Skip to content

deps: bump the python-dependencies group across 1 directory with 8 updates#145

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/pip/python-dependencies-4535448a81
Open

deps: bump the python-dependencies group across 1 directory with 8 updates#145
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/pip/python-dependencies-4535448a81

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 27, 2026

Updates the requirements on setuptools, protobuf, requests, future, tox, wheel, twine and opentelemetry-instrumentation-logging to permit the latest version.
Updates setuptools from 82.0.0 to 82.0.1

Changelog

Sourced from setuptools's changelog.

v82.0.1

Bugfixes

  • Fix the loading of launcher manifest.xml file. (#5047)
  • Replaced deprecated json.__version__ with fixture in tests. (#5186)

Improved Documentation

  • Add advice about how to improve predictability when installing sdists. (#5168)

Misc

Commits
  • 5a13876 Bump version: 82.0.0 → 82.0.1
  • 51ab8f1 Avoid using (deprecated) 'json.version' in tests (#5194)
  • f9c37b2 Docs/CI: Fix intersphinx references (#5195)
  • 8173db2 Docs: Fix intersphinx references
  • 09bafbc Fix past tense on newsfragment
  • 461ea56 Add news fragment
  • c4ffe53 Avoid using (deprecated) 'json.version' in tests
  • 749258b Cleanup pkg_resources dependencies and configuration (#5175)
  • 2019c16 Parse ext-module.define-macros from pyproject.toml as list of tuples (#5169)
  • b809c86 Sync setuptools schema with validate-pyproject (#5157)
  • Additional commits viewable in compare view

Updates protobuf from 6.33.5 to 7.34.1

Release notes

Sourced from protobuf's releases.

Protocol Buffers v34.0-rc1

Announcements

Bazel

Compiler

C++

... (truncated)

Commits

Updates requests from 2.32.5 to 2.33.1

Release notes

Sourced from requests's releases.

v2.33.1

2.33.1 (2026-03-30)

Bugfixes

  • Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)
  • Fixed Content-Type header parsing for malformed values. (#7309)
  • Improved error consistency for malformed header values. (#7308)

New Contributors

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2331-2026-03-30

v2.33.0

2.33.0 (2026-03-25)

Announcements

  • 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

  • CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

  • Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

  • Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

  • Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

  • Various typo fixes and doc improvements.

New Contributors

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25

Changelog

Sourced from requests's changelog.

2.33.1 (2026-03-30)

Bugfixes

  • Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)
  • Fixed Content-Type header parsing for malformed values. (#7309)
  • Improved error consistency for malformed header values. (#7308)

2.33.0 (2026-03-25)

Announcements

  • 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

  • CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

  • Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

  • Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

  • Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

  • Various typo fixes and doc improvements.
Commits

Updates future to 1.0.0

Release notes

Sourced from future's releases.

v1.0.0

The new version number of 1.0.0 indicates that the python-future project, like Python 2, is now done.

The most important change in this release is adding support for Python 3.12 (ba1cc50 and a6222d2 and bcced95).

This release also includes these fixes:

  • Small updates to the docs
  • Add SECURITY.md describing security policy (0598d1b)
  • Fix pasteurize: NameError: name 'unicode' is not defined (de68c10)
  • Move CI to GitHub Actions (8cd11e8)
  • Add setuptools to requirements for building docs (0c347ff)
  • Fix typos in docs (350e87a)
  • Make the fix_unpacking fixer more robust (de68c10)
  • Small improvements to shell scripts according to shellcheck (6153844)
Changelog

Sourced from future's changelog.

.. _whats-old:

Changes in previous versions

Changes in the most recent major version are here: :ref:whats-new.

Changes in version 0.18.3 (2023-01-13)

This is a minor bug-fix release containing a number of fixes:

