh shell support by <a href="https://github.com/anki-code";><code>@anki-code</code></a> in <a href="https://redirect.github.com/pypa/virtualenv/pull/3125";>pypa/virtualenv#3125</a></li> <li>🐛 fix(test): prevent PowerShell activation test from crashing xdist workers on Windows by <a href="https://github.com/gaborbernat";><code>@gaborbernat</code></a> in <a href="https://redirect.github.com/pypa/virtualenv/pull/3128";>pypa/virtualenv#3128</a></li> <li>docs: Add usage instruction for Xonsh activation by <a href="https://github.com/anki-code";><code>@anki-code</code></a> in <a href="https://redirect.github.com/pypa/virtualenv/pull/3130";>pypa/virtualenv#3130</a></li> <li>Upgrade embedded pip/setuptools/wheel by <a href="https://github.com/github-actions";><code>@github-actions</code></a>[bot] in <a href="https://redirect.github.com/pypa/virtualenv/pull/3132";>pypa/virtualenv#3132</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/anki-code";><code>@anki-code</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/virtualenv/pull/3125";>pypa/virtualenv#3125</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/pypa/virtualenv/compare/21.2.4...21.3.0";>https://github.com/pypa/virtualenv/compare/21.2.4...21.3.0</a></p> <h2>21.2.4</h2> <!-- raw HTML omitted --> <h2>What's Changed</h2> <ul> <li>🐛 fix(periodic-update): refuse unverified HTTPS to PyPI by default by <a href="https://github.com/gaborbernat";><code>@gaborbernat</code></a> in <a href="https://redirect.github.com/pypa/virtualenv/pull/3122";>pypa/virtualenv#3122</a></li> <li>🐛 fix(zipapp): enforce ROOT containment with Path.relative_to by <a href="https://github.com/gaborbernat";><code>@gaborbernat</code></a> in <a href="https://redirect.github.com/pypa/virtualenv/pull/3121";>pypa/virtualenv#3121</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst";>virtualenv's changelog</a>.</em></p> <blockquote> <h1>Bugfixes - 21.3.3</h1> <ul> <li>recognize GraalPy interpreters using the normalized <code>GraalPy</code> name - by :user:<code>timfel</code>. (:issue:<code>3144</code>)</li> </ul> <hr /> <p>v21.3.2 (2026-05-12)</p> <hr /> <p>No significant changes.</p> <hr /> <p>v21.3.1 (2026-05-05)</p> <hr /> <h1>Bugfixes - 21.3.1</h1> <ul> <li> <p>Upgrade embedded wheels:</p> <ul> <li>pip to <code>26.1.1</code> from <code>26.1</code> (:issue:<code>3138</code>)</li> </ul> </li> </ul> <hr /> <p>v21.3.0 (2026-04-27)</p> <hr /> <h1>Features - 21.3.0</h1> <ul> <li>Re-introduce <code>xonsh</code> shell activator (<code>activate.xsh</code>) previously removed in 20.7.0, and make the plugin loader prefer virtualenv's built-in entry points so a third-party package cannot override them by registering a duplicate name. (:issue:<code>3003</code>)</li> </ul> <h1>Bugfixes - 21.3.0</h1> <ul> <li> <p>Upgrade embedded wheels:</p> <ul> <li>pip to <code>26.1</code> (:issue:<code>3132</code>)</li> </ul> </li> </ul> <hr /> <p>v21.2.4 (2026-04-14)</p> <hr /> <h1>Bugfixes - 21.2.4</h1> <ul> <li>Security hardening: validate each entry of a seed wheel archive before extracting it so a tampered wheel cannot escape the app-data image directory via an absolute path or <code>..</code> traversal. (:issue:<code>3118</code>)</li> <li>Security hardening: verify the SHA-256 of every bundled seed wheel when it is loaded so a corrupted or tampered file</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/virtualenv/commit/e6dba2a503560c1561258770ade4d15529c4db3d";><code>e6dba2a</code></a> release 21.3.3</li> <li><a href="https://github.com/pypa/virtualenv/commit/e7517c0e56c159946374c2fed8fb874fd3bde94f";><code>e7517c0</code></a> Accept GraalPy implementation name. (<a href="https://redirect.github.com/pypa/virtualenv/issues/3144";>#3144</a>)</li> <li><a href="https://github.com/pypa/virtualenv/commit/8531d47ff3e78492d0c1eb7d1159750e91176b67";><code>8531d47</code></a> release 21.3.2</li> <li><a href="https://github.com/pypa/virtualenv/commit/afefada9505d4fe67805244c31c5761e4c6c2622";><code>afefada</code></a> 🐛 fix(upgrade): regen embedded init with correct MAX and 3.16 (<a href="https://redirect.github.com/pypa/virtualenv/issues/3143";>#3143</a>)</li> <li><a