Skip to content

[pull] master from aio-libs:master #426

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
pull merged 95 commits into from
Jan 3, 2026
Merged

[pull] master from aio-libs:master #426

pull merged 95 commits into from
Jan 3, 2026

Conversation

@pull
Copy link

@pull pull bot commented Jan 3, 2026
edited
Loading

See Commits and Changes for more details.

Created by pull[bot] (v2.0.0-alpha.4)

Can you help keep this open source service alive? 💖 Please sponsor : )

bdraco and others added 30 commits October 28, 2025 16:54
@bdraco
Increment version to 3.13.3.dev0
3f0a963 
Signed-off-by: J. Nick Koston <nick@home-assistant.io>
@cdce8p
[PR #11643 backport][3.14] Move dependency metadata from setup.cfg
881530d 
…to `pyproject.toml` (#11736)

This is a backport of PR #11643
as merged into master
(e1aec0a).

Modified the backport to include `attrs` again as present on the 3.14
branch.
@cdce8p
[PR #11643 backport][3.13] Move dependency metadata from setup.cfg
8211220 
…to `pyproject.toml` (#11735)

This is a backport of PR #11643
as merged into master
(e1aec0a).

Modified the backport to include `attrs` again as present on the 3.13
branch.
@dependabot
Bump virtualenv from 20.35.3 to 20.35.4 (#11739)
88a57ae 
Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.35.3 to
20.35.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/virtualenv/releases">virtualenv's
releases</a>.</em></p>
<blockquote>
<h2>20.35.4</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>release 20.35.3 by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/pypa/virtualenv/pull/2981">pypa/virtualenv#2981</a></li>
<li>fix: Prevent NameError when accessing _DISTUTILS_PATCH during file
ov… by <a href="https://github.com/gracetyy"><code>@​gracetyy</code></a>
in <a
href="https://redirect.github.com/pypa/virtualenv/pull/2982">pypa/virtualenv#2982</a></li>
<li>Upgrade pip and fix 3.15 picking old wheel by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/pypa/virtualenv/pull/2989">pypa/virtualenv#2989</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/gracetyy"><code>@​gracetyy</code></a>
made their first contribution in <a
href="https://redirect.github.com/pypa/virtualenv/pull/2982">pypa/virtualenv#2982</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/pypa/virtualenv/compare/20.35.3...20.35.4">https://github.com/pypa/virtualenv/compare/20.35.3...20.35.4</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst">virtualenv's
changelog</a>.</em></p>
<blockquote>
<h2>v20.35.4 (2025-10-28)</h2>
<p>Bugfixes - 20.35.4</p>
<pre><code>- Fix race condition in ``_virtualenv.py`` when file is
overwritten during import, preventing ``NameError`` when
``_DISTUTILS_PATCH`` is accessed - by :user:`gracetyy`. (:issue:`2969`)
- Upgrade embedded wheels:
<ul>
<li>pip to <code>25.3</code> from <code>25.2</code>
(:issue:<code>2989</code>)
</code></pre></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/virtualenv/commit/03815342726b1a8b33b55b5057bfd46b1d6b74c1"><code>0381534</code></a>
release 20.35.4</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/25207be3cecc22049cba1989ceee87dfed9a4d67"><code>25207be</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/virtualenv/issues/2989">#2989</a>
from gaborbernat/bump-pip</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/d593841e93c401bb230646d38de480ac4ac42da4"><code>d593841</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/virtualenv/issues/2984">#2984</a>
from pypa/pre-commit-ci-update-config</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/f742f8da0a3c313d617d41a0c44aac29d4e61edd"><code>f742f8d</code></a>
[pre-commit.ci] pre-commit autoupdate</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/0a644b0b6e0c68e89584fbce8339b366cb4cdf91"><code>0a644b0</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/virtualenv/issues/2982">#2982</a>
from gracetyy/fix/distutils_patch</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/2b125eb79cd4764dac26df30d9bf7b661bd74100"><code>2b125eb</code></a>
refactor: fix last commit according to review feedback</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/71d5e0929dca30a429a0144e0645a6b55d2851e5"><code>71d5e09</code></a>
[pre-commit.ci] auto fixes from pre-commit.com hooks</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/fd0a8342a383c126608e005e9ff0a7612e53a219"><code>fd0a834</code></a>
refactor: fix last commit according to review feedback</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/c5e51d4e45dbca840dac5929fbb7ed145c81c1fd"><code>c5e51d4</code></a>
refactor: use pytest tmp_path fixture instead of
tempfile.TemporaryDirectory</li>
<li><a
href="https://github.com/pypa/virtualenv/commit/629f7b836399aa90cfe29bbcbaac547d43181d45"><code>629f7b8</code></a>
Merge branch 'main' into fix/distutils_patch</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/virtualenv/compare/20.35.3...20.35.4">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=virtualenv&package-manager=pip&previous-version=20.35.3&new-version=20.35.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@patchback @Dreamsorcerer
[PR #11771/72fadb8f backport][3.14] Bump pypy to supported version (#…
fdd8a61 
…11772)

**This is a backport of PR #11771 as merged into master
(72fadb8).**

None

Co-authored-by: Sam Bull <git@sambull.org>
@patchback @Cycloctane
[PR #11689/a091c738 backport][3.14] Remove unused update-pre-commit c…
1a6abb4 
…i workflow (#11770)

**This is a backport of PR #11689 as merged into master
(a091c73).**

## What do these changes do?

update-pre-commit is broken after #5261 due to the incorrect
`github.repository_owner` condition. (See
<https://github.com/aio-libs/aiohttp/actions/workflows/update-pre-commit.yml>).
pre-commit auto update prs are actually created by pre-commit-ci app.
This workflow is not needed anyway.

Co-authored-by: Rui Xi <Cycloctane@outlook.com>
@patchback @Cycloctane
[PR #11689/a091c738 backport][3.13] Remove unused update-pre-commit c…
1e65581 
…i workflow (#11769)

**This is a backport of PR #11689 as merged into master
(a091c73).**

## What do these changes do?

update-pre-commit is broken after #5261 due to the incorrect
`github.repository_owner` condition. (See
<https://github.com/aio-libs/aiohttp/actions/workflows/update-pre-commit.yml>).
pre-commit auto update prs are actually created by pre-commit-ci app.
This workflow is not needed anyway.

Co-authored-by: Rui Xi <Cycloctane@outlook.com>
@gsoldatov
Request/Response storage typing (backport to v3.14) (#11775)
3dd962c 
(cherry picked from commit 3005510)
@Dreamsorcerer
Bump pypy to supported version (#11773)
de9d490
@dependabot
Bump regex from 2025.10.23 to 2025.11.3 (#11742)
5464754 
Bumps [regex](https://github.com/mrabarnett/mrab-regex) from 2025.10.23
to 2025.11.3.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/mrabarnett/mrab-regex/blob/hg/changelog.txt">regex's
changelog</a>.</em></p>
<blockquote>
<p>Version: 2025.11.3</p>
<pre><code>Git issue 594: Support relative PARNO in recursive
subpatterns
</code></pre>
<p>Version: 2025.10.23</p>
<pre><code>'setup.py' was missing from the source distribution.
</code></pre>
<p>Version: 2025.10.22</p>
<pre><code>Fixed test in main.yml.
</code></pre>
<p>Version: 2025.10.21</p>
<pre><code>Moved tests into subfolder.
</code></pre>
<p>Version: 2025.10.20</p>
<pre><code>Re-organised files.
<p>Updated to Unicode 17.0.0.<br />
</code></pre></p>
<p>Version: 2025.9.20</p>
<pre><code>Enable free-threading support in cibuildwheel in another
place.
</code></pre>
<p>Version: 2025.9.19</p>
<pre><code>Enable free-threading support in cibuildwheel.
</code></pre>
<p>Version: 2025.9.18</p>
<pre><code>Git issue 565: Support the free-threaded build of CPython
3.13
</code></pre>
<p>Version: 2025.9.1</p>
<pre><code>Git PR 585: Fix AttributeError: 'AnyAll' object has no
attribute '_key'
</code></pre>
<p>Version: 2025.8.29</p>
<pre><code>Git issue 584: AttributeError: 'AnyAll' object has no
attribute 'positive'
</code></pre>
<p>Version: 2025.7.34</p>
<pre><code>Git issue 575: Issues with ASCII/Unicode modifiers
</code></pre>
<p>Version: 2025.7.33</p>
<pre><code>Updated main.yml and pyproject.toml.
</code></pre>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/mrabarnett/mrab-regex/commit/b01d6e7349f1f754f9576e85aa19575acff0c839"><code>b01d6e7</code></a>
Git issue 594: Support relative PARNO in recursive subpatterns</li>
<li><a
href="https://github.com/mrabarnett/mrab-regex/commit/dd256cd36e6d7da215bb82be8e9b6e846e1140e5"><code>dd256cd</code></a>
Merge pull request <a
href="https://redirect.github.com/mrabarnett/mrab-regex/issues/591">#591</a>
from foosel/ci-tests</li>
<li><a
href="https://github.com/mrabarnett/mrab-regex/commit/1b2ca8c31d8d256f398576ddd3b8c27033d72a63"><code>1b2ca8c</code></a>
ci: run tests against sdist</li>
<li><a
href="https://github.com/mrabarnett/mrab-regex/commit/609733abe4d957b02406eeec59240850b03ff34d"><code>609733a</code></a>
ci: only release if the tests are green</li>
<li><a
href="https://github.com/mrabarnett/mrab-regex/commit/fa08ff1ed46ffeb7e618a7def415ddf89d888112"><code>fa08ff1</code></a>
ci: make sure to always run tests against full matrix</li>
<li>See full diff in <a
href="https://github.com/mrabarnett/mrab-regex/compare/2025.10.23...2025.11.3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=regex&package-manager=pip&previous-version=2025.10.23&new-version=2025.11.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump pre-commit from 4.3.0 to 4.4.0 (#11755)
092e29d 
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps [pre-commit](https://github.com/pre-commit/pre-commit) from 4.3.0
to 4.4.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pre-commit/pre-commit/releases">pre-commit's
releases</a>.</em></p>
<blockquote>
<h2>pre-commit v4.4.0</h2>
<h3>Features</h3>
<ul>
<li>Add <code>--fail-fast</code> option to <code>pre-commit run</code>.
<ul>
<li><a
href="https://redirect.github.com/pre-commit/pre-commit/issues/3528">#3528</a>
PR by <a
href="https://github.com/JulianMaurin"><code>@​JulianMaurin</code></a>.</li>
</ul>
</li>
<li>Upgrade <code>ruby-build</code> / <code>rbenv</code>.
<ul>
<li><a
href="https://redirect.github.com/pre-commit/pre-commit/issues/3566">#3566</a>
PR by <a
href="https://github.com/asottile"><code>@​asottile</code></a>.</li>
<li><a
href="https://redirect.github.com/pre-commit/pre-commit/issues/3565">#3565</a>
issue by <a
href="https://github.com/MRigal"><code>@​MRigal</code></a>.</li>
</ul>
</li>
<li>Add <code>language: unsupported</code> / <code>language:
unsupported_script</code> as aliases for <code>language: system</code> /
<code>language: script</code> (which will eventually be deprecated).
<ul>
<li><a
href="https://redirect.github.com/pre-commit/pre-commit/issues/3577">#3577</a>
PR by <a
href="https://github.com/asottile"><code>@​asottile</code></a>.</li>
</ul>
</li>
<li>Add support docker-in-docker detection for cgroups v2.
<ul>
<li><a
href="https://redirect.github.com/pre-commit/pre-commit/issues/3535">#3535</a>
PR by <a
href="https://github.com/br-rhrbacek"><code>@​br-rhrbacek</code></a>.</li>
<li><a
href="https://redirect.github.com/pre-commit/pre-commit/issues/3360">#3360</a>
issue by <a
href="https://github.com/JasonAlt"><code>@​JasonAlt</code></a>.</li>
</ul>
</li>
</ul>
<h3>Fixes</h3>
<ul>
<li>Handle when docker gives <code>SecurityOptions: null</code>.
<ul>
<li><a
href="https://redirect.github.com/pre-commit/pre-commit/issues/3537">#3537</a>
PR by <a
href="https://github.com/asottile"><code>@​asottile</code></a>.</li>
<li><a
href="https://redirect.github.com/pre-commit/pre-commit/issues/3514">#3514</a>
issue by <a
href="https://github.com/jenstroeger"><code>@​jenstroeger</code></a>.</li>
</ul>
</li>
<li>Fix error context for invalid <code>stages</code> in
<code>.pre-commit-config.yaml</code>.
<ul>
<li><a
href="https://redirect.github.com/pre-commit/pre-commit/issues/3576">#3576</a>
PR by <a
href="https://github.com/asottile"><code>@​asottile</code></a>.</li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pre-commit/pre-commit/blob/main/CHANGELOG.md">pre-commit's
changelog</a>.</em></p>
<blockquote>
<h1>4.4.0 - 2025-11-08</h1>
<h3>Features</h3>
<ul>
<li>Add <code>--fail-fast</code> option to <code>pre-commit run</code>.
<ul>
<li><a
href="https://redirect.github.com/pre-commit/pre-commit/issues/3528">#3528</a>
PR by <a
href="https://github.com/JulianMaurin"><code>@​JulianMaurin</code></a>.</li>
</ul>
</li>
<li>Upgrade <code>ruby-build</code> / <code>rbenv</code>.
<ul>
<li><a
href="https://redirect.github.com/pre-commit/pre-commit/issues/3566">#3566</a>
PR by <a
href="https://github.com/asottile"><code>@​asottile</code></a>.</li>
<li><a
href="https://redirect.github.com/pre-commit/pre-commit/issues/3565">#3565</a>
issue by <a
href="https://github.com/MRigal"><code>@​MRigal</code></a>.</li>
</ul>
</li>
<li>Add <code>language: unsupported</code> / <code>language:
unsupported_script</code> as aliases
for <code>language: system</code> / <code>language: script</code> (which
will eventually be
deprecated).
<ul>
<li><a
href="https://redirect.github.com/pre-commit/pre-commit/issues/3577">#3577</a>
PR by <a
href="https://github.com/asottile"><code>@​asottile</code></a>.</li>
</ul>
</li>
<li>Add support docker-in-docker detection for cgroups v2.
<ul>
<li><a
href="https://redirect.github.com/pre-commit/pre-commit/issues/3535">#3535</a>
PR by <a
href="https://github.com/br-rhrbacek"><code>@​br-rhrbacek</code></a>.</li>
<li><a
href="https://redirect.github.com/pre-commit/pre-commit/issues/3360">#3360</a>
issue by <a
href="https://github.com/JasonAlt"><code>@​JasonAlt</code></a>.</li>
</ul>
</li>
</ul>
<h3>Fixes</h3>
<ul>
<li>Handle when docker gives <code>SecurityOptions: null</code>.
<ul>
<li><a
href="https://redirect.github.com/pre-commit/pre-commit/issues/3537">#3537</a>
PR by <a
href="https://github.com/asottile"><code>@​asottile</code></a>.</li>
<li><a
href="https://redirect.github.com/pre-commit/pre-commit/issues/3514">#3514</a>
issue by <a
href="https://github.com/jenstroeger"><code>@​jenstroeger</code></a>.</li>
</ul>
</li>
<li>Fix error context for invalid <code>stages</code> in
<code>.pre-commit-config.yaml</code>.
<ul>
<li><a
href="https://redirect.github.com/pre-commit/pre-commit/issues/3576">#3576</a>
PR by <a
href="https://github.com/asottile"><code>@​asottile</code></a>.</li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pre-commit/pre-commit/commit/17cf8864737af2ce75c73839a0cdedc26ce50598"><code>17cf886</code></a>
v4.4.0</li>
<li><a
href="https://github.com/pre-commit/pre-commit/commit/cb63a5cb9a1f22342d7450315cb4daffe72f6c21"><code>cb63a5c</code></a>
Merge pull request <a
href="https://redirect.github.com/pre-commit/pre-commit/issues/3535">#3535</a>
from br-rhrbacek/fix-cgroups</li>
<li><a
href="https://github.com/pre-commit/pre-commit/commit/f80801d75a429d5eafa1d87e9f88f73b108d1890"><code>f80801d</code></a>
Fix docker-in-docker detection for cgroups v2</li>
<li><a
href="https://github.com/pre-commit/pre-commit/commit/9143fc35457adb0a2d28022b1149b131c40c0490"><code>9143fc3</code></a>
Merge pull request <a
href="https://redirect.github.com/pre-commit/pre-commit/issues/3577">#3577</a>
from pre-commit/language-unsupported</li>
<li><a
href="https://github.com/pre-commit/pre-commit/commit/725acc969a28a6bc9a7e2260f035426bc932e8da"><code>725acc9</code></a>
rename system and script languages to unsupported /
unsupported_script</li>
<li><a
href="https://github.com/pre-commit/pre-commit/commit/3815e2e6d87ba644ecc19f29177184df7ee16812"><code>3815e2e</code></a>
Merge pull request <a
href="https://redirect.github.com/pre-commit/pre-commit/issues/3576">#3576</a>
from pre-commit/fix-stages-config-error</li>
<li><a
href="https://github.com/pre-commit/pre-commit/commit/aa2961c122b4aa834c77e612232c154f9439c388"><code>aa2961c</code></a>
fix missing context in error for stages</li>
<li><a
href="https://github.com/pre-commit/pre-commit/commit/46297f7cd6e4f2615c3b5d50f09c6ea264679c6b"><code>46297f7</code></a>
Merge pull request <a
href="https://redirect.github.com/pre-commit/pre-commit/issues/3575">#3575</a>
from pre-commit/rm-python3-hooks-repo</li>
<li><a
href="https://github.com/pre-commit/pre-commit/commit/95eec7500464500d2ca0cc13d0986000508830e5"><code>95eec75</code></a>
rm python3_hooks_repo</li>
<li><a
href="https://github.com/pre-commit/pre-commit/commit/5e4b3546f30fc9b15ed71515d979e4a644d850f6"><code>5e4b354</code></a>
Merge pull request <a
href="https://redirect.github.com/pre-commit/pre-commit/issues/3574">#3574</a>
from pre-commit/rm-hook-with-spaces-test</li>
<li>Additional commits viewable in <a
href="https://github.com/pre-commit/pre-commit/compare/v4.3.0...v4.4.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pre-commit&package-manager=pip&previous-version=4.3.0&new-version=4.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump pytest from 8.4.2 to 9.0.0 (#11754)
d4e14f5 
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps [pytest](https://github.com/pytest-dev/pytest) from 8.4.2 to
9.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pytest-dev/pytest/releases">pytest's
releases</a>.</em></p>
<blockquote>
<h2>9.0.0</h2>
<h1>pytest 9.0.0 (2025-11-05)</h1>
<h2>New features</h2>
<ul>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/1367">#1367</a>:
<strong>Support for subtests</strong> has been added.</p>
<p><code>subtests &lt;subtests&gt;</code> are an alternative to
parametrization, useful in situations where the parametrization values
are not all known at collection time.</p>
<p>Example:</p>
<pre lang="python"><code>def contains_docstring(p: Path) -&gt; bool:
&quot;&quot;&quot;Return True if the given Python file contains a
top-level docstring.&quot;&quot;&quot;
    ...
<p>def test_py_files_contain_docstring(subtests: pytest.Subtests) -&gt;
None:
for path in Path.cwd().glob(&quot;*.py&quot;):
with subtests.test(path=str(path)):
assert contains_docstring(path)
</code></pre></p>
<p>Each assert failure or error is caught by the context manager and
reported individually, giving a clear picture of all files that are
missing a docstring.</p>
<p>In addition, <code>unittest.TestCase.subTest</code> is now also
supported.</p>
<p>This feature was originally implemented as a separate plugin in <a
href="https://github.com/pytest-dev/pytest-subtests">pytest-subtests</a>,
but since then has been merged into the core.</p>
<blockquote>
<p>[!NOTE]
This feature is experimental and will likely evolve in future releases.
By that we mean that we might change how subtests are reported on
failure, but the functionality and how to use it are stable.</p>
</blockquote>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/13743">#13743</a>:
Added support for <strong>native TOML configuration files</strong>.</p>
<p>While pytest, since version 6, supports configuration in
<code>pyproject.toml</code> files under
<code>[tool.pytest.ini_options]</code>,
it does so in an &quot;INI compatibility mode&quot;, where all
configuration values are treated as strings or list of strings.
Now, pytest supports the native TOML data model.</p>
<p>In <code>pyproject.toml</code>, the native TOML configuration is
under the <code>[tool.pytest]</code> table.</p>
<pre lang="toml"><code># pyproject.toml
[tool.pytest]
minversion = &quot;9.0&quot;
addopts = [&quot;-ra&quot;, &quot;-q&quot;]
testpaths = [
    &quot;tests&quot;,
    &quot;integration&quot;,
]
</code></pre>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pytest-dev/pytest/commit/f4b0fd2294a0b2f89bf308d513d574e1e2e01ad5"><code>f4b0fd2</code></a>
Prepare release version 9.0.0</li>
<li><a
href="https://github.com/pytest-dev/pytest/commit/52d8e6812667880b523d285b95c53af73b7866e3"><code>52d8e68</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/13889">#13889</a>
from bluetech/regendoc-restore</li>
<li><a
href="https://github.com/pytest-dev/pytest/commit/d6d3e4a4760bcdc9c2078b015d5967937b1df602"><code>d6d3e4a</code></a>
doc: fixes for regendoc</li>
<li><a
href="https://github.com/pytest-dev/pytest/commit/7cb397413f3d8270fad4de1004039d45cb1a841d"><code>7cb3974</code></a>
doc: restore missing &quot;# content of pytest.toml&quot; regendoc
commands</li>
<li><a
href="https://github.com/pytest-dev/pytest/commit/5ae9e4761b42a7c84d53486733d6ea8567dedccb"><code>5ae9e47</code></a>
build(deps): Bump django in /testing/plugins_integration (<a
href="https://redirect.github.com/pytest-dev/pytest/issues/13881">#13881</a>)</li>
<li><a
href="https://github.com/pytest-dev/pytest/commit/adb3658f091b8f3c4e0948298b1aefd16b6ce372"><code>adb3658</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/13864">#13864</a>
from bluetech/config-cleanups-2</li>
<li><a
href="https://github.com/pytest-dev/pytest/commit/a28c08efc6af57b94875c517dee0da0d9c201d7e"><code>a28c08e</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/13875">#13875</a>
from bluetech/ci-tweaks</li>
<li><a
href="https://github.com/pytest-dev/pytest/commit/a250954723eda5ae2cb60396a516762b08fa0644"><code>a250954</code></a>
ci: split publish-to-pypi and push-tag jobs</li>
<li><a
href="https://github.com/pytest-dev/pytest/commit/ebc152f84e40796ae88fadb71e4fd95c2946bfc3"><code>ebc152f</code></a>
ci: update setup python's from 3.11 or 3.* to 3.13</li>
<li><a
href="https://github.com/pytest-dev/pytest/commit/dfd796fb2ff6356af116f76d307f853dc11a10b2"><code>dfd796f</code></a>
ci: move running update-plugin-list script to tox</li>
<li>Additional commits viewable in <a
href="https://github.com/pytest-dev/pytest/compare/8.4.2...9.0.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pytest&package-manager=pip&previous-version=8.4.2&new-version=9.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump actions/upload-artifact from 4 to 5 (#11723)
3c15317 
Bumps
[actions/upload-artifact](https://github.com/actions/upload-artifact)
from 4 to 5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v5.0.0</h2>
<h2>What's Changed</h2>
<p><strong>BREAKING CHANGE:</strong> this update supports Node
<code>v24.x</code>. This is not a breaking change per-se but we're
treating it as such.</p>
<ul>
<li>Update README.md by <a
href="https://github.com/GhadimiR"><code>@​GhadimiR</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/681">actions/upload-artifact#681</a></li>
<li>Update README.md by <a
href="https://github.com/nebuk89"><code>@​nebuk89</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/712">actions/upload-artifact#712</a></li>
<li>Readme: spell out the first use of GHES by <a
href="https://github.com/danwkennedy"><code>@​danwkennedy</code></a> in
<a
href="https://redirect.github.com/actions/upload-artifact/pull/727">actions/upload-artifact#727</a></li>
<li>Update GHES guidance to include reference to Node 20 version by <a
href="https://github.com/patrikpolyak"><code>@​patrikpolyak</code></a>
in <a
href="https://redirect.github.com/actions/upload-artifact/pull/725">actions/upload-artifact#725</a></li>
<li>Bump <code>@actions/artifact</code> to <code>v4.0.0</code></li>
<li>Prepare <code>v5.0.0</code> by <a
href="https://github.com/danwkennedy"><code>@​danwkennedy</code></a> in
<a
href="https://redirect.github.com/actions/upload-artifact/pull/734">actions/upload-artifact#734</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/GhadimiR"><code>@​GhadimiR</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/upload-artifact/pull/681">actions/upload-artifact#681</a></li>
<li><a href="https://github.com/nebuk89"><code>@​nebuk89</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/upload-artifact/pull/712">actions/upload-artifact#712</a></li>
<li><a
href="https://github.com/danwkennedy"><code>@​danwkennedy</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/upload-artifact/pull/727">actions/upload-artifact#727</a></li>
<li><a
href="https://github.com/patrikpolyak"><code>@​patrikpolyak</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/upload-artifact/pull/725">actions/upload-artifact#725</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/upload-artifact/compare/v4...v5.0.0">https://github.com/actions/upload-artifact/compare/v4...v5.0.0</a></p>
<h2>v4.6.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Update to use artifact 2.3.2 package &amp; prepare for new
upload-artifact release by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/685">actions/upload-artifact#685</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/upload-artifact/pull/685">actions/upload-artifact#685</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/upload-artifact/compare/v4...v4.6.2">https://github.com/actions/upload-artifact/compare/v4...v4.6.2</a></p>
<h2>v4.6.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Update to use artifact 2.2.2 package by <a
href="https://github.com/yacaovsnc"><code>@​yacaovsnc</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/673">actions/upload-artifact#673</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/upload-artifact/compare/v4...v4.6.1">https://github.com/actions/upload-artifact/compare/v4...v4.6.1</a></p>
<h2>v4.6.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Expose env vars to control concurrency and timeout by <a
href="https://github.com/yacaovsnc"><code>@​yacaovsnc</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/662">actions/upload-artifact#662</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/upload-artifact/compare/v4...v4.6.0">https://github.com/actions/upload-artifact/compare/v4...v4.6.0</a></p>
<h2>v4.5.0</h2>
<h2>What's Changed</h2>
<ul>
<li>fix: deprecated <code>Node.js</code> version in action by <a
href="https://github.com/hamirmahal"><code>@​hamirmahal</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/578">actions/upload-artifact#578</a></li>
<li>Add new <code>artifact-digest</code> output by <a
href="https://github.com/bdehamer"><code>@​bdehamer</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/656">actions/upload-artifact#656</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/hamirmahal"><code>@​hamirmahal</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/upload-artifact/pull/578">actions/upload-artifact#578</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/upload-artifact/commit/330a01c490aca151604b8cf639adc76d48f6c5d4"><code>330a01c</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/upload-artifact/issues/734">#734</a>
from actions/danwkennedy/prepare-5.0.0</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/03f282445299bbefc96171af272a984663b63a26"><code>03f2824</code></a>
Update <code>github.dep.yml</code></li>
<li><a
href="https://github.com/actions/upload-artifact/commit/905a1ecb5915b264cbc519e4eb415b5d82916018"><code>905a1ec</code></a>
Prepare <code>v5.0.0</code></li>
<li><a
href="https://github.com/actions/upload-artifact/commit/2d9f9cdfa99fedaddba68e9b5b5c281eca26cc63"><code>2d9f9cd</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/upload-artifact/issues/725">#725</a>
from patrikpolyak/patch-1</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/9687587dec67f2a8bc69104e183d311c42af6d6f"><code>9687587</code></a>
Merge branch 'main' into patch-1</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/2848b2cda0e5190984587ec6bb1f36730ca78d50"><code>2848b2c</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/upload-artifact/issues/727">#727</a>
from danwkennedy/patch-1</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/9b511775fd9ce8c5710b38eea671f856de0e70a7"><code>9b51177</code></a>
Spell out the first use of GHES</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/cd231ca1eda77976a84805c4194a1954f56b0727"><code>cd231ca</code></a>
Update GHES guidance to include reference to Node 20 version</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/de65e23aa2b7e23d713bb51fbfcb6d502f8667d8"><code>de65e23</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/upload-artifact/issues/712">#712</a>
from actions/nebuk89-patch-1</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/8747d8cd7632611ad6060b528f3e0f654c98869c"><code>8747d8c</code></a>
Update README.md</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/upload-artifact/compare/v4...v5">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/upload-artifact&package-manager=github_actions&previous-version=4&new-version=5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

You can trigger a rebase of this PR by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

> **Note**
> Automatic rebases have been disabled on this pull request as it has
been open for over 30 days.

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump pydantic from 2.12.3 to 2.12.4 (#11747)
b7244d7 
Bumps [pydantic](https://github.com/pydantic/pydantic) from 2.12.3 to
2.12.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pydantic/pydantic/releases">pydantic's
releases</a>.</em></p>
<blockquote>
<h2>v2.12.4 2025-11-05</h2>
<h2>v2.12.4 (2025-11-05)</h2>
<p>This is the fourth 2.12 patch release, fixing more regressions, and
reverting a change in the <code>build()</code> method
of the <a
href="https://docs.pydantic.dev/latest/api/networks/"><code>AnyUrl</code>
and Dsn types</a>.</p>
<p>This patch release also fixes an issue with the serialization of IP
address types, when <code>serialize_as_any</code> is used. The next
patch release
will try to address the remaining issues with <em>serialize as any</em>
behavior by introducing a new <em>polymorphic serialization</em>
feature, that
should be used in most cases in place of <em>serialize as any</em>.</p>
<ul>
<li>
<p>Fix issue with forward references in parent <code>TypedDict</code>
classes by <a href="https://github.com/Viicos"><code>@​Viicos</code></a>
in <a
href="https://redirect.github.com/pydantic/pydantic/pull/12427">#12427</a>.</p>
<p>This issue is only relevant on Python 3.14 and greater.</p>
</li>
<li>
<p>Exclude fields with <code>exclude_if</code> from JSON Schema required
fields by <a href="https://github.com/Viicos"><code>@​Viicos</code></a>
in <a
href="https://redirect.github.com/pydantic/pydantic/pull/12430">#12430</a></p>
</li>
<li>
<p>Revert URL percent-encoding of credentials in the
<code>build()</code> method of the <a
href="https://docs.pydantic.dev/latest/api/networks/"><code>AnyUrl</code>
and Dsn types</a> by <a
href="https://github.com/davidhewitt"><code>@​davidhewitt</code></a> in
<a
href="https://redirect.github.com/pydantic/pydantic-core/pull/1833">pydantic-core#1833</a>.</p>
<p>This was initially considered as a bugfix, but caused regressions and
as such was fully reverted. The next release will include
an opt-in option to percent-encode components of the URL.</p>
</li>
<li>
<p>Add type inference for IP address types by <a
href="https://github.com/davidhewitt"><code>@​davidhewitt</code></a> in
<a
href="https://redirect.github.com/pydantic/pydantic-core/pull/1868">pydantic-core#1868</a>.</p>
<p>The 2.12 changes to the <code>serialize_as_any</code> behavior made
it so that IP address types could not properly serialize to JSON.</p>
</li>
<li>
<p>Avoid getting default values from defaultdict by <a
href="https://github.com/davidhewitt"><code>@​davidhewitt</code></a> in
<a
href="https://redirect.github.com/pydantic/pydantic-core/pull/1853">pydantic-core#1853</a>.</p>
<p>This fixes a subtle regression in the validation behavior of the <a
href="https://docs.python.org/3/library/collections.html#collections.defaultdict"><code>collections.defaultdict</code></a>
type.</p>
</li>
<li>
<p>Fix issue with field serializers on nested typed dictionaries by <a
href="https://github.com/davidhewitt"><code>@​davidhewitt</code></a> in
<a
href="https://redirect.github.com/pydantic/pydantic-core/pull/1879">pydantic-core#1879</a>.</p>
</li>
<li>
<p>Add more <code>pydantic-core</code> builds for the three-threaded
version of Python 3.14 by <a
href="https://github.com/davidhewitt"><code>@​davidhewitt</code></a> in
<a
href="https://redirect.github.com/pydantic/pydantic-core/pull/1864">pydantic-core#1864</a>.</p>
</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/pydantic/pydantic/compare/v2.12.3...v2.12.4">https://github.com/pydantic/pydantic/compare/v2.12.3...v2.12.4</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pydantic/pydantic/blob/v2.12.4/HISTORY.md">pydantic's
changelog</a>.</em></p>
<blockquote>
<h2>v2.12.4 (2025-11-05)</h2>
<p><a
href="https://github.com/pydantic/pydantic/releases/tag/v2.12.4">GitHub
release</a></p>
<p>This is the fourth 2.12 patch release, fixing more regressions, and
reverting a change in the <code>build()</code> method
of the <a
href="https://docs.pydantic.dev/latest/api/networks/"><code>AnyUrl</code>
and Dsn types</a>.</p>
<p>This patch release also fixes an issue with the serialization of IP
address types, when <code>serialize_as_any</code> is used. The next
patch release
will try to address the remaining issues with <em>serialize as any</em>
behavior by introducing a new <em>polymorphic serialization</em>
feature, that
should be used in most cases in place of <em>serialize as any</em>.</p>
<ul>
<li>
<p>Fix issue with forward references in parent <code>TypedDict</code>
classes by <a href="https://github.com/Viicos"><code>@​Viicos</code></a>
in <a
href="https://redirect.github.com/pydantic/pydantic/pull/12427">#12427</a>.</p>
<p>This issue is only relevant on Python 3.14 and greater.</p>
</li>
<li>
<p>Exclude fields with <code>exclude_if</code> from JSON Schema required
fields by <a href="https://github.com/Viicos"><code>@​Viicos</code></a>
in <a
href="https://redirect.github.com/pydantic/pydantic/pull/12430">#12430</a></p>
</li>
<li>
<p>Revert URL percent-encoding of credentials in the
<code>build()</code> method
of the <a
href="https://docs.pydantic.dev/latest/api/networks/"><code>AnyUrl</code>
and Dsn types</a> by <a
href="https://github.com/davidhewitt"><code>@​davidhewitt</code></a> in
<a
href="https://redirect.github.com/pydantic/pydantic-core/pull/1833">pydantic-core#1833</a>.</p>
<p>This was initially considered as a bugfix, but caused regressions and
as such was fully reverted. The next release will include
an opt-in option to percent-encode components of the URL.</p>
</li>
<li>
<p>Add type inference for IP address types by <a
href="https://github.com/davidhewitt"><code>@​davidhewitt</code></a> in
<a
href="https://redirect.github.com/pydantic/pydantic-core/pull/1868">pydantic-core#1868</a>.</p>
<p>The 2.12 changes to the <code>serialize_as_any</code> behavior made
it so that IP address types could not properly serialize to JSON.</p>
</li>
<li>
<p>Avoid getting default values from defaultdict by <a
href="https://github.com/davidhewitt"><code>@​davidhewitt</code></a> in
<a
href="https://redirect.github.com/pydantic/pydantic-core/pull/1853">pydantic-core#1853</a>.</p>
<p>This fixes a subtle regression in the validation behavior of the <a
href="https://docs.python.org/3/library/collections.html#collections.defaultdict"><code>collections.defaultdict</code></a>
type.</p>
</li>
<li>
<p>Fix issue with field serializers on nested typed dictionaries by <a
href="https://github.com/davidhewitt"><code>@​davidhewitt</code></a> in
<a
href="https://redirect.github.com/pydantic/pydantic-core/pull/1879">pydantic-core#1879</a>.</p>
</li>
<li>
<p>Add more <code>pydantic-core</code> builds for the three-threaded
version of Python 3.14 by <a
href="https://github.com/davidhewitt"><code>@​davidhewitt</code></a> in
<a
href="https://redirect.github.com/pydantic/pydantic-core/pull/1864">pydantic-core#1864</a>.</p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pydantic/pydantic/commit/5c842dfc9c245fb37aa1f5ec5b55c1aed10bd7e6"><code>5c842df</code></a>
Prepare release v2.12.4</li>
<li><a
href="https://github.com/pydantic/pydantic/commit/c678a710e8b8bb2ff4dce6233c6d5c88dc579136"><code>c678a71</code></a>
Bump <code>pydantic-core</code> to v2.41.5</li>
<li><a
href="https://github.com/pydantic/pydantic/commit/a7cd29254b2611c5768beb86e7ffd2c1c130a19a"><code>a7cd292</code></a>
Bump <code>cloudpickle</code> to v3.1.2</li>
<li><a
href="https://github.com/pydantic/pydantic/commit/21f627801b5eedfa87bed55925f73cf329cc9c2c"><code>21f6278</code></a>
Bump actions/setup-node from 5 to 6</li>
<li><a
href="https://github.com/pydantic/pydantic/commit/8d6be8fea9662203977b95758d97ec298edcd54a"><code>8d6be8f</code></a>
Bump astral-sh/setup-uv from 6 to 7</li>
<li><a
href="https://github.com/pydantic/pydantic/commit/17865ea3a1fd389ba697990b762f82a419a48221"><code>17865ea</code></a>
Bump actions/upload-artifact from 4 to 5</li>
<li><a
href="https://github.com/pydantic/pydantic/commit/90ad0af6b9340f72dde77997ed18fc180771e69f"><code>90ad0af</code></a>
Bump actions/download-artifact from 5 to 6</li>
<li><a
href="https://github.com/pydantic/pydantic/commit/18e6672b6fdeaeb75ccbbcb3c7883509b1f56cb3"><code>18e6672</code></a>
Drop testing under PyPy 3.9</li>
<li><a
href="https://github.com/pydantic/pydantic/commit/650215be2d2336a72af481b724b368fed356d7e8"><code>650215b</code></a>
Document workaround for <code>MongoDsn</code> default port</li>
<li><a
href="https://github.com/pydantic/pydantic/commit/e3267902272d8290ed6d1ae06f43052b2968ef14"><code>e326790</code></a>
Fix example of for <code>bytes_invalid_encoding</code> validation
error</li>
<li>Additional commits viewable in <a
href="https://github.com/pydantic/pydantic/compare/v2.12.3...v2.12.4">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pydantic&package-manager=pip&previous-version=2.12.3&new-version=2.12.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump cython from 3.1.6 to 3.2.0 (#11748)
4f78079 
Bumps [cython](https://github.com/cython/cython) from 3.1.6 to 3.2.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/cython/cython/releases">cython's
releases</a>.</em></p>
<blockquote>
<h2>3.2.0</h2>
<p>No release notes provided.</p>
<h2>3.2.0b3</h2>
<p>No release notes provided.</p>
<h2>3.2.0b2</h2>
<p>No release notes provided.</p>
<h2>3.2.0b1-3</h2>
<p>No release notes provided.</p>
<h2>3.2.0b1</h2>
<p>Not released due to package metadata problems.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/cython/cython/blob/master/CHANGES.rst">cython's
changelog</a>.</em></p>
<blockquote>
<h1>3.2.0 (2025-11-05)</h1>
<p>(Complete changelog for the 3.2.0 release, including
pre-releases.)</p>
<h2>Features added</h2>
<ul>
<li>
<p>Builtin exception types are now inferred.
(Github issue :issue:<code>6908</code>)</p>
</li>
<li>
<p>The list of known, inferred and optimised Python builtins was
updated.
<code>range</code> is now considered a type. <code>ascii</code>,
<code>bin</code>, <code>format</code>, <code>hex</code>,
<code>oct</code> were added as functions.
(Github issue :issue:<code>6931</code>)</p>
</li>
<li>
<p>The f-string syntax was extended according to PEP-701.
(Github issue :issue:<code>5452</code>)</p>
</li>
<li>
<p>t-strings are implemented according to PEP-750. The implementation
backports the template classes
but prefers existing backports if installed separately.
(Github issue :issue:<code>6811</code>)</p>
</li>
<li>
<p>Unknown return type annotations with <code>-&gt;</code> are no longer
rejected but produce warnings.
This allows better integration with Python type hints that are not
