[pull] master from aio-libs:master by pull[bot] · Pull Request #512 · tj-python/aiohttp

pull · 2026-03-28T23:06:13Z

See Commits and Changes for more details.

Created by pull[bot] (v2.0.0-alpha.4)

Can you help keep this open source service alive? 💖 Please sponsor : )

Bumps [filelock](https://github.com/tox-dev/py-filelock) from 3.20.1 to 3.20.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tox-dev/py-filelock/releases">filelock's releases</a>.</em></p> <blockquote> <h2>3.20.2</h2>  <h2>What's Changed</h2> <ul> <li>Support Unix systems without O_NOFOLLOW by <a href="https://github.com/mwilliamson"><code>@mwilliamson</code></a> in <a href="https://redirect.github.com/tox-dev/filelock/pull/463">tox-dev/filelock#463</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a>[bot] in <a href="https://redirect.github.com/tox-dev/filelock/pull/464">tox-dev/filelock#464</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/mwilliamson"><code>@mwilliamson</code></a> made their first contribution in <a href="https://redirect.github.com/tox-dev/filelock/pull/463">tox-dev/filelock#463</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/tox-dev/filelock/compare/3.20.1...3.20.2">https://github.com/tox-dev/filelock/compare/3.20.1...3.20.2</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tox-dev/filelock/commit/f2e7d4046b6a2b375a573bcfbad21827b99f8939"><code>f2e7d40</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://redirect.github.com/tox-dev/py-filelock/issues/464">#464</a>)</li> <li><a href="https://github.com/tox-dev/filelock/commit/50888548eb2f008d372e71f2835a47851ab83836"><code>5088854</code></a> Support Unix systems without O_NOFOLLOW (<a href="https://redirect.github.com/tox-dev/py-filelock/issues/463">#463</a>)</li> <li>See full diff in <a href="https://github.com/tox-dev/py-filelock/compare/3.20.1...3.20.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=filelock&package-manager=pip&previous-version=3.20.1&new-version=3.20.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [certifi](https://github.com/certifi/python-certifi) from 2025.11.12 to 2026.1.4. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/certifi/python-certifi/commit/c64d9f3a8496c0195548697f2080e716af66dd6a"><code>c64d9f3</code></a> 2026.01.04 (<a href="https://redirect.github.com/certifi/python-certifi/issues/389">#389</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/4ac232f05a547071543d2fb069aa3c62b1dc79f3"><code>4ac232f</code></a> Bump actions/download-artifact from 6.0.0 to 7.0.0 (<a href="https://redirect.github.com/certifi/python-certifi/issues/387">#387</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/95ae4b20e8abb7fa708e751e346466d16b36211a"><code>95ae4b2</code></a> Update CI workflow to use Ubuntu 24.04 and Python 3.14 stable (<a href="https://redirect.github.com/certifi/python-certifi/issues/386">#386</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/b72a7b1a40ae20755338d3132d8f880427b3b6fc"><code>b72a7b1</code></a> Bump dessant/lock-threads from 5.0.1 to 6.0.0 (<a href="https://redirect.github.com/certifi/python-certifi/issues/385">#385</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/ecc267216fbdcecb1b2aa2aa175152b773cc5ced"><code>ecc2672</code></a> Bump actions/upload-artifact from 5.0.0 to 6.0.0 (<a href="https://redirect.github.com/certifi/python-certifi/issues/384">#384</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/6a897dbc1124b17f179ef225742fcda481ec96f3"><code>6a897db</code></a> Bump peter-evans/create-pull-request from 7.0.11 to 8.0.0 (<a href="https://redirect.github.com/certifi/python-certifi/issues/383">#383</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/27ca98ad845ee6d130a88301622c137893f71620"><code>27ca98a</code></a> Bump peter-evans/create-pull-request from 7.0.9 to 7.0.11 (<a href="https://redirect.github.com/certifi/python-certifi/issues/381">#381</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/56c59a63909cfd3162b37e7bc16956e64df0f737"><code>56c59a6</code></a> Bump actions/checkout from 6.0.0 to 6.0.1 (<a href="https://redirect.github.com/certifi/python-certifi/issues/382">#382</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/ae0021cd43a77bfba67d20a041469cdf6996570e"><code>ae0021c</code></a> Bump actions/setup-python from 6.0.0 to 6.1.0 (<a href="https://redirect.github.com/certifi/python-certifi/issues/380">#380</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/ddf5d0b5d2a3d55fd92a79f141dbb5e074caf924"><code>ddf5d0b</code></a> Bump actions/checkout from 5.0.1 to 6.0.0 (<a href="https://redirect.github.com/certifi/python-certifi/issues/378">#378</a>)</li> <li>Additional commits viewable in <a href="https://github.com/certifi/python-certifi/compare/2025.11.12...2026.01.04">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=certifi&package-manager=pip&previous-version=2025.11.12&new-version=2026.1.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [pathspec](https://github.com/cpburnz/python-pathspec) from 0.12.1 to 1.0.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/cpburnz/python-pathspec/releases">pathspec's releases</a>.</em></p> <blockquote> <h2>v1.0.2</h2> <p>Release v1.0.2. See <a href="https://github.com/cpburnz/python-pathspec/blob/v1.0.2/CHANGES.rst">CHANGES.rst</a>.</p> <h2>v1.0.1</h2> <p>Release v1.0.1. See <a href="https://github.com/cpburnz/python-pathspec/blob/v1.0.1/CHANGES.rst">CHANGES.rst</a>.</p> <h2>v1.0.0</h2> <p>Release v1.0.0. See <a href="https://github.com/cpburnz/python-pathspec/blob/v1.0.0/CHANGES.rst">CHANGES.rst</a>.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/cpburnz/python-pathspec/blob/master/CHANGES.rst">pathspec's changelog</a>.</em></p> <blockquote> <h2>1.0.2 (2026-01-07)</h2> <p>Bug fixes:</p> <ul> <li>Type hint <code>collections.abc.Callable</code> does not properly replace <code>typing.Callable</code> until Python 3.9.2.</li> </ul> <h2>1.0.1 (2026-01-06)</h2> <p>Bug fixes:</p> <ul> <li><code>Issue [#100](https://github.com/cpburnz/python-pathspec/issues/100)</code>_: ValueError(f"{patterns=!r} cannot be empty.") when using black.</li> </ul> <p>.. _<code>Issue [#100](https://github.com/cpburnz/python-pathspec/issues/100)</code>: <a href="https://redirect.github.com/cpburnz/python-pathspec/issues/100">cpburnz/python-pathspec#100</a></p> <h2>1.0.0 (2026-01-05)</h2> <p>Major changes:</p> <ul> <li><code>Issue [#91](https://github.com/cpburnz/python-pathspec/issues/91)</code>_: Dropped support of EoL Python 3.8.</li> <li>Added concept of backends to allow for faster regular expression matching. The backend can be controlled using the <code>backend</code> argument to <code>PathSpec()</code>, <code>PathSpec.from_lines()</code>, <code>GitIgnoreSpec()</code>, and <code>GitIgnoreSpec.from_lines()</code>.</li> <li>Renamed "gitwildmatch" pattern back to "gitignore". The "gitignore" pattern behaves slightly differently when used with <code>PathSpec</code> (<em>gitignore</em> as documented) than with <code>GitIgnoreSpec</code> (replicates <em>Git</em>'s edge cases).</li> </ul> <p>API changes:</p> <ul> <li>Breaking: protected method <code>pathspec.pathspec.PathSpec._match_file()</code> (with a leading underscore) has been removed and replaced by backends. This does not affect normal usage of <code>PathSpec</code> or <code>GitIgnoreSpec</code>. Only custom subclasses will be affected. If this breaks your usage, let me know by <code>opening an issue <https://github.com/cpburnz/python-pathspec/issues></code>_.</li> <li>Deprecated: "gitwildmatch" is now an alias for "gitignore".</li> <li>Deprecated: <code>pathspec.patterns.GitWildMatchPattern</code> is now an alias for <code>pathspec.patterns.gitignore.spec.GitIgnoreSpecPattern</code>.</li> <li>Deprecated: <code>pathspec.patterns.gitwildmatch</code> module has been replaced by the <code>pathspec.patterns.gitignore</code> package.</li> <li>Deprecated: <code>pathspec.patterns.gitwildmatch.GitWildMatchPattern</code> is now an alias for <code>pathspec.patterns.gitignore.spec.GitIgnoreSpecPattern</code>.</li> <li>Deprecated: <code>pathspec.patterns.gitwildmatch.GitWildMatchPatternError</code> is now an alias for <code>pathspec.patterns.gitignore.GitIgnorePatternError</code>.</li> <li>Removed: <code>pathspec.patterns.gitwildmatch.GitIgnorePattern</code> has been deprecated since v0.4 (2016-07-15).</li> <li>Signature of method <code>pathspec.pattern.RegexPattern.match_file()</code> has been changed from <code>def match_file(self, file: str) -> RegexMatchResult | None</code> to <code>def match_file(self, file: AnyStr) -> RegexMatchResult | None</code> to reflect usage.</li> <li>Signature of class method <code>pathspec.pattern.RegexPattern.pattern_to_regex()</code> has been changed from <code>def pattern_to_regex(cls, pattern: str) -> tuple[str, bool]</code> to <code>def pattern_to_regex(cls, pattern: AnyStr) -> tuple[AnyStr | None, bool | None]</code> to reflect usage and documentation.</li> </ul> <p>New features:</p> <ul> <li>Added optional "hyperscan" backend using <code>hyperscan</code>_ library. It will automatically be used when installed. This dependency can be installed with <code>pip install 'pathspec[hyperscan]'</code>.</li> <li>Added optional "re2" backend using the <code>google-re2</code>_ library. It will automatically be used when installed. This dependency can be installed with <code>pip install 'pathspec[re2]'</code>.</li> <li>Added optional dependency on <code>typing-extensions</code>_ library to improve some type hints.</li> </ul> <p>Bug fixes:</p> <ul> <li><code>Issue [#93](https://github.com/cpburnz/python-pathspec/issues/93)</code>_: Do not remove leading spaces.</li> <li><code>Issue [#95](https://github.com/cpburnz/python-pathspec/issues/95)</code>_: Matching for files inside folder does not seem to behave like .gitignore's.