href="https://github.com/pypa/virtualenv/commit/7e270411ebf5739dfc63998a9084dc2bfd2d467b";><code>7e27041</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://redirect.github.com/pypa/virtualenv/issues/3141";>#3141</a>)</li> <li><a href="https://github.com/pypa/virtualenv/commit/214934c9606ef792e42580109cbdff940a62f034";><code>214934c</code></a> add 3.16 to embedded wheel versions (<a href="https://redirect.github.com/pypa/virtualenv/issues/3140";>#3140</a>)</li> <li><a href="https://github.com/pypa/virtualenv/commit/12ab4957289c1963849bf04a5f35982c928c0a35";><code>12ab495</code></a> release 21.3.1</li> <li><a href="https://github.com/pypa/virtualenv/commit/22eadc4d2738af7e96d744369a7f40df34935c94";><code>22eadc4</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://redirect.github.com/pypa/virtualenv/issues/3137";>#3137</a>)</li> <li><a href="https://github.com/pypa/virtualenv/commit/6651dafd919c745adca1e29e31e1d96a1c9e9e52";><code>6651daf</code></a> 🐛 fix(seed): bump embedded pip to 26.1.1 (<a href="https://redirect.github.com/pypa/virtualenv/issues/3138";>#3138</a>)</li> <li><a href="https://github.com/pypa/virtualenv/commit/936a36ae63eb8c68123cf9e23824f68aa9ac51b1";><code>936a36a</code></a> 👷 ci: retry transient apt failures on Linux (<a href="https://redirect.github.com/pypa/virtualenv/issues/3139";>#3139</a>)</li> <li>Additional commits viewable in <a href="https://github.com/pypa/virtualenv/compare/21.2.0...21.3.3";>compare view</a></li> </ul> </details> <br /> Updates `click` to 8.4.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pallets/click/releases";>click's releases</a>.</em></p> <blockquote> <h2>8.4.1</h2> <p>This is the Click 8.4.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.</p> <p>PyPI: <a href="https://pypi.org/project/click/8.4.1/";>https://pypi.org/project/click/8.4.1/</a> Changes: <a href="https://click.palletsprojects.com/page/changes/#version-8-4-1";>https://click.palletsprojects.com/page/changes/#version-8-4-1</a> Milestone: <a href="https://github.com/pallets/click/milestone/32?closed=1";>https://github.com/pallets/click/milestone/32?closed=1</a></p> <ul> <li><code>get_parameter_source()</code> is available during eager callbacks and type conversion again. <a href="https://redirect.github.com/pallets/click/issues/3458";>#3458</a> <a href="https://redirect.github.com/pallets/click/issues/3484";>#3484</a></li> <li>Zsh completion scripts parse correctly on Windows. <a href="https://redirect.github.com/pallets/click/issues/3277";>#3277</a> # 3466</li> <li>Shell completion of <code>Choice</code> <code>Enum</code> values produces a valid completion result. <a href="https://redirect.github.com/pallets/click/issues/3015";>#3015</a></li> <li>Fix empty byte-string handling in echo. <a href="https://redirect.github.com/pallets/click/issues/3487";>#3487</a></li> <li>Fix closed file error with <code>echo_via_pager</code>. <a href="https://redirect.github.com/pallets/click/issues/3449";>#3449</a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pallets/click/blob/main/CHANGES.rst";>click's changelog</a>.</em></p> <blockquote> <h2>Version 8.4.1</h2> <p>Released 2026-05-21</p> <ul> <li><code>get_parameter_source()</code> is available during eager callbacks and type conversion again. :issue:<code>3458</code> :issue:<code>3484</code></li> <li>Zsh completion scripts parse correctly on Windows. :issue:<code>3277</code> :pr:<code>3466</code></li> <li>Shell completion of <code>Choice</code> <code>Enum</code> values produces a valid completion result. :issue:<code>3015</code></li> <li>Fix empty byte-string handling in echo. :issue:<code>3487</code></li> <li>Fix closed file error with <code>echo_via_pager</code>. :issue:<code>3449</code></li> </ul> <h2>Version 8.4.0</h2> <p>Released 2026-05-17</p> <ul> <li> <p>:class:<code>ParamType</code> typing improvements. :pr:<code>3371</code></p> <ul> <li>:class:<code>ParamType</code> is now a generic abstract base class, parameterized by its converted value type.</li> <li>:meth:<code>~ParamType.convert</code> return types are narrowed on all concrete types (<code>str</code> for :class:<code>STRING</code>, <code>int</code> for :class:<code>INT</code>, etc.).