always usable for Cython.
<code>-&gt; None</code>  is also allowed now.
Patch by jpe.  (Github issue :issue:<code>6946</code>)</p>
</li>
<li>
<p>The runtime Python dispatch for fused functions is substantially
faster.
(Github issues :issue:<code>1385</code>, :issue:<code>6996</code>)</p>
</li>
<li>
<p>Freelists (via cdef class decorator and for internally used types
such as <code>async</code>)
are now also used in the Limited API and with extension type specs
enabled.
(Github issue :issue:<code>7151</code>)</p>
</li>
<li>
<p>Module imports now quickly check for an already imported module to
speed up reimports.
Patch by Lysandros Nikolaou. (Github issue :issue:<code>7035</code>)</p>
</li>
<li>
<p>Type checks on PEP-604 union types (<code>int | None</code>) are
optimised into separate checks.
(Github issue :issue:<code>6935</code>)</p>
</li>
<li>
<p>Assignments to the PEP-604 union type <code>float | None</code> allow
any suitable Python number as input
and convert it to a Python <code>float</code> automatically.
(Github issue :issue:<code>5750</code>)</p>
</li>
<li>
<p>Item type inference was improved for looping over literals.
(Github issue :issue:<code>6912</code>)</p>
</li>
<li>
<p>Looping over literal sequences and strings now uses efficient C array
looping if possible.
(Github issue :issue:<code>6926</code>)</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/cython/cython/commit/e6533f887fbde09d265ea85765d2e2fa235b38e5"><code>e6533f8</code></a>
Prepare release of 3.2.0.</li>
<li><a
href="https://github.com/cython/cython/commit/3748286bc1ffd5e74a91a8eefb56206ef2a5bb42"><code>3748286</code></a>
Update changelog.</li>
<li><a
href="https://github.com/cython/cython/commit/404f2268893f6f6e536b0063a5dc00e2c1b94823"><code>404f226</code></a>
Docs: Add a note that the Limited API is currently only supported in
CPython.</li>
<li><a
href="https://github.com/cython/cython/commit/f216cfb30e82af5a46ef2f522dfc97a4eb23c24a"><code>f216cfb</code></a>
Fix path building in cygdb script for Windows usage (<a
href="https://redirect.github.com/cython/cython/issues/7285">GH-7285</a>)</li>
<li><a
href="https://github.com/cython/cython/commit/ae782736986935746b7100a68162f832bce81b4d"><code>ae78273</code></a>
Add PyPy 3.11 to test matrix (<a
href="https://redirect.github.com/cython/cython/issues/7284">#7284</a>)</li>
<li><a
href="https://github.com/cython/cython/commit/b3528ac248ce1e05b6f33e344acd7b51e72bec51"><code>b3528ac</code></a>
Bump the github-actions group with 2 updates (<a
href="https://redirect.github.com/cython/cython/issues/7278">#7278</a>)</li>
<li><a
href="https://github.com/cython/cython/commit/1e2102362036a1872e4ca0d6a9acff7fe97c03d6"><code>1e21023</code></a>
Expand isolated limited API tests to cover more versions (<a
href="https://redirect.github.com/cython/cython/issues/7280">#7280</a>)</li>
<li><a
href="https://github.com/cython/cython/commit/e2ef20c527c7d0b1b01d2cbb486c0db92d54d323"><code>e2ef20c</code></a>
Move memoryview acquisition counting out of generic atomics code (<a
href="https://redirect.github.com/cython/cython/issues/7277">GH-7277</a>)</li>
<li><a
href="https://github.com/cython/cython/commit/15f5864c2811bbd4b29b9dad9ac5425aca18c8b8"><code>15f5864</code></a>
Docs: Fix C++ wrapping example in user guide (<a
href="https://redirect.github.com/cython/cython/issues/7195">GH-7195</a>)</li>
<li><a
href="https://github.com/cython/cython/commit/730a05b38a517180be7ec9b627c76d89d160cd55"><code>730a05b</code></a>
Prepare release of 3.2.0b3.</li>
<li>Additional commits viewable in <a
href="https://github.com/cython/cython/compare/3.1.6...3.2.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cython&package-manager=pip&previous-version=3.1.6&new-version=3.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump brotli from 1.1.0 to 1.2.0 (#11749)
8116039 
Bumps [brotli](https://github.com/google/brotli) from 1.1.0 to 1.2.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/google/brotli/releases">brotli's
releases</a>.</em></p>
<blockquote>
<h2>v1.2.0</h2>
<h3>SECURITY</h3>
<ul>
<li>python: added <code>Decompressor::can_accept_more_data</code> method
and optional
<code>output_buffer_limit</code> argument
<code>Decompressor::process</code>;
that allows mitigation of unexpectedly large output;
reported by Charles Chan (<a
href="https://github.com/charleswhchan">https://github.com/charleswhchan</a>)</li>
</ul>
<h3>Added</h3>
<ul>
<li><strong>decoder / encoder: added static initialization to reduce
binary size</strong></li>
<li>python: allow limiting decoder output (see SECURITY section)</li>
<li>CLI: <code>brcat</code> alias; allow decoding concatenated brotli
streams</li>
<li>kt: pure Kotlin decoder</li>
<li>cgo: support &quot;raw&quot; dictionaries</li>
<li>build: Bazel modules</li>
</ul>
<h3>Removed</h3>
<ul>
<li>java: dropped <code>finalize()</code> for native entities</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>java: in <code>compress</code> pass correct length to native
encoder</li>
</ul>
<h3>Improved</h3>
<ul>
<li>build: install man pages</li>
<li>build: updated / fixed / refined Bazel buildfiles</li>
<li>encoder: faster encoding</li>
<li>cgo: link via pkg-config</li>
<li>python: modernize extension / allow multi-phase module
initialization</li>
</ul>
<h3>Changed</h3>
<ul>
<li>decoder / encoder: static tables use &quot;small&quot; model (allows
2GiB+ binaries)</li>
</ul>
<h2>v1.2.0 RC2</h2>
<h2>What's Changed (compared to RC1)</h2>
<ul>
<li>pick changes from Debian patch by <a
href="https://github.com/copybara-service"><code>@​copybara-service</code></a>[bot]
in <a
href="https://redirect.github.com/google/brotli/pull/1349">google/brotli#1349</a></li>
<li>pick changes from Alpine patch by <a
href="https://github.com/copybara-service"><code>@​copybara-service</code></a>[bot]
in <a
href="https://redirect.github.com/google/brotli/pull/1348">google/brotli#1348</a></li>
<li>pick VCPKG patches by <a
href="https://github.com/copybara-service"><code>@​copybara-service</code></a>[bot]
in <a
href="https://redirect.github.com/google/brotli/pull/1350">google/brotli#1350</a></li>
<li>fix copy-paste in Java decoder by <a
href="https://github.com/copybara-service"><code>@​copybara-service</code></a>[bot]
in <a
href="https://redirect.github.com/google/brotli/pull/1357">google/brotli#1357</a></li>
</ul>
<h2>v1.2.0 RC1</h2>
<p><strong>IMPORTANT</strong>: though this is a pre-release for v1.2.0,
it is expected that some changes will be added before release; most
notably concerning build files: patches applied by Alpine, Debian,
Conan, VCPKG will be partially/fully integrated.</p>
<h3>SECURITY</h3>
<ul>
<li>python: added <code>Decompressor::can_accept_more_data</code> method
and optional
<code>output_buffer_limit</code> argument
<code>Decompressor::process</code>;
that allows mitigation of unexpectedly large output;
reported by Charles Chan (<a
href="https://github.com/charleswhchan">https://github.com/charleswhchan</a>)</li>
</ul>
<h3>Added</h3>
<ul>
<li><strong>decoder / encoder: added static initialization to reduce
binary size</strong></li>
<li>python: allow limiting decoder output (see SECURITY section)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/google/brotli/blob/master/CHANGELOG.md">brotli's
changelog</a>.</em></p>
<blockquote>
<h2>[1.2.0] - 2025-10-27</h2>
<h3>SECURITY</h3>
<ul>
<li>python: added <code>Decompressor::can_accept_more_data</code> method
and optional
<code>output_buffer_limit</code> argument
<code>Decompressor::process</code>;
that allows mitigation of unexpectedly large output;
reported by Charles Chan (<a
href="https://github.com/charleswhchan">https://github.com/charleswhchan</a>)</li>
</ul>
<h3>Added</h3>
<ul>
<li><strong>decoder / encoder: added static initialization to reduce
binary size</strong></li>
<li>python: allow limiting decoder output (see SECURITY section)</li>
<li>CLI: <code>brcat</code> alias; allow decoding concatenated brotli
streams</li>
<li>kt: pure Kotlin decoder</li>
<li>cgo: support &quot;raw&quot; dictionaries</li>
<li>build: Bazel modules</li>
</ul>
<h3>Removed</h3>
<ul>
<li>java: dropped <code>finalize()</code> for native entities</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>java: in <code>compress</code> pass correct length to native
encoder</li>
</ul>
<h3>Improved</h3>
<ul>
<li>build: install man pages</li>
<li>build: updated / fixed / refined Bazel buildfiles</li>
<li>encoder: faster encoding</li>
<li>cgo: link via pkg-config</li>
<li>python: modernize extension / allow multi-phase module
initialization</li>
</ul>
<h3>Changed</h3>
<ul>
<li>decoder / encoder: static tables use &quot;small&quot; model (allows
2GiB+ binaries)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/google/brotli/commit/028fb5a23661f123017c060daa546b55cf4bde29"><code>028fb5a</code></a>
release v1.2.0</li>
<li><a
href="https://github.com/google/brotli/commit/390de5b472ec8c40a7b8e5029e47fd6493f7a755"><code>390de5b</code></a>
build and test csharp decoder</li>
<li><a
href="https://github.com/google/brotli/commit/3499acbb7ac7818c1b929a8c9c5c5f8a634751da"><code>3499acb</code></a>
regenerate go/kt/js/ts</li>
<li><a
href="https://github.com/google/brotli/commit/8ca2312c61f1f5853be0708f9b1d6a6ad002d2a4"><code>8ca2312</code></a>
fix release workflow</li>
<li><a
href="https://github.com/google/brotli/commit/ee771daf20bab6533cbc629407c50cff1c87d9f1"><code>ee771da</code></a>
fix copy-paste in Java decoder</li>
<li><a
href="https://github.com/google/brotli/commit/42aee3289154cb3e8db1c7a8ebfa639c857578b9"><code>42aee32</code></a>
try to fix release workflow</li>
<li><a
href="https://github.com/google/brotli/commit/392c06bac05cc1d098ab105cbbda766f19853d92"><code>392c06b</code></a>
redesign release resource uploading</li>
<li><a
href="https://github.com/google/brotli/commit/1964cdb1b9e16a2a0c27fbd3b2a3bccb2c1a8294"><code>1964cdb</code></a>
ramp up all GH actions plugins</li>
<li><a
href="https://github.com/google/brotli/commit/61605b1cb34ba84ae71c13b383d850a59cac85b2"><code>61605b1</code></a>
pick VCPKG patches</li>
<li><a
href="https://github.com/google/brotli/commit/4b0f27b6f985b4301ad5cec4a31b9792ecf252bc"><code>4b0f27b</code></a>
pick changes from Alpine patch</li>
<li>Additional commits viewable in <a
href="https://github.com/google/brotli/compare/go/cbrotli/v1.1.0...v1.2.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=brotli&package-manager=pip&previous-version=1.1.0&new-version=1.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@patchback @dependabot
[PR #11749/81160396 backport][3.13] Bump brotli from 1.1.0 to 1.2.0 (#…
351989c 
…11779)