  • Backport fix for bpo-38804 (c91d70b)
  • Fix bug in fix_print.py fixer (dffc579)
  • Fix bug in fix_raise.py fixer (3401099)
  • Fix newint bool in py3 (fe645ba)
  • Fix bug in super() with metaclasses (6e27aac)
  • docs: fix simple typo, reqest -> request (974eb1f)
  • Correct eq (c780bf5)
  • Pass if lint fails (2abe00d)
  • Update docker image and parcel out to constant variable. Add comment to update version constant (45cf382)
  • fix order (f96a219)
  • Add flake8 to image (046ff18)
  • Make lint.sh executable (58cc984)
  • Add docker push to optimize CI (01e8440)
  • Build System (42b3025)
  • Add docs build status badge to README.md (3f40bd7)
  • Use same docs requirements in tox (18ecc5a)
  • Add docs/requirements.txt (5f9893f)
  • Add PY37_PLUS, PY38_PLUS, and PY39_PLUS (bee0247)
  • fix 2.6 test, better comment (ddedcb9)
  • fix 2.6 test (3f1ff7e)
  • remove nan test (4dbded1)
  • include list test values (e3f1a12)
  • fix other python2 test issues (c051026)
  • fix missing subTest (f006cad)
  • import from old imp library on older python versions (fc84fa8)
  • replace fstrings with format for python 3.4,3.5 (4a687ea)
  • minor style/spelling fixes (8302d8c)
  • improve cmp function, add unittest (0d95a40)
  • Pin typing==3.7.4.1 for Python 3.3 compatiblity (1a48f1b)
  • Fix various py26 unit test failures (9ca5a14)
  • Add initial contributing guide with docs build instruction (e55f915)
  • Add docs building to tox.ini (3ee9e7f)
  • Support NumPy's specialized int types in builtins.round (b4b54f0)
  • Added r""" to the docstring to avoid warnings in python3 (5f94572)
  • Add subclasscheck for past.types.basestring (c9bc0ff)
  • Correct example in README (681e78c)
  • Add simple documentation (6c6e3ae)
  • Add pre-commit hooks (a9c6a37)
  • Handling of next and next by future.utils.get_next was reversed (52b0ff9)

... (truncated)

Commits

Updates tox to 4.53.0

Release notes

Sourced from tox's releases.

v4.53.0

What's Changed

Full Changelog: tox-dev/tox@4.52.1...4.53.0

Changelog

Sourced from tox's changelog.

Features - 4.53.0

  • TOML env_list now accepts bare range dicts ({ prefix = "3.", start = 12, stop = 14 }) and bare labeled dicts ({ ecosystem = ["oci", "python"] }) as top-level items, removing the { product = [...] } wrapper when there is only a single factor group - by :user:gaborbernat. (:issue:3923)

Bug fixes - 4.53.0

  • Nesting a range or labeled dict inside a product factor-group list now raises a clear error pointing at the un-nesting fix, instead of silently producing a malformed environment name - by :user:gaborbernat. (:issue:3923)

v4.52.1 (2026-04-09)

Bug fixes - 4.52.1

  • Changing a resolution-affecting environment variable via set_env (e.g. PIP_INDEX_URL) now invalidates the install cache and triggers a reinstall, rather than incorrectly reusing the cached environment - by :user:gaborbernat. (:issue:3917)
  • Use normalize_isa from python-discovery for architecture factor matching, supporting aliases like i686x86 and aarch64arm64 - by :user:rahuldevikar. (:issue:3919)

v4.52.0 (2026-03-30)

Features - 4.52.0

  • Add virtualenv-pep-723 runner that reads dependencies and Python version from :PEP:723 inline script metadata — no need to duplicate them in tox config - by :user:gaborbernat. (:issue:3897)
  • Support escaped dots (\.) in -x/--override keys, allowing overrides to target environments with dots in their names such as py3.14 - by :user:gaborbernat. (:issue:3910)

Bug fixes - 4.52.0

  • Auto-generate the manpage from the CLI argparse parser at wheel build time, fixing broken section headers and documenting all commands and options - by :user:gaborbernat. (:issue:3878)

Miscellaneous internal changes - 4.52.0

  • Remove unsupported --remote flag from gh repo fork in the update-schemastore workflow, as recent versions of gh no longer accept it - by :user:rahuldevikar. (:issue:3908)

... (truncated)

Commits
  • 4c584f2 release 4.53.0
  • ddd7280 ✨ feat(toml): allow bare range/labeled dicts in env_list (#3923)
  • 3e7f9df [pre-commit.ci] pre-commit autoupdate (#3922)
  • 71ef9bf release 4.52.1
  • d15c8fa 🐛 fix(pip): invalidate install cache on resolution env var changes (#3921)
  • c1add25 build(deps): bump pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0 (#3920)
  • 1866b9d use normalize_isa for architecture factor matching (#3919)
  • ec77d9f [pre-commit.ci] pre-commit autoupdate (#3918)
  • e7052a6 build(deps): bump astral-sh/setup-uv from 7.6.0 to 8.0.0 (#3915)
  • d83d577 release 4.52.0
  • Additional commits viewable in compare view

Updates wheel from 0.46.3 to 0.47.0

Release notes

Sourced from wheel's releases.