</li> <li>:meth:<code>~ParamType.to_info_dict</code> returns specific :class:<code>~typing.TypedDict</code> subclasses instead of <code>dict[str, Any]</code>.</li> <li>:class:<code>CompositeParamType</code> and the number-range base are now generic with abstract methods.</li> </ul> </li> <li> <p>Refactor <code>convert_type</code> to extract type inference into a private <code>_guess_type</code> helper, and add :func:<code>typing.overload</code> signatures. :pr:<code>3372</code></p> </li> <li> <p>:class:<code>Parameter</code> typing improvements. :pr:<code>2805</code></p> <ul> <li>:class:<code>Parameter</code> is now an abstract base class, making explicit that it cannot be instantiated directly.</li> <li>:attr:<code>Parameter.name</code> is now <code>str</code> instead of <code>str | None</code>. When <code>expose_value=False</code>, the name is set to <code>""</code> instead of <code>None</code>.</li> <li>The <code>ctx</code> parameter of :meth:<code>Parameter.get_error_hint</code> is now typed as <code>Context | None</code>, matching the runtime behavior.</li> </ul> </li> <li> <p>Split string values from <code>default_map</code> for parameters with <code>nargs > 1</code> or :class:<code>Tuple</code> type, matching environment variable behavior. :issue:<code>2745</code> :pr:<code>3364</code></p> </li> <li> <p>Auto-detect <code>type=UNPROCESSED</code> for <code>flag_value</code> of non-basic types (not <code>str</code>, <code>int</code>, <code>float</code>, or <code>bool</code>), so programmer-provided Python objects like classes and enum members are passed through unchanged instead of being stringified. Previously <code>type=click.UNPROCESSED</code> had to be set explicitly. :issue:<code>2012</code> :pr:<code>3363</code></p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pallets/click/commit/6eeb50e948ea136db145280f6f5dd52eca3fa7e5";><code>6eeb50e</code></a> release version 8.4.1</li> <li><a href="https://github.com/pallets/click/commit/67921d5b71584112eebcbf89596b5f0e6d14c49f";><code>67921d5</code></a> change log and doc fixes (<a href="https://redirect.github.com/pallets/click/issues/3495";>#3495</a>)</li> <li><a href="https://github.com/pallets/click/commit/9c41f46a4015700489ad009266edf1f3893d01d1";><code>9c41f46</code></a> Fix changelog and version admonitions</li> <li><a href="https://github.com/pallets/click/commit/6cb34774f20598aa288332f8da02c5aee85448a6";><code>6cb3477</code></a> fix skip condition</li> <li><a href="https://github.com/pallets/click/commit/5ee8e3123d8ddece6c47eff9a7a7d4ca478c4f37";><code>5ee8e31</code></a> fix I/O operation on closed file error with CliRunner and echo_via_pager (<a href="https://redirect.github.com/pallets/click/issues/3482";>#3482</a>)</li> <li><a href="https://github.com/pallets/click/commit/becbde5cf416441627f779e8dd34e57738ee1c1f";><code>becbde5</code></a> pager doesn't close std streams</li> <li><a href="https://github.com/pallets/click/commit/a5f5aa6d4012d256ccca24638f2642fc371e9f77";><code>a5f5aa6</code></a> Handle empty bytes in echo (<a href="https://redirect.github.com/pallets/click/issues/3493";>#3493</a>)</li> <li><a href="https://github.com/pallets/click/commit/4d3db84b251518e97299a38a5ca4bab3d01873a2";><code>4d3db84</code></a> handle empty bytes in echo</li> <li><a href="https://github.com/pallets/click/commit/d42f15b71757de791a5781fb179fd972da9169f5";><code>d42f15b</code></a> Fix <code>get_parameter_source()</code> during type conversion and eager callbacks (<a href="https://redirect.github.com/pallets/click/issues/3484";>#3484</a>)</li> <li><a href="https://github.com/pallets/click/commit/0baa8db07736fc7ad3d3eed97d4c73b0059c63e1";><code>0baa8db</code></a> Document ctx.params bypass with test and doc</li> <li>Additional commits viewable in <a href="https://github.com/pallets/click/compare/8.0.0...8.4.1";>compare view</a></li> </ul> </details> <br /> Updates `jinja2` to 3.1.6 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pallets/jinja/releases";>jinja2's releases</a>.