**This is a backport of PR #11749 as merged into 3.14
(8116039).**

Bumps [brotli](https://github.com/google/brotli) from 1.1.0 to 1.2.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/google/brotli/releases">brotli's
releases</a>.</em></p>
<blockquote>
<h2>v1.2.0</h2>
<h3>SECURITY</h3>
<ul>
<li>python: added <code>Decompressor::can_accept_more_data</code> method
and optional
<code>output_buffer_limit</code> argument
<code>Decompressor::process</code>;
that allows mitigation of unexpectedly large output;
reported by Charles Chan (<a
href="https://github.com/charleswhchan">https://github.com/charleswhchan</a>)</li>
</ul>
<h3>Added</h3>
<ul>
<li><strong>decoder / encoder: added static initialization to reduce
binary size</strong></li>
<li>python: allow limiting decoder output (see SECURITY section)</li>
<li>CLI: <code>brcat</code> alias; allow decoding concatenated brotli
streams</li>
<li>kt: pure Kotlin decoder</li>
<li>cgo: support &quot;raw&quot; dictionaries</li>
<li>build: Bazel modules</li>
</ul>
<h3>Removed</h3>
<ul>
<li>java: dropped <code>finalize()</code> for native entities</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>java: in <code>compress</code> pass correct length to native
encoder</li>
</ul>
<h3>Improved</h3>
<ul>
<li>build: install man pages</li>
<li>build: updated / fixed / refined Bazel buildfiles</li>
<li>encoder: faster encoding</li>
<li>cgo: link via pkg-config</li>
<li>python: modernize extension / allow multi-phase module
initialization</li>
</ul>
<h3>Changed</h3>
<ul>
<li>decoder / encoder: static tables use &quot;small&quot; model (allows
2GiB+ binaries)</li>
</ul>
<h2>v1.2.0 RC2</h2>
<h2>What's Changed (compared to RC1)</h2>
<ul>
<li>pick changes from Debian patch by <a
href="https://github.com/copybara-service"><code>@​copybara-service</code></a>[bot]
in <a
href="https://redirect.github.com/google/brotli/pull/1349">google/brotli#1349</a></li>
<li>pick changes from Alpine patch by <a
href="https://github.com/copybara-service"><code>@​copybara-service</code></a>[bot]
in <a
href="https://redirect.github.com/google/brotli/pull/1348">google/brotli#1348</a></li>
<li>pick VCPKG patches by <a
href="https://github.com/copybara-service"><code>@​copybara-service</code></a>[bot]
in <a
href="https://redirect.github.com/google/brotli/pull/1350">google/brotli#1350</a></li>
<li>fix copy-paste in Java decoder by <a
href="https://github.com/copybara-service"><code>@​copybara-service</code></a>[bot]
in <a
href="https://redirect.github.com/google/brotli/pull/1357">google/brotli#1357</a></li>
</ul>
<h2>v1.2.0 RC1</h2>
<p><strong>IMPORTANT</strong>: though this is a pre-release for v1.2.0,
it is expected that some changes will be added before release; most
notably concerning build files: patches applied by Alpine, Debian,
Conan, VCPKG will be partially/fully integrated.</p>
<h3>SECURITY</h3>
<ul>
<li>python: added <code>Decompressor::can_accept_more_data</code> method
and optional
<code>output_buffer_limit</code> argument
<code>Decompressor::process</code>;
that allows mitigation of unexpectedly large output;
reported by Charles Chan (<a
href="https://github.com/charleswhchan">https://github.com/charleswhchan</a>)</li>
</ul>
<h3>Added</h3>
<ul>
<li><strong>decoder / encoder: added static initialization to reduce
binary size</strong></li>
<li>python: allow limiting decoder output (see SECURITY section)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/google/brotli/blob/master/CHANGELOG.md">brotli's
changelog</a>.</em></p>
<blockquote>
<h2>[1.2.0] - 2025-10-27</h2>
<h3>SECURITY</h3>
<ul>
<li>python: added <code>Decompressor::can_accept_more_data</code> method
and optional
<code>output_buffer_limit</code> argument
<code>Decompressor::process</code>;
that allows mitigation of unexpectedly large output;
reported by Charles Chan (<a
href="https://github.com/charleswhchan">https://github.com/charleswhchan</a>)</li>
</ul>
<h3>Added</h3>
<ul>
<li><strong>decoder / encoder: added static initialization to reduce
binary size</strong></li>
<li>python: allow limiting decoder output (see SECURITY section)</li>
<li>CLI: <code>brcat</code> alias; allow decoding concatenated brotli
streams</li>
<li>kt: pure Kotlin decoder</li>
<li>cgo: support &quot;raw&quot; dictionaries</li>
<li>build: Bazel modules</li>
</ul>
<h3>Removed</h3>
<ul>
<li>java: dropped <code>finalize()</code> for native entities</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>java: in <code>compress</code> pass correct length to native
encoder</li>
</ul>
<h3>Improved</h3>
<ul>
<li>build: install man pages</li>
<li>build: updated / fixed / refined Bazel buildfiles</li>
<li>encoder: faster encoding</li>
<li>cgo: link via pkg-config</li>
<li>python: modernize extension / allow multi-phase module
initialization</li>
</ul>
<h3>Changed</h3>
<ul>
<li>decoder / encoder: static tables use &quot;small&quot; model (allows
2GiB+ binaries)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/google/brotli/commit/028fb5a23661f123017c060daa546b55cf4bde29"><code>028fb5a</code></a>
release v1.2.0</li>
<li><a
href="https://github.com/google/brotli/commit/390de5b472ec8c40a7b8e5029e47fd6493f7a755"><code>390de5b</code></a>
build and test csharp decoder</li>
<li><a
href="https://github.com/google/brotli/commit/3499acbb7ac7818c1b929a8c9c5c5f8a634751da"><code>3499acb</code></a>
regenerate go/kt/js/ts</li>
<li><a
href="https://github.com/google/brotli/commit/8ca2312c61f1f5853be0708f9b1d6a6ad002d2a4"><code>8ca2312</code></a>
fix release workflow</li>
<li><a
href="https://github.com/google/brotli/commit/ee771daf20bab6533cbc629407c50cff1c87d9f1"><code>ee771da</code></a>
fix copy-paste in Java decoder</li>
<li><a
href="https://github.com/google/brotli/commit/42aee3289154cb3e8db1c7a8ebfa639c857578b9"><code>42aee32</code></a>
try to fix release workflow</li>
<li><a
href="https://github.com/google/brotli/commit/392c06bac05cc1d098ab105cbbda766f19853d92"><code>392c06b</code></a>
redesign release resource uploading</li>
<li><a
href="https://github.com/google/brotli/commit/1964cdb1b9e16a2a0c27fbd3b2a3bccb2c1a8294"><code>1964cdb</code></a>
ramp up all GH actions plugins</li>
<li><a
href="https://github.com/google/brotli/commit/61605b1cb34ba84ae71c13b383d850a59cac85b2"><code>61605b1</code></a>
pick VCPKG patches</li>
<li><a
href="https://github.com/google/brotli/commit/4b0f27b6f985b4301ad5cec4a31b9792ecf252bc"><code>4b0f27b</code></a>
pick changes from Alpine patch</li>
<li>Additional commits viewable in <a
href="https://github.com/google/brotli/compare/go/cbrotli/v1.1.0...v1.2.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=brotli&package-manager=pip&previous-version=1.1.0&new-version=1.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump actions/checkout from 5 to 6 (#11768)
96060ae 
Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to
6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/releases">actions/checkout's
releases</a>.</em></p>
<blockquote>
<h2>v6.0.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Update README to include Node.js 24 support details and requirements
by <a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout#2248</a></li>
<li>Persist creds to a separate file by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout#2286</a></li>
<li>v6-beta by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2298">actions/checkout#2298</a></li>
<li>update readme/changelog for v6 by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2311">actions/checkout#2311</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v5.0.0...v6.0.0">https://github.com/actions/checkout/compare/v5.0.0...v6.0.0</a></p>
<h2>v6-beta</h2>
<h2>What's Changed</h2>
<p>Updated persist-credentials to store the credentials under
<code>$RUNNER_TEMP</code> instead of directly in the local git
config.</p>
<p>This requires a minimum Actions Runner version of <a
href="https://github.com/actions/runner/releases/tag/v2.329.0">v2.329.0</a>
to access the persisted credentials for <a
href="https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action">Docker
container action</a> scenarios.</p>
<h2>v5.0.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Port v6 cleanup to v5 by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2301">actions/checkout#2301</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v5...v5.0.1">https://github.com/actions/checkout/compare/v5...v5.0.1</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2>V6.0.0</h2>
<ul>
<li>Persist creds to a separate file by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout#2286</a></li>
<li>Update README to include Node.js 24 support details and requirements
by <a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout#2248</a></li>
</ul>
<h2>V5.0.1</h2>
<ul>
<li>Port v6 cleanup to v5 by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2301">actions/checkout#2301</a></li>
</ul>
<h2>V5.0.0</h2>
<ul>
<li>Update actions checkout to use node 24 by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li>
</ul>
<h2>V4.3.1</h2>
<ul>
<li>Port v6 cleanup to v4 by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2305">actions/checkout#2305</a></li>
</ul>
<h2>V4.3.0</h2>
<ul>
<li>docs: update README.md by <a
href="https://github.com/motss"><code>@​motss</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li>
<li>Add internal repos for checking out multiple repositories by <a
href="https://github.com/mouismail"><code>@​mouismail</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li>
<li>Documentation update - add recommended permissions to Readme by <a
href="https://github.com/benwells"><code>@​benwells</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li>
<li>Adjust positioning of user email note and permissions heading by <a
href="https://github.com/joshmgross"><code>@​joshmgross</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2044">actions/checkout#2044</a></li>
<li>Update README.md by <a
href="https://github.com/nebuk89"><code>@​nebuk89</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li>
<li>Update CODEOWNERS for actions by <a
href="https://github.com/TingluoHuang"><code>@​TingluoHuang</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/2224">actions/checkout#2224</a></li>
<li>Update package dependencies by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li>
</ul>
<h2>v4.2.2</h2>
<ul>
<li><code>url-helper.ts</code> now leverages well-known environment
variables by <a href="https://github.com/jww3"><code>@​jww3</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li>
<li>Expand unit test coverage for <code>isGhes</code> by <a
href="https://github.com/jww3"><code>@​jww3</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li>
</ul>
<h2>v4.2.1</h2>
<ul>
<li>Check out other refs/* by commit if provided, fall back to ref by <a
href="https://github.com/orhantoy"><code>@​orhantoy</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li>
</ul>
<h2>v4.2.0</h2>
<ul>
<li>Add Ref and Commit outputs by <a
href="https://github.com/lucacome"><code>@​lucacome</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1180">actions/checkout#1180</a></li>
<li>Dependency updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>- <a
href="https://redirect.github.com/actions/checkout/pull/1777">actions/checkout#1777</a>,
<a
href="https://redirect.github.com/actions/checkout/pull/1872">actions/checkout#1872</a></li>
</ul>
<h2>v4.1.7</h2>
<ul>
<li>Bump the minor-npm-dependencies group across 1 directory with 4
updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1739">actions/checkout#1739</a></li>
<li>Bump actions/checkout from 3 to 4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1697">actions/checkout#1697</a></li>
<li>Check out other refs/* by commit by <a
href="https://github.com/orhantoy"><code>@​orhantoy</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1774">actions/checkout#1774</a></li>
<li>Pin actions/checkout's own workflows to a known, good, stable
version. by <a href="https://github.com/jww3"><code>@​jww3</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1776">actions/checkout#1776</a></li>
</ul>
<h2>v4.1.6</h2>
<ul>
<li>Check platform to set archive extension appropriately by <a
href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1732">actions/checkout#1732</a></li>
</ul>
<h2>v4.1.5</h2>
<ul>
<li>Update NPM dependencies by <a
href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1703">actions/checkout#1703</a></li>
<li>Bump github/codeql-action from 2 to 3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1694">actions/checkout#1694</a></li>
<li>Bump actions/setup-node from 1 to 4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1696">actions/checkout#1696</a></li>
<li>Bump actions/upload-artifact from 2 to 4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1695">actions/checkout#1695</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/checkout/commit/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3"><code>1af3b93</code></a>
update readme/changelog for v6 (<a
href="https://redirect.github.com/actions/checkout/issues/2311">#2311</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/71cf2267d89c5cb81562390fa70a37fa40b1305e"><code>71cf226</code></a>
v6-beta (<a
href="https://redirect.github.com/actions/checkout/issues/2298">#2298</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/069c6959146423d11cd0184e6accf28f9d45f06e"><code>069c695</code></a>
Persist creds to a separate file (<a
href="https://redirect.github.com/actions/checkout/issues/2286">#2286</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493"><code>ff7abcd</code></a>
Update README to include Node.js 24 support details and requirements (<a
href="https://redirect.github.com/actions/checkout/issues/2248">#2248</a>)</li>
<li>See full diff in <a
href="https://github.com/actions/checkout/compare/v5...v6">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/checkout&package-manager=github_actions&previous-version=5&new-version=6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump certifi from 2025.10.5 to 2025.11.12 (#11788)
1951c23 
Bumps [certifi](https://github.com/certifi/python-certifi) from
2025.10.5 to 2025.11.12.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/certifi/python-certifi/commit/37ea150bee10958559f804f128de2fdd48e1ed45"><code>37ea150</code></a>
2025.11.12 (<a
href="https://redirect.github.com/certifi/python-certifi/issues/375">#375</a>)</li>
<li><a
href="https://github.com/certifi/python-certifi/commit/2fa50bb698145e2401e17b23f6969d3952a6f7c1"><code>2fa50bb</code></a>
Bump actions/upload-artifact from 4.6.2 to 5.0.0 (<a
href="https://redirect.github.com/certifi/python-certifi/issues/374">#374</a>)</li>
<li><a
href="https://github.com/certifi/python-certifi/commit/6cadb5304715523e57ea425f833aa3495a4e01e4"><code>6cadb53</code></a>
Bump actions/download-artifact from 5.0.0 to 6.0.0 (<a
href="https://redirect.github.com/certifi/python-certifi/issues/373">#373</a>)</li>
<li>See full diff in <a
href="https://github.com/certifi/python-certifi/compare/2025.10.05...2025.11.12">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=certifi&package-manager=pip&previous-version=2025.10.5&new-version=2025.11.12)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump execnet from 2.1.1 to 2.1.2 (#11789)
e7420bf 
Bumps [execnet](https://github.com/pytest-dev/execnet) from 2.1.1 to
2.1.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pytest-dev/execnet/blob/master/CHANGELOG.rst">execnet's
changelog</a>.</em></p>
<blockquote>
<h2>2.1.2 (2025-11-11)</h2>
<ul>
<li><code>[#376](pytest-dev/execnet#376)
&lt;https://github.com/pytest-dev/execnet/issues/376&gt;</code>__ fix
artifact building - pin minimal version of hatch.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pytest-dev/execnet/commit/9313ece783ba2bd565eb1a2a8a71be441af56199"><code>9313ece</code></a>
Release 2.1.2</li>
<li><a
href="https://github.com/pytest-dev/execnet/commit/45a4d872775ae77366b62d6c93adb5c3ec51c966"><code>45a4d87</code></a>
Test on pypy-3.11 instead of pypy-3.8 (<a
href="https://redirect.github.com/pytest-dev/execnet/issues/375">#375</a>)</li>
<li><a
href="https://github.com/pytest-dev/execnet/commit/03462f5ad357cb28de83f28af6977e620b81c607"><code>03462f5</code></a>
Update hatchling version requirement in pyproject.toml (<a
href="https://redirect.github.com/pytest-dev/execnet/issues/377">#377</a>)</li>
<li><a
href="https://github.com/pytest-dev/execnet/commit/f05618084b3e524babe6d684e97443a16c4ecaf2"><code>f056180</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/pytest-dev/execnet/issues/378">#378</a>)</li>
<li><a
href="https://github.com/pytest-dev/execnet/commit/a9d75e74b6913b9f4940de4d90e796b464ca88f9"><code>a9d75e7</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/pytest-dev/execnet/issues/373">#373</a>)</li>
<li><a
href="https://github.com/pytest-dev/execnet/commit/9bfff13008d02cb5e0943ac57811b07ed7d81ffd"><code>9bfff13</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/pytest-dev/execnet/issues/372">#372</a>)</li>
<li><a
href="https://github.com/pytest-dev/execnet/commit/caf108da5946aa4355eb853cb0f1fb5d6a359013"><code>caf108d</code></a>
build(deps): bump actions/download-artifact from 5 to 6 (<a
href="https://redirect.github.com/pytest-dev/execnet/issues/371">#371</a>)</li>
<li><a
href="https://github.com/pytest-dev/execnet/commit/d3074cd90921317e8d9510bf2fb41e48ed7b62fd"><code>d3074cd</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/pytest-dev/execnet/issues/370">#370</a>)</li>
<li><a
href="https://github.com/pytest-dev/execnet/commit/35aa8073a2ae51a38bb787784fd79d0bfba517cb"><code>35aa807</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/pytest-dev/execnet/issues/369">#369</a>)</li>
<li><a
href="https://github.com/pytest-dev/execnet/commit/d823f13ba81a1d14051dda54eb0931c73b7afdf7"><code>d823f13</code></a>
build(deps): bump hynek/build-and-inspect-python-package (<a
href="https://redirect.github.com/pytest-dev/execnet/issues/368">#368</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/pytest-dev/execnet/compare/v2.1.1...v2.1.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=execnet&package-manager=pip&previous-version=2.1.1&new-version=2.1.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump backports-zstd from 1.0.0 to 1.1.0 (#11790)
ee20538 
Bumps [backports-zstd](https://github.com/rogdham/backports.zstd) from
1.0.0 to 1.1.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/Rogdham/backports.zstd/blob/master/CHANGELOG.md">backports-zstd's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/rogdham/backports.zstd/releases/tag/v1.1.0">1.1.0</a>
- 2025-11-23</h2>
<h3>:rocket: Added</h3>
<ul>
<li>Shorten import time by lazy loading the <code>register_shutil</code>
function</li>
</ul>
<h3>:bug: Fixes</h3>
<ul>
<li>Fix assertion on Python 3.13 when build with <code>DEBUG</code></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/Rogdham/backports.zstd/commit/b2f19470a3bdd47c925535e087442ad4fb514df3"><code>b2f1947</code></a>
chore: prepare v1.1.0</li>
<li><a
href="https://github.com/Rogdham/backports.zstd/commit/6d16910ab389120de965418eb1f0a8dcb0df693f"><code>6d16910</code></a>
feat: lazy load register_shutil</li>
<li><a
href="https://github.com/Rogdham/backports.zstd/commit/33780f92c11c296ab7745f215303034a82004f60"><code>33780f9</code></a>
chore: remove NDEBUG local patch</li>
<li><a
href="https://github.com/Rogdham/backports.zstd/commit/361f25b32e6dd0e11ac255043dfb079ceb7095aa"><code>361f25b</code></a>
chore: test with DEBUG</li>
<li><a
href="https://github.com/Rogdham/backports.zstd/commit/1abb8e37de02c6d4398f2b2a13f5c8469a169306"><code>1abb8e3</code></a>
fix: assertions on 3.13</li>
<li>See full diff in <a
href="https://github.com/rogdham/backports.zstd/compare/v1.0.0...v1.1.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=backports-zstd&package-manager=pip&previous-version=1.0.0&new-version=1.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump sphinxcontrib-spelling from 8.0.1 to 8.0.2 (#11792)
1d651d3 
Bumps
[sphinxcontrib-spelling](https://github.com/sphinx-contrib/spelling)
from 8.0.1 to 8.0.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sphinx-contrib/spelling/releases">sphinxcontrib-spelling's
releases</a>.</em></p>
<blockquote>
<h2>8.0.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Switch to hatch by <a
href="https://github.com/dhellmann"><code>@​dhellmann</code></a> in <a
href="https://redirect.github.com/sphinx-contrib/spelling/pull/233">sphinx-contrib/spelling#233</a></li>
<li>build(deps): bump actions/checkout from 4 to 5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/sphinx-contrib/spelling/pull/235">sphinx-contrib/spelling#235</a></li>
<li>feat: explicitly add python 3.13 support by <a
href="https://github.com/dhellmann"><code>@​dhellmann</code></a> in <a
href="https://redirect.github.com/sphinx-contrib/spelling/pull/236">sphinx-contrib/spelling#236</a></li>
<li>feat: add automatically generated documentation for key modules by
<a href="https://github.com/dhellmann"><code>@​dhellmann</code></a> in
<a
href="https://redirect.github.com/sphinx-contrib/spelling/pull/237">sphinx-contrib/spelling#237</a></li>
<li>build(deps): bump actions/setup-python from 5 to 6 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/sphinx-contrib/spelling/pull/238">sphinx-contrib/spelling#238</a></li>
<li>build(deps): bump actions/checkout from 5 to 6 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/sphinx-contrib/spelling/pull/239">sphinx-contrib/spelling#239</a></li>
<li>fix: handle TypeError when source is None in Sphinx 8.2 by <a
href="https://github.com/dhellmann"><code>@​dhellmann</code></a> in <a
href="https://redirect.github.com/sphinx-contrib/spelling/pull/240">sphinx-contrib/spelling#240</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/sphinx-contrib/spelling/compare/8.0.1...8.0.2">https://github.com/sphinx-contrib/spelling/compare/8.0.1...8.0.2</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/sphinx-contrib/spelling/commit/c039e7aad17ce88018bd2b2451a4b24c2627017b"><code>c039e7a</code></a>
Merge pull request <a
href="https://redirect.github.com/sphinx-contrib/spelling/issues/240">#240</a>
from dhellmann/fix-issue-234-none-source</li>
<li><a
href="https://github.com/sphinx-contrib/spelling/commit/92b510f74ac0171871b3450647eb2a991ecda7b9"><code>92b510f</code></a>
fix: remove pkglint job</li>
<li><a
href="https://github.com/sphinx-contrib/spelling/commit/fe50721b04c794d09543ecb0de6c707f21e90fce"><code>fe50721</code></a>
fix: handle TypeError when source is None in Sphinx 8.2</li>
<li><a
href="https://github.com/sphinx-contrib/spelling/commit/7b84d6a76b0e92504ea7f67ce86dc34b3ca4ad79"><code>7b84d6a</code></a>
Merge pull request <a
href="https://redirect.github.com/sphinx-contrib/spelling/issues/239">#239</a>
from sphinx-contrib/dependabot/github_actions/actions...</li>
<li><a
href="https://github.com/sphinx-contrib/spelling/commit/5eb3af9a38d5e55cdda60ff98d0dfa3ccab949c1"><code>5eb3af9</code></a>
build(deps): bump actions/checkout from 5 to 6</li>
<li><a
href="https://github.com/sphinx-contrib/spelling/commit/9dde976dd3bb4b276575ded108bbd789413eecf4"><code>9dde976</code></a>
Merge pull request <a
href="https://redirect.github.com/sphinx-contrib/spelling/issues/238">#238</a>
from sphinx-contrib/dependabot/github_actions/actions...</li>
<li><a
href="https://github.com/sphinx-contrib/spelling/commit/62a8631b20548fb218cdafa2a6a2c828aec8077a"><code>62a8631</code></a>
build(deps): bump actions/setup-python from 5 to 6</li>
<li><a
href="https://github.com/sphinx-contrib/spelling/commit/f28e446ae78a3e0862f9f2f9473bd8ff82acf877"><code>f28e446</code></a>
Merge pull request <a
href="https://redirect.github.com/sphinx-contrib/spelling/issues/237">#237</a>
from dhellmann/add-autodoc</li>
<li><a
href="https://github.com/sphinx-contrib/spelling/commit/91593190fbd8134bb0b089dec0f87c05dbb2d11a"><code>9159319</code></a>
feat: add automatically generated documentation for key modules</li>
<li><a
href="https://github.com/sphinx-contrib/spelling/commit/81ea0f008b0cc8f38c5bf16229f996955e002e7e"><code>81ea0f0</code></a>
Merge pull request <a
href="https://redirect.github.com/sphinx-contrib/spelling/issues/236">#236</a>
from dhellmann/python-3.13</li>
<li>Additional commits viewable in <a
href="https://github.com/sphinx-contrib/spelling/compare/8.0.1...8.0.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=sphinxcontrib-spelling&package-manager=pip&previous-version=8.0.1&new-version=8.0.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump pip-tools from 7.5.1 to 7.5.2 (#11793)
00c5965 
Bumps [pip-tools](https://github.com/jazzband/pip-tools) from 7.5.1 to
7.5.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/jazzband/pip-tools/releases">pip-tools's
releases</a>.</em></p>
<blockquote>
<h2>v7.5.2</h2>
<p><em>2025-11-11</em></p>
<h3>Bug fixes</h3>
<ul>
<li>
<p>Fixed <code>pip-compile</code> to handle relative path includes which
are not subpaths of the current working directory -- by <a
href="https://github.com/sirosen"><code>@​sirosen</code></a>.</p>
<p><em>PRs and issues:</em> <a
href="https://redirect.github.com/jazzband/pip-tools/issues/2231">#2231</a>,
<a
href="https://redirect.github.com/jazzband/pip-tools/issues/2260">#2260</a></p>
</li>
<li>
<p>Using <code>--upgrade-package</code> and dynamically building project
metadata no longer causes an <code>AttributeError</code> when pip
encounters an error during the build -- by <a
href="https://github.com/Epic"><code>@​Epic</code></a>_Wink and <a
href="https://github.com/tusharsadhwani"><code>@​tusharsadhwani</code></a>.</p>
<p><em>PRs and issues:</em> <a
href="https://redirect.github.com/jazzband/pip-tools/issues/2258">#2258</a></p>
</li>
</ul>
<h3>Features</h3>
<ul>
<li>
<p>Test and declare Python 3.13 support -- by <a
href="https://github.com/jayaddison"><code>@​jayaddison</code></a> (for
OpenCulinary).</p>
<p><em>PRs and issues:</em> <a
href="https://redirect.github.com/jazzband/pip-tools/issues/2251">#2251</a></p>
</li>
<li>
<p>pip-tools is now compatible with pip 25.3 -- by <a
href="https://github.com/shifqu"><code>@​shifqu</code></a>.</p>
<p><em>PRs and issues:</em> <a
href="https://redirect.github.com/jazzband/pip-tools/issues/2252">#2252</a>,
<a
href="https://redirect.github.com/jazzband/pip-tools/issues/2253">#2253</a></p>
</li>
</ul>
<h3>Packaging updates and notes for downstreams</h3>
<ul>
<li>
<p><code>pip-tools</code> now supports installation from git archives by
providing <code>setuptools-scm</code> with
<code>.git_archival.txt</code> data.</p>
<p><em>PRs and issues:</em> <a
href="https://redirect.github.com/jazzband/pip-tools/issues/2225">#2225</a></p>
</li>
</ul>
<h3>Contributor-facing changes</h3>
<ul>
<li>
<p>The <a
href="https://github.com/sanitizers/chronographer-github-app">change log
entry bot</a> has been explicitly configured to stop requiring news
fragments in pull requests having the <a
href="https://github.com/jazzband/pip-tools/labels/bot:chronographer:skip"><code>bot:chronographer:skip</code>
label</a> set -- by <a
href="https://github.com/sirosen"><code>@​sirosen</code></a> and <a
href="https://github.com/webknjaz"><code>@​webknjaz</code></a>.</p>
<p>It was also set up to reference our change log authoring document
from the GitHub Checks pages. And the reported check name is now set to
<code>Change log entry</code>.</p>
<p><em>PRs and issues:</em> <a
href="https://redirect.github.com/jazzband/pip-tools/issues/2201">#2201</a></p>
</li>
<li>
<p>The CI is now set up to invoke failed tests again with maximum level
of detail -- by <a
href="https://github.com/webknjaz"><code>@​webknjaz</code></a>.</p>
<p>The change is aimed at helping troubleshoot failures that might be
difficult to reproduce locally.</p>
<p><em>PRs and issues:</em> <a
href="https://redirect.github.com/jazzband/pip-tools/issues/2254">#2254</a></p>
</li>
<li>
<p>The integration with Codecov has been updated to ensure that reports
are uploaded to the service even on failures -- by <a
href="https://github.com/webknjaz"><code>@​webknjaz</code></a>.</p>
<p>GitHub Actions is now configured to also send an explicit
notification to Codecov about the completion of previously initiated
uploads.</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/jazzband/pip-tools/blob/main/CHANGELOG.md">pip-tools's
changelog</a>.</em></p>
<blockquote>
<h2>v7.5.2</h2>
<p><em>2025-11-11</em></p>
<h3>Bug fixes</h3>
<ul>
<li>
<p>Fixed <code>pip-compile</code> to handle relative path includes which
are not subpaths of
the current working directory -- by {user}<code>sirosen</code>.</p>
<p><em>PRs and issues:</em> {issue}<code>2231</code>,
{issue}<code>2260</code></p>
</li>
<li>
<p>Using <code>--upgrade-package</code> and dynamically building project
metadata no
longer causes an {exc}<code>AttributeError</code> when pip encounters an
error during the
build -- by {user}<code>Epic_Wink</code> and
{user}<code>tusharsadhwani</code>.</p>
<p><em>PRs and issues:</em> {issue}<code>2258</code></p>
</li>
</ul>
<h3>Features</h3>
<ul>
<li>
<p>Test and declare Python 3.13 support -- by
{user}<code>jayaddison</code> (for OpenCulinary).</p>
<p><em>PRs and issues:</em> {issue}<code>2251</code></p>
</li>
<li>
<p>pip-tools is now compatible with pip 25.3 -- by
{user}<code>shifqu</code>.</p>
<p><em>PRs and issues:</em> {issue}<code>2252</code>,
{issue}<code>2253</code></p>
</li>
</ul>
<h3>Packaging updates and notes for downstreams</h3>
<ul>
<li>
<p><code>pip-tools</code> now supports installation from git archives by
providing
<code>setuptools-scm</code> with <code>.git_archival.txt</code>
data.</p>
<p><em>PRs and issues:</em> {issue}<code>2225</code></p>
</li>
</ul>
<h3>Contributor-facing changes</h3>
<ul>
<li>
<p>The <a
href="https://github.com/sanitizers/chronographer-github-app">change log
entry bot</a> has been explicitly configured to stop requiring
news fragments in pull requests having the <a
href="https://github.com/jazzband/pip-tools/labels/bot:chronographer:skip"><code>bot:chronographer:skip</code>
label</a> set
-- by {user}<code>sirosen</code> and {user}<code>webknjaz</code>.</p>
<p>It was also set up to reference our change log authoring document
