From 5262053efcaffd20264cf94b38c113d447a1a32c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Aug 2025 15:44:00 +0000 Subject: [PATCH 1/5] Bump identify from 2.6.12 to 2.6.13 (#11412) Bumps [identify](https://github.com/pre-commit/identify) from 2.6.12 to 2.6.13.
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=identify&package-manager=pip&previous-version=2.6.12&new-version=2.6.13)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 92c62c691d6..88d19bcb466 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -86,7 +86,7 @@ gidgethub==5.4.0 # via cherry-picker gunicorn==23.0.0 # via -r requirements/base.in -identify==2.6.12 +identify==2.6.13 # via pre-commit idna==3.6 # via diff --git a/requirements/dev.txt b/requirements/dev.txt index af047b92626..7f6111dddf5 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -84,7 +84,7 @@ gidgethub==5.4.0 # via cherry-picker gunicorn==23.0.0 # via -r requirements/base.in -identify==2.6.12 +identify==2.6.13 # via pre-commit idna==3.6 # via diff --git a/requirements/lint.txt b/requirements/lint.txt index c0682c41460..175b73d2f64 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -33,7 +33,7 @@ forbiddenfruit==0.1.4 # via blockbuster freezegun==1.5.4 # via -r requirements/lint.in -identify==2.6.12 +identify==2.6.13 # via pre-commit idna==3.7 # via trustme From b3bfa1ca94fcab18f2664cc68e0ed8202ff953ab Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Aug 2025 16:26:22 +0000 Subject: [PATCH 2/5] Bump actions/checkout from 4 to 5 (#11413) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5.
Release notes

Sourced from actions/checkout's releases.

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: https://github.com/actions/checkout/compare/v4...v5.0.0

v4.3.0

What's Changed

New Contributors

Full Changelog: https://github.com/actions/checkout/compare/v4...v4.3.0

v4.2.2

What's Changed

Full Changelog: https://github.com/actions/checkout/compare/v4.2.1...v4.2.2

v4.2.1

What's Changed

New Contributors

Full Changelog: https://github.com/actions/checkout/compare/v4.2.0...v4.2.1

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

V5.0.0

V4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v4.1.5

v4.1.4

v4.1.3

... (truncated)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/checkout&package-manager=github_actions&previous-version=4&new-version=5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci-cd.yml | 14 +++++++------- .github/workflows/codeql.yml | 2 +- .github/workflows/update-pre-commit.yml | 2 +- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index 78dcc99b6cf..bc021ccf184 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -36,7 +36,7 @@ jobs: timeout-minutes: 5 steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: submodules: true - name: >- @@ -105,7 +105,7 @@ jobs: timeout-minutes: 5 steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: submodules: true - name: Cache llhttp generated files @@ -161,7 +161,7 @@ jobs: continue-on-error: ${{ matrix.experimental }} steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: submodules: true - name: Setup Python ${{ matrix.pyver }} @@ -260,7 +260,7 @@ jobs: timeout-minutes: 9 steps: - name: Checkout project - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: submodules: true - name: Setup Python 3.13.2 @@ -328,7 +328,7 @@ jobs: needs: pre-deploy steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: submodules: true - name: Setup Python @@ -395,7 +395,7 @@ jobs: musl: musllinux steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: submodules: true - name: Set up QEMU @@ -466,7 +466,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: submodules: true - name: Login diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 601d45a35ad..be954079132 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -26,7 +26,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Initialize CodeQL uses: github/codeql-action/init@v3 diff --git a/.github/workflows/update-pre-commit.yml b/.github/workflows/update-pre-commit.yml index 85cd5cf4d8e..e2426524529 100644 --- a/.github/workflows/update-pre-commit.yml +++ b/.github/workflows/update-pre-commit.yml @@ -8,7 +8,7 @@ jobs: if: github.repository_owner == 'aiohttp' runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: Set up Python uses: actions/setup-python@v5 with: From 9da32417e4a55d23720856df0fabab16ba2b2307 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Aug 2025 16:41:29 +0000 Subject: [PATCH 3/5] Bump multidict from 6.6.3 to 6.6.4 (#11415) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [multidict](https://github.com/aio-libs/multidict) from 6.6.3 to 6.6.4.
Release notes

Sourced from multidict's releases.