0.47.0

  • Added the wheel info subcommand to display metadata about wheel files without unpacking them (#639)
  • Fixed WheelFile raising Missing RECORD file when the wheel filename contains uppercase characters (e.g. Django-3.2.5.whl) but the .dist-info directory inside uses normalized lowercase naming (#411)
Changelog

Sourced from wheel's changelog.

Release Notes

0.47.0 (2026-04-22)

  • Added the wheel info subcommand to display metadata about wheel files without unpacking them ([#639](https://github.com/pypa/wheel/issues/639) <https://github.com/pypa/wheel/issues/639>_)
  • Fixed WheelFile raising Missing RECORD file when the wheel filename contains uppercase characters (e.g. Django-3.2.5.whl) but the .dist-info directory inside uses normalized lowercase naming ([#411](https://github.com/pypa/wheel/issues/411) <https://github.com/pypa/wheel/issues/411>_)

0.46.3 (2026-01-22)

  • Fixed ImportError: cannot import name '_setuptools_logging' from 'wheel' when installed alongside an old version of setuptools and running the bdist_wheel command ([#676](https://github.com/pypa/wheel/issues/676) <https://github.com/pypa/wheel/issues/676>_)

0.46.2 (2026-01-22)

  • Restored the bdist_wheel command for compatibility with setuptools older than v70.1
  • Importing wheel.bdist_wheel now emits a FutureWarning instead of a DeprecationWarning
  • Fixed wheel unpack potentially altering the permissions of files outside of the destination tree with maliciously crafted wheels (CVE-2026-24049)

0.46.1 (2025-04-08)

  • Temporarily restored the wheel.macosx_libfile module ([#659](https://github.com/pypa/wheel/issues/659) <https://github.com/pypa/wheel/issues/659>_)

0.46.0 (2025-04-03)

  • Dropped support for Python 3.8
  • Removed the bdist_wheel setuptools command implementation and entry point. The wheel.bdist_wheel module is now just an alias to setuptools.command.bdist_wheel, emitting a deprecation warning on import.
  • Removed vendored packaging in favor of a run-time dependency on it
  • Made the wheel.metadata module private (with a deprecation warning if it's imported
  • Made the wheel.cli package private (no deprecation warning)
  • Fixed an exception when calling the convert command with an empty description field

0.45.1 (2024-11-23)

  • Fixed pure Python wheels converted from eggs and wininst files having the ABI tag in the file name

... (truncated)

Commits
  • efd83a7 Created a new release
  • bb69216 Reordered the changelog entries
  • d5a1763 fix(wheelfile): resolve .dist-info path case-insensitively when reading wheel...
  • 5718957 [pre-commit.ci] pre-commit autoupdate (#685)
  • 6258068 chore: log_level is better than log_cli_level (#684)
  • 2975deb Require tox >= 4.22
  • 47674ba chore: add check-sdist to checks (#681)
  • 56223f6 __package____spec__.parent (#679)
  • 0ce509e Added the wheel info subcommand (#669)
  • 39039c0 Improved the index page
  • Additional commits viewable in compare view

Updates twine to 6.2.0

Changelog

Sourced from twine's changelog.

twine 6.2.0 (2025-09-04)

Features ^^^^^^^^

  • Automatically refresh short-lived PyPI token in long running Trusted Publishing uploads.

    In the event that a trusted publishing upload job is taking longer than the validity period of a trusted publishing token (15 minutes at the time of this writing), and we are already 10 minutes into that validity period, we will begin to attempt to replace the token on each subsequent request. ([#1246](https://github.com/pypa/twine/issues/1246) <https://github.com/pypa/twine/issues/1246>_)

Bugfixes ^^^^^^^^

  • Fix compatibility kludge for invalid License-File metadata entries emitted by build backends to work also with packaging version 24.0. ([#1217](https://github.com/pypa/twine/issues/1217) <https://github.com/pypa/twine/issues/1217>_)
  • Fix a couple of incorrectly rendered error messages. ([#1224](https://github.com/pypa/twine/issues/1224) <https://github.com/pypa/twine/issues/1224>_)
  • twine now enforces keyring >= 21.2.0, which was previously implicitly required by API usage. ([#1229](https://github.com/pypa/twine/issues/1229) <https://github.com/pypa/twine/issues/1229>_)
  • twine now catches configparser.Error to prevent accidental leaks of secret tokens or passwords to the user's console. ([#1240](https://github.com/pypa/twine/issues/1240) <https://github.com/pypa/twine/issues/1240>_)

Deprecations and Removals ^^^^^^^^^^^^^^^^^^^^^^^^^

  • Remove hacks that support --skip-existing for indexes other than PyPI and TestPyPI.

