From 9ef74f57a06e9b02dfe7185564db46f9ed1e7e65 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 6 Oct 2025 10:49:31 +0000
Subject: [PATCH 1/2] Bump yarl from 1.20.1 to 1.21.0 (#11562)
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
requirements/base-ft.txt | 2 +-
requirements/base.txt | 2 +-
requirements/constraints.txt | 2 +-
requirements/dev.txt | 2 +-
requirements/runtime-deps.txt | 2 +-
requirements/test-ft.txt | 2 +-
requirements/test.txt | 2 +-
7 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/requirements/base-ft.txt b/requirements/base-ft.txt
index 15c562571be..5c1e43c5bda 100644
--- a/requirements/base-ft.txt
+++ b/requirements/base-ft.txt
@@ -42,7 +42,7 @@ typing-extensions==4.15.0
# via
# aiosignal
# multidict
-yarl==1.20.1
+yarl==1.21.0
# via -r requirements/runtime-deps.in
zstandard==0.25.0 ; platform_python_implementation == "CPython" and python_version < "3.14"
# via -r requirements/runtime-deps.in
diff --git a/requirements/base.txt b/requirements/base.txt
index 8414db41eab..ec4c8e4e6f8 100644
--- a/requirements/base.txt
+++ b/requirements/base.txt
@@ -44,7 +44,7 @@ typing-extensions==4.15.0
# multidict
uvloop==0.21.0 ; platform_system != "Windows" and implementation_name == "cpython"
# via -r requirements/base.in
-yarl==1.20.1
+yarl==1.21.0
# via -r requirements/runtime-deps.in
zstandard==0.25.0 ; platform_python_implementation == "CPython" and python_version < "3.14"
# via -r requirements/runtime-deps.in
diff --git a/requirements/constraints.txt b/requirements/constraints.txt
index 66a9451e632..0cc0d7a215f 100644
--- a/requirements/constraints.txt
+++ b/requirements/constraints.txt
@@ -293,7 +293,7 @@ wait-for-it==2.3.0
# via -r requirements/test-common.in
wheel==0.46.0
# via pip-tools
-yarl==1.20.1
+yarl==1.21.0
# via -r requirements/runtime-deps.in
zlib-ng==1.0.0
# via
diff --git a/requirements/dev.txt b/requirements/dev.txt
index 67ee1808222..e4d1cb494c1 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -284,7 +284,7 @@ wait-for-it==2.3.0
# via -r requirements/test-common.in
wheel==0.46.0
# via pip-tools
-yarl==1.20.1
+yarl==1.21.0
# via -r requirements/runtime-deps.in
zlib-ng==1.0.0
# via
diff --git a/requirements/runtime-deps.txt b/requirements/runtime-deps.txt
index 78b83942ae0..de0e7181da5 100644
--- a/requirements/runtime-deps.txt
+++ b/requirements/runtime-deps.txt
@@ -38,7 +38,7 @@ typing-extensions==4.15.0
# via
# aiosignal
# multidict
-yarl==1.20.1
+yarl==1.21.0
# via -r requirements/runtime-deps.in
zstandard==0.25.0 ; platform_python_implementation == "CPython" and python_version < "3.14"
# via -r requirements/runtime-deps.in
diff --git a/requirements/test-ft.txt b/requirements/test-ft.txt
index 314c2ac446d..2eda8248d9a 100644
--- a/requirements/test-ft.txt
+++ b/requirements/test-ft.txt
@@ -142,7 +142,7 @@ typing-inspection==0.4.2
# via pydantic
wait-for-it==2.3.0
# via -r requirements/test-common.in
-yarl==1.20.1
+yarl==1.21.0
# via -r requirements/runtime-deps.in
zlib-ng==1.0.0
# via -r requirements/test-common.in
diff --git a/requirements/test.txt b/requirements/test.txt
index b65bd794809..8f938b90f1c 100644
--- a/requirements/test.txt
+++ b/requirements/test.txt
@@ -144,7 +144,7 @@ uvloop==0.21.0 ; platform_system != "Windows" and implementation_name == "cpytho
# via -r requirements/base.in
wait-for-it==2.3.0
# via -r requirements/test-common.in
-yarl==1.20.1
+yarl==1.21.0
# via -r requirements/runtime-deps.in
zlib-ng==1.0.0
# via -r requirements/test-common.in
From 8d0546ab12a7dbc0f6a8af4d2d2a4d03dc3a86be Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 6 Oct 2025 11:04:45 +0000
Subject: [PATCH 2/2] Bump certifi from 2025.8.3 to 2025.10.5 (#11563)
Bumps [certifi](https://github.com/certifi/python-certifi) from 2025.8.3
to 2025.10.5.
Commits
fb14ac4
2025.10.05 (#371)2c7c7ee
Add Python 3.14 classifier in setup.py1a5cb7b
Bump actions/setup-python from 5.6.0 to 6.0.0 (#367)dea5960
Bump pypa/gh-action-pypi-publish from 1.12.4 to 1.13.0 (#366)83566b7
Bump actions/checkout from 4.2.2 to 5.0.0ca2e121
Bump actions/download-artifact from 4.3.0 to 5.0.0- See full diff in compare
view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
requirements/constraints.txt | 2 +-
requirements/dev.txt | 2 +-
requirements/doc-spelling.txt | 2 +-
requirements/doc.txt | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/requirements/constraints.txt b/requirements/constraints.txt
index 0cc0d7a215f..f067c0e30ab 100644
--- a/requirements/constraints.txt
+++ b/requirements/constraints.txt
@@ -32,7 +32,7 @@ brotli==1.1.0 ; platform_python_implementation == "CPython"
# via -r requirements/runtime-deps.in
build==1.3.0
# via pip-tools
-certifi==2025.8.3
+certifi==2025.10.5
# via requests
cffi==2.0.0
# via
diff --git a/requirements/dev.txt b/requirements/dev.txt
index e4d1cb494c1..4afc488c8f8 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -32,7 +32,7 @@ brotli==1.1.0 ; platform_python_implementation == "CPython"
# via -r requirements/runtime-deps.in
build==1.3.0
# via pip-tools
-certifi==2025.8.3
+certifi==2025.10.5
# via requests
cffi==2.0.0
# via
diff --git a/requirements/doc-spelling.txt b/requirements/doc-spelling.txt
index 33290cb8e08..3c5f0f4048e 100644
--- a/requirements/doc-spelling.txt
+++ b/requirements/doc-spelling.txt
@@ -10,7 +10,7 @@ alabaster==1.0.0
# via sphinx
babel==2.17.0
# via sphinx
-certifi==2025.8.3
+certifi==2025.10.5
# via requests
charset-normalizer==3.4.3
# via requests
diff --git a/requirements/doc.txt b/requirements/doc.txt
index 9f7048ed453..1c6738f8613 100644
--- a/requirements/doc.txt
+++ b/requirements/doc.txt
@@ -10,7 +10,7 @@ alabaster==1.0.0
# via sphinx
babel==2.17.0
# via sphinx
-certifi==2025.8.3
+certifi==2025.10.5
# via requests
charset-normalizer==3.4.3
# via requests