6.6.4

Bug fixes

  • Fixed MutliDict & CIMultiDict memory leak when deleting values or clearing them -- by :user:Vizonex

    Related issues and pull requests on GitHub: #1233.

Contributor-facing changes

  • The type preciseness coverage report generated by MyPy <https://mypy-lang.org>__ is now uploaded to Coveralls <https://coveralls.io/github/aio-libs/multidict>__ and will not be included in the Codecov views <https://app.codecov.io/gh/aio-libs/multidict>__ going forward -- by :user:webknjaz.

    Related issues and pull requests on GitHub: #1122, #1231.

  • Added memory leak test for popping or deleting attributes from a multidict to prevent future issues or bogus claims. -- by :user:Vizonex

    Related issues and pull requests on GitHub: #1233.

Changelog

Sourced from multidict's changelog.

6.6.4

(2025-08-11)

Bug fixes

  • Fixed MutliDict & CIMultiDict memory leak when deleting values or clearing them -- by :user:Vizonex

    Related issues and pull requests on GitHub: :issue:1233.

Contributor-facing changes

  • The type preciseness coverage report generated by MyPy <https://mypy-lang.org>__ is now uploaded to Coveralls <https://coveralls.io/github/aio-libs/multidict>__ and will not be included in the Codecov views <https://app.codecov.io/gh/aio-libs/multidict>__ going forward -- by :user:webknjaz.

    Related issues and pull requests on GitHub: :issue:1122, :issue:1231.

  • Added memory leak test for popping or deleting attributes from a multidict to prevent future issues or bogus claims. -- by :user:Vizonex

    Related issues and pull requests on GitHub: :issue:1233.

Commits
  • e0e61c2 Release 6.6.4 (#1234)
  • 820631f Fix Memory leaks and add tests to prevent memory leaks during md_clear from p...
  • 00e3803 Merge branch 'maintenance/1122-coveralls-mypy'
  • 736f179 📝 Add a change note for PR #1231
  • 19f085e 🩹 Drop MyPy 3.9 ref from the linters workflow
  • 97ce0ed Move reporting MyPy type preciseness to Coveralls
  • See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=multidict&package-manager=pip&previous-version=6.6.3&new-version=6.6.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/base.txt | 2 +- requirements/constraints.txt | 2 +- requirements/cython.txt | 4 ++-- requirements/dev.txt | 2 +- requirements/multidict.txt | 2 +- requirements/runtime-deps.txt | 2 +- requirements/test.txt | 2 +- 7 files changed, 8 insertions(+), 8 deletions(-) diff --git a/requirements/base.txt b/requirements/base.txt index 3faddb12da8..2b4d315e33f 100644 --- a/requirements/base.txt +++ b/requirements/base.txt @@ -24,7 +24,7 @@ gunicorn==23.0.0 # via -r requirements/base.in idna==3.6 # via yarl -multidict==6.6.3 +multidict==6.6.4 # via # -r requirements/runtime-deps.in # yarl diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 88d19bcb466..81444bd9b27 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -113,7 +113,7 @@ markupsafe==3.0.2 # via jinja2 mdurl==0.1.2 # via markdown-it-py -multidict==6.6.3 +multidict==6.6.4 # via # -r requirements/multidict.in # -r requirements/runtime-deps.in diff --git a/requirements/cython.txt b/requirements/cython.txt index 39257b77599..b80de4842de 100644 --- a/requirements/cython.txt +++ b/requirements/cython.txt @@ -6,7 +6,7 @@ # cython==3.1.2 # via -r requirements/cython.in -multidict==6.6.3 - # via -r /home/dependabot/dependabot-updater/tmp/20250715-1382-lngh7e/dependabot_20250715-1382-a7k872/requirements/multidict.in +multidict==6.6.4 + # via -r requirements/multidict.in typing-extensions==4.14.1 # via multidict diff --git a/requirements/dev.txt b/requirements/dev.txt index 7f6111dddf5..7e0b0f8d351 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -111,7 +111,7 @@ markupsafe==3.0.2 # via jinja2 mdurl==0.1.2 # via markdown-it-py -multidict==6.6.3 +multidict==6.6.4 # via # -r requirements/runtime-deps.in # yarl diff --git a/requirements/multidict.txt b/requirements/multidict.txt index 6f90d5c4c34..8330b558883 100644 --- a/requirements/multidict.txt +++ b/requirements/multidict.txt @@ -4,7 +4,7 @@ # # pip-compile --allow-unsafe --output-file=requirements/multidict.txt --resolver=backtracking --strip-extras requirements/multidict.in # -multidict==6.6.3 +multidict==6.6.4 # via -r requirements/multidict.in typing-extensions==4.14.1 # via multidict diff --git a/requirements/runtime-deps.txt b/requirements/runtime-deps.txt index 327fae9055b..3cbcc7e0f11 100644 --- a/requirements/runtime-deps.txt +++ b/requirements/runtime-deps.txt @@ -22,7 +22,7 @@ frozenlist==1.7.0 # aiosignal idna==3.6 # via yarl -multidict==6.6.3 +multidict==6.6.4 # via # -r requirements/runtime-deps.in # yarl diff --git a/requirements/test.txt b/requirements/test.txt index 7bfa1c7a195..112a974b1e3 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -57,7 +57,7 @@ markdown-it-py==3.0.0 # via rich mdurl==0.1.2 # via markdown-it-py -multidict==6.6.3 +multidict==6.6.4 # via # -r requirements/runtime-deps.in # yarl From 628685cb5ef993fb5c2309ab4a73431d7fa80d24 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Aug 2025 16:45:41 +0000 Subject: [PATCH 4/5] Bump coverage from 7.10.2 to 7.10.3 (#11416) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.10.2 to 7.10.3.
Changelog