    To date, these hacks continue to accrue and there have been numerous issues with them, not the least of which being that every time we update them, the paid index providers change things to break the compatibility we implement for them. Beyond that, these hacks do not work when text is internationalized in the response from the index provider.

    For a sample of past issues, see:

... (truncated)

Commits
  • 14ceb29 Update changelog for 6.2.0 (#1264)
  • 60e377b build(deps): bump actions/checkout from 4.2.2 to 5.0.0 (#1263)
  • 88821f2 feat(package): remove MD5 hashing entirely (#1262)
  • ce5fe53 build(deps): bump actions/download-artifact from 4.3.0 to 5.0.0
  • 6a696ed PEP 639 compliance
  • 9175334 rename 1247.misc.rst to changelog/1247.misc.rst
  • d94a475 fix(tests): update expected error message
  • c1c02d1 Remove --skip-existing support for non-PyPI indices
  • a24d308 Set trusted publishing logging to INFO/WARN (#1247)
  • becf1a8 Fix py3.9 mypy error in __init__ around PackageMetadata
  • Additional commits viewable in compare view

Updates opentelemetry-instrumentation-logging from 0.60b1 to 0.62b1

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
deps: bump the python-dependencies group across 1 directory with 8 up…
619af3f 
…dates

Updates the requirements on [setuptools](https://github.com/pypa/setuptools), [protobuf](https://github.com/protocolbuffers/protobuf), [requests](https://github.com/psf/requests), [future](https://github.com/PythonCharmers/python-future), [tox](https://github.com/tox-dev/tox), [wheel](https://github.com/pypa/wheel), [twine](https://github.com/pypa/twine) and [opentelemetry-instrumentation-logging](https://github.com/open-telemetry/opentelemetry-python-contrib) to permit the latest version.

Updates `setuptools` from 82.0.0 to 82.0.1
- [Release notes](https://github.com/pypa/setuptools/releases)
- [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst)
- [Commits](pypa/setuptools@v82.0.0...v82.0.1)

Updates `protobuf` from 6.33.5 to 7.34.1
- [Release notes](https://github.com/protocolbuffers/protobuf/releases)
- [Commits](https://github.com/protocolbuffers/protobuf/commits)

Updates `requests` from 2.32.5 to 2.33.1
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.32.5...v2.33.1)

Updates `future` to 1.0.0
- [Release notes](https://github.com/PythonCharmers/python-future/releases)
- [Changelog](https://github.com/PythonCharmers/python-future/blob/master/docs/changelog.rst)
- [Commits](PythonCharmers/python-future@v0.18.3...v1.0.0)

Updates `tox` to 4.53.0
- [Release notes](https://github.com/tox-dev/tox/releases)
- [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst)
- [Commits](tox-dev/tox@4.15.0...4.53.0)

Updates `wheel` from 0.46.3 to 0.47.0
- [Release notes](https://github.com/pypa/wheel/releases)
- [Changelog](https://github.com/pypa/wheel/blob/main/docs/news.rst)
- [Commits](pypa/wheel@0.46.3...0.47.0)

Updates `twine` to 6.2.0
- [Release notes](https://github.com/pypa/twine/releases)
- [Changelog](https://github.com/pypa/twine/blob/main/docs/changelog.rst)
- [Commits](pypa/twine@5.0.0...6.2.0)

Updates `opentelemetry-instrumentation-logging` from 0.60b1 to 0.62b1
- [Release notes](https://github.com/open-telemetry/opentelemetry-python-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-python-contrib/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-python-contrib/commits)

---
updated-dependencies:
- dependency-name: setuptools
  dependency-version: 82.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-dependencies
- dependency-name: protobuf
  dependency-version: 7.34.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: python-dependencies
- dependency-name: requests
  dependency-version: 2.33.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: future
  dependency-version: 1.0.0
  dependency-type: direct:production
  dependency-group: python-dependencies
- dependency-name: tox
  dependency-version: 4.53.0
  dependency-type: direct:production
  dependency-group: python-dependencies
- dependency-name: wheel
  dependency-version: 0.47.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: twine
  dependency-version: 6.2.0
  dependency-type: direct:production
  dependency-group: python-dependencies
- dependency-name: opentelemetry-instrumentation-logging
  dependency-version: 0.62b1
  dependency-type: direct:development
  dependency-group: python-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Apr 27, 2026
claude[bot]
claude Bot reviewed Apr 27, 2026
View reviewed changes
Copy link
Copy Markdown

@claude claude Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Claude Code Review

This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.

Tip: disable this comment in your organization's Code Review settings.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@claude claude[bot] claude[bot] left review comments

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants