From 809e3943ad7ee629850a8c9019f961aaffc1d028 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 5 Jan 2026 10:24:01 +0000
Subject: [PATCH 1/3] Bump certifi from 2025.11.12 to 2026.1.4 (#11920)

Bumps [certifi](https://github.com/certifi/python-certifi) from
2025.11.12 to 2026.1.4.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/certifi/python-certifi/commit/c64d9f3a8496c0195548697f2080e716af66dd6a"><code>c64d9f3</code></a>
2026.01.04 (<a
href="https://redirect.github.com/certifi/python-certifi/issues/389">#389</a>)</li>
<li><a
href="https://github.com/certifi/python-certifi/commit/4ac232f05a547071543d2fb069aa3c62b1dc79f3"><code>4ac232f</code></a>
Bump actions/download-artifact from 6.0.0 to 7.0.0 (<a
href="https://redirect.github.com/certifi/python-certifi/issues/387">#387</a>)</li>
<li><a
href="https://github.com/certifi/python-certifi/commit/95ae4b20e8abb7fa708e751e346466d16b36211a"><code>95ae4b2</code></a>
Update CI workflow to use Ubuntu 24.04 and Python 3.14 stable (<a
href="https://redirect.github.com/certifi/python-certifi/issues/386">#386</a>)</li>
<li><a
href="https://github.com/certifi/python-certifi/commit/b72a7b1a40ae20755338d3132d8f880427b3b6fc"><code>b72a7b1</code></a>
Bump dessant/lock-threads from 5.0.1 to 6.0.0 (<a
href="https://redirect.github.com/certifi/python-certifi/issues/385">#385</a>)</li>
<li><a
href="https://github.com/certifi/python-certifi/commit/ecc267216fbdcecb1b2aa2aa175152b773cc5ced"><code>ecc2672</code></a>
Bump actions/upload-artifact from 5.0.0 to 6.0.0 (<a
href="https://redirect.github.com/certifi/python-certifi/issues/384">#384</a>)</li>
<li><a
href="https://github.com/certifi/python-certifi/commit/6a897dbc1124b17f179ef225742fcda481ec96f3"><code>6a897db</code></a>
Bump peter-evans/create-pull-request from 7.0.11 to 8.0.0 (<a
href="https://redirect.github.com/certifi/python-certifi/issues/383">#383</a>)</li>
<li><a
href="https://github.com/certifi/python-certifi/commit/27ca98ad845ee6d130a88301622c137893f71620"><code>27ca98a</code></a>
Bump peter-evans/create-pull-request from 7.0.9 to 7.0.11 (<a
href="https://redirect.github.com/certifi/python-certifi/issues/381">#381</a>)</li>
<li><a
href="https://github.com/certifi/python-certifi/commit/56c59a63909cfd3162b37e7bc16956e64df0f737"><code>56c59a6</code></a>
Bump actions/checkout from 6.0.0 to 6.0.1 (<a
href="https://redirect.github.com/certifi/python-certifi/issues/382">#382</a>)</li>
<li><a
href="https://github.com/certifi/python-certifi/commit/ae0021cd43a77bfba67d20a041469cdf6996570e"><code>ae0021c</code></a>
Bump actions/setup-python from 6.0.0 to 6.1.0 (<a
href="https://redirect.github.com/certifi/python-certifi/issues/380">#380</a>)</li>
<li><a
href="https://github.com/certifi/python-certifi/commit/ddf5d0b5d2a3d55fd92a79f141dbb5e074caf924"><code>ddf5d0b</code></a>
Bump actions/checkout from 5.0.1 to 6.0.0 (<a
href="https://redirect.github.com/certifi/python-certifi/issues/378">#378</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/certifi/python-certifi/compare/2025.11.12...2026.01.04">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=certifi&package-manager=pip&previous-version=2025.11.12&new-version=2026.1.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 requirements/constraints.txt  |  2 +-
 requirements/dev.txt          |  2 +-
 requirements/doc-spelling.txt | 12 ++++++------
 requirements/doc.txt          | 10 +++++-----
 4 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/requirements/constraints.txt b/requirements/constraints.txt
index 533a3793f50..7807ee24aac 100644
--- a/requirements/constraints.txt
+++ b/requirements/constraints.txt
@@ -36,7 +36,7 @@ brotli==1.2.0 ; platform_python_implementation == "CPython"
     # via -r requirements/runtime-deps.in
 build==1.3.0
     # via pip-tools
-certifi==2025.11.12
+certifi==2026.1.4