Sourced from coverage's changelog.

Version 7.10.3 — 2025-08-10

  • Fixes for patch = subprocess:

    • If subprocesses spawned yet more subprocesses simultaneously, some coverage could be missed. This is now fixed, closing issue 2024_.

    • If subprocesses were created in other directories, their data files were stranded there and not combined into the totals, as described in issue 2025_. This is now fixed.

    • On Windows (or maybe only some Windows?) the patch would fail with a ModuleNotFound error trying to import coverage. This is now fixed, closing issue 2022_.

    • Originally only options set in the coverage configuration file would apply to subprocesses. Options set on the coverage run command line (such as --branch) wouldn't be communicated to the subprocesses. This could lead to combining failures, as described in issue 2021_. Now the entire configuration is used in subprocesses, regardless of its origin.

    • Added debug=patch to help diagnose problems.

  • Fix: really close all SQLite databases, even in-memory ones. Closes issue 2017_.

.. _issue 2017: nedbat/coveragepy#2017 .. _issue 2021: nedbat/coveragepy#2021 .. _issue 2022: nedbat/coveragepy#2022 .. _issue 2024: nedbat/coveragepy#2024 .. _issue 2025: nedbat/coveragepy#2025

.. _changes_7-10-2:

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=coverage&package-manager=pip&previous-version=7.10.2&new-version=7.10.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/test.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 81444bd9b27..a6d8a1c7c4f 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -52,7 +52,7 @@ click==8.1.8 # slotscheck # towncrier # wait-for-it -coverage==7.10.2 +coverage==7.10.3 # via # -r requirements/test.in # pytest-cov diff --git a/requirements/dev.txt b/requirements/dev.txt index 7e0b0f8d351..36f6dcbd6ea 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -52,7 +52,7 @@ click==8.1.8 # slotscheck # towncrier # wait-for-it -coverage==7.10.2 +coverage==7.10.3 # via # -r requirements/test.in # pytest-cov diff --git a/requirements/test.txt b/requirements/test.txt index 112a974b1e3..8a4a5388823 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -25,7 +25,7 @@ cffi==1.17.1 # pytest-codspeed click==8.1.8 # via wait-for-it -coverage==7.10.2 +coverage==7.10.3 # via # -r requirements/test.in # pytest-cov From a31e990ded2cb08f9c759a731f6e0e13c41a0ac5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Aug 2025 16:49:10 +0000 Subject: [PATCH 5/5] Bump charset-normalizer from 3.4.2 to 3.4.3 (#11417) Bumps [charset-normalizer](https://github.com/jawah/charset_normalizer) from 3.4.2 to 3.4.3.
Release notes

Sourced from charset-normalizer's releases.