from the
GitHub Checks pages. And the reported check name is now set to
<code>Change log entry</code>.</p>
<p><em>PRs and issues:</em> {issue}<code>2201</code></p>
</li>
<li>
<p>The CI is now set up to invoke failed tests again with
maximum level of detail -- by {user}<code>webknjaz</code>.</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/jazzband/pip-tools/commit/eb9606f414a3d5feac521face32822ab69775d44"><code>eb9606f</code></a>
Merge pull request <a
href="https://redirect.github.com/jazzband/pip-tools/issues/2270">#2270</a>
from sirosen/release-7.5.2</li>
<li><a
href="https://github.com/jazzband/pip-tools/commit/2cbb9333ef7d0dd0d1ee00ff72cc355073587590"><code>2cbb933</code></a>
Update changelog for version 7.5.2</li>
<li><a
href="https://github.com/jazzband/pip-tools/commit/d33539cbf81cb0c754360674191dd4e20a8e0812"><code>d33539c</code></a>
Merge pull request <a
href="https://redirect.github.com/jazzband/pip-tools/issues/2253">#2253</a>
from shifqu/fix/remove-opt-pep517</li>
<li><a
href="https://github.com/jazzband/pip-tools/commit/43e115907480b10fdcd2096758d86507a231c9ba"><code>43e1159</code></a>
Apply suggestions from code review</li>
<li><a
href="https://github.com/jazzband/pip-tools/commit/b7e8f9b072c9e1673ac7595c2e3f08c8ea555059"><code>b7e8f9b</code></a>
changelog: add news fragment for towncrier</li>
<li><a
href="https://github.com/jazzband/pip-tools/commit/88f2761472bfe88c0e13d00a203f277db8ed1af1"><code>88f2761</code></a>
tests: lower required coverage for py38 to 98%</li>
<li><a
href="https://github.com/jazzband/pip-tools/commit/608c47b87cb30ac95ece10156cef1c342163632c"><code>608c47b</code></a>
feat: add deprecation warnings in cli and sync</li>
<li><a
href="https://github.com/jazzband/pip-tools/commit/43952fc7cb9e0a5d55b5d2016aa4753ffac58773"><code>43952fc</code></a>
tests: ensure tox pipsupported uses pip 25.3</li>
<li><a
href="https://github.com/jazzband/pip-tools/commit/bfa96b5a1bac9d24e359c76cd706dcf0a325fd89"><code>bfa96b5</code></a>
tests: provide minimal_wheels_path as a fixture</li>
<li><a
href="https://github.com/jazzband/pip-tools/commit/10a4b443a1f1863e851d42f1ae97dd219b4e1818"><code>10a4b44</code></a>
fix: remove deprecated options from resolver and
install_requirement</li>
<li>Additional commits viewable in <a
href="https://github.com/jazzband/pip-tools/compare/v7.5.1...v7.5.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip-tools&package-manager=pip&previous-version=7.5.1&new-version=7.5.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump exceptiongroup from 1.3.0 to 1.3.1 (#11791)
7a1dafc 
Bumps [exceptiongroup](https://github.com/agronholm/exceptiongroup) from
1.3.0 to 1.3.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/agronholm/exceptiongroup/releases">exceptiongroup's
releases</a>.</em></p>
<blockquote>
<h2>1.3.1</h2>
<ul>
<li>Fixed <code>AttributeError: 'TracebackException' object has no
attribute 'exceptions'</code> when formatting unpickled TBEs from
another Python process which did not apply the
<code>exceptiongroup</code> patches (<a
href="https://redirect.github.com/agronholm/exceptiongroup/issues/144">#144</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/agronholm/exceptiongroup/blob/main/CHANGES.rst">exceptiongroup's
changelog</a>.</em></p>
<blockquote>
<h1>Version history</h1>
<p>This library adheres to <code>Semantic Versioning 2.0
&lt;http://semver.org/&gt;</code>_.</p>
<p><strong>1.3.1</strong></p>
<ul>
<li>Fixed <code>AttributeError: 'TracebackException' object has no
attribute 'exceptions'</code>
when formatting unpickled TBEs from another Python process which did not
apply the
<code>exceptiongroup</code> patches
(<code>[#144](agronholm/exceptiongroup#144)
&lt;https://github.com/agronholm/exceptiongroup/issues/144&gt;</code>_)</li>
</ul>
<p><strong>1.3.0</strong></p>
<ul>
<li>Added <code>**kwargs</code> to function and method signatures as
appropriate to match the
signatures in the standard library</li>
<li>In line with the stdlib typings in typeshed, updated
<code>(Base)ExceptionGroup</code> generic
types to define defaults for their generic arguments (defaulting to
<code>BaseExceptionGroup[BaseException]</code> and
<code>ExceptionGroup[Exception]</code>)
(PR by <a
href="https://github.com/mikenerone"><code>@​mikenerone</code></a>)</li>
<li>Changed <code>BaseExceptionGroup.__init__()</code> to directly call
<code>BaseException.__init__()</code> instead of the superclass
<code>__init__()</code> in order to
emulate the CPython behavior (broken or not) (PR by <a
href="https://github.com/cfbolz"><code>@​cfbolz</code></a>)</li>
<li>Changed the <code>exceptions</code> attribute to always return the
same tuple of exceptions,
created from the original exceptions sequence passed to
<code>BaseExceptionGroup</code> to
match CPython behavior
(<code>[#143](agronholm/exceptiongroup#143)
&lt;https://github.com/agronholm/exceptiongroup/issues/143&gt;</code>_)</li>
</ul>
<p><strong>1.2.2</strong></p>
<ul>
<li>Removed an <code>assert</code> in
<code>exceptiongroup._formatting</code> that caused compatibility
issues with Sentry
(<code>[#123](agronholm/exceptiongroup#123)
&lt;https://github.com/agronholm/exceptiongroup/issues/123&gt;</code>_)</li>
</ul>
<p><strong>1.2.1</strong></p>
<ul>
<li>Updated the copying of <code>__notes__</code> to match CPython
behavior (PR by CF Bolz-Tereick)</li>
<li>Corrected the type annotation of the exception handler callback to
accept a
<code>BaseExceptionGroup</code> instead of
<code>BaseException</code></li>
<li>Fixed type errors on Python &lt; 3.10 and the type annotation of
<code>suppress()</code>
(PR by John Litborn)</li>
</ul>
<p><strong>1.2.0</strong></p>
<ul>
<li>Added special monkeypatching if <code>Apport
&lt;https://github.com/canonical/apport&gt;</code>_ has
overridden <code>sys.excepthook</code> so it will format exception
groups correctly
(PR by John Litborn)</li>
<li>Added a backport of <code>contextlib.suppress()</code> from Python
3.12.1 which also handles
suppressing exceptions inside exception groups</li>
<li>Fixed bare <code>raise</code> in a handler reraising the original
naked exception rather than
an exception group which is what is raised when you do a
<code>raise</code> in an <code>except*</code></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/agronholm/exceptiongroup/commit/ddddb6fdf8582c4ae5187dc1bd258115974229fe"><code>ddddb6f</code></a>
Added the release version</li>
<li><a
href="https://github.com/agronholm/exceptiongroup/commit/49c5e60d9efad1416f4f42455e119375904a1d6d"><code>49c5e60</code></a>
Fixed AttributeError when formatting unpickled TBEs from an unpatched
process</li>
<li><a
href="https://github.com/agronholm/exceptiongroup/commit/1be517f553249822a8fa12a4d7520d4b3ef15acd"><code>1be517f</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/agronholm/exceptiongroup/issues/152">#152</a>)</li>
<li><a
href="https://github.com/agronholm/exceptiongroup/commit/af0ea2fdfe218a4c2a1cb31ebd1a61dba459af6f"><code>af0ea2f</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/agronholm/exceptiongroup/issues/149">#149</a>)</li>
<li><a
href="https://github.com/agronholm/exceptiongroup/commit/7c980a88a06a72db3d796d98504b335d24274abb"><code>7c980a8</code></a>
Removed pin on pyright version</li>
<li><a
href="https://github.com/agronholm/exceptiongroup/commit/ef853368c8b94479adbd33cc58f1cac05839e116"><code>ef85336</code></a>
Fixed typing job not finding Python 3.14</li>
<li><a
href="https://github.com/agronholm/exceptiongroup/commit/080b3f4e925bbdb8cee70cc30c5ef2937eab2bde"><code>080b3f4</code></a>
Pinned pyright version to fix typeshed related failure</li>
<li><a
href="https://github.com/agronholm/exceptiongroup/commit/ac660908a1987880eddbb249947c1eef6e08513b"><code>ac66090</code></a>
Added Python 3.14 to the test matrix</li>
<li><a
href="https://github.com/agronholm/exceptiongroup/commit/a0da94dadfb39c0b52c0cd5c87ace166b00f74c1"><code>a0da94d</code></a>
Fixed test failures on Python 3.14</li>
<li>See full diff in <a
href="https://github.com/agronholm/exceptiongroup/compare/1.3.0...1.3.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=exceptiongroup&package-manager=pip&previous-version=1.3.0&new-version=1.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump pypa/cibuildwheel from 3.2.1 to 3.3.0 (#11760)
149dfa7 
Bumps [pypa/cibuildwheel](https://github.com/pypa/cibuildwheel) from
3.2.1 to 3.3.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/cibuildwheel/releases">pypa/cibuildwheel's
releases</a>.</em></p>
<blockquote>
<h2>v3.3.0</h2>
<ul>
<li>🐛 Fix an incompatibility with Docker v29 (<a
href="https://redirect.github.com/pypa/cibuildwheel/issues/2660">#2660</a>)</li>
<li>✨ Adds <code>test-runtime</code> option, to customise how tests on
simulated/emulated environments are run (<a
href="https://redirect.github.com/pypa/cibuildwheel/issues/2636">#2636</a>)</li>
<li>✨ Adds support for new <code>manylinux_2_35</code> images on 32-bit
ARM <code>armv7l</code>, offering better C++20 compatibility (<a
href="https://redirect.github.com/pypa/cibuildwheel/issues/2656">#2656</a>)</li>
<li>✨ <code>build[uv]</code> is now supported on Android (<a
href="https://redirect.github.com/pypa/cibuildwheel/issues/2587">#2587</a>)</li>
<li>✨ You can now install extras (such as <code>uv</code>) with a simple
option on the GitHub Action (<a
href="https://redirect.github.com/pypa/cibuildwheel/issues/2630">#2630</a>)</li>
<li>✨ <code>{project}</code> and <code>{package}</code> placeholders are
now supported in <code>repair-wheel-command</code> (<a
href="https://redirect.github.com/pypa/cibuildwheel/issues/2589">#2589</a>)</li>
<li>🛠 The versions set with <code>dependency-versions</code> no longer
constrain packages specified by your <code>build-system.requires</code>.
Previously, on platforms other than Linux, the constraints in this
option would remain in the environment during the build. This has been
tidied up make behaviour more consistent between platforms, and to
prevent version conflicts. (<a
href="https://redirect.github.com/pypa/cibuildwheel/issues/2583">#2583</a>)</li>
<li>🛠 Improve the handling of <code>test-command</code> on Android,
enabling more options to be passed (<a
href="https://redirect.github.com/pypa/cibuildwheel/issues/2590">#2590</a>)</li>
<li>📚 Docs improvements (<a
href="https://redirect.github.com/pypa/cibuildwheel/issues/2618">#2618</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/cibuildwheel/blob/main/docs/changelog.md">pypa/cibuildwheel's
changelog</a>.</em></p>
<blockquote>
<h3>v3.3.0</h3>
<p><em>12 November 2025</em></p>
<ul>
<li>🐛 Fix an incompatibility with Docker v29 (<a
href="https://redirect.github.com/pypa/cibuildwheel/issues/2660">#2660</a>)</li>
<li>✨ Adds <code>test-runtime</code> option, to customise how tests on
simulated/emulated environments are run (<a
href="https://redirect.github.com/pypa/cibuildwheel/issues/2636">#2636</a>)</li>
<li>✨ Adds support for new <code>manylinux_2_35</code> images on 32-bit
ARM <code>armv7l</code>, offering better C++20 compatibility (<a
href="https://redirect.github.com/pypa/cibuildwheel/issues/2656">#2656</a>)</li>
<li>✨ <code>build[uv]</code> is now supported on Android (<a
href="https://redirect.github.com/pypa/cibuildwheel/issues/2587">#2587</a>)</li>
<li>✨ You can now install extras (such as <code>uv</code>) with a simple
option on the GitHub Action (<a
href="https://redirect.github.com/pypa/cibuildwheel/issues/2630">#2630</a>)</li>
<li>✨ <code>{project}</code> and <code>{package}</code> placeholders are
now supported in <code>repair-wheel-command</code> (<a
href="https://redirect.github.com/pypa/cibuildwheel/issues/2589">#2589</a>)</li>
<li>🛠 The versions set with <code>dependency-versions</code> no longer
constrain packages specified by your <code>build-system.requires</code>.
Previously, on platforms other than Linux, the constraints in this
option would remain in the environment during the build. This has been
tidied up make behaviour more consistent between platforms, and to
prevent version conflicts. (<a
href="https://redirect.github.com/pypa/cibuildwheel/issues/2583">#2583</a>)</li>
<li>🛠 Improve the handling of <code>test-command</code> on Android,
enabling more options to be passed (<a
href="https://redirect.github.com/pypa/cibuildwheel/issues/2590">#2590</a>)</li>
<li>📚 Docs improvements (<a
href="https://redirect.github.com/pypa/cibuildwheel/issues/2618">#2618</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/cibuildwheel/commit/63fd63b352a9a8bdcc24791c9dbee952ee9a8abc"><code>63fd63b</code></a>
Bump version: v3.3.0</li>
<li><a
href="https://github.com/pypa/cibuildwheel/commit/f4fe311fc96f735aa0d7beb74d6ae61801cf5382"><code>f4fe311</code></a>
fix: support Docker 29 (<a
href="https://redirect.github.com/pypa/cibuildwheel/issues/2660">#2660</a>)</li>
<li><a
href="https://github.com/pypa/cibuildwheel/commit/f6c810852d424abdddc6abc44d1e4b165797399d"><code>f6c8108</code></a>
feat: make the <code>{project}</code> placeholder available to
<code>repair-wheel-command</code> (#...</li>
<li><a
href="https://github.com/pypa/cibuildwheel/commit/ccbae30b538eeacb2269052ca6603ba28485206b"><code>ccbae30</code></a>
feat: support uv with Android (<a
href="https://redirect.github.com/pypa/cibuildwheel/issues/2587">#2587</a>)</li>
<li><a
href="https://github.com/pypa/cibuildwheel/commit/1337e50f74cda9ab8a65568b3052d7e4b82da54c"><code>1337e50</code></a>
chore: pytest log_level is better than log_cli_level (<a
href="https://redirect.github.com/pypa/cibuildwheel/issues/2657">#2657</a>)</li>
<li><a
href="https://github.com/pypa/cibuildwheel/commit/720f8e266f6c4b5d3064fc8c366397266eaedfe5"><code>720f8e2</code></a>
feat: add manylinux_2_35 (<a
href="https://redirect.github.com/pypa/cibuildwheel/issues/2656">#2656</a>)</li>
<li><a
href="https://github.com/pypa/cibuildwheel/commit/4c7f3696b166b9a2cefcd9c33a7ace9648a823b9"><code>4c7f369</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/pypa/cibuildwheel/issues/2658">#2658</a>)</li>
<li><a
href="https://github.com/pypa/cibuildwheel/commit/e1baa60eb0f6e7e57cbb5087940acefcaa86fb97"><code>e1baa60</code></a>
chore: enable more Ruff checks (<a
href="https://redirect.github.com/pypa/cibuildwheel/issues/2654">#2654</a>)</li>
<li><a
href="https://github.com/pypa/cibuildwheel/commit/1f2f8b28d5cf5adac0ccab4078dcb415f53c7d2b"><code>1f2f8b2</code></a>
fix: don't constrain <code>build-system.requires</code> with our
<code>dependency-versions</code> (...</li>
<li><a
href="https://github.com/pypa/cibuildwheel/commit/8c5b02f42c051a818a176259fc5f4d1876cb5945"><code>8c5b02f</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/pypa/cibuildwheel/issues/2648">#2648</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/cibuildwheel/compare/v3.2.1...v3.3.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pypa/cibuildwheel&package-manager=github_actions&previous-version=3.2.1&new-version=3.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@patchback @meehand
[PR #11795/d0970585 backport][3.14] Added regression test for cached …
b796fce 
…logging status (#11803)