</li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/cpburnz/python-pathspec/commit/0ff66291a073efa3daacb4ccace3ce60420923ba"><code>0ff6629</code></a> Release v1.0.2</li> <li><a href="https://github.com/cpburnz/python-pathspec/commit/cbb66012c088c9f51f33b86a22c1c44e9fdf228b"><code>cbb6601</code></a> Release v1.0.2</li> <li><a href="https://github.com/cpburnz/python-pathspec/commit/73a02203b9c9e90c58156e36cdda5853fbefc4fa"><code>73a0220</code></a> Trusted publishing is a pain</li> <li><a href="https://github.com/cpburnz/python-pathspec/commit/4cf4e9788622b7ed451d0206cf1bc00b994a1701"><code>4cf4e97</code></a> Trusted publishing is a pain</li> <li><a href="https://github.com/cpburnz/python-pathspec/commit/35df8d98470f595de6f53a574e2fb4b8e9d60ba2"><code>35df8d9</code></a> Trusted publishing is a pain</li> <li><a href="https://github.com/cpburnz/python-pathspec/commit/5f5283fa2e7f0e68b8cbda54f5bb2066628159cf"><code>5f5283f</code></a> Trusted publishing is a pain</li> <li><a href="https://github.com/cpburnz/python-pathspec/commit/979b01934200185a633553ad29d0b3416ed1e0a7"><code>979b019</code></a> Trusted publishing is a pain</li> <li><a href="https://github.com/cpburnz/python-pathspec/commit/4e782be9d3c88d07f311d751e21a08b092f3eba0"><code>4e782be</code></a> Fix testpypi build</li> <li><a href="https://github.com/cpburnz/python-pathspec/commit/3d8ab2b941976e3db709d018f7e8a7bcf1f4c895"><code>3d8ab2b</code></a> Fix testpypi build</li> <li><a href="https://github.com/cpburnz/python-pathspec/commit/69d9955dfc99d89f2a181d0146bb87730e6e0f7b"><code>69d9955</code></a> Fix testpypi build</li> <li>Additional commits viewable in <a href="https://github.com/cpburnz/python-pathspec/compare/v0.12.1...v1.0.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pathspec&package-manager=pip&previous-version=0.12.1&new-version=1.0.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.6.2 to 2.6.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/releases">urllib3's releases</a>.</em></p> <blockquote> <h2>2.6.3</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h2>Changes</h2> <ul> <li>Fixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by <a href="https://github.com/D47A"><code>@D47A</code></a>, 8.9 High, GHSA-38jv-5279-wg99)</li> <li>Started treating <code>Retry-After</code> times greater than 6 hours as 6 hours by default. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3743">urllib3/urllib3#3743</a>)</li> <li>Fixed <code>urllib3.connection.VerifiedHTTPSConnection</code> on Emscripten. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3752">urllib3/urllib3#3752</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's changelog</a>.</em></p> <blockquote> <h1>2.6.3 (2026-01-07)</h1> <ul> <li>Fixed a high-severity security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (<code>GHSA-38jv-5279-wg99 <https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99></code>__)</li> <li>Started treating <code>Retry-After</code> times greater than 6 hours as 6 hours by default. (<code>[#3743](urllib3/urllib3#3743) <https://github.com/urllib3/urllib3/issues/3743></code>__)</li> <li>Fixed <code>urllib3.connection.VerifiedHTTPSConnection</code> on Emscripten. (<code>[#3752](urllib3/urllib3#3752) <https://github.com/urllib3/urllib3/issues/3752></code>__)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/urllib3/urllib3/commit/0248277dd7ac0239204889ca991353ad3e3a1ddc"><code>0248277</code></a> Release 2.6.3</li> <li><a href="https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b"><code>8864ac4</code></a> Merge commit from fork</li> <li><a href="https://github.com/urllib3/urllib3/commit/70cecb27ca99d56aaaeb63ac27ee270ef2b24c5c"><code>70cecb2</code></a> Fix Scorecard issues related to vulnerable dev dependencies (<a href="https://redirect.github.com/urllib3/urllib3/issues/3755">#3755</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/41f249abe1ef3e20768588969c4035aba060a359"><code>41f249a</code></a> Move "v2.0 Migration Guide" to the end of the table of contents (<a href="https://redirect.github.com/urllib3/urllib3/issues/3747">#3747</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/fd4dffd2fc544166b76151a2fa3d7b7c0eab540c"><code>fd4dffd</code></a> Patch <code>VerifiedHTTPSConnection</code> for Emscripten (<a href="https://redirect.github.com/urllib3/urllib3/issues/3752">#3752</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/13f0bfd55e4468fe1ea9c6f809d3a87b0f93ebab"><code>13f0bfd</code></a> Handle massive values in Retry-After when calculating time to sleep for (<a href="https://redirect.github.com/urllib3/urllib3/issues/3743">#3743</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/8c480bf87bcefd321b3a1ae47f04e908b6b2ed7b"><code>8c480bf</code></a> Bump actions/upload-artifact from 5.0.0 to 6.0.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3748">#3748</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/4b40616e959c0a2c466e8075f2a785a9f99bb0c1"><code>4b40616</code></a> Bump actions/cache from 4.3.0 to 5.0.1 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3750">#3750</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/82b8479663d037d220c883f1584dd01a43bb273b"><code>82b8479</code></a> Bump actions/download-artifact from 6.0.0 to 7.0.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3749">#3749</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/34284cb01700bb7d4fdd472f909e22393e9174e2"><code>34284cb</code></a> Mention experimental features in the security policy (<a href="https://redirect.github.com/urllib3/urllib3/issues/3746">#3746</a>)</li> <li>Additional commits viewable in <a href="https://github.com/urllib3/urllib3/compare/2.6.2...2.6.3">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=pip&previous-version=2.6.2&new-version=2.6.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [cython](https://github.com/cython/cython) from 3.2.3 to 3.2.4. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/cython/cython/blob/master/CHANGES.rst">cython's changelog</a>.</em></p> <blockquote> <h1>3.2.4 (2026-01-04)</h1> <h2>Features added</h2> <ul> <li> <p>In preparation of Cython 3.3, a new decorator <code>@collection_type(tname)</code> can be used to advertise an extension type as being a <code>'sequence'</code> or <code>'mapping'</code>. This currently only has the effect of setting the <code>Py_TPFLAGS_SEQUENCE</code> flag on the type or not, but is provided for convenience to allow using the new decorator already in Cython 3.2 code.</p> </li> <li> <p>Several C++ exception declarations were added to <code>libcpp.exceptions</code>. (Github issue :issue:<code>7389</code>)</p> </li> </ul> <h2>Bugs fixed</h2> <ul> <li> <p>Pseudo-literal default values of function arguments like <code>arg=str()</code> could generate invalid C code when internally converted into a real literal. (Github issue :issue:<code>6192</code>)</p> </li> <li> <p>The pickle serialisation of extension types using the <code>auto_pickle</code> feature was larger than necessary since 3.2.0 for types without Python object attributes. It is now back to the state before 3.2.0 again. (Github issue :issue:<code>7443</code>)</p> </li> <li> <p>Constants are now only made immortal on freethreading Python if they are not shared. (Github issue :issue:<code>7439</code>)</p> </li> <li> <p><code>PyDict_SetDefaultRef()</code> is now used when available to avoid temporary borrowed references. (Github issue :issue:<code>7347</code>)</p> </li> <li> <p>Includes all fixes as of Cython 3.1.8.</p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/cython/cython/commit/21bda420d583bcf464fb9efb932b09c5f3db1efd"><code>21bda42</code></a> Update changelog.</li> <li><a href="https://github.com/cython/cython/commit/ea5e926e930fb50bd0b2be69717cb906f67ef18b"><code>ea5e926</code></a> Define missing C++ exception classes (<a href="https://redirect.github.com/cython/cython/issues/7389">#7389</a>)</li> <li><a href="https://github.com/cython/cython/commit/c533d67f2a9109111c4057b598d8d04698cfee3f"><code>c533d67</code></a> Add sequence return type annotations in Parsing.py (<a href="https://redirect.github.com/cython/cython/issues/7416">GH-7416</a>)</li> <li><a href="https://github.com/cython/cython/commit/d056a1808298ff6a569f950937b7ab3385b2f785"><code>d056a18</code></a> Allow 'mapping' as <a href="https://github.com/collection"><code>@collection</code></a>_type() in preparation of 3.3, but without actu...</li> <li><a href="https://github.com/cython/cython/commit/d347c82898f4e90139b63510d984860762c01f1c"><code>d347c82</code></a> Remove exclusion of collection_type in test (<a href="https://redirect.github.com/cython/cython/issues/7442">#7442</a>)</li> <li><a href="https://github.com/cython/cython/commit/fd6e8253df013645fb028ea956175957dcff8e8b"><code>fd6e825</code></a> Merge branch '3.1.x' into 3.2.x</li> <li><a href="https://github.com/cython/cython/commit/ce5c6cb05bdb5560937648558508241c681369ca"><code>ce5c6cb</code></a> Update changelog.</li> <li><a href="https://github.com/cython/cython/commit/74b97f92075d2721abce7dfb246f426b0ab401ae"><code>74b97f9</code></a> Fix arg=str() default argument (<a href="https://redirect.github.com/cython/cython/issues/6193">GH-6193</a>)</li> <li><a href="https://github.com/cython/cython/commit/9c9e5c7d31525672ad5b8ee703c719a33d98a118"><code>9c9e5c7</code></a> Avoid immortalizing anything shared on freethreading (<a href="https://redirect.github.com/cython/cython/issues/7439">GH-7439</a>)</li> <li><a href="https://github.com/cython/cython/commit/9d5507bf1cf713c314a9e37447463ad72ee9f8cd"><code>9d5507b</code></a> Fix accidental inefficiency in auto-pickling that always stored the object st...</li> <li>Additional commits viewable in <a href="https://github.com/cython/cython/compare/3.2.3...3.2.4">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cython&package-manager=pip&previous-version=3.2.3&new-version=3.2.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [pypa/cibuildwheel](https://github.com/pypa/cibuildwheel) from 3.3.0 to 3.3.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pypa/cibuildwheel/releases">pypa/cibuildwheel's releases</a>.</em></p> <blockquote> <h2>v3.3.1</h2> <ul> <li>🛠 Update dependencies and container pins, including updating to CPython 3.14.2. (<a href="https://redirect.github.com/pypa/cibuildwheel/issues/2708">#2708</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/cibuildwheel/blob/main/docs/changelog.md">pypa/cibuildwheel's changelog</a>.</em></p> <blockquote> <h3>v3.3.1</h3> <p><em>5 January 2026</em></p> <ul> <li>🛠 Update dependencies and container pins, including updating to CPython 3.14.2. (<a href="https://redirect.github.com/pypa/cibuildwheel/issues/2708">#2708</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/cibuildwheel/commit/298ed2fb2c105540f5ed055e8a6ad78d82dd3a7e"><code>298ed2f</code></a> Bump version: v3.3.1</li> <li><a href="https://github.com/pypa/cibuildwheel/commit/f0ff94431807b2d31ad3170007669061f91f0241"><code>f0ff944</code></a> [3.3.x] Update dependencies (<a href="https://redirect.github.com/pypa/cibuildwheel/issues/2708">#2708</a>)</li> <li>See full diff in <a href="https://github.com/pypa/cibuildwheel/compare/v3.3.0...v3.3.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pypa/cibuildwheel&package-manager=github_actions&previous-version=3.3.0&new-version=3.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