Version 3.4.3

3.4.3 (2025-08-09)

Changed

  • mypy(c) is no longer a required dependency at build time if CHARSET_NORMALIZER_USE_MYPYC isn't set to 1. (#595) (#583)
  • automatically lower confidence on small bytes samples that are not Unicode in detect output legacy function. (#391)

Added

  • Custom build backend to overcome inability to mark mypy as an optional dependency in the build phase.
  • Support for Python 3.14

Fixed

  • sdist archive contained useless directories.
  • automatically fallback on valid UTF-16 or UTF-32 even if the md says it's noisy. (#633)

Misc

  • SBOM are automatically published to the relevant GitHub release to comply with regulatory changes. Each published wheel comes with its SBOM. We choose CycloneDX as the format.
  • Prebuilt optimized wheel are no longer distributed by default for CPython 3.7 due to a change in cibuildwheel.
Changelog

Sourced from charset-normalizer's changelog.

3.4.3 (2025-08-09)

Changed

  • mypy(c) is no longer a required dependency at build time if CHARSET_NORMALIZER_USE_MYPYC isn't set to 1. (#595) (#583)
  • automatically lower confidence on small bytes samples that are not Unicode in detect output legacy function. (#391)

Added

  • Custom build backend to overcome inability to mark mypy as an optional dependency in the build phase.
  • Support for Python 3.14

Fixed

  • sdist archive contained useless directories.
  • automatically fallback on valid UTF-16 or UTF-32 even if the md says it's noisy. (#633)

Misc

  • SBOM are automatically published to the relevant GitHub release to comply with regulatory changes. Each published wheel comes with its SBOM. We choose CycloneDX as the format.
  • Prebuilt optimized wheel are no longer distributed by default for CPython 3.7 due to a change in cibuildwheel.
Commits
  • 46f662d Release 3.4.3 (#638)
  • 1a059b2 :wrench: skip building on freethreaded as we're not confident it is stable
  • 2275e3d :pencil: final note in CHANGELOG.md
  • c96acdf :pencil: update release date on CHANGELOG.md
  • 43e5460 :pencil: update README.md
  • f277074 :wrench: automatically lower confidence on small bytes str on non Unicode res...
  • 15ae241 :bug: automatically fallback on valid UTF-16 or UTF-32 even if the md says it...
  • 37397c1 :wrench: enable 3.14 in nox test_mypyc session
  • cb82537 :rewind: revert license due to compat python 3.7 issue setuptools
  • 6a2efeb :art: fix linter errors
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=charset-normalizer&package-manager=pip&previous-version=3.4.2&new-version=3.4.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/doc-spelling.txt | 2 +- requirements/doc.txt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index a6d8a1c7c4f..d4019dc6c6b 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -41,7 +41,7 @@ cffi==1.17.1 # pytest-codspeed cfgv==3.4.0 # via pre-commit -charset-normalizer==3.4.2 +charset-normalizer==3.4.3 # via requests cherry-picker==2.5.0 # via -r requirements/dev.in diff --git a/requirements/dev.txt b/requirements/dev.txt index 36f6dcbd6ea..687e8788b42 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -41,7 +41,7 @@ cffi==1.17.1 # pytest-codspeed cfgv==3.4.0 # via pre-commit -charset-normalizer==3.4.2 +charset-normalizer==3.4.3 # via requests cherry-picker==2.5.0 # via -r requirements/dev.in diff --git a/requirements/doc-spelling.txt b/requirements/doc-spelling.txt index f5326b51507..6fe7bbc9f3d 100644 --- a/requirements/doc-spelling.txt +++ b/requirements/doc-spelling.txt @@ -12,7 +12,7 @@ babel==2.17.0 # via sphinx certifi==2025.8.3 # via requests -charset-normalizer==3.4.2 +charset-normalizer==3.4.3 # via requests click==8.1.8 # via towncrier diff --git a/requirements/doc.txt b/requirements/doc.txt index e4f88bcda19..901551e0bf5 100644 --- a/requirements/doc.txt +++ b/requirements/doc.txt @@ -12,7 +12,7 @@ babel==2.17.0 # via sphinx certifi==2025.8.3 # via requests -charset-normalizer==3.4.2 +charset-normalizer==3.4.3 # via requests click==8.1.8 # via towncrier