**This is a backport of PR #11795 as merged into master
(d097058).**

---------

Co-authored-by: meehand <70619157+meehand@users.noreply.github.com>
@patchback @meehand
[PR #11795/d0970585 backport][3.13] Added regression test for cached …
ea6c065 
…logging status (#11802)

**This is a backport of PR #11795 as merged into master
(d097058).**

---------

Co-authored-by: meehand <70619157+meehand@users.noreply.github.com>
@patchback @cbornet
[PR #11804/bffff8cf backport][3.14] Bump blockbuster to 1.5.26 (#11805)
77ab8f3 
**This is a backport of PR #11804 as merged into master
(bffff8c).**

Co-authored-by: Christophe Bornet <cbornet@hotmail.com>
@Dreamsorcerer @cbornet
Bump blockbuster to 1.5.26 (#11804) (#11806)
3e4c3be 
(cherry picked from commit bffff8c)

Co-authored-by: Christophe Bornet <cbornet@hotmail.com>
@dependabot
Bump cfgv from 3.4.0 to 3.5.0 (#11801)
14a65ba 
Bumps [cfgv](https://github.com/asottile/cfgv) from 3.4.0 to 3.5.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/asottile/cfgv/commit/c7342120ec8513671fb8dd54d8a14399dc59cd47"><code>c734212</code></a>
v3.5.0</li>
<li><a
href="https://github.com/asottile/cfgv/commit/d64e0cc2ba77dff75a4c15fb6cf5e6ed315dc80b"><code>d64e0cc</code></a>
Merge pull request <a
href="https://redirect.github.com/asottile/cfgv/issues/158">#158</a>
from asottile/key-value-map</li>
<li><a
href="https://github.com/asottile/cfgv/commit/641559f162edff0c37277cd7c5ebd2b65292fad1"><code>641559f</code></a>
add KeyValueMap</li>
<li><a
href="https://github.com/asottile/cfgv/commit/82e2f93a1554805a8938a6a3a588efe982e03019"><code>82e2f93</code></a>
Merge pull request <a
href="https://redirect.github.com/asottile/cfgv/issues/157">#157</a>
from asottile/pre-commit-ci-update-config</li>
<li><a
href="https://github.com/asottile/cfgv/commit/69cd02016f6a69de3a19a9741f16aa6d40120164"><code>69cd020</code></a>
[pre-commit.ci] pre-commit autoupdate</li>
<li><a
href="https://github.com/asottile/cfgv/commit/5ccc4d404d9a6a83bd3b12c1a24437db7ce8a081"><code>5ccc4d4</code></a>
Merge pull request <a
href="https://redirect.github.com/asottile/cfgv/issues/156">#156</a>
from asottile/pre-commit-ci-update-config</li>
<li><a
href="https://github.com/asottile/cfgv/commit/2e7ffe560a5de38906821304378fe26ceb7a536c"><code>2e7ffe5</code></a>
[pre-commit.ci] pre-commit autoupdate</li>
<li><a
href="https://github.com/asottile/cfgv/commit/ef7849933897d28727e453646a5a632202724d41"><code>ef78499</code></a>
Merge pull request <a
href="https://redirect.github.com/asottile/cfgv/issues/155">#155</a>
from asottile/all-repos_autofix_all-repos-manual</li>
<li><a
href="https://github.com/asottile/cfgv/commit/b34b882bba1f683e9e3da7b3ab97e3ee1607977f"><code>b34b882</code></a>
py310+</li>
<li><a
href="https://github.com/asottile/cfgv/commit/724a279ea352c1883761e34e3f261c11be28f374"><code>724a279</code></a>
Merge pull request <a
href="https://redirect.github.com/asottile/cfgv/issues/154">#154</a>
from asottile/pre-commit-ci-update-config</li>
<li>Additional commits viewable in <a
href="https://github.com/asottile/cfgv/compare/v3.4.0...v3.5.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cfgv&package-manager=pip&previous-version=3.4.0&new-version=3.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Dreamsorcerer and others added 27 commits January 2, 2026 03:36
@Dreamsorcerer @adi928
Fixing test for Continuation frame without intial frame (#11862) (#11882
fafe1eb 
)

---------


(cherry picked from commit 18bc50b)

Co-authored-by: Aditya Nath <928.aditya@gmail.com>
@dependabot
Bump librt from 0.7.5 to 0.7.7 (#11884)
a969cc5 
Bumps [librt](https://github.com/mypyc/librt) from 0.7.5 to 0.7.7.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/mypyc/librt/commit/47149079cf6edb66c55f83317aa5981958e5554e"><code>4714907</code></a>
Sync mypy again</li>
<li><a
href="https://github.com/mypyc/librt/commit/07adeefad93ce769e940552850d1245d8fa1402c"><code>07adeef</code></a>
Sync mypy</li>
<li><a
href="https://github.com/mypyc/librt/commit/17ea540eb315f047fbb565c30a6f488141eb64c6"><code>17ea540</code></a>
Only run release step on tags (<a
href="https://redirect.github.com/mypyc/librt/issues/28">#28</a>)</li>
<li>See full diff in <a
href="https://github.com/mypyc/librt/compare/v0.7.5...v0.7.7">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=librt&package-manager=pip&previous-version=0.7.5&new-version=0.7.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@patchback @bdraco
[PR #11893/fb93442c backport][3.14] Add tests for static route resolu…
f7a7043 
…tion with trailing slash (#11896)

Co-authored-by: J. Nick Koston <nick@koston.org>
@patchback @bdraco
[PR #11893/fb93442c backport][3.13] Add tests for static route resolu…
14d0c81 
…tion with trailing slash (#11895)

Co-authored-by: J. Nick Koston <nick@koston.org>
@Dreamsorcerer
Improve regex performance (#11885) (#11899)
6dde72e 
(cherry picked from commit bcf0a36)
@Dreamsorcerer
Reject non-ascii characters in some headers (#11886) (#11901)
ff3f0e2 
(cherry picked from commit 5affd64)
@Dreamsorcerer
Improve regex performance (#11885) (#11900)
15a367e 
(cherry picked from commit bcf0a36)
@Dreamsorcerer
Reject non-ascii characters in some headers (#11886) (#11902)
32677f2 
(cherry picked from commit 5affd64)
@patchback @Dreamsorcerer
[PR #11887/7a067d19 backport][3.14] Reject non-ascii digits in Range …
6d76ac3 
…header (#11904)

**This is a backport of PR #11887 as merged into master
(7a067d1).**

Co-authored-by: Sam Bull <git@sambull.org>
@patchback @Dreamsorcerer
[PR #11887/7a067d19 backport][3.13] Reject non-ascii digits in Range …
c7b7a04 
…header (#11903)

**This is a backport of PR #11887 as merged into master
(7a067d1).**

Co-authored-by: Sam Bull <git@sambull.org>
@Dreamsorcerer @bdraco
Reject static URLs that traverse outside static root (#11888) (#11906)
f2a86fd 
(cherry picked from commit 63961fa)

Co-authored-by: J. Nick Koston <nick@koston.org>
@Dreamsorcerer @bdraco
Reject static URLs that traverse outside static root (#11888) (#11905)
94fb7fc 
(cherry picked from commit 63961fa)

Co-authored-by: J. Nick Koston <nick@koston.org>
@Dreamsorcerer
Enforce client_max_size over entire multipart form (#11889) (#11907)
fae376c 
(cherry picked from commit ed90718)
@Dreamsorcerer
Enforce client_max_size over entire multipart form (#11889) (#11908)
b7dbd35 
(cherry picked from commit ed90718)
@patchback @Dreamsorcerer
[PR #11890/384a1730 backport][3.14] Log once per cookie header (#11910)
1933571 
**This is a backport of PR #11890 as merged into master
(384a173).**

Co-authored-by: Sam Bull <git@sambull.org>
@patchback @Dreamsorcerer
[PR #11890/384a1730 backport][3.13] Log once per cookie header (#11909)
64629a0 
**This is a backport of PR #11890 as merged into master
(384a173).**

Co-authored-by: Sam Bull <git@sambull.org>
@patchback @Dreamsorcerer @Finder16
[PR #11892/271532ea backport][3.14] Use collections.deque for chunk s…
540053a 
…plits (#11911)

**This is a backport of PR #11892 as merged into master
(271532e).**

Co-authored-by: Sam Bull <git@sambull.org>
Co-authored-by: Finder <nakamurajames123@gmail.com>
@Dreamsorcerer @Finder16
Use collections.deque for chunk splits (#11892) (#11912)
dc3170b 
(cherry picked from commit 271532e)

---------

Co-authored-by: Finder <nakamurajames123@gmail.com>
@Dreamsorcerer @bdraco
Replace asserts with exceptions (#11897) (#11913)
ed4ab6f 
(cherry picked from commit d5bf65f)

Co-authored-by: J. Nick Koston <nick@home-assistant.io>
@Dreamsorcerer @bdraco
Replace asserts with exceptions (#11897) (#11914)
bc1319e 
(cherry picked from commit d5bf65f)

Co-authored-by: J. Nick Koston <nick@home-assistant.io>
@Dreamsorcerer @bdraco
Limit number of chunks before pausing reading (#11894) (#11915)
0d3328e 
(cherry picked from commit 1e4120e)

Co-authored-by: J. Nick Koston <nick@koston.org>
@Dreamsorcerer @bdraco
Limit number of chunks before pausing reading (#11894) (#11916)
4ed97a4 
(cherry picked from commit 1e4120e)

Co-authored-by: J. Nick Koston <nick@koston.org>
@Dreamsorcerer @bdraco
Use decompressor max_length parameter (#11898) (#11917)
6237b51 
(cherry picked from commit 92477c5)

---------

Co-authored-by: J. Nick Koston <nick@koston.org>
@Dreamsorcerer @bdraco
Use decompressor max_length parameter (#11898) (#11918)
2b920c3 
(cherry picked from commit 92477c5)

---------

Co-authored-by: J. Nick Koston <nick@koston.org>
@Dreamsorcerer
Release v3.13.3 (#11919)
41f01ed
@Dreamsorcerer
Merge branch '3.13' into 3.14
026eced
@Dreamsorcerer
Merge branch '3.14'
957d5ba
@pull pull bot locked and limited conversation to collaborators Jan 3, 2026
@pull pull bot added the ⤵️ pull label Jan 3, 2026
@pull pull bot merged commit 957d5ba into tj-python:master Jan 3, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

⤵️ pull

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@bdraco @cdce8p @gsoldatov @Dreamsorcerer @meehand @webknjaz