… sync method, add decode_async() for non-blocking decompression (#11944)

… sync method, add decode_async() for non-blocking decompression (#11943)

Bumps [pathspec](https://github.com/cpburnz/python-pathspec) from 1.0.2 to 1.0.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/cpburnz/python-pathspec/releases">pathspec's releases</a>.</em></p> <blockquote> <h2>v1.0.3</h2> <p>Release v1.0.3. See <a href="https://github.com/cpburnz/python-pathspec/blob/v1.0.3/CHANGES.rst">CHANGES.rst</a>.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/cpburnz/python-pathspec/blob/master/CHANGES.rst">pathspec's changelog</a>.</em></p> <blockquote> <h2>1.0.3 (2026-01-09)</h2> <p>Bug fixes:</p> <ul> <li><code>Issue [#101](https://github.com/cpburnz/python-pathspec/issues/101)</code>_: pyright strict errors with pathspec >= 1.0.0.</li> <li><code>Issue [#102](https://github.com/cpburnz/python-pathspec/issues/102)</code>_: No module named 'tomllib'.</li> </ul> <p>.. _<code>Issue [#101](https://github.com/cpburnz/python-pathspec/issues/101)</code>: <a href="https://redirect.github.com/cpburnz/python-pathspec/issues/101">cpburnz/python-pathspec#101</a> .. _<code>Issue [#102](https://github.com/cpburnz/python-pathspec/issues/102)</code>: <a href="https://redirect.github.com/cpburnz/python-pathspec/issues/102">cpburnz/python-pathspec#102</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/cpburnz/python-pathspec/commit/db3f54e78f68824f641b186bf4a749d944e2153f"><code>db3f54e</code></a> Releasse v1.0.3</li> <li><a href="https://github.com/cpburnz/python-pathspec/commit/1b6bdda35a44cf48edc67a71d8020c26e84a40ec"><code>1b6bdda</code></a> Releasse v1.0.3</li> <li><a href="https://github.com/cpburnz/python-pathspec/commit/f9b556abd5eebe94ec70404f5c386bf4451f5437"><code>f9b556a</code></a> Fix docs</li> <li><a href="https://github.com/cpburnz/python-pathspec/commit/9867f1a954c68e8a4dc9cdcf8bfc5ad018a7951c"><code>9867f1a</code></a> Fix tests</li> <li><a href="https://github.com/cpburnz/python-pathspec/commit/85cb3cc18bf925bef3b00b74a8b11049826c0129"><code>85cb3cc</code></a> Fix docs</li> <li><a href="https://github.com/cpburnz/python-pathspec/commit/66281233ae20aa1de22345c1eb004dad9592b55d"><code>6628123</code></a> Fix 101 regression</li> <li>See full diff in <a href="https://github.com/cpburnz/python-pathspec/compare/v1.0.2...v1.0.3">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pathspec&package-manager=pip&previous-version=1.0.2&new-version=1.0.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [filelock](https://github.com/tox-dev/py-filelock) from 3.20.2 to 3.20.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tox-dev/py-filelock/releases">filelock's releases</a>.</em></p> <blockquote> <h2>3.20.3</h2>  <h2>What's Changed</h2> <ul> <li>Fix TOCTOU symlink vulnerability in SoftFileLock by <a href="https://github.com/gaborbernat"><code>@gaborbernat</code></a> in <a href="https://redirect.github.com/tox-dev/filelock/pull/465">tox-dev/filelock#465</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/tox-dev/filelock/compare/3.20.2...3.20.3">https://github.com/tox-dev/filelock/compare/3.20.2...3.20.3</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tox-dev/filelock/commit/41b42dd2c72aecf7da83dbda5903b8087dddc4d5"><code>41b42dd</code></a> Fix TOCTOU symlink vulnerability in SoftFileLock (<a href="https://redirect.github.com/tox-dev/py-filelock/issues/465">#465</a>)</li> <li>See full diff in <a href="https://github.com/tox-dev/py-filelock/compare/3.20.2...3.20.3">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=filelock&package-manager=pip&previous-version=3.20.2&new-version=3.20.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.35.4 to 20.36.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pypa/virtualenv/releases">virtualenv's releases</a>.</em></p> <blockquote> <h2>20.36.1</h2>  <h2>What's Changed</h2> <ul> <li>release 20.36.0 by <a href="https://github.com/gaborbernat"><code>@gaborbernat</code></a> in <a href="https://redirect.github.com/pypa/virtualenv/pull/3011">pypa/virtualenv#3011</a></li> <li>fix: resolve TOCTOU vulnerabilities in app_data and lock directory creation by <a href="https://github.com/gaborbernat"><code>@gaborbernat</code></a> in <a href="https://redirect.github.com/pypa/virtualenv/pull/3013">pypa/virtualenv#3013</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/pypa/virtualenv/compare/20.36.0...20.36.1">https://github.com/pypa/virtualenv/compare/20.36.0...20.36.1</a></p> <h2>20.36.0</h2>  <h2>What's Changed</h2> <ul> <li>release 20.35.3 by <a href="https://github.com/gaborbernat"><code>@gaborbernat</code></a> in <a href="https://redirect.github.com/pypa/virtualenv/pull/2981">pypa/virtualenv#2981</a></li> <li>fix: Prevent NameError when accessing _DISTUTILS_PATCH during file ov… by <a href="https://github.com/gracetyy"><code>@gracetyy</code></a> in <a href="https://redirect.github.com/pypa/virtualenv/pull/2982">pypa/virtualenv#2982</a></li> <li>Upgrade pip and fix 3.15 picking old wheel by <a href="https://github.com/gaborbernat"><code>@gaborbernat</code></a> in <a href="https://redirect.github.com/pypa/virtualenv/pull/2989">pypa/virtualenv#2989</a></li> <li>release 20.35.4 by <a href="https://github.com/gaborbernat"><code>@gaborbernat</code></a> in <a href="https://redirect.github.com/pypa/virtualenv/pull/2990">pypa/virtualenv#2990</a></li> <li>fix: wrong path on migrated venv by <a href="https://github.com/sk1234567891"><code>@sk1234567891</code></a> in <a href="https://redirect.github.com/pypa/virtualenv/pull/2996">pypa/virtualenv#2996</a></li> <li>test_too_many_open_files: assert on <code>errno.EMFILE</code> instead of <code>strerror</code> by <a href="https://github.com/pltrz"><code>@pltrz</code></a> in <a href="https://redirect.github.com/pypa/virtualenv/pull/3001">pypa/virtualenv#3001</a></li> <li>fix: update filelock dependency version to 3.20.1 to fix CVE CVE-2025-68146 by <a href="https://github.com/pythonhubdev"><code>@pythonhubdev</code></a> in <a href="https://redirect.github.com/pypa/virtualenv/pull/3002">pypa/virtualenv#3002</a></li> <li>fix: resolve EncodingWarning in tox upgrade environment by <a href="https://github.com/gaborbernat"><code>@gaborbernat</code></a> in <a href="https://redirect.github.com/pypa/virtualenv/pull/3007">pypa/virtualenv#3007</a></li> <li>Fix Interpreter discovery bug wrt. Microsoft Store shortcut using Latin-1 by <a href="https://github.com/rahuldevikar"><code>@rahuldevikar</code></a> in <a href="https://redirect.github.com/pypa/virtualenv/pull/3006">pypa/virtualenv#3006</a></li> <li>Add support for PEP 440 version specifiers in the <code>--python</code> flag. by <a href="https://github.com/rahuldevikar"><code>@rahuldevikar</code></a> in <a href="https://redirect.github.com/pypa/virtualenv/pull/3008">pypa/virtualenv#3008</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/gracetyy"><code>@gracetyy</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/virtualenv/pull/2982">pypa/virtualenv#2982</a></li> <li><a href="https://github.com/sk1234567891"><code>@sk1234567891</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/virtualenv/pull/2996">pypa/virtualenv#2996</a></li> <li><a href="https://github.com/pltrz"><code>@pltrz</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/virtualenv/pull/3001">pypa/virtualenv#3001</a></li> <li><a href="https://github.com/pythonhubdev"><code>@pythonhubdev</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/virtualenv/pull/3002">pypa/virtualenv#3002</a></li> <li><a href="https://github.com/rahuldevikar"><code>@rahuldevikar</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/virtualenv/pull/3006">pypa/virtualenv#3006</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/pypa/virtualenv/compare/20.35.3...20.36.0">https://github.com/pypa/virtualenv/compare/20.35.3...20.36.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst">virtualenv's changelog</a>.</em></p> <blockquote> <h2>v20.36.1 (2026-01-09)</h2> <p>Bugfixes - 20.36.1</p> <pre><code>- Fix TOCTOU vulnerabilities in app_data and lock directory creation that could be exploited via symlink attacks - reported by :user:`tsigouris007`, fixed by :user:`gaborbernat`. (:issue:`3013`) <h2>v20.36.0 (2026-01-07)</h2> <p>Features - 20.36.0 </code></pre></p> <ul> <li>Add support for PEP 440 version specifiers in the <code>--python</code> flag. Users can now specify Python versions using operators like <code>>=</code>, <code><=</code>, <code>~=</code>, etc. For example: <code>virtualenv --python=">=3.12" myenv</code> <code>. (:issue:</code>2994`)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/virtualenv/commit/d0ad11d1146e81ea74d2461be9653f1da9cf3fd1"><code>d0ad11d</code></a> release 20.36.1</li> <li><a href="https://github.com/pypa/virtualenv/commit/dec4cec5d16edaf83a00a658f32d1e032661cebc"><code>dec4cec</code></a> Merge pull request <a href="https://redirect.github.com/pypa/virtualenv/issues/3013">#3013</a> from gaborbernat/fix-sec</li> <li><a href="https://github.com/pypa/virtualenv/commit/5fe5d38beb1273b489591a7b444f1018af2edf0a"><code>5fe5d38</code></a> release 20.36.0 (<a href="https://redirect.github.com/pypa/virtualenv/issues/3011">#3011</a>)</li> <li><a href="https://github.com/pypa/virtualenv/commit/9719376addaa710b61d9ed013774fa26f6224b4e"><code>9719376</code></a> release 20.36.0</li> <li><a href="https://github.com/pypa/virtualenv/commit/0276db6fcf8849c519d75465f659b12aefb2acd8"><code>0276db6</code></a> Add support for PEP 440 version specifiers in the <code>--python</code> flag. (<a href="https://redirect.github.com/pypa/virtualenv/issues/3008">#3008</a>)</li> <li><a href="https://github.com/pypa/virtualenv/commit/4f900c29044e17812981b5b98ddce45604858b7f"><code>4f900c2</code></a> Fix Interpreter discovery bug wrt. Microsoft Store shortcut using Latin-1 (<a href="https://redirect.github.com/pypa/virtualenv/issues/3">#3</a>...</li> <li><a href="https://github.com/pypa/virtualenv/commit/13afcc62a3444d0386c8031d0a62277a8274ab07"><code>13afcc6</code></a> fix: resolve EncodingWarning in tox upgrade environment (<a href="https://redirect.github.com/pypa/virtualenv/issues/3007">#3007</a>)</li> <li><a href="https://github.com/pypa/virtualenv/commit/31b5d31581df3e3a7bbc55e52568b26dd01b0d57"><code>31b5d31</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://redirect.github.com/pypa/virtualenv/issues/2997">#2997</a>)</li> <li><a href="https://github.com/pypa/virtualenv/commit/7c284221b4751388801355fc6ebaa2abe60427bd"><code>7c28422</code></a> fix: update filelock dependency version to 3.20.1 to fix CVE CVE-2025-68146 (...</li> <li><a href="https://github.com/pypa/virtualenv/commit/365628c544cd5498fbf0a3b6c6a8c1f41d25a749"><code>365628c</code></a> test_too_many_open_files: assert on <code>errno.EMFILE</code> instead of <code>strerror</code> (<a href="https://redirect.github.com/pypa/virtualenv/issues/3001">#3001</a>)</li> <li>Additional commits viewable in <a href="https://github.com/pypa/virtualenv/compare/20.35.4...20.36.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=virtualenv&package-manager=pip&previous-version=20.35.4&new-version=20.36.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [tomli](https://github.com/hukkin/tomli) from 2.3.0 to 2.4.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/hukkin/tomli/blob/master/CHANGELOG.md">tomli's changelog</a>.</em></p> <blockquote> <h2>2.4.0</h2> <ul> <li>Added <ul> <li>TOML v1.1.0 compatibility</li> <li>Binary wheels for Windows arm64</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/hukkin/tomli/commit/a678e6fdeffa89bd28e4ecc148b926a4e1bbbc7b"><code>a678e6f</code></a> Bump version: 2.3.0 → 2.4.0</li> <li><a href="https://github.com/hukkin/tomli/commit/b8a1358cd4f3932b910333e0179270093596ce64"><code>b8a1358</code></a> Tests: remove now needless "TOML compliance"->"burntsushi" format conversion</li> <li><a href="https://github.com/hukkin/tomli/commit/497937545351e0b4c8afe2299d5ddfb4a7e050cc"><code>4979375</code></a> Update GitHub actions</li> <li><a href="https://github.com/hukkin/tomli/commit/f890dd1719da0e0f4e83cac39218ba2ded61fa94"><code>f890dd1</code></a> Update pre-commit hooks</li> <li><a href="https://github.com/hukkin/tomli/commit/d9c65c3379b8b92dfab52c8c694605b1aea5a65d"><code>d9c65c3</code></a> Add 2.4.0 change log</li> <li><a href="https://github.com/hukkin/tomli/commit/0efe49d88c2d6ee38e3ad21bfcf64249968fe6c4"><code>0efe49d</code></a> Update README for v2.4.0</li> <li><a href="https://github.com/hukkin/tomli/commit/9eb2125ef49071e673d42e383b5221a268665193"><code>9eb2125</code></a> TOML 1.1: Make seconds optional in Date-Time and Time (<a href="https://redirect.github.com/hukkin/tomli/issues/203">#203</a>)</li> <li><a href="https://github.com/hukkin/tomli/commit/12314bde5b89a8bdc32de7403a2a4cf786187bbc"><code>12314bd</code></a> TOML 1.1: Add \xHH Unicode escape code to basic strings (<a href="https://redirect.github.com/hukkin/tomli/issues/202">#202</a>)</li> <li><a href="https://github.com/hukkin/tomli/commit/2a2aa62f1bc71b89b74d41dd2ab67b5dd24bc129"><code>2a2aa62</code></a> TOML 1.1: Allow newlines and trailing comma in inline tables (<a href="https://redirect.github.com/hukkin/tomli/issues/200">#200</a>)</li> <li><a href="https://github.com/hukkin/tomli/commit/38297f82cd0ef067f1afd2ffb8dfa73b65c398da"><code>38297f8</code></a> Xfail on tests for TOML 1.1 features not yet supported</li> <li>Additional commits viewable in <a href="https://github.com/hukkin/tomli/compare/2.3.0...2.4.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tomli&package-manager=pip&previous-version=2.3.0&new-version=2.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…kflow matrix (#11958) **This is a backport of PR #11938 as merged into master (d09103a).** Co-authored-by: AraHaan <seandhunt_7@yahoo.com>