     # via requests
 cffi==2.0.0
     # via
diff --git a/requirements/dev.txt b/requirements/dev.txt
index 512b0f83839..282d23e2182 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -36,7 +36,7 @@ brotli==1.2.0 ; platform_python_implementation == "CPython"
     # via -r requirements/runtime-deps.in
 build==1.3.0
     # via pip-tools
-certifi==2025.11.12
+certifi==2026.1.4
     # via requests
 cffi==2.0.0
     # via
diff --git a/requirements/doc-spelling.txt b/requirements/doc-spelling.txt
index ccf6009ba55..8da572fdca4 100644
--- a/requirements/doc-spelling.txt
+++ b/requirements/doc-spelling.txt
@@ -5,12 +5,12 @@
 #    pip-compile --allow-unsafe --output-file=requirements/doc-spelling.txt --strip-extras requirements/doc-spelling.in
 #
 aiohttp-theme==0.1.7
-    # via -r doc.in
+    # via -r requirements/doc.in
 alabaster==1.0.0
     # via sphinx
 babel==2.17.0
     # via sphinx
-certifi==2025.11.12
+certifi==2026.1.4
     # via requests
 charset-normalizer==3.4.4
     # via requests
@@ -42,7 +42,7 @@ snowballstemmer==3.0.1
     # via sphinx
 sphinx==8.1.3
     # via
-    #   -r doc.in
+    #   -r requirements/doc.in
     #   sphinxcontrib-spelling
     #   sphinxcontrib-towncrier
 sphinxcontrib-applehelp==2.0.0
@@ -58,16 +58,16 @@ sphinxcontrib-qthelp==2.0.0
 sphinxcontrib-serializinghtml==2.0.0
     # via sphinx
 sphinxcontrib-spelling==8.0.2 ; platform_system != "Windows"
-    # via -r doc-spelling.in
+    # via -r requirements/doc-spelling.in
 sphinxcontrib-towncrier==0.5.0a0
-    # via -r doc.in
+    # via -r requirements/doc.in
 tomli==2.3.0
     # via
     #   sphinx
     #   towncrier
 towncrier==25.8.0
     # via
-    #   -r doc.in
+    #   -r requirements/doc.in
     #   sphinxcontrib-towncrier
 urllib3==2.6.2
     # via requests
diff --git a/requirements/doc.txt b/requirements/doc.txt
index 172009f1cc9..1309e2cf11e 100644
--- a/requirements/doc.txt
+++ b/requirements/doc.txt
@@ -5,12 +5,12 @@
 #    pip-compile --allow-unsafe --output-file=requirements/doc.txt --resolver=backtracking --strip-extras requirements/doc.in
 #
 aiohttp-theme==0.1.7
-    # via -r doc.in
+    # via -r requirements/doc.in
 alabaster==1.0.0
     # via sphinx
 babel==2.17.0
     # via sphinx
-certifi==2025.11.12
+certifi==2026.1.4
     # via requests
 charset-normalizer==3.4.4
     # via requests
@@ -38,7 +38,7 @@ snowballstemmer==3.0.1
     # via sphinx
 sphinx==8.1.3
     # via
-    #   -r doc.in
+    #   -r requirements/doc.in
     #   sphinxcontrib-towncrier
 sphinxcontrib-applehelp==2.0.0
     # via sphinx
@@ -53,14 +53,14 @@ sphinxcontrib-qthelp==2.0.0
 sphinxcontrib-serializinghtml==2.0.0
     # via sphinx
 sphinxcontrib-towncrier==0.5.0a0
-    # via -r doc.in
+    # via -r requirements/doc.in
 tomli==2.3.0
     # via
     #   sphinx
     #   towncrier
 towncrier==25.8.0
     # via
-    #   -r doc.in
+    #   -r requirements/doc.in
     #   sphinxcontrib-towncrier
 urllib3==2.6.2
     # via requests

From efab2093017747a72dc974971c6a73121414d9ce Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 5 Jan 2026 10:30:14 +0000
Subject: [PATCH 2/3] Bump filelock from 3.20.1 to 3.20.2 (#11921)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [filelock](https://github.com/tox-dev/py-filelock) from 3.20.1 to
3.20.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tox-dev/py-filelock/releases">filelock's
releases</a>.</em></p>
<blockquote>
<h2>3.20.2</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>Support Unix systems without O_NOFOLLOW by <a
href="https://github.com/mwilliamson"><code>@​mwilliamson</code></a> in
<a
href="https://redirect.github.com/tox-dev/filelock/pull/463">tox-dev/filelock#463</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a
href="https://github.com/pre-commit-ci"><code>@​pre-commit-ci</code></a>[bot]
in <a
href="https://redirect.github.com/tox-dev/filelock/pull/464">tox-dev/filelock#464</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/mwilliamson"><code>@​mwilliamson</code></a>
made their first contribution in <a
href="https://redirect.github.com/tox-dev/filelock/pull/463">tox-dev/filelock#463</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/tox-dev/filelock/compare/3.20.1...3.20.2">https://github.com/tox-dev/filelock/compare/3.20.1...3.20.2</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/tox-dev/filelock/commit/f2e7d4046b6a2b375a573bcfbad21827b99f8939"><code>f2e7d40</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/464">#464</a>)</li>
<li><a
href="https://github.com/tox-dev/filelock/commit/50888548eb2f008d372e71f2835a47851ab83836"><code>5088854</code></a>
Support Unix systems without O_NOFOLLOW (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/463">#463</a>)</li>
<li>See full diff in <a
href="https://github.com/tox-dev/py-filelock/compare/3.20.1...3.20.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=filelock&package-manager=pip&previous-version=3.20.1&new-version=3.20.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 requirements/constraints.txt | 2 +-
 requirements/dev.txt         | 2 +-
 requirements/lint.txt        | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/requirements/constraints.txt b/requirements/constraints.txt
index 7807ee24aac..81041a90ef2 100644
--- a/requirements/constraints.txt
+++ b/requirements/constraints.txt
@@ -69,7 +69,7 @@ exceptiongroup==1.3.1
     # via pytest
 execnet==2.1.2
     # via pytest-xdist
-filelock==3.20.1
+filelock==3.20.2
     # via virtualenv
 forbiddenfruit==0.1.4
     # via blockbuster
diff --git a/requirements/dev.txt b/requirements/dev.txt
index 282d23e2182..af8f14884b8 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -67,7 +67,7 @@ exceptiongroup==1.3.1
     # via pytest
 execnet==2.1.2
     # via pytest-xdist
-filelock==3.20.1
+filelock==3.20.2
     # via virtualenv
 forbiddenfruit==0.1.4
     # via blockbuster
diff --git a/requirements/lint.txt b/requirements/lint.txt
index 115561f8c07..6e5bcd57027 100644
--- a/requirements/lint.txt
+++ b/requirements/lint.txt
@@ -29,7 +29,7 @@ distlib==0.4.0
     # via virtualenv
 exceptiongroup==1.3.1
     # via pytest
-filelock==3.20.1
+filelock==3.20.2
     # via virtualenv
 forbiddenfruit==0.1.4
     # via blockbuster

From 926d6a2b17e6d858759b21d4b7f7f2f00e400927 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 5 Jan 2026 10:33:31 +0000
Subject: [PATCH 3/3] Bump cython from 3.2.3 to 3.2.4 (#11922)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [cython](https://github.com/cython/cython) from 3.2.3 to 3.2.4.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/cython/cython/blob/master/CHANGES.rst">cython's
changelog</a>.</em></p>
<blockquote>
<h1>3.2.4 (2026-01-04)</h1>
<h2>Features added</h2>
<ul>
<li>
<p>In preparation of Cython 3.3, a new decorator
<code>@collection_type(tname)</code> can be used
to advertise an extension type as being a <code>'sequence'</code> or
<code>'mapping'</code>. This currently
only has the effect of setting the <code>Py_TPFLAGS_SEQUENCE</code> flag
on the type or not, but
is provided for convenience to allow using the new decorator already in
Cython 3.2 code.</p>
</li>
<li>
<p>Several C++ exception declarations were added to
<code>libcpp.exceptions</code>.
(Github issue :issue:<code>7389</code>)</p>
</li>
</ul>
<h2>Bugs fixed</h2>
<ul>
<li>
<p>Pseudo-literal default values of function arguments like
<code>arg=str()</code> could generate
invalid C code when internally converted into a real literal.
(Github issue :issue:<code>6192</code>)</p>
</li>
<li>
<p>The pickle serialisation of extension types using the
<code>auto_pickle</code> feature was
larger than necessary since 3.2.0 for types without Python object
attributes.