</em></p> <blockquote> <h2>3.1.6</h2> <p>This is the Jinja 3.1.6 security release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.</p> <p>PyPI: <a href="https://pypi.org/project/Jinja2/3.1.6/";>https://pypi.org/project/Jinja2/3.1.6/</a> Changes: <a href="https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6";>https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6</a></p> <ul> <li>The <code>|attr</code> filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. <a href="https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7";>https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7</a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pallets/jinja/blob/main/CHANGES.rst";>jinja2's changelog</a>.</em></p> <blockquote> <h2>Version 3.1.6</h2> <p>Released 2025-03-05</p> <ul> <li>The <code>|attr</code> filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. :ghsa:<code>cpwx-vrp4-4pq7</code></li> </ul> <h2>Version 3.1.5</h2> <p>Released 2024-12-21</p> <ul> <li>The sandboxed environment handles indirect calls to <code>str.format</code>, such as by passing a stored reference to a filter that calls its argument. :ghsa:<code>q2x7-8rv6-6q7h</code></li> <li>Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. :issue:<code>1792</code>, :ghsa:<code>gmj6-6f8f-6699</code></li> <li>Sandbox does not allow <code>clear</code> and <code>pop</code> on known mutable sequence types. :issue:<code>2032</code></li> <li>Calling sync <code>render</code> for an async template uses <code>asyncio.run</code>. :pr:<code>1952</code></li> <li>Avoid unclosed <code>auto_aiter</code> warnings. :pr:<code>1960</code></li> <li>Return an <code>aclose</code>-able <code>AsyncGenerator</code> from <code>Template.generate_async</code>. :pr:<code>1960</code></li> <li>Avoid leaving <code>root_render_func()</code> unclosed in <code>Template.generate_async</code>. :pr:<code>1960</code></li> <li>Avoid leaving async generators unclosed in blocks, includes and extends. :pr:<code>1960</code></li> <li>The runtime uses the correct <code>concat</code> function for the current environment when calling block references. :issue:<code>1701</code></li> <li>Make <code>|unique</code> async-aware, allowing it to be used after another async-aware filter. :issue:<code>1781</code></li> <li><code>|int</code> filter handles <code>OverflowError</code> from scientific notation. :issue:<code>1921</code></li> <li>Make compiling deterministic for tuple unpacking in a <code>{% set ... %}</code> call. :issue:<code>2021</code></li> <li>Fix dunder protocol (<code>copy</code>/<code>pickle</code>/etc) interaction with <code>Undefined</code> objects. :issue:<code>2025</code></li> <li>Fix <code>copy</code>/<code>pickle</code> support for the internal <code>missing</code> object. :issue:<code>2027</code></li> <li><code>Environment.overlay(enable_async)</code> is applied correctly. :pr:<code>2061</code></li> <li>The error message from <code>FileSystemLoader</code> includes the paths that were searched. :issue:<code>1661</code></li> <li><code>PackageLoader</code> shows a clearer error message when the package does not contain the templates directory. :issue:<code>1705</code></li> <li>Improve annotations for methods returning copies. :pr:<code>1880</code></li> <li><code>urlize</code> does not add <code>mailto:</code> to values like <code>@a@b</code>. :pr:<code>1870</code></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pallets/jinja/commit/15206881c006c79667fe5154fe80c01c65410679";><code>1520688</code></a> release version 3.1.6</li> <li><a href="https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403";><code>90457bb</code></a> Merge commit from fork</li> <li><a href="https://github.com/pallets/jinja/commit/065334d1ee5b7210e1a0a93c37238c86858f2af7";><code>065334d</code></a> attr filter uses env.getattr</li> <li><a href="https://github.com/pallets/jinja/commit/033c20015c7ca899ab52eb921bb0f08e6d3dd145";><code>033c200</code></a> start version 3.1.6</li> <li><a href="https://github.com/pallets/jinja/commit/bc68d4efa99c5f77334f0e519628558059ae8c35";><code>bc68d4e</code></a> use global contributing guide (<a