(cherry picked from commit ed6440c)

(cherry picked from commit ed6440c) (cherry picked from commit 30ec25f)

Bumps [identify](https://github.com/pre-commit/identify) from 2.6.15 to 2.6.16. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pre-commit/identify/commit/e31a62bc9f952165a259f30abcf13593fff3d128"><code>e31a62b</code></a> v2.6.16</li> <li><a href="https://github.com/pre-commit/identify/commit/de8beb6c08e969fe1a6e7ac40562377f091d5414"><code>de8beb6</code></a> Merge pull request <a href="https://redirect.github.com/pre-commit/identify/issues/558">#558</a> from seanbudd/patch-1</li> <li><a href="https://github.com/pre-commit/identify/commit/b5574acd3dd338bfe208c0098a90a416e2e2d47a"><code>b5574ac</code></a> Add support for '.xliff' file extension</li> <li><a href="https://github.com/pre-commit/identify/commit/059831f59cb4547b1f1a8b6903fb4050e6d4c99b"><code>059831f</code></a> Merge pull request <a href="https://redirect.github.com/pre-commit/identify/issues/555">#555</a> from Roxedus/feat/ipxe</li> <li><a href="https://github.com/pre-commit/identify/commit/7e6b5418212f382255b890d51eabc86beacf778b"><code>7e6b541</code></a> Add .ipxe extension</li> <li><a href="https://github.com/pre-commit/identify/commit/9e787921be557b6a2d836439add7f227e004e7e2"><code>9e78792</code></a> Merge pull request <a href="https://redirect.github.com/pre-commit/identify/issues/554">#554</a> from pre-commit/pre-commit-ci-update-config</li> <li><a href="https://github.com/pre-commit/identify/commit/a35c416b4e246e47381cfafa775ae5f05b1d0d04"><code>a35c416</code></a> [pre-commit.ci] pre-commit autoupdate</li> <li><a href="https://github.com/pre-commit/identify/commit/5cab69e4fd737a925f5e69d99bd62c3367106e99"><code>5cab69e</code></a> Merge pull request <a href="https://redirect.github.com/pre-commit/identify/issues/553">#553</a> from pre-commit/pre-commit-ci-update-config</li> <li><a href="https://github.com/pre-commit/identify/commit/c8edd7e6461ce5e05273806cec424b981fdac34c"><code>c8edd7e</code></a> [pre-commit.ci] pre-commit autoupdate</li> <li><a href="https://github.com/pre-commit/identify/commit/47d582b18cd7621f33fe5f60d551a66600c1dcfb"><code>47d582b</code></a> Merge pull request <a href="https://redirect.github.com/pre-commit/identify/issues/551">#551</a> from pre-commit/pre-commit-ci-update-config</li> <li>Additional commits viewable in <a href="https://github.com/pre-commit/identify/compare/v2.6.15...v2.6.16">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=identify&package-manager=pip&previous-version=2.6.15&new-version=2.6.16)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [librt](https://github.com/mypyc/librt) from 0.7.7 to 0.7.8. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/mypyc/librt/commit/7b16380bc013f87cd8f08e6b58230ed4c45eeabe"><code>7b16380</code></a> Sync mypy</li> <li>See full diff in <a href="https://github.com/mypyc/librt/compare/v0.7.7...v0.7.8">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=librt&package-manager=pip&previous-version=0.7.7&new-version=0.7.8)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [regex](https://github.com/mrabarnett/mrab-regex) from 2025.11.3 to 2026.1.15. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/mrabarnett/mrab-regex/blob/hg/changelog.txt">regex's changelog</a>.</em></p> <blockquote> <p>Version: 2026.1.15</p> <pre><code>Re-uploaded. </code></pre> <p>Version: 2026.1.14</p> <pre><code>Git issue 596: Specifying {e<=0} causes ca 210× slow-down. <p>Added RISC-V wheels.<br /> </code></pre></p> <p>Version: 2025.11.3</p> <pre><code>Git issue 594: Support relative PARNO in recursive subpatterns. </code></pre> <p>Version: 2025.10.23</p> <pre><code>'setup.py' was missing from the source distribution. </code></pre> <p>Version: 2025.10.22</p> <pre><code>Fixed test in main.yml. </code></pre> <p>Version: 2025.10.21</p> <pre><code>Moved tests into subfolder. </code></pre> <p>Version: 2025.10.20</p> <pre><code>Re-organised files. <p>Updated to Unicode 17.0.0.<br /> </code></pre></p> <p>Version: 2025.9.20</p> <pre><code>Enable free-threading support in cibuildwheel in another place. </code></pre> <p>Version: 2025.9.19</p> <pre><code>Enable free-threading support in cibuildwheel. </code></pre> <p>Version: 2025.9.18</p> <pre><code>Git issue 565: Support the free-threaded build of CPython 3.13 </code></pre> <p>Version: 2025.9.1</p> <pre><code>Git PR 585: Fix AttributeError: 'AnyAll' object has no attribute '_key' </code></pre> <p>Version: 2025.8.29</p>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/mrabarnett/mrab-regex/commit/234de9a7495c6355fcf322d575f8a3875f7f14d7"><code>234de9a</code></a> Re-uploaded.</li> <li><a href="https://github.com/mrabarnett/mrab-regex/commit/1bc3d1e4ac4328c11067718962be0090055d16ec"><code>1bc3d1e</code></a> Merge branch 'hg' of <a href="https://github.com/mrabarnett/mrab-regex">https://github.com/mrabarnett/mrab-regex</a> into hg</li> <li><a href="https://github.com/mrabarnett/mrab-regex/commit/d7f7c8cc6933f69a0b81c1ccaf81e9785342b233"><code>d7f7c8c</code></a> Git issue 596: Specifying {e<=0} causes ca 210× slow-down</li> <li><a href="https://github.com/mrabarnett/mrab-regex/commit/35b29348877db9fb2883a350f100160d98870df6"><code>35b2934</code></a> Merge pull request <a href="https://redirect.github.com/mrabarnett/mrab-regex/issues/599">#599</a> from justeph/ci-add-riscv64-support</li> <li><a href="https://github.com/mrabarnett/mrab-regex/commit/af2f41138d17b2939545504916fa45ff79b8701f"><code>af2f411</code></a> ci: add riscv64 manylinux/musllinux wheels</li> <li>See full diff in <a href="https://github.com/mrabarnett/mrab-regex/compare/2025.11.3...2026.1.15">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=regex&package-manager=pip&previous-version=2025.11.3&new-version=2026.1.15)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [actions/cache](https://github.com/actions/cache) from 5.0.1 to 5.0.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/releases">actions/cache's releases</a>.</em></p> <blockquote> <h2>v.5.0.2</h2> <h1>v5.0.2</h1> <h2>What's Changed</h2> <p>When creating cache entries, 429s returned from the cache service will not be retried.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's changelog</a>.</em></p> <blockquote> <h3>5.0.2</h3> <ul> <li>Bump <code>@actions/cache</code> to v5.0.3 <a href="https://redirect.github.com/actions/cache/pull/1692">#1692</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/cache/commit/8b402f58fbc84540c8b491a91e594a4576fec3d7"><code>8b402f5</code></a> Merge pull request <a href="https://redirect.github.com/actions/cache/issues/1692">#1692</a> from GhadimiR/main</li> <li><a href="https://github.com/actions/cache/commit/304ab5a0701ee61908ccb4b5822347949a2e2002"><code>304ab5a</code></a> license for httpclient</li> <li><a href="https://github.com/actions/cache/commit/609fc19e67cd310e97eb36af42355843ffcb35be"><code>609fc19</code></a> Update licensed record for cache</li> <li><a href="https://github.com/actions/cache/commit/b22231e43df11a67538c05e88835f1fa097599c5"><code>b22231e</code></a> Build</li> <li><a href="https://github.com/actions/cache/commit/93150cdfb36a9d84d4e8628c8870bec84aedcf8a"><code>93150cd</code></a> Add PR link to releases</li> <li><a href="https://github.com/actions/cache/commit/9b8ca9f07e012351dafbf1c878e8fe2ee9a01c84"><code>9b8ca9f</code></a> Bump actions/cache to 5.0.3</li> <li>See full diff in <a href="https://github.com/actions/cache/compare/v5.0.1...v5.0.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache&package-manager=github_actions&previous-version=5.0.1&new-version=5.0.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [setuptools](https://github.com/pypa/setuptools) from 80.9.0 to 80.10.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/setuptools/blob/main/NEWS.rst">setuptools's changelog</a>.</em></p> <blockquote> <h1>v80.10.1</h1> <h2>Misc</h2> <ul> <li><a href="https://redirect.github.com/pypa/setuptools/issues/5152">#5152</a></li> </ul> <h1>v80.10.0</h1> <h2>Features</h2> <ul> <li>Remove post-release tags on setuptools' own build. (<a href="https://redirect.github.com/pypa/setuptools/issues/4530">#4530</a>)</li> <li>Refreshed vendored dependencies. (<a href="https://redirect.github.com/pypa/setuptools/issues/5139">#5139</a>)</li> </ul> <h2>Misc</h2> <ul> <li><a href="https://redirect.github.com/pypa/setuptools/issues/5033">#5033</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/setuptools/commit/adfb0c9e3d1789587d609228d9ea1d79272e4107"><code>adfb0c9</code></a> Bump version: 80.10.0 → 80.10.1</li> <li><a href="https://github.com/pypa/setuptools/commit/8535d107c2ff20e8e4a0aca2d780461918f54180"><code>8535d10</code></a> docs: Link pyproject.toml to ext_modules (<a href="https://redirect.github.com/pypa/setuptools/issues/5125">#5125</a>)</li> <li><a href="https://github.com/pypa/setuptools/commit/fafbe2c6566a9562300046b088ceb71efa9eb07f"><code>fafbe2c</code></a> [CI] Workaround for GHA handling of 'skipped' in job dependency chain (<a href="https://redirect.github.com/pypa/setuptools/issues/5152">#5152</a>)</li> <li><a href="https://github.com/pypa/setuptools/commit/d171023e5b023bbe2ce8e29e7ae3314c01925783"><code>d171023</code></a> Add news fragment</li> <li><a href="https://github.com/pypa/setuptools/commit/3dbba0672ad44d1b985ef47ebd098d10bee8e1d0"><code>3dbba06</code></a> Refine comment to reference issue</li> <li><a href="https://github.com/pypa/setuptools/commit/e4922c88a5ebe7d7ca40a0abfaa59e1377372bf2"><code>e4922c8</code></a> Apply suggestion from <a href="https://github.com/webknjaz"><code>@webknjaz</code></a></li> <li><a href="https://github.com/pypa/setuptools/commit/218c146ba37dabb9513f53510985dd6c3758dd23"><code>218c146</code></a> [CI] Workaround for GHA handling of 'skipped' in job dependency chain</li> <li><a href="https://github.com/pypa/setuptools/commit/29031718a55e5c7d5bbfc572b84d35d1f1f52aff"><code>2903171</code></a> Bump version: 80.9.0 → 80.10.0</li> <li><a href="https://github.com/pypa/setuptools/commit/23a2b180ef81e6cda7fe55c14cdfca6385e8903e"><code>23a2b18</code></a> [CI] Allow the action <code>check-changed-folders</code> to be skipped in the <code>check</code> ac...</li> <li><a href="https://github.com/pypa/setuptools/commit/660e5817c2b7631494adb2e044e17fcf59f683fc"><code>660e581</code></a> [CI] Allow the action <code>check-changed-folders</code> to be skipped in the <code>check</code> ac...</li> <li>Additional commits viewable in <a href="https://github.com/pypa/setuptools/compare/v80.9.0...v80.10.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=setuptools&package-manager=pip&previous-version=80.9.0&new-version=80.10.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…hon 3.12.8 (#11976) **This is a backport of PR #11972 as merged into master (4a51c4b).** Co-authored-by: Robsdedude <dev@rouvenbauer.de>

