Build(deps): Bump the pip-dependencies group across 1 directory with 26 updates

[dependabot]

Bumps the pip-dependencies group with 26 updates in the / directory:

Package	From	To
alembic	1.16.5	1.17.2
beautifulsoup4	4.13.5	4.14.3
certifi	2025.10.5	2025.11.12
charset-normalizer	3.4.3	3.4.4
click	8.1.8	8.3.1
google-auth	2.40.3	2.45.0
google-auth-oauthlib	1.2.2	1.2.3
greenlet	3.2.4	3.3.0
idna	3.10	3.11
importlib-metadata	8.7.0	8.7.1
kombu	5.5.4	5.6.1
markupsafe	3.0.2	3.0.3
pillow	11.3.0	12.0.0
pytest	8.4.2	9.0.2
python-dotenv	1.1.1	1.2.1
soupsieve	2.8	2.8.1
sqlalchemy	2.0.43	2.0.45
urllib3	2.5.0	2.6.2
wcwidth	0.2.13	0.2.14
websocket-client	1.8.0	1.9.0
wsproto	1.2.0	1.3.2
werkzeug	3.1.3	3.1.4
celery	5.5.3	5.6.0
flask-admin	2.0.1	2.0.2
psycopg2-binary	2.9.10	2.9.11
psutil	7.0.0	7.1.3

Updates alembic from 1.16.5 to 1.17.2

Release notes

Sourced from alembic's releases.

1.17.2

Released: November 14, 2025

feature

• [feature] [operations] Added Operations.implementation_for.replace parameter to Operations.implementation_for(), allowing replacement of existing operation implementations. This allows for existing operations such as CreateTableOp to be extended directly. Pull request courtesy justanothercatgirl.

  References: #1750

bug

• [bug] [mssql] Fixed issue in SQL Server dialect where the DROP that's automatically emitted for existing default constraints during an ALTER COLUMN needs to take place before not just the modification of the column's default, but also before the column's type is changed.

  References: #1744

1.17.1

Released: October 28, 2025

usecase

• [usecase] [commands] Added command.current.check_heads parameter to command.current() command, available from the command line via the --check-heads option to alembic current. This tests if all head revisions are applied to the database and raises DatabaseNotAtHead (or from the command line, exits with a non-zero exit code) if this is not the case. The parameter operates equvialently to the cookbook recipe cookbook_check_heads. Pull request courtesy Stefan Scherfke.

  References: #1705

bug

• [bug] [commands] Disallow ':' character in custom revision identifiers. Previously, using a colon in a revision ID (e.g., 'REV:1') would create the revision, however revisions with colons in them are not correctly interpreted by other commands, as it overlaps with the revision range syntax. Pull request courtesy Kim Wooseok with original implementation by Hrushikesh Patil.

... (truncated)

Commits

• See full diff in compare view

Updates beautifulsoup4 from 4.13.5 to 4.14.3

Updates certifi from 2025.10.5 to 2025.11.12

Commits

• 37ea150 2025.11.12 (#375)
• 2fa50bb Bump actions/upload-artifact from 4.6.2 to 5.0.0 (#374)
• 6cadb53 Bump actions/download-artifact from 5.0.0 to 6.0.0 (#373)
• See full diff in compare view

Updates charset-normalizer from 3.4.3 to 3.4.4

Release notes

Sourced from charset-normalizer's releases.

Version 3.4.4

3.4.4 (2025-10-13)

Changed

• Bound setuptools to a specific constraint setuptools>=68,<=81.
• Raised upper bound of mypyc for the optional pre-built extension to v1.18.2

Removed

• setuptools-scm as a build dependency.

Misc

• Enforced hashes in dev-requirements.txt and created ci-requirements.txt for security purposes.
• Additional pre-built wheels for riscv64, s390x, and armv7l architectures.
• Restore multiple.intoto.jsonl in GitHub releases in addition to individual attestation file per wheel.

Changelog

Sourced from charset-normalizer's changelog.