href="https://redirect.github.com/pallets/jinja/issues/2070";>#2070</a>)</li> <li><a href="https://github.com/pallets/jinja/commit/247de5e0c5062a792eb378e50e13e692885ee486";><code>247de5e</code></a> use global contributing guide</li> <li><a href="https://github.com/pallets/jinja/commit/ab8218c7a1b66b62e0ad6b941bd514e3a64a358f";><code>ab8218c</code></a> use project advisory link instead of global</li> <li><a href="https://github.com/pallets/jinja/commit/b4ffc8ff299dfd360064bea4cd2f862364601ad2";><code>b4ffc8f</code></a> release version 3.1.5 (<a href="https://redirect.github.com/pallets/jinja/issues/2066";>#2066</a>)</li> <li><a href="https://github.com/pallets/jinja/commit/877f6e51be8e1765b06d911cfaa9033775f051d1";><code>877f6e5</code></a> release version 3.1.5</li> <li><a href="https://github.com/pallets/jinja/commit/8d588592653b052f957b720e1fc93196e06f207f";><code>8d58859</code></a> remove test pypi</li> <li>Additional commits viewable in <a href="https://github.com/pallets/jinja/compare/2.11.3...3.1.6";>compare view</a></li> </ul> </details> <br /> Updates `pytest` to 9.0.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pytest-dev/pytest/releases";>pytest's releases</a>.</em></p> <blockquote> <h2>9.0.3</h2> <h1>pytest 9.0.3 (2026-04-07)</h1> <h2>Bug fixes</h2> <ul> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/12444";>#12444</a>: Fixed <code>pytest.approx</code> which now correctly takes into account <code>~collections.abc.Mapping</code> keys order to compare them.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/13634";>#13634</a>: Blocking a <code>conftest.py</code> file using the <code>-p no:</code> option is now explicitly disallowed.</p> <p>Previously this resulted in an internal assertion failure during plugin loading.</p> <p>Pytest now raises a clear <code>UsageError</code> explaining that conftest files are not plugins and cannot be disabled via <code>-p</code>.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/13734";>#13734</a>: Fixed crash when a test raises an exceptiongroup with <code>__tracebackhide__ = True</code>.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/14195";>#14195</a>: Fixed an issue where non-string messages passed to <!-- raw HTML omitted -->unittest.TestCase.subTest()<!-- raw HTML omitted --> were not printed.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/14343";>#14343</a>: Fixed use of insecure temporary directory (CVE-2025-71176).</p> </li> </ul> <h2>Improved documentation</h2> <ul> <li><a href="https://redirect.github.com/pytest-dev/pytest/issues/13388";>#13388</a>: Clarified documentation for <code>-p</code> vs <code>PYTEST_PLUGINS</code> plugin loading and fixed an incorrect <code>-p</code> example.</li> <li><a href="https://redirect.github.com/pytest-dev/pytest/issues/13731";>#13731</a>: Clarified that capture fixtures (e.g. <code>capsys</code> and <code>capfd</code>) take precedence over the <code>-s</code> / <code>--capture=no</code> command-line options in <code>Accessing captured output from a test function <accessing-captured-output></code>.</li> <li><a href="https://redirect.github.com/pytest-dev/pytest/issues/14088";>#14088</a>: Clarified that the default <code>pytest_collection</code> hook sets <code>session.items</code> before it calls <code>pytest_collection_finish</code>, not after.</li> <li><a href="https://redirect.github.com/pytest-dev/pytest/issues/14255";>#14255</a>: TOML integer log levels must be quoted: Updating reference documentation.</li> </ul> <h2>Contributor-facing changes</h2> <ul> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/12689";>#12689</a>: The test reports are now published to Codecov from GitHub Actions. The test statistics is visible <a href="https://app.codecov.io/gh/pytest-dev/pytest/tests";>on the web interface</a>.