…hon 3.12.8 (#11975) **This is a backport of PR #11972 as merged into master (4a51c4b).** Co-authored-by: Robsdedude <dev@rouvenbauer.de>

Bumps [wheel](https://github.com/pypa/wheel) from 0.45.1 to 0.46.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pypa/wheel/releases">wheel's releases</a>.</em></p> <blockquote> <h2>0.46.2</h2> <ul> <li>Restored the <code>bdist_wheel</code> command for compatibility with <code>setuptools</code> older than v70.1</li> <li>Importing <code>wheel.bdist_wheel</code> now emits a <code>FutureWarning</code> instead of a <code>DeprecationWarning</code></li> <li>Fixed <code>wheel unpack</code> potentially altering the permissions of files outside of the destination tree with maliciously crafted wheels (CVE-2026-24049)</li> </ul> <h2>0.46.1</h2> <ul> <li>Temporarily restored the <code>wheel.macosx_libfile</code> module (<a href="https://redirect.github.com/pypa/wheel/issues/659">#659</a>)</li> </ul> <h2>0.46.0</h2> <ul> <li>Dropped support for Python 3.8</li> <li>Removed the <code>bdist_wheel</code> setuptools command implementation and entry point. The <code>wheel.bdist_wheel</code> module is now just an alias to <code>setuptools.command.bdist_wheel</code>, emitting a deprecation warning on import.</li> <li>Removed vendored <code>packaging</code> in favor of a run-time dependency on it</li> <li>Made the <code>wheel.metadata</code> module private (with a deprecation warning if it's imported</li> <li>Made the <code>wheel.cli</code> package private (no deprecation warning)</li> <li>Fixed an exception when calling the <code>convert</code> command with an empty description field</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/wheel/blob/main/docs/news.rst">wheel's changelog</a>.</em></p> <blockquote> <h1>Release Notes</h1> <p><strong>0.46.2 (2026-01-22)</strong></p> <ul> <li>Restored the <code>bdist_wheel</code> command for compatibility with <code>setuptools</code> older than v70.1</li> <li>Importing <code>wheel.bdist_wheel</code> now emits a <code>FutureWarning</code> instead of a <code>DeprecationWarning</code></li> <li>Fixed <code>wheel unpack</code> potentially altering the permissions of files outside of the destination tree with maliciously crafted wheels (CVE-2026-24049)</li> </ul> <p><strong>0.46.1 (2025-04-08)</strong></p> <ul> <li>Temporarily restored the <code>wheel.macosx_libfile</code> module (<code>[#659](pypa/wheel#659) <https://github.com/pypa/wheel/issues/659></code>_)</li> </ul> <p><strong>0.46.0 (2025-04-03)</strong></p> <ul> <li>Dropped support for Python 3.8</li> <li>Removed the <code>bdist_wheel</code> setuptools command implementation and entry point. The <code>wheel.bdist_wheel</code> module is now just an alias to <code>setuptools.command.bdist_wheel</code>, emitting a deprecation warning on import.</li> <li>Removed vendored <code>packaging</code> in favor of a run-time dependency on it</li> <li>Made the <code>wheel.metadata</code> module private (with a deprecation warning if it's imported</li> <li>Made the <code>wheel.cli</code> package private (no deprecation warning)</li> <li>Fixed an exception when calling the <code>convert</code> command with an empty description field</li> </ul> <p><strong>0.45.1 (2024-11-23)</strong></p> <ul> <li>Fixed pure Python wheels converted from eggs and wininst files having the ABI tag in the file name</li> </ul> <p><strong>0.45.0 (2024-11-08)</strong></p> <ul> <li> <p>Refactored the <code>convert</code> command to not need setuptools to be installed</p> </li> <li> <p>Don't configure setuptools logging unless running <code>bdist_wheel</code></p> </li> <li> <p>Added a redirection from <code>wheel.bdist_wheel.bdist_wheel</code> to <code>setuptools.command.bdist_wheel.bdist_wheel</code> to improve compatibility with <code>setuptools</code>' latest fixes.</p> <p>Projects are still advised to migrate away from the deprecated module and import the <code>setuptools</code>' implementation explicitly. (PR by <a href="https://github.com/abravalheri"><code>@abravalheri</code></a>)</p> </li> </ul> <p><strong>0.44.0 (2024-08-04)</strong></p> <ul> <li>Canonicalized requirements in METADATA file (PR by Wim Jeantine-Glenn)</li> <li>Deprecated the <code>bdist_wheel</code> module, as the code was migrated to <code>setuptools</code></li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/wheel/commit/eba4036ccaca4e2d0c5b5bf3e3be59b2b2877d6b"><code>eba4036</code></a> Updated the version number for v0.46.2</li> <li><a href="https://github.com/pypa/wheel/commit/557fb5425036ccca95330b2c8875e54c9f4483cf"><code>557fb54</code></a> Created a new release</li> <li><a href="https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef"><code>7a7d2de</code></a> Fixed security issue around wheel unpack (<a href="https://redirect.github.com/pypa/wheel/issues/675">#675</a>)</li> <li><a href="https://github.com/pypa/wheel/commit/41418fac233d6973ea8798d620df4aa5b3aa1b66"><code>41418fa</code></a> Fixed test failures due to metadata normalization changes</li> <li><a href="https://github.com/pypa/wheel/commit/c1d442bec6c634fcfb89e5d58698dd226685bd14"><code>c1d442b</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://redirect.github.com/pypa/wheel/issues/674">#674</a>)</li> <li><a href="https://github.com/pypa/wheel/commit/0bac8820ec90b1aaa0695d79a56563137b48686d"><code>0bac882</code></a> Update github actions environments (<a href="https://redirect.github.com/pypa/wheel/issues/673">#673</a>)</li> <li><a href="https://github.com/pypa/wheel/commit/be9f45b4ee1210b2a815d2eefea56b71efd99d63"><code>be9f45b</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://redirect.github.com/pypa/wheel/issues/667">#667</a>)</li> <li><a href="https://github.com/pypa/wheel/commit/6244f08bb92d7569da6c2fbea23de0846ad34ff3"><code>6244f08</code></a> Update pre-commit ruff legacy alias (<a href="https://redirect.github.com/pypa/wheel/issues/668">#668</a>)</li> <li><a href="https://github.com/pypa/wheel/commit/15b7577654e8bcd23e009c6bac036b65c11d8d8f"><code>15b7577</code></a> PEP 639 compliance (<a href="https://redirect.github.com/pypa/wheel/issues/670">#670</a>)</li> <li><a href="https://github.com/pypa/wheel/commit/fc8cb4163e4f48d86092cb2a16076f1b3efcd10f"><code>fc8cb41</code></a> Revert "Removed redundant Python version from the publish workflow (<a href="https://redirect.github.com/pypa/wheel/issues/666">#666</a>)"</li> <li>Additional commits viewable in <a href="https://github.com/pypa/wheel/compare/0.45.1...0.46.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=wheel&package-manager=pip&previous-version=0.45.1&new-version=0.46.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [pycparser](https://github.com/eliben/pycparser) from 2.23 to 3.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/eliben/pycparser/releases">pycparser's releases</a>.</em></p> <blockquote> <h2>release_v3.00</h2> <h2>What's Changed</h2> <ul> <li>Removed dependency on PLY, by rewriting pycparser to use a hand-written lexer and recursive-descent parser for C. No API changes / functionality changes intended - the same AST is produced.</li> <li>Add support for Python 3.14 and drop EOL 3.8 by <a href="https://github.com/hugovk"><code>@hugovk</code></a> in <a href="https://redirect.github.com/eliben/pycparser/pull/581">eliben/pycparser#581</a></li> <li>Update _ast_gen.py to be in sync with c_ast.py by <a href="https://github.com/simonlindholm"><code>@simonlindholm</code></a> in <a href="https://redirect.github.com/eliben/pycparser/pull/582">eliben/pycparser#582</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/eliben/pycparser/compare/release_v2.23...release_v3.00">https://github.com/eliben/pycparser/compare/release_v2.23...release_v3.00</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/eliben/pycparser/commit/77de509f0268f44ee587b5a4d9f0d680e269fcae"><code>77de509</code></a> Prepare for release 3.00</li> <li><a href="https://github.com/eliben/pycparser/commit/e57ccd1e74247f643c4b2cacbbee986d5544bbf3"><code>e57ccd1</code></a> Update README</li> <li><a href="https://github.com/eliben/pycparser/commit/230e12d603320872d1d80f7dc230a404d737a05d"><code>230e12d</code></a> disable uv caching in CI</li> <li><a href="https://github.com/eliben/pycparser/commit/9c52f404efc87e9282fd842b7e60c66951897be7"><code>9c52f40</code></a> Update CI to run make check+test via uvx</li> <li><a href="https://github.com/eliben/pycparser/commit/6b8f0648af538004e4109a7a2b066bdba467694d"><code>6b8f064</code></a> Use dataclass where applicable; add 'make test' to Makefile</li> <li><a href="https://github.com/eliben/pycparser/commit/25376cb586ed2906c27aec4c8e3d84c18e3874e5"><code>25376cb</code></a> Use f-strings instead of older formatting in other auxiliary files</li> <li><a href="https://github.com/eliben/pycparser/commit/9bd8997deba72e2d192e16c168451ee3bdbd2001"><code>9bd8997</code></a> Use f-strings instead of older formatting in core code + tests</li> <li><a href="https://github.com/eliben/pycparser/commit/664eac25202a12abae5a1f2e9f4aec66dab156ec"><code>664eac2</code></a> Modernize some code with pattern matching</li> <li><a href="https://github.com/eliben/pycparser/commit/842f0649551a98f4fb088e344f3bc676ff6e952b"><code>842f064</code></a> Add type annotations to more examples</li> <li><a href="https://github.com/eliben/pycparser/commit/076f374a75e746da7ac71123e3fee484c69bfa85"><code>076f374</code></a> Add types to several exmaples</li> <li>Additional commits viewable in <a href="https://github.com/eliben/pycparser/compare/release_v2.23...release_v3.00">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pycparser&package-manager=pip&previous-version=2.23&new-version=3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [gunicorn](https://github.com/benoitc/gunicorn) from 23.0.0 to 24.