3.4.4 (2025-10-13)

Changed

• Bound setuptools to a specific constraint setuptools>=68,<=81.
• Raised upper bound of mypyc for the optional pre-built extension to v1.18.2

Removed

• setuptools-scm as a build dependency.

Misc

• Enforced hashes in dev-requirements.txt and created ci-requirements.txt for security purposes.
• Additional pre-built wheels for riscv64, s390x, and armv7l architectures.
• Restore multiple.intoto.jsonl in GitHub releases in addition to individual attestation file per wheel.

Commits

• b30ffdc 🔧 fix checksum step in cd.yml
• d3fbfcf 🔧 fix cd.yml
• dafbb95 Release 3.4.4 (#658)
• 1f18ffa ⬆️ raise mypy upper bound to 1.18.2
• ef4ac69 Merge branch 'release-3.4.4' of github.com:jawah/charset_normalizer into rele...
• 4b35dda 📝 write changelog for 3.4.4
• 0ec6452 🔧 update cd.yml workflow (add riscv64, s390x and armv7l)
• f341ede ⬆️ upgrade dependencies (dev, ci)
• a308841 📝 write changelog for 3.4.4
• 9c906da 🔧 update cd.yml workflow (add riscv64, s390x and armv7l)
• Additional commits viewable in compare view

Updates click from 8.1.8 to 8.3.1

Release notes

Sourced from click's releases.

8.3.1

This is the Click 8.3.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/click/8.3.1/ Changes: https://click.palletsprojects.com/page/changes/#version-8-3-1 Milestone: https://github.com/pallets/click/milestone/28

• Don't discard pager arguments by correctly using subprocess.Popen. #3039 #3055
• Replace Sentinel.UNSET default values by None as they're passed through the Context.invoke() method. #3066 #3065 #3068
• Fix conversion of Sentinel.UNSET happening too early, which caused incorrect behavior for multiple parameters using the same name. #3071 #3079
• Fix rendering when prompt and confirm parameter prompt_suffix is empty. #3019 #3021
• When Sentinel.UNSET is found during parsing, it will skip calls to type_cast_value. #3069 #3090
• Hide Sentinel.UNSET values as None when looking up for other parameters through the context inside parameter callbacks. #3136 #3137

8.3.0

This is the Click 8.3.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecation, or introduce potentially breaking changes.

We encourage everyone to upgrade. You can read more about our Version Support Policy on our website.

PyPI: https://pypi.org/project/click/8.3.0/ Changes: https://click.palletsprojects.com/page/changes/#version-8-3-0 Milestone https://github.com/pallets/click/milestone/27

• Improved flag option handling: Reworked the relationship between flag_value and default parameters for better consistency:

  • The default parameter value is now preserved as-is and passed directly to CLI functions (no more unexpected transformations)
  • Exception: flag options with default=True maintain backward compatibility by defaulting to their flag_value
  • The default parameter can now be any type (bool, None, etc.)
  • Fixes inconsistencies reported in: #1992 #2514 #2610 #3024 #3030

• Allow default to be set on Argument for nargs = -1. #2164 #3030

• Show correct auto complete value for nargs option in combination with flag option #2813

• Show correct auto complete value for nargs option in combination with flag option #2813

• Fix handling of quoted and escaped parameters in Fish autocompletion. #2995 #3013

• Lazily import shutil. #3023

• Properly forward exception information to resources registered with click.core.Context.with_resource(). #2447 #3058

• Fix regression related to EOF handling in CliRunner. #2939 #2940

8.2.2

This is the Click 8.2.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/click/8.2.2/

... (truncated)

Changelog

Sourced from click's changelog.