</p> <p>-- by <code>aleguy02</code></p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e";><code>a7d58d7</code></a> Prepare release version 9.0.3</li> <li><a href="https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22";><code>089d981</code></a> Merge pull request <a href="https://redirect.github.com/pytest-dev/pytest/issues/14366";>#14366</a> from bluetech/revert-14193-backport</li> <li><a href="https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac";><code>8127eaf</code></a> Revert "Fix: assertrepr_compare respects dict insertion order (<a href="https://redirect.github.com/pytest-dev/pytest/issues/14050";>#14050</a>) (<a href="https://redirect.github.com/pytest-dev/pytest/issues/14193";>#14193</a>)"</li> <li><a href="https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241";><code>99a7e60</code></a> Merge pull request <a href="https://redirect.github.com/pytest-dev/pytest/issues/14363";>#14363</a> from pytest-dev/patchback/backports/9.0.x/95d8423bd...</li> <li><a href="https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95";><code>ddee02a</code></a> Merge pull request <a href="https://redirect.github.com/pytest-dev/pytest/issues/14343";>#14343</a> from bluetech/cve-2025-71176-simple</li> <li><a href="https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619";><code>74eac69</code></a> doc: Update training info (<a href="https://redirect.github.com/pytest-dev/pytest/issues/14298";>#14298</a>) (<a href="https://redirect.github.com/pytest-dev/pytest/issues/14301";>#14301</a>)</li> <li><a href="https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869";><code>f92dee7</code></a> Merge pull request <a href="https://redirect.github.com/pytest-dev/pytest/issues/14267";>#14267</a> from pytest-dev/patchback/backports/9.0.x/d6fa26c62...</li> <li><a href="https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439";><code>7ee58ac</code></a> Merge pull request <a href="https://redirect.github.com/pytest-dev/pytest/issues/12378";>#12378</a> from Pierre-Sassoulas/fix-implicit-str-concat-and-d...</li> <li><a href="https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8";><code>37da870</code></a> Merge pull request <a href="https://redirect.github.com/pytest-dev/pytest/issues/14259";>#14259</a> from mitre88/patch-4 (<a href="https://redirect.github.com/pytest-dev/pytest/issues/14268";>#14268</a>)</li> <li><a href="https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed";><code>c34bfa3</code></a> Add explanation for string context diffs (<a href="https://redirect.github.com/pytest-dev/pytest/issues/14257";>#14257</a>) (<a href="https://redirect.github.com/pytest-dev/pytest/issues/14266";>#14266</a>)</li> <li>Additional commits viewable in <a href="https://github.com/pytest-dev/pytest/compare/8.2.0...9.0.3";>compare view</a></li> </ul> </details> <br /> Updates `requests` to 2.34.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/releases";>requests's releases</a>.</em></p> <blockquote> <h2>v2.34.2</h2> <h2>2.34.2 (2026-05-14)</h2> <ul> <li>Moved <code>headers</code> input type back to <code>Mapping</code> to avoid invariance issues with <code>MutableMapping</code> and inferred dict types. Users calling <code>Request.headers.update()</code> may need to narrow typing in their code. (<a href="https://redirect.github.com/psf/requests/issues/7441";>#7441</a>)</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14";>https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/blob/main/HISTORY.md";>requests's changelog</a>.</em></p> <blockquote> <h2>2.34.2 (2026-05-14)</h2> <ul> <li>Moved <code>headers</code> input type back to <code>Mapping</code> to avoid invariance issues with <code>MutableMapping</code> and inferred dict types. Users calling <code>Request.headers.update()</code> may need to narrow typing in their code. (<a href="https://redirect.github.com/psf/requests/issues/7441";>#7441</a>)</li> </ul> <h2>2.34.1 (2026-05-13)</h2> <p><strong>Bugfixes</strong></p> <ul> <li>Widened <code>json</code> input type from <code>dict</code> and <code>list</code> to <code>Mapping</code> and <code>Sequence</code>. (<a href="https://redirect.github.com/psf/requests/issues/7436";>#7436</a>)</li> <li>Changed <code>headers</code> input type to MutableMapping and removed <code>None</code> from <code>Request.headers</code> typing to improve handling for users. (<a href="https://redirect.github.com/psf/requests/issues/7431";>#7431</a>)</li> <li><code>Response.reason</code> moved from <code>str | None</code> to <code>str</code> to improve handling for users. (<a href="https://redirect.github.com/psf/requests/issues/7437";>#7437</a>)</li> <li>Fixed a bug where some bodies with custom <code>__getattr__</code> implementations weren't being properly detected as Iterables. (<a href="https://redirect.github.com/psf/requests/issues/7433";>#7433</a>)</li> </ul> <h2>2.34.0 (2026-05-11)</h2> <p><strong>Announcements</strong></p> <ul> <li> <p>Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue.</p> <p>Special thanks to <a href="https://github.com/bastimeyer";><code>@bastimeyer</code></a>, <a href="https://github.com/cthoyt";><code>@cthoyt</code></a>, <a href="https://github.com/edgarrmondragon";><code>@edgarrmondragon</code></a>, and <a href="https://github.com/srittau";><code>@srittau</code></a> for helping review and test the types ahead of the release. (<a href="https://redirect.github.com/psf/requests/issues/7272";>#7272</a>)</p> </li> </ul> <p><strong>Improvements</strong></p> <ul> <li>Digest Auth hashing algorithms have added <code>usedforsecurity=False</code> to clarify security considerations. (<a href="https://redirect.github.com/psf/requests/issues/7310";>#7310</a>)</li> <li>Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. (<a href="https://redirect.github.com/psf/requests/issues/7422";>#7422</a>)</li> <li>Requests added support for Python 3.14t. (<a href="https://redirect.github.com/psf/requests/issues/7419";>#7419</a>)</li> </ul> <p><strong>Bugfixes</strong></p> <ul> <li><code>Response.history</code> no longer contains a reference to itself, preventing accidental looping when traversing the history list. (<a href="https://redirect.github.com/psf/requests/issues/7328";>#7328</a>)</li> <li>Requests no longer performs greedy matching on no_proxy domains. The proxy_bypass implementation has been updated with CPython's fix from bpo-39057. (<a href="https://redirect.github.com/psf/requests/issues/7427";>#7427</a>)</li> <li>Requests no longer incorrectly strips duplicate leading slashes in URI paths. This should address user issues with specific presigned URLs. Note the full fix requires urllib3 2.7.0+. (<a href="https://redirect.github.com/psf/requests/issues/7315";>#7315</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/psf/requests/commit/6e83187b8feb273ed4c6cdab5efd8d54901dfab3";><code>6e83187</code></a> v2.34.2</li> <li><a href="https://github.com/psf/requests/commit/84d10f0be83e8f6aeca8a05230c52216431c4d0b";><code>84d10f0</code></a> Move Request.headers back to Mapping (<a href="https://redirect.github.com/psf/requests/issues/7441";>#7441</a>)</li> <li><a href="https://github.com/psf/requests/commit/b7b549b54571d03950b16afd2d01bc6ff0348224";><code>b7b549b</code></a> v2.34.1</li> <li><a href="https://github.com/psf/requests/commit/e511bc72777a94c45d004e010c597925092e1efe";><code>e511bc7</code></a> Fix mutability issues with headers input types (<a href="https://redirect.github.com/psf/requests/issues/7431";>#7431</a>)</li> <li><a href="https://github.com/psf/requests/commit/5691f596134c2feb121e595c77a0178921fcce61";><code>5691f59</code></a> Update JsonType containers to read-based collections (<a href="https://redirect.github.com/psf/requests/issues/7436";>#7436</a>)</li> <li><a href="https://github.com/psf/requests/commit/2144213c307691710c9d665700860fc4993c3035";><code>2144213</code></a> Constrain Response.reason to str (<a href="https://redirect.github.com/psf/requests/issues/7437";>#7437</a>)</li> <li><a href="https://github.com/psf/requests/commit/6404f345e562d962abe6700a1c357ec1e7e18232";><code>6404f34</code></a> Fix <code>prepare_body</code> stream detection for <code>__getattr__</code>-based file wrappers (<a href="https://redirect.github.com/psf/requests/issues/7";>#7</a>...</li> <li><a href="https://github.com/psf/requests/commit/0b401c76b6e80a4eecf3c690085b2553f6e261ca";><code>0b401c7</code></a> v2.34.0</li> <li><a href="https://github.com/psf/requests/commit/86b378d3f60f828daa13ca50aa82e287ff7b66b4";><code>86b378d</code></a> Align Session.get parameters with requests.get (<a href="https://redirect.github.com/psf/requests/issues/7429";>#7429</a>)</li> <li><a href="https://github.com/psf/requests/commit/a4f9a5999bdb9bf2d6e7c8aa973b28cacb17134f";><code>a4f9a59</code></a> Port bpo-39057 to Requests (<a href="https://redirect.github.com/psf/requests/issues/7427";>#7427</a>)</li> <li>Additional commits viewable in <a href="https://github.com/psf/requests/compare/v2.27.0...v2.34.2";>compare view</a></li> </ul> </details> <br /> Updates `python-on-whales` to 0.81.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/gabrieldemarmiesse/python-on-whales/releases";>python-on-whales's releases</a>.</em></p> <blockquote> <h2>v0.81.0</h2> <h2>What's Changed</h2> <ul> <li>More accurate error handling when streaming stdout and stderr by <a href="https://github.com/Hasnainz";><code>@Hasnainz</code></a> in <a href="https://redirect.github.com/gabrieldemarmiesse/python-on-whales/pull/703";>gabrieldemarmiesse/python-on-whales#703</a></li> <li>feat(compose): Add support for <code>docker compose up SERVICE --no-deps</code> by <a href="https://github.com/romeroyonatan";><code>@romeroyonatan</code></a> in <a href="https://redirect.github.com/gabrieldemarmiesse/python-on-whales/pull/708";>gabrieldemarmiesse/python-on-whales#708</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/romeroyonatan";><code>@romeroyonatan</code></a> made their first contribution in <a href="https://redirect.github.com/gabrieldemarmiesse/python-on-whales/pull/708";>gabrieldemarmiesse/python-on-whales#708</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/gabrieldemarmiesse/python-on-whales/compare/v0.80.0...v0.81.0";>https://github.com/gabrieldemarmiesse/python-on-whales/compare/v0.80.0...v0.81.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/gabrieldemarmiesse/python-on-whales/commit/059d89a178ccaa07e8c426c7af00e6ac41f3ae8a";><code>059d89a</code></a> Bump version to 0.81.0</li> <li><a href="https://github.com/gabrieldemarmiesse/python-on-whales/commit/f0b529ec6ac741c36c9ac10a7b3c3b9b75c41eae";><code>f0b529e</code></a> feat(compose): Add support for <code>docker compose up SERVICE --no-deps</code> (<a href="https://redirect.github.com/gabrieldemarmiesse/python-on-whales/issues/708";>#708</a>)</li> <li><a href="https://github.com/gabrieldemarmiesse/python-on-whales/commit/b615fc485fe60406160d617d5a8a91d7bd082d1a";><code>b615fc4</code></a> More accurate error handling when streaming stdout and stderr (<a href="https://redirect.github.com/gabrieldemarmiesse/python-on-whales/issues/703";>#703</a>)</li> <li><a href="https://github.com/gabrieldemarmiesse/python-on-whales/commit/ee87a947f0e18a86cee76f11765fd1779a431bca";><code>ee87a94</code></a> Bump version to 0.80.0</li> <li><a href="https://github.com/gabrieldemarmiesse/python-on-whales/commit/12efa4677e7a6f48cdafd919e4cfcd157da74863";><code>12efa46</code></a> Add support for <code>--metadata-file</code> option with buildx bake (<a href="https://redirect.github.com/gabrieldemarmiesse/python-on-whales/issues/693";>#693</a>)</li> <li><a href="https://github.com/gabrieldemarmiesse/python-on-whales/commit/6dfcce4243bf6cf17d0bf30eb5458029f949bad0";><code>6dfcce4</code></a> Add --service-ports flag to compose.run (<a href="https://redirect.github.com/gabrieldemarmiesse/python-on-whales/issues/701";>#701</a>)</li> <li><a href="https://github.com/gabrieldemarmiesse/python-on-whales/commit/fde7e12361037255f93ef92833a53a601a33ce7b";><code>fde7e12</code></a> Use the trusted publisher system of pypi (<a href="https://redirect.github.com/gabrieldemarmiesse/python-on-whales/issues/702";>#702</a>)</li> <li><a href="https://github.com/gabrieldemarmiesse/python-on-whales/commit/511ca7316e13f7d5ed232bd2593f664357c8976b";><code>511ca73</code></a> Add another test for buildx secrets (<a href="https://redirect.github.com/gabrieldemarmiesse/python-on-whales/issues/651";>#651</a>)</li> <li><a href="https://github.com/gabrieldemarmiesse/python-on-whales/commit/5c697f982073a58fabb34034836ec3bad2d81f98";><code>5c697f9</code></a> fix: missing... _Description has been truncated_ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