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/benoitc/gunicorn/releases">gunicorn's releases</a>.</em></p> <blockquote> <h2>24.0.0</h2> <h2>New Features</h2> <ul> <li> <p><strong>ASGI Worker (Beta)</strong>: Native asyncio-based ASGI support for running async Python frameworks like FastAPI, Starlette, and Quart without external dependencies</p> <ul> <li>HTTP/1.1 with keepalive connections</li> <li>WebSocket support</li> <li>Lifespan protocol for startup/shutdown hooks</li> <li>Optional uvloop for improved performance</li> </ul> </li> <li> <p><strong>uWSGI Binary Protocol</strong>: Support for receiving requests from nginx via <code>uwsgi_pass</code> directive</p> </li> <li> <p><strong>Documentation Migration</strong>: Migrated to MkDocs with Material theme</p> </li> </ul> <h2>Security</h2> <ul> <li><strong>eventlet</strong>: Require eventlet >= 0.40.3 (CVE-2021-21419, CVE-2025-58068)</li> <li><strong>gevent</strong>: Require gevent >= 24.10.1 (CVE-2023-41419, CVE-2024-3219)</li> <li><strong>tornado</strong>: Require tornado >= 6.5.0 (CVE-2025-47287)</li> </ul> <h2>Install</h2> <pre><code>pip install gunicorn==24.0.0 </code></pre> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/benoitc/gunicorn/commit/3960372b820eea9161de29a1761707aaf318d514"><code>3960372</code></a> Merge pull request <a href="https://redirect.github.com/benoitc/gunicorn/issues/3426">#3426</a> from benoitc/website-2025</li> <li><a href="https://github.com/benoitc/gunicorn/commit/d34d3de01ba9e618b47849fed1c2db740737dd66"><code>d34d3de</code></a> docs: Set release date for 24.0.0</li> <li><a href="https://github.com/benoitc/gunicorn/commit/066e6d8bb307acdbe70fb7f0902feb03bacb6c95"><code>066e6d8</code></a> docs: Move ASGI worker tab after Gthread</li> <li><a href="https://github.com/benoitc/gunicorn/commit/c6b115948315108780c851f78ca643f373c4939f"><code>c6b1159</code></a> docs: Add Tornado worker to design page</li> <li><a href="https://github.com/benoitc/gunicorn/commit/c959daeb82dc5b5eafa463b5fb96857935dc9da0"><code>c959dae</code></a> docs: Redesign architecture page with visual components</li> <li><a href="https://github.com/benoitc/gunicorn/commit/571bc121d1f75ff45f559b662ad4de1a705097d3"><code>571bc12</code></a> docs: Add punchy theme with vibrant colors and modern features</li> <li><a href="https://github.com/benoitc/gunicorn/commit/73adc7cb298e2339d7de14bd7b07502ac826f843"><code>73adc7c</code></a> docs: Add collapsible TOC for settings reference</li> <li><a href="https://github.com/benoitc/gunicorn/commit/dcec6e701a22a63fa8ac1a68e47627eec724b3e8"><code>dcec6e7</code></a> docs: Modern landing page with custom template</li> <li><a href="https://github.com/benoitc/gunicorn/commit/5ea4eb340a2d0a8b5c7b963007f7b414910a64f3"><code>5ea4eb3</code></a> docs: Add 2026 changelog and modernize README</li> <li><a href="https://github.com/benoitc/gunicorn/commit/0b961036b7dc756632fc97676eb71aea3f682ca6"><code>0b96103</code></a> docs: Configure GitHub Pages deployment with custom domain</li> <li>Additional commits viewable in <a href="https://github.com/benoitc/gunicorn/compare/23.0.0...24.0.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=gunicorn&package-manager=pip&previous-version=23.0.0&new-version=24.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [wheel](https://github.com/pypa/wheel) from 0.46.2 to 0.46.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pypa/wheel/releases">wheel's releases</a>.</em></p> <blockquote> <h2>0.46.3</h2> <ul> <li>Fixed <code>ImportError: cannot import name '_setuptools_logging' from 'wheel'</code> when installed alongside an old version of setuptools and running the <code>bdist_wheel</code> command (<a href="https://redirect.github.com/pypa/wheel/issues/676">#676</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/wheel/blob/main/docs/news.rst">wheel's changelog</a>.</em></p> <blockquote> <h1>Release Notes</h1> <p><strong>0.46.3 (2026-01-22)</strong></p> <ul> <li>Fixed <code>ImportError: cannot import name '_setuptools_logging' from 'wheel'</code> when installed alongside an old version of setuptools and running the <code>bdist_wheel</code> command (<code>[#676](pypa/wheel#676) <https://github.com/pypa/wheel/issues/676></code>_)</li> </ul> <p><strong>0.46.2 (2026-01-22)</strong></p> <ul> <li>Restored the <code>bdist_wheel</code> command for compatibility with <code>setuptools</code> older than v70.1</li> <li>Importing <code>wheel.bdist_wheel</code> now emits a <code>FutureWarning</code> instead of a <code>DeprecationWarning</code></li> <li>Fixed <code>wheel unpack</code> potentially altering the permissions of files outside of the destination tree with maliciously crafted wheels (CVE-2026-24049)</li> </ul> <p><strong>0.46.1 (2025-04-08)</strong></p> <ul> <li>Temporarily restored the <code>wheel.macosx_libfile</code> module (<code>[#659](pypa/wheel#659) <https://github.com/pypa/wheel/issues/659></code>_)</li> </ul> <p><strong>0.46.0 (2025-04-03)</strong></p> <ul> <li>Dropped support for Python 3.8</li> <li>Removed the <code>bdist_wheel</code> setuptools command implementation and entry point. The <code>wheel.bdist_wheel</code> module is now just an alias to <code>setuptools.command.bdist_wheel</code>, emitting a deprecation warning on import.</li> <li>Removed vendored <code>packaging</code> in favor of a run-time dependency on it</li> <li>Made the <code>wheel.metadata</code> module private (with a deprecation warning if it's imported</li> <li>Made the <code>wheel.cli</code> package private (no deprecation warning)</li> <li>Fixed an exception when calling the <code>convert</code> command with an empty description field</li> </ul> <p><strong>0.45.1 (2024-11-23)</strong></p> <ul> <li>Fixed pure Python wheels converted from eggs and wininst files having the ABI tag in the file name</li> </ul> <p><strong>0.45.0 (2024-11-08)</strong></p> <ul> <li> <p>Refactored the <code>convert</code> command to not need setuptools to be installed</p> </li> <li> <p>Don't configure setuptools logging unless running <code>bdist_wheel</code></p> </li> <li> <p>Added a redirection from <code>wheel.bdist_wheel.bdist_wheel</code> to <code>setuptools.command.bdist_wheel.bdist_wheel</code> to improve compatibility with <code>setuptools</code>' latest fixes.</p> <p>Projects are still advised to migrate away from the deprecated module and import</p> </li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/wheel/commit/8b6fa740a7101edacb42b0f8e83a1b659ff61033"><code>8b6fa74</code></a> Created a new release</li> <li><a href="https://github.com/pypa/wheel/commit/7445fb5bc13c91052021c40981fb0ec7172880bd"><code>7445fb5</code></a> Fixed an import of a removed module</li> <li>See full diff in <a href="https://github.com/pypa/wheel/compare/0.46.2...0.46.3">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=wheel&package-manager=pip&previous-version=0.46.2&new-version=0.46.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…g in fork repositories (#11991) Co-authored-by: Rui Xi <Cycloctane@outlook.com> Co-authored-by: 🇺🇦 Sviatoslav Sydorenko <webknjaz@redhat.com>

…g in fork repositories (#11990) Co-authored-by: Rui Xi <Cycloctane@outlook.com> Co-authored-by: 🇺🇦 Sviatoslav Sydorenko <webknjaz@redhat.com> Co-authored-by: rodrigo.nogueira <rodrigo.nogueira@prf.gov.br>