Version 8.3.1

Released 2025-11-15

• Don't discard pager arguments by correctly using subprocess.Popen. :issue:3039 :pr:3055
• Replace Sentinel.UNSET default values by None as they're passed through the Context.invoke() method. :issue:3066 :issue:3065 :pr:3068
• Fix conversion of Sentinel.UNSET happening too early, which caused incorrect behavior for multiple parameters using the same name. :issue:3071 :pr:3079
• Hide Sentinel.UNSET values as None when looking up for other parameters through the context inside parameter callbacks. :issue:3136 :pr:3137
• Fix rendering when prompt and confirm parameter prompt_suffix is empty. :issue:3019 :pr:3021
• When Sentinel.UNSET is found during parsing, it will skip calls to type_cast_value. :issue:3069 :pr:3090

Version 8.3.0

Released 2025-09-17

• Improved flag option handling: Reworked the relationship between flag_value and default parameters for better consistency:

  • The default parameter value is now preserved as-is and passed directly to CLI functions (no more unexpected transformations)
  • Exception: flag options with default=True maintain backward compatibility by defaulting to their flag_value
  • The default parameter can now be any type (bool, None, etc.)
  • Fixes inconsistencies reported in: :issue:1992 :issue:2514 :issue:2610 :issue:3024 :pr:3030

• Allow default to be set on Argument for nargs = -1. :issue:2164 :pr:3030

• Show correct auto complete value for nargs option in combination with flag option :issue:2813

• Fix handling of quoted and escaped parameters in Fish autocompletion. :issue:2995 :pr:3013

• Lazily import shutil. :pr:3023

• Properly forward exception information to resources registered with click.core.Context.with_resource(). :issue:2447 :pr:3058

• Fix regression related to EOF handling in CliRunner. :issue:2939 :pr:2940

Version 8.2.2

Released 2025-07-31

• Fix reconciliation of default, flag_value and type parameters for flag options, as well as parsing and normalization of environment variables.

... (truncated)

Commits

• 1d038f2 release version 8.3.1
• 03f3889 Fix Ruff UP038 warning (#3141)
• 3867781 Fix Ruff UP038 warning
• b91bb95 Provide altered context to callbacks to hide UNSET values as None (#3137)
• 437e1e3 Temporarily provide a fake context to the callback to hide UNSET values as ...
• ea70da4 Don't test using a file in docs/ (#3102)
• e27b307 Make uv run --all-extras pyright --verifytypes click pass (#3072)
• a92c573 Fix test_edit to work with BSD sed (#3129)
• bd131e1 Fix test_edit to work with BSD sed
• 0b5c6b7 Add Best practices section (#3127)
• Additional commits viewable in compare view

Updates google-auth from 2.40.3 to 2.45.0

Release notes

Sourced from google-auth's releases.

google-auth 2.45.0

2.45.0 (2025-12-15)

Features

• Adding Agent Identity bound token support and handling certificate mismatches with retries (#1890) (b32c934e)

google-auth 2.44.0

2.44.0 (2025-12-12)

Features

• MDS connections use mTLS (#1856) (0387bb95)

• support Python 3.14 (#1822) (0f7097e7)

• add ecdsa p-384 support (#1872) (39c381a5)

• Add shlex to correctly parse executable commands with spaces (#1855) (cf6fc3cc)

• Implement token revocation in STS client and add revoke() metho… (#1849) (d5638986)

Bug Fixes

• Add temporary patch to workload cert logic to accomodate Cloud Run mis-configuration (#1880) (78de7907)

• Delegate workload cert and key default lookup to helper function (#1877) (b0993c7e)

• Use public refresh method for source credentials in ImpersonatedCredentials (#1884) (e0c3296f)

google-auth 2.43.0

2.43.0 (2025-11-05)

Features

• Add public wrapper for _mtls_helper.check_use_client_cert which enables mTLS if GOOGLE_API_USE_CLIENT_CERTIFICATE is not set, when the MWID/X.509 cert sources detected (#1859) (1535eccb)

• Enable mTLS if GOOGLE_API_USE_CLIENT_CERTIFICATE is not set, if the MWID/X.509 cert sources detected (#1848) (395e405b)

• onboard google-auth to librarian (#1838) (c503eaa5)

v2.42.1

2.42.1 (2025-10-30)

Bug Fixes

• Catch ValueError for json.loads() (#1842) (b074cad)

v2.42.0

... (truncated)

Changelog

Sourced from google-auth's changelog.

2.45.0 (2025-12-15)

Features

• Adding Agent Identity bound token support and handling certificate mismatches with retries (#1890) (b32c934e6b0d09b94c467cd432a0a635e8b05f5c)

2.44.0 (2025-12-13)

Features

• support Python 3.14 (#1822) (0f7097e78f247665b6ef0287d482033f7be2ed6d)
• add ecdsa p-384 support (#1872) (39c381a5f6881b590025f36d333d12eff8dc60fc)
• MDS connections use mTLS (#1856) (0387bb95713653d47e846cad3a010eb55ef2db4c)
• Implement token revocation in STS client and add revoke() metho… (#1849) (d5638986ca03ee95bfffa9ad821124ed7e903e63)
• Add shlex to correctly parse executable commands with spaces (#1855) (cf6fc3cced78bc1362a7fe596c32ebc9ce03c26b)

Bug Fixes

• Use public refresh method for source credentials in ImpersonatedCredentials (#1884) (e0c3296f471747258f6d98d2d9bfde636358ecde)
• Add temporary patch to workload cert logic to accomodate Cloud Run mis-configuration (#1880) (78de7907b8bdb7b5510e3c6fa8a3f3721e2436d7)
• Delegate workload cert and key default lookup to helper function (#1877) (b0993c7edaba505d0fb0628af28760c43034c959)

2.43.0 (2025-11-05)

Features

• Add public wrapper for _mtls_helper.check_use_client_cert which enables mTLS if GOOGLE_API_USE_CLIENT_CERTIFICATE is not set, when the MWID/X.509 cert sources detected (#1859) Add public wrapper for check_use_client_cert which enables mTLS if GOOGLE_API_USE_CLIENT_CERTIFICATE is not set, when the MWID/X.509 cert sources detected. Also, fix check_use_client_cert to return boolean value. Change #1848 added the check_use_client_cert method that helps know if client cert should be used for mTLS connection. However, that was in a private class, thus, created a public wrapper of the same function so that it can be used by python Client Libraries. Also, updated check_use_client_cert to return a boolean value instead of existing string value for better readability and future scope. --------- (1535eccbff0ad8f3fd6a9775316ac8b77dca66ba)
• Enable mTLS if GOOGLE_API_USE_CLIENT_CERTIFICATE is not set, if the MWID/X.509 cert sources detected (#1848) The Python SDK will use a hybrid approach for mTLS enablement:

• If the GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable is set (either true or false), the SDK will respect that setting. This is necessary for test scenarios and users who need to explicitly control mTLS behavior.
• If the GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable is not set, the SDK will automatically enable mTLS only if it detects Managed Workload Identity (MWID) or X.509 Workforce Identity Federation (WIF) certificate sources. In other cases where the variable is not set, mTLS

... (truncated)

Commits

• 08fabf7 chore: librarian release pull request: 20251215T132028Z (#1891)
• b32c934 feat: Adding Agent Identity bound token support and handling certificate mism...
• 262eb9e chore: librarian release pull request: 20251212T161150Z (#1888)
• 0f7097e feat: support Python 3.14 (#1822)
• e0c3296 fix(auth): Use public refresh method for source credentials in ImpersonatedCr...
• 78de790 fix(auth): Add temporary patch to workload cert logic to accomodate Cloud Run...
• 3e8a566 chore(tests): allow expired secret in system tests (#1883)
• b0993c7 fix(auth): Delegate workload cert and key default lookup to helper function (...
• 2c374d3 chore: update secret (#1879)
• 39c381a feat: add ecdsa p-384 support (#1872)
• Additional commits viewable in compare view

Updates google-auth-oauthlib from 1.2.2 to 1.2.3

Release notes

Sourced from google-auth-oauthlib's releases.

v1.2.3

1.2.3 (2025-10-30)

Bug Fixes

• Add upper-bound to google-auth dependency (#423) (d7921f9)
• Drop support for Python 3.6 (4b1a5f3)
• Explicitly declare Python 3.13 support (4b1a5f3)

Changelog

Sourced from google-auth-oauthlib's changelog.