It is now back to the state before 3.2.0 again.
(Github issue :issue:<code>7443</code>)</p>
</li>
<li>
<p>Constants are now only made immortal on freethreading Python if they
are not shared.
(Github issue :issue:<code>7439</code>)</p>
</li>
<li>
<p><code>PyDict_SetDefaultRef()</code> is now used when available to
avoid temporary borrowed references.
(Github issue :issue:<code>7347</code>)</p>
</li>
<li>
<p>Includes all fixes as of Cython 3.1.8.</p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/cython/cython/commit/21bda420d583bcf464fb9efb932b09c5f3db1efd"><code>21bda42</code></a>
Update changelog.</li>
<li><a
href="https://github.com/cython/cython/commit/ea5e926e930fb50bd0b2be69717cb906f67ef18b"><code>ea5e926</code></a>
Define missing C++ exception classes (<a
href="https://redirect.github.com/cython/cython/issues/7389">#7389</a>)</li>
<li><a
href="https://github.com/cython/cython/commit/c533d67f2a9109111c4057b598d8d04698cfee3f"><code>c533d67</code></a>
Add sequence return type annotations in Parsing.py (<a
href="https://redirect.github.com/cython/cython/issues/7416">GH-7416</a>)</li>
<li><a
href="https://github.com/cython/cython/commit/d056a1808298ff6a569f950937b7ab3385b2f785"><code>d056a18</code></a>
Allow 'mapping' as <a
href="https://github.com/collection"><code>@​collection</code></a>_type()
in preparation of 3.3, but without actu...</li>
<li><a
href="https://github.com/cython/cython/commit/d347c82898f4e90139b63510d984860762c01f1c"><code>d347c82</code></a>
Remove exclusion of collection_type in test (<a
href="https://redirect.github.com/cython/cython/issues/7442">#7442</a>)</li>
<li><a
href="https://github.com/cython/cython/commit/fd6e8253df013645fb028ea956175957dcff8e8b"><code>fd6e825</code></a>
Merge branch '3.1.x' into 3.2.x</li>
<li><a
href="https://github.com/cython/cython/commit/ce5c6cb05bdb5560937648558508241c681369ca"><code>ce5c6cb</code></a>
Update changelog.</li>
<li><a
href="https://github.com/cython/cython/commit/74b97f92075d2721abce7dfb246f426b0ab401ae"><code>74b97f9</code></a>
Fix arg=str() default argument (<a
href="https://redirect.github.com/cython/cython/issues/6193">GH-6193</a>)</li>
<li><a
href="https://github.com/cython/cython/commit/9c9e5c7d31525672ad5b8ee703c719a33d98a118"><code>9c9e5c7</code></a>
Avoid immortalizing anything shared on freethreading (<a
href="https://redirect.github.com/cython/cython/issues/7439">GH-7439</a>)</li>
<li><a
href="https://github.com/cython/cython/commit/9d5507bf1cf713c314a9e37447463ad72ee9f8cd"><code>9d5507b</code></a>
Fix accidental inefficiency in auto-pickling that always stored the
object st...</li>
<li>Additional commits viewable in <a
href="https://github.com/cython/cython/compare/3.2.3...3.2.4">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cython&package-manager=pip&previous-version=3.2.3&new-version=3.2.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 requirements/constraints.txt | 2 +-
 requirements/cython.txt      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements/constraints.txt b/requirements/constraints.txt
index 81041a90ef2..bc17d007bbe 100644
--- a/requirements/constraints.txt
+++ b/requirements/constraints.txt
@@ -59,7 +59,7 @@ coverage==7.13.1
     #   pytest-cov
 cryptography==46.0.3
     # via trustme
-cython==3.2.3
+cython==3.2.4
     # via -r requirements/cython.in
 distlib==0.4.0
     # via virtualenv
diff --git a/requirements/cython.txt b/requirements/cython.txt
index 667d8f52cd0..03fa291992c 100644
--- a/requirements/cython.txt
+++ b/requirements/cython.txt
@@ -4,7 +4,7 @@
 #
 #    pip-compile --allow-unsafe --output-file=requirements/cython.txt --resolver=backtracking --strip-extras requirements/cython.in
 #
-cython==3.2.3
+cython==3.2.4
     # via -r requirements/cython.in
 multidict==6.7.0
     # via -r requirements/multidict.in