Bumps [rich](https://github.com/Textualize/rich) from 14.2.0 to 14.3.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/Textualize/rich/releases">rich's releases</a>.</em></p> <blockquote> <h2>The Nerdy Fix release</h2> <p>Fixed issue with characters outside of unicode range reporting 0 cell size</p> <h2>[14.3.1] - 2026-01-24</h2> <h3>Fixed</h3> <ul> <li>Fixed characters out of unicode range reporting a cell size if 0 <a href="https://redirect.github.com/Textualize/rich/pull/3944">Textualize/rich#3944</a></li> </ul> <h2>The more emojis release</h2> <p>Rich now has support for multi-codepoint emojis. There have also been some Markdown improvements, and a number of fixes. See the release notes below for details.</p> <h2>[14.3.0] - 2026-01-24</h2> <h3>Fixed</h3> <ul> <li>IPython now respects when a <code>Console</code> instance is passed to <code>pretty.install</code> <a href="https://redirect.github.com/Textualize/rich/pull/3915">Textualize/rich#3915</a></li> <li>Fixed extraneous blank line on non-interactive disabled <code>Progress</code> <a href="https://redirect.github.com/Textualize/rich/pull/3905">Textualize/rich#3905</a></li> <li>Fixed extra padding on first cell in columns <a href="https://redirect.github.com/Textualize/rich/pull/3935">Textualize/rich#3935</a></li> <li>Fixed trailing whitespace removed when soft_wrap=True <a href="https://redirect.github.com/Textualize/rich/pull/3937">Textualize/rich#3937</a></li> <li>Fixed style new-lines when soft_wrap = True and a print style is set <a href="https://redirect.github.com/Textualize/rich/pull/3938">Textualize/rich#3938</a></li> </ul> <h3>Added</h3> <ul> <li>Added support for some multi-codepopint glyphs (will fix alignment issues for these characters) <a href="https://redirect.github.com/Textualize/rich/pull/3930">Textualize/rich#3930</a></li> <li>Added support for <code>UNICODE_VERSION</code> environment variable <a href="https://redirect.github.com/Textualize/rich/pull/3930">Textualize/rich#3930</a></li> <li>Added <code>last_render_height</code> property to LiveRender <a href="https://redirect.github.com/Textualize/rich/pull/3934">Textualize/rich#3934</a></li> <li>Expose locals_max_depth and locals_overflow in traceback.install <a href="https://redirect.github.com/Textualize/rich/pull/3906/">Textualize/rich#3906</a></li> <li>Added <code>Segment.split_lines_terminator</code> <a href="https://redirect.github.com/Textualize/rich/pull/3938">Textualize/rich#3938</a></li> </ul> <h3>Changed</h3> <ul> <li><code>cells.cell_len</code> now has a <code>unicode_version</code> parameter (that you probably should never change) <a href="https://redirect.github.com/Textualize/rich/pull/3930">Textualize/rich#3930</a></li> <li>Live will not write a new line if there was nothing rendered <a href="https://redirect.github.com/Textualize/rich/pull/3934">Textualize/rich#3934</a></li> <li>Changed style of Markdown headers <a href="https://redirect.github.com/Textualize/rich/pull/3942">Textualize/rich#3942</a></li> <li>Changed style of Markdown tables, added <code>markdown.table.header</code> and <code>markdown.table.border</code> styles <a href="https://redirect.github.com/Textualize/rich/pull/3942">Textualize/rich#3942</a></li> <li>Changed style of Markdown rules <a href="https://redirect.github.com/Textualize/rich/pull/3942">Textualize/rich#3942</a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/Textualize/rich/blob/master/CHANGELOG.md">rich's changelog</a>.</em></p> <blockquote> <h2>[14.3.1] - 2026-01-24</h2> <h3>Fixed</h3> <ul> <li>Fixed characters out of unicode range reporting a cell size if 0 <a href="https://redirect.github.com/Textualize/rich/pull/3944">Textualize/rich#3944</a></li> </ul> <h2>[14.3.0] - 2026-01-24</h2> <h3>Fixed</h3> <ul> <li>IPython now respects when a <code>Console</code> instance is passed to <code>pretty.install</code> <a href="https://redirect.github.com/Textualize/rich/pull/3915">Textualize/rich#3915</a></li> <li>Fixed extraneous blank line on non-interactive disabled <code>Progress</code> <a href="https://redirect.github.com/Textualize/rich/pull/3905">Textualize/rich#3905</a></li> <li>Fixed extra padding on first cell in columns <a href="https://redirect.github.com/Textualize/rich/pull/3935">Textualize/rich#3935</a></li> <li>Fixed trailing whitespace removed when soft_wrap=True <a href="https://redirect.github.com/Textualize/rich/pull/3937">Textualize/rich#3937</a></li> <li>Fixed style new-lines when soft_wrap = True and a print style is set <a href="https://redirect.github.com/Textualize/rich/pull/3938">Textualize/rich#3938</a></li> </ul> <h3>Added</h3> <ul> <li>Added support for some multi-codepopint glyphs (will fix alignment issues for these characters) <a href="https://redirect.github.com/Textualize/rich/pull/3930">Textualize/rich#3930</a></li> <li>Added support for <code>UNICODE_VERSION</code> environment variable <a href="https://redirect.github.com/Textualize/rich/pull/3930">Textualize/rich#3930</a></li> <li>Added <code>last_render_height</code> property to LiveRender <a href="https://redirect.github.com/Textualize/rich/pull/3934">Textualize/rich#3934</a></li> <li>Expose locals_max_depth and locals_overflow in traceback.install <a href="https://redirect.github.com/Textualize/rich/pull/3906/">Textualize/rich#3906</a></li> <li>Added <code>Segment.split_lines_terminator</code> <a href="https://redirect.github.com/Textualize/rich/pull/3938">Textualize/rich#3938</a></li> </ul> <h3>Changed</h3> <ul> <li><code>cells.cell_len</code> now has a <code>unicode_version</code> parameter (that you probably should never change) <a href="https://redirect.github.com/Textualize/rich/pull/3930">Textualize/rich#3930</a></li> <li>Live will not write a new line if there was nothing rendered <a href="https://redirect.github.com/Textualize/rich/pull/3934">Textualize/rich#3934</a></li> <li>Changed style of Markdown headers <a href="https://redirect.github.com/Textualize/rich/pull/3942">Textualize/rich#3942</a></li> <li>Changed style of Markdown tables, added <code>markdown.table.header</code> and <code>markdown.table.border</code> styles <a href="https://redirect.github.com/Textualize/rich/pull/3942">Textualize/rich#3942</a></li> <li>Changed style of Markdown rules <a href="https://redirect.github.com/Textualize/rich/pull/3942">Textualize/rich#3942</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/Textualize/rich/commit/f2a1c3b8a8f7edc41b1954cc3fb66bae32293a5e"><code>f2a1c3b</code></a> Merge pull request <a href="https://redirect.github.com/Textualize/rich/issues/3944">#3944</a> from Textualize/nerf-fonts</li> <li><a href="https://github.com/Textualize/rich/commit/2e5a5dad304b59d75aa4b4ed6cae031693e3615e"><code>2e5a5da</code></a> changelog</li> <li><a href="https://github.com/Textualize/rich/commit/73ee8232e7ea72a90130ccf67d8ffefd4122e9f4"><code>73ee823</code></a> fix fonts</li> <li><a href="https://github.com/Textualize/rich/commit/36fe3f7ca9becca4777861d5e6e625f5a4a37545"><code>36fe3f7</code></a> docstring</li> <li><a href="https://github.com/Textualize/rich/commit/9a99acc97d26d7832200a271ed8e95dd59df10c7"><code>9a99acc</code></a> Merge pull request <a href="https://redirect.github.com/Textualize/rich/issues/3828">#3828</a> from RyanSharafuddin/master</li> <li><a href="https://github.com/Textualize/rich/commit/2f56d4d1d22d901b444cfc731230e0f715498256"><code>2f56d4d</code></a> Merge pull request <a href="https://redirect.github.com/Textualize/rich/issues/3942">#3942</a> from Textualize/markdown-style</li> <li><a href="https://github.com/Textualize/rich/commit/97b5beacc3d9c1336d4bc6a3d69fec363bfe5d2c"><code>97b5bea</code></a> typo</li> <li><a href="https://github.com/Textualize/rich/commit/9303d77e8d41c6f43c090420f921dd3fc66ebfd1"><code>9303d77</code></a> markdown test</li> <li><a href="https://github.com/Textualize/rich/commit/900052cd5a67d43be8a484703c17599de6f88dea"><code>900052c</code></a> bump</li> <li><a href="https://github.com/Textualize/rich/commit/e9b0e19158034a49f2d7048cdf82d7146e59715f"><code>e9b0e19</code></a> Update to markdown styles</li> <li>Additional commits viewable in <a href="https://github.com/Textualize/rich/compare/v14.2.0...v14.3.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=rich&package-manager=pip&previous-version=14.2.0&new-version=14.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

(cherry picked from commit 1851048) --------- Co-authored-by: Dhiral Vyas <dhiral@users.noreply.github.com>

(cherry picked from commit bad4131) Co-authored-by: vmfunc <celeste@linux.com>

(cherry picked from commit 1851048) --------- Co-authored-by: Dhiral Vyas <dhiral@users.noreply.github.com>

…#12215) **This is a backport of PR #12201 as merged into master (61a661d).** Co-authored-by: Sam Bull <git@sambull.org>

(cherry picked from commit 5fe9dfb)

…teration (#12230) **This is a backport of PR #12216 as merged into master (9cc4b91).** --------- Co-authored-by: Sam Bull <git@sambull.org>

…teration (#12229) **This is a backport of PR #12216 as merged into master (9cc4b91).** --------- Co-authored-by: Sam Bull <git@sambull.org>

…cks to RFC 9110 (#12236)

…cks to RFC 9110 (#12235) Co-authored-by: rodrigo.nogueira <rodrigo.nogueira@prf.gov.br>

…s in C extension parser (#12242) **This is a backport of PR #12240 as merged into master (345d253).** Co-authored-by: Rodrigo Nogueira <rodrigo.b.nogueira@gmail.com>

…s in C extension parser (#12241) **This is a backport of PR #12240 as merged into master (345d253).** Co-authored-by: Rodrigo Nogueira <rodrigo.b.nogueira@gmail.com>

…able request bodies (#12245)

…y is not HTTPS (#12248) **This is a backport of PR #12238 as merged into master (24cb8c9).** Co-authored-by: wavebyrd <160968744+wavebyrd@users.noreply.github.com>

…er (#12249) (#12257)

…er (#12249) (#12256)

Bumps [actions/cache](https://github.com/actions/cache) from 5.0.3 to 5.0.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/releases">actions/cache's releases</a>.</em></p> <blockquote> <h2>v5.0.4</h2> <h2>What's Changed</h2> <ul> <li>Add release instructions and update maintainer docs by <a href="https://github.com/Link"><code>@Link</code></a>- in <a href="https://redirect.github.com/actions/cache/pull/1696">actions/cache#1696</a></li> <li>Potential fix for code scanning alert no. 52: Workflow does not contain permissions by <a href="https://github.com/Link"><code>@Link</code></a>- in <a href="https://redirect.github.com/actions/cache/pull/1697">actions/cache#1697</a></li> <li>Fix workflow permissions and cleanup workflow names / formatting by <a href="https://github.com/Link"><code>@Link</code></a>- in <a href="https://redirect.github.com/actions/cache/pull/1699">actions/cache#1699</a></li> <li>docs: Update examples to use the latest version by <a href="https://github.com/XZTDean"><code>@XZTDean</code></a> in <a href="https://redirect.github.com/actions/cache/pull/1690">actions/cache#1690</a></li> <li>Fix proxy integration tests by <a href="https://github.com/Link"><code>@Link</code></a>- in <a href="https://redirect.github.com/actions/cache/pull/1701">actions/cache#1701</a></li> <li>Fix cache key in examples.md for bun.lock by <a href="https://github.com/RyPeck"><code>@RyPeck</code></a> in <a href="https://redirect.github.com/actions/cache/pull/1722">actions/cache#1722</a></li> <li>Update dependencies & patch security vulnerabilities by <a href="https://github.com/Link"><code>@Link</code></a>- in <a href="https://redirect.github.com/actions/cache/pull/1738">actions/cache#1738</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/XZTDean"><code>@XZTDean</code></a> made their first contribution in <a href="https://redirect.github.com/actions/cache/pull/1690">actions/cache#1690</a></li> <li><a href="https://github.com/RyPeck"><code>@RyPeck</code></a> made their first contribution in <a href="https://redirect.github.com/actions/cache/pull/1722">actions/cache#1722</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/cache/compare/v5...v5.0.4">https://github.com/actions/cache/compare/v5...v5.0.4</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's changelog</a>.</em></p> <blockquote> <h3>5.0.4</h3> <ul> <li>Bump <code>minimatch</code> to v3.1.5 (fixes ReDoS via globstar patterns)</li> <li>Bump <code>undici</code> to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)</li> <li>Bump <code>fast-xml-parser</code> to v5.5.6</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/cache/commit/668228422ae6a00e4ad889ee87cd7109ec5666a7"><code>6682284</code></a> Merge pull request <a href="https://redirect.github.com/actions/cache/issues/1738">#1738</a> from actions/prepare-v5.0.4</li> <li><a href="https://github.com/actions/cache/commit/e34039626f957d3e3e50843d15c1b20547fc90e2"><code>e340396</code></a> Update RELEASES</li> <li><a href="https://github.com/actions/cache/commit/8a671105293e81530f1af99863cdf94550aba1a6"><code>8a67110</code></a> Add licenses</li> <li><a href="https://github.com/actions/cache/commit/1865903e1b0cb750dda9bc5c58be03424cc62830"><code>1865903</code></a> Update dependencies & patch security vulnerabilities</li> <li><a href="https://github.com/actions/cache/commit/565629816435f6c0b50676926c9b05c254113c0c"><code>5656298</code></a> Merge pull request <a href="https://redirect.github.com/actions/cache/issues/1722">#1722</a> from RyPeck/patch-1</li> <li><a href="https://github.com/actions/cache/commit/4e380d19e192ace8e86f23f32ca6fdec98a673c6"><code>4e380d1</code></a> Fix cache key in examples.md for bun.lock</li> <li><a href="https://github.com/actions/cache/commit/b7e8d49f17405cc70c1c120101943203c98d3a4b"><code>b7e8d49</code></a> Merge pull request <a href="https://redirect.github.com/actions/cache/issues/1701">#1701</a> from actions/Link-/fix-proxy-integration-tests</li> <li><a href="https://github.com/actions/cache/commit/984a21b1cb176a0936f4edafb42be88978f93ef1"><code>984a21b</code></a> Add traffic sanity check step</li> <li><a href="https://github.com/actions/cache/commit/acf2f1f76affe1ef80eee8e56dfddd3b3e5f0fba"><code>acf2f1f</code></a> Fix resolution</li> <li><a href="https://github.com/actions/cache/commit/95a07c51324af6001b4d6ab8dff29f4dfadc2531"><code>95a07c5</code></a> Add wait for proxy</li> <li>Additional commits viewable in <a href="https://github.com/actions/cache/compare/v5.0.3...v5.0.4">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache&package-manager=github_actions&previous-version=5.0.3&new-version=5.0.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…elease in HTTP parser (#12269) Co-authored-by: Dexter.k <164054284+rootvector2@users.noreply.github.com>

…elease in HTTP parser (#12270) Co-authored-by: Dexter.k <164054284+rootvector2@users.noreply.github.com>

…cookie jar to ad-hoc request cookie jar (#12274) **This is a backport of PR #12271 as merged into master (e04da11).** Co-authored-by: Krishna Chaitanya <krishnabkc15@gmail.com>

Backport cherry picked from commit b26c9ae

dependabot bot and others added 30 commits January 5, 2026 10:42

[PR #11940/a47740c backport][3.13] Restore BodyPartReader.decode() as…

016e652

… sync method, add decode_async() for non-blocking decompression (#11944)

[PR #11940/a47740c backport][3.14] Restore BodyPartReader.decode() as…

2fc38fe

… sync method, add decode_async() for non-blocking decompression (#11943)

[PR #11938/d09103a5 backport][3.14] Add Windows 11 ARM64 to CI/CD wor…

75c3ef2

…kflow matrix (#11958) **This is a backport of PR #11938 as merged into master (d09103a).** Co-authored-by: AraHaan <seandhunt_7@yahoo.com>

Add max_headers parameter (#11955) (#11959)

30ec25f

(cherry picked from commit ed6440c)

Add max_headers parameter (#11955) (#11959) (#11960)

0c2e9da

(cherry picked from commit ed6440c) (cherry picked from commit 30ec25f)

[PR #11972/4a51c4ba backport][3.14] NEEDS_CLEANUP_CLOSED fixed in Pyt…

2b6bb4b

…hon 3.12.8 (#11976) **This is a backport of PR #11972 as merged into master (4a51c4b).** Co-authored-by: Robsdedude <dev@rouvenbauer.de>

[PR #11972/4a51c4ba backport][3.13] NEEDS_CLEANUP_CLOSED fixed in Pyt…

e03822d

…hon 3.12.8 (#11975) **This is a backport of PR #11972 as merged into master (4a51c4b).** Co-authored-by: Robsdedude <dev@rouvenbauer.de>

[PR #11737/f30f43e6 backport][3.14] Skip benchmarks in ci when runnin…

bca4bcf

…g in fork repositories (#11991) Co-authored-by: Rui Xi <Cycloctane@outlook.com> Co-authored-by: 🇺🇦 Sviatoslav Sydorenko <webknjaz@redhat.com>

[PR #11737/f30f43e6 backport][3.13] Skip benchmarks in ci when runnin…

4a6936d

…g in fork repositories (#11990) Co-authored-by: Rui Xi <Cycloctane@outlook.com> Co-authored-by: 🇺🇦 Sviatoslav Sydorenko <webknjaz@redhat.com> Co-authored-by: rodrigo.nogueira <rodrigo.nogueira@prf.gov.br>

Dreamsorcerer and others added 27 commits March 7, 2026 18:13

Restrict reason (#12209) (#12211)

2655be9

(cherry picked from commit 1851048) --------- Co-authored-by: Dhiral Vyas <dhiral@users.noreply.github.com>

Reject null bytes in headers (#12210) (#12213)

764a6c8

(cherry picked from commit bad4131) Co-authored-by: vmfunc <celeste@linux.com>

Reject null bytes in headers (#12210) (#12214)

db560cf

(cherry picked from commit bad4131) Co-authored-by: vmfunc <celeste@linux.com>

Restrict reason (#12209) (#12212)

53b35a2

(cherry picked from commit 1851048) --------- Co-authored-by: Dhiral Vyas <dhiral@users.noreply.github.com>

[PR #12201/61a661d9 backport][3.14] Drop version from autobahn config (…

03d5a8a

…#12215) **This is a backport of PR #12201 as merged into master (61a661d).** Co-authored-by: Sam Bull <git@sambull.org>

Restrict multipart header sizes (#12208) (#12227)

3007c37

(cherry picked from commit 5fe9dfb)

Restrict multipart header sizes (#12208) (#12228)

8a74257

(cherry picked from commit 5fe9dfb)

[PR #12216/9cc4b917 backport][3.14] Check multipart max_size during i…

9d58822

…teration (#12230) **This is a backport of PR #12216 as merged into master (9cc4b91).** --------- Co-authored-by: Sam Bull <git@sambull.org>

[PR #12216/9cc4b917 backport][3.13] Check multipart max_size during i…

cbb774f

…teration (#12229) **This is a backport of PR #12216 as merged into master (9cc4b91).** --------- Co-authored-by: Sam Bull <git@sambull.org>

[PR #12231/7043bc56 backport][3.14] Adjust header value character che…

0341d64

…cks to RFC 9110 (#12236)

[PR #12231/7043bc56 backport][3.13] Adjust header value character che…

9370b97

…cks to RFC 9110 (#12235) Co-authored-by: rodrigo.nogueira <rodrigo.nogueira@prf.gov.br>

[PR #12240/345d2537 backport][3.14] Reject duplicate singleton header…

5242641

…s in C extension parser (#12242) **This is a backport of PR #12240 as merged into master (345d253).** Co-authored-by: Rodrigo Nogueira <rodrigo.b.nogueira@gmail.com>

[PR #12240/345d2537 backport][3.13] Reject duplicate singleton header…

e00ca3c

…s in C extension parser (#12241) **This is a backport of PR #12240 as merged into master (345d253).** Co-authored-by: Rodrigo Nogueira <rodrigo.b.nogueira@gmail.com>

[PR #12217 backport][3.14] Raise on redirect with consumed non-rewind…

5f50bac

…able request bodies (#12245)

[PR #12238/24cb8c9c backport][3.14] Skip TLS-in-TLS warning when prox…

2b256cf

…y is not HTTPS (#12248) **This is a backport of PR #12238 as merged into master (24cb8c9).** Co-authored-by: wavebyrd <160968744+wavebyrd@users.noreply.github.com>

[Backport 3.14] Tokenize Connection header values in Python HTTP pars…

7ae2760

…er (#12249) (#12257)

[Backport 3.13] Tokenize Connection header values in Python HTTP pars…

5279fbd

…er (#12249) (#12256)

[PR #12265/b5a51707 backport][3.13] Avoid accessing Py_buffer after r…

625f29e

…elease in HTTP parser (#12269) Co-authored-by: Dexter.k <164054284+rootvector2@users.noreply.github.com>

[PR #12265/b5a51707 backport][3.14] Avoid accessing Py_buffer after r…

f983c51

…elease in HTTP parser (#12270) Co-authored-by: Dexter.k <164054284+rootvector2@users.noreply.github.com>

[PR #12271/e04da11f backport][3.14] Copy unsafe setting from session …

6a86e0f

…cookie jar to ad-hoc request cookie jar (#12274) **This is a backport of PR #12271 as merged into master (e04da11).** Co-authored-by: Krishna Chaitanya <krishnabkc15@gmail.com>

Raise ConnectionResetError if transport is None (#11761) (#12283)

8bdc7c7

Backport cherry picked from commit b26c9ae

Bump sigstore/gh-action-sigstore-python from 3.2.0 to 3.3.0 (#12288)

e65d1ff

Release v3.13.4 (#12291)

9f7c7ab

Merge branch '3.13' into 3.14

a9a0609

Merge branch '3.14'

5ed2e12

pull bot locked and limited conversation to collaborators Mar 28, 2026

pull bot added the ⤵️ pull label Mar 28, 2026

pull bot merged commit 5ed2e12 into tj-python:master Mar 28, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[pull] master from aio-libs:master#512

[pull] master from aio-libs:master#512
pull[bot] merged 143 commits intotj-python:masterfrom
aio-libs:master

pull bot commented Mar 28, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

8 participants

Conversation

pull bot commented Mar 28, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

8 participants

pull bot commented Mar 28, 2026 •

edited

Loading