1.2.3 (2025-10-30)

Bug Fixes

• Add upper-bound to google-auth dependency (#423) (d7921f9)
• Drop support for Python 3.6 (4b1a5f3)
• Explicitly declare Python 3.13 support (4b1a5f3)

Commits

• 2765352 chore(main): release 1.2.3 (#409)
• d7921f9 fix: add upper-bound to google-auth dependency (#423)
• 951dd32 chore(python): Add support for Python 3.14 (#415)
• cb74baf tests: update default runtime used for tests (#411)
• 4b1a5f3 fix: explicitly declare Python 3.13 support (#408)
• See full diff in compare view

Updates greenlet from 3.2.4 to 3.3.0

Changelog

Sourced from greenlet's changelog.

3.3.0 (2025-12-04)

• Drop support for Python 3.9.

• Switch to distributing manylinux_2_28 wheels instead of manylinux2014 wheels. Likewise, switch from musllinux_1_1 to 1_2.

• Add initial support for free-threaded builds of CPython 3.14. Due to limitations, we do not distribute binary wheels for free-threaded CPython on Windows. (Free-threaded CPython 3.13 may work, but is untested and unsupported.)

  .. caution::

  Under some rare scenarios with free-threaded 3.14, the interpreter may crash on accessing a variable or attribute or when shutting down. If this happens, try disabling the thread-local bytecode cache. See the greenlet documentation for more details. See PR 472 by T. Wouters <https://github.com/python-greenlet/greenlet/pull/472>_ for the initial free-threaded support and a discussion of the current known issues.

Commits

• 0f90431 Preparing release 3.3.0
• 296058a Tweak changelog. [skip ci]
• d4392ab fixup
• e6fead2 Update docs regarding free-threading.
• d5b1346 3.14: Save/restore PyInterpreterFrame.stackpointer.
• b54c4bd Fix some crashes with CPython assertions enabled, pointing to things we were ...
• 47e9925 Add a test that we're not enabling the GIL.
• 0778d50 Use our Python allocator on free-threaded builds, but do it correctly with Py...
• 5f661f4 Add free-threaded CI builds and manylinux builds; update manylinux away from ...
• 5331b0a Merge pull request #475 from clin1234/capi
• Additional commits viewable in compare view

Updates idna from 3.10 to 3.11

Changelog

Sourced from idna's changelog.

3.11 (2025-10-12)

• Update to Unicode 16.0.0, including significant changes to UTS46 processing. As a result of Unicode ending support for it, transitional processing no longer has an effect and returns the same result.
• Add support for Python 3.14, lowest supported version is Python 3.8.
• Various updates to packaging, including PEP 740 support.

Commits

• ad949ee Release v3.11
• cae4ba7 Second release candidate for 3.11
• 8adb305 Add space in RST link
• 74cb2b6 Release candidate for 3.11
• 05dab09 Format idna-data with ruff
• 90eac78 Apply ruff formatting
• a31ce7e Remove errant test vectors
• 81f0333 Omit vectors known to be broken in test suite
• a0f3257 Merge branch 'master' into unicode-16-uts46-changes
• 38d9886 Remove extra UTS46 test vector
• Additional commits viewable in compare view

Updates importlib-metadata from 8.7.0 to 8.7.1

Changelog

Sourced from importlib-metadata's changelog.

v8.7.1

Bugfixes

• Fixed errors in FastPath under fork-multiprocessing. (#520)
• Removed cruft from Python 3.8. (#524)

Commits

• 84e9028 Finalize
• 36ed6f6 Merge pull request #521 from 2xB/fix520
• f6eee56 Rely on passthrough to designate a wrapper for its side effect.
• 3c9510b Prefer noop for degenerate behavior.
• a36bab9 Avoid if block.
• 8dd2937 Decouple clear_after_fork from lru_cache and then compose.
• 1da3f45 Add news fragment.
• a1c25d8 🧎‍♀️ Genuflect to the types.
• 4e962a8 👹 Feed the hobgoblins (delint).
• 6a30ab9 Allow initial currsize to be greater than one (as happens when running the te...
• Additional commits viewable in compare view

Updates kombu from 5.5.4 to 5.6.1

Release notes

Sourced from kombu's releases.

v5.6.1

What's Changed

• fix: ensure hub close does also remove global event loop reference by @​oliverhaas in celery/kombu#2404
• fix: default value for SQS's receive message by @​cuducos in celery/kombu#2405
• Feat: add support for credential_provider to redis broker by @​alaminopu in celery/kombu#2408
• Prepare for release: v5.6.1 by @​Nusnus in celery/kombu#2416

New Contributors

• @​oliverhaas made their first contribution in celery/kombu#2404
• @​cuducos made their first contribution in celery/kombu#2405
• @​alaminopu made their first contribution in celery/kombu#2408

Full Changelog: celery/kombu@v5.6.0...v5.6.1

v5.6.0

Key Highlights

QoS Max Prefetch Limit celery/kombu#2348

Prevent Out Of Memory crashes when queues flood with ETA/countdown tasks. The new optional max_prefetch parameter caps how many messages workers hold in memory. Defaults to unlimited (None) to preserve existing behavior.

from kombu.common import QoS
Limit prefetch to maximum 100 messages
qos = QoS(callback=consumer.qos, initial_value=10, max_prefetch=100)

Redis Polling Interval Support celery/kombu#2346

Fix Redis transport to properly propagate polling_interval and brpop_timeout from transport_options to the Channel's _brpop_start timeout.

app.conf.broker_transport_options = {"polling_interval": 10}

Leave it unset to keep the familiar 1-second default, or raise it to slow down idle polling.

Pidbox RabbitMQ 4.x Compatibility celery/kombu#2338

Let pidbox queues work on RabbitMQ 4.x brokers that reject transient, non-exclusive queues.

MongoDB Transport Improvements celery/kombu#2347

URI options now come through lowercase and flattened again, so settings like replicaSet=test_rs show up as options['replicaset'].

Resource Pool Gevent Compatibility celery/kombu#2314

Restore compatibility with recent gevent releases that monkey-patch the standard library queue.

... (truncated)

Changelog

Sourced from kombu's changelog.

5.6.1

:release-date: 25 November, 2025 :release-by: Tomer Nosrati

What's Changed

- fix: ensure hub close does also remove global event loop reference ([#2404](https://github.com/celery/kombu/issues/2404))
- fix: default value for SQS's receive message ([#2405](https://github.com/celery/kombu/issues/2405))
- Feat: add support for credential_provider to redis broker ([#2408](https://github.com/celery/kombu/issues/2408))
- Prepare for release: v5.6.1 ([#2416](https://github.com/celery/kombu/issues/2416))
.. _version-5.6.0:
5.6.0
:release-date: 1 November, 2025
:release-by: Tomer Nosrati
Key Highlights

QoS Max Prefetch Limit

PR [#2348](https://github.com/celery/kombu/issues/2348) <https://github.com/celery/kombu/pull/2348>_

Prevent Out Of Memory crashes when queues flood with ETA/countdown tasks. The new optional max_prefetch parameter caps how many messages workers hold in memory. Defaults to unlimited (None) to preserve existing behavior.

.. code-block:: python

from kombu.common import QoS
Limit prefetch to maximum 100 messages
qos = QoS(callback=consumer.qos, initial_value=10, max_prefetch=100)

Redis Polling Interval Support

PR [#2346](https://github.com/celery/kombu/issues/2346) <https://github.com/celery/kombu/pull/2346>_

Fix Redis transport to properly propagate polling_interval and brpop_timeout from transport_options to the Channel's _brpop_start timeout.

.. code-block:: python

app.conf.broker_transport_options = {"polling_interval": 10}

Leave it unset to keep the familiar 1-second default, or raise it to slow down idle polling.

... (truncated)

Commits

• 5208431 Prepare for release: v5.6.1 (#2416)
• 24ade8f [pre-commit.ci] pre-commit autoupdate (#2415)
• 8822511 Bump actions/checkout from 5 to 6 (#2412)
• 4a57bfe Feat: add support for credential_provider to redis broker (#2408)
• b67cbe6 Revert "Bump protobuf from 6.32.1 to 6.33.1 (#2409)"
• 3454c88 Bump protobuf from 6.32.1 to 6.33.1 (#2409)
• baa625d [pre-commit.ci] pre-commit autoupdate (#2407)
• c89be8c fix: default value for SQS's receive message (#2405)
• ecbb733 fix: ensure hub close does also remove global event loop reference (#2404)
• 4e74395 Prepare for release: v5.6.0 (#2402)
• Additional commits viewable in compare view

Updates markupsafe from 3.0.2 to 3.0.3

Release notes

Sourced from markupsafe's releases.

3.0.3

This is the MarkupSafe 3.0.3 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/MarkupSafe/3.0.3/ Changes: https://markupsafe.palletsprojects.com/page/changes/#version-3-0-3 Milestone: https://github.com/pallets/markupsafe/milestone/15?closed=1

• __version__ raises DeprecationWarning instead of UserWarning. #487
• Adopt multi-phase initialization PEP 489 for the C extension. #494
• Build Windows ARM64 wheels. #485
• Build Python 3.14 wheels. #503
• Build riscv64 wheels. #505

Changelog

Sourced from markupsafe's changelog.

Version 3.0.3

Released 2025-09-27

• __version__ raises DeprecationWarning instead of UserWarning. :issue:487
• Adopt multi-phase initialisation (:pep:489) for the C extension. :issue:494
• Build Windows ARM64 wheels. :issue:485
• Build Python 3.14 wheels. :issue:503
• Build riscv64 wheels. :issue:505

Commits

• 297fc8e release version 3.0.3
• 7e4e6ce Free-threading: run with pytest-run-paralell (#507)
• 6100b9c enable riscv64 wheels (#506)
• c9d5ecf enable riscv64 wheels
• 2f9b337 tox for 3.14
• 78d951a update dev dependencies
• bb6744e add entry
• 65c4134 upgrade cibuildwheel, add cp314 wheels and test on CPython 3.14 (#504)
• 3a9bd88 add cp314 wheels
• aafe44d remove slsa provenance (#501)
• Additional commits viewable in compare view

Updates pillow from 11.3.0 to 12.0.0

Release notes

Sourced from pillow's releases.

12.0.0

https://pillow.readthedocs.io/en/stable/releasenotes/12.0.0.html

Removals

• Remove support for FreeType <= 2.9.0 #9159 [@​radarhere]
• Drop support for Python 3.9 #9119 [@​hugovk]
• Remove deprecations for Pillow 12.0.0 #9053 [@​radarhere]

Deprecations

• Deprecate Image._show #9186 [@​radarhere]
• Deprecate ImageCmsProfile product_name and product_info #8995 [@​lukegb]

Documentation

• ImagingHistogramInstance can use two bands #9251 [@​radarhere]
• Update 12.0.0 release notes #9247 [@​hugovk]
• Added ImageDraw alpha channel examples #9201 [@​radarhere]
• Update Python version #9230 [@​radarhere]
• Updated macOS tested Pillow versions #9209 [@​radarhere]
• Add GitHub profile link to release notes #9197 [@​radarhere]
• Split versionadded info #9190 [@​radarhere]
• Document ImageFile.MAXBLOCK #9163 [@​radarhere]
• Updated macOS version in CI targets #9157 [@​radarhere]
• Fix typos #9135 [@​radarhere]
• Added "Colors" to concepts #9067 [@​radarhere]
• Update macOS tested Pillow versions #9068 [@​radarhere]
• Thanks, folks! #9056 [@​aclark4life]
• Setup nit: "fork" should be lowercased #9055 [@​aclark4life]

Dependencies

• Update dependency cibuildwheel to v3.2.1 #9246 [@renovate[bot]]
• [pre-commit.ci] pre-commit autoupdate #9233 [@pre-commit-ci[bot]]
• Update harfbuzz to 12.1.0 #9218 [@​radarhere]
• Update libtiff to 4.7.1 #9222 [@​radarhere]
• Update FreeType to 2.14.1 on macOS and Linux wheels #9217 [@​radarhere]
• Update dependency cibuildwheel to v3.2.0 #9219 [@renovate[bot]]
• Update Ghos...

  Description has been truncated