From c52636aa8788c9189ff27055b1d7b9aac06db213 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 31 Jul 2025 11:38:15 +0000 Subject: [PATCH 1/3] Bump pip from 25.1.1 to 25.2 (#11371) Bumps [pip](https://github.com/pypa/pip) from 25.1.1 to 25.2.
Changelog

Sourced from pip's changelog.

25.2 (2025-07-30)

Features

Bug Fixes

Vendored Libraries

... (truncated)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=25.1.1&new-version=25.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index c2b676429fe..f721db5a6b1 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -306,7 +306,7 @@ zstandard==0.23.0 ; implementation_name == "cpython" # -r requirements/runtime-deps.in # The following packages are considered to be unsafe in a requirements file: -pip==25.1.1 +pip==25.2 # via pip-tools setuptools==80.9.0 # via diff --git a/requirements/dev.txt b/requirements/dev.txt index 0045161004a..e7a4e3d5ba5 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -297,7 +297,7 @@ zstandard==0.23.0 ; platform_python_implementation == "CPython" and python_versi # -r requirements/runtime-deps.in # The following packages are considered to be unsafe in a requirements file: -pip==25.1.1 +pip==25.2 # via pip-tools setuptools==80.9.0 # via From 960e41166329f743393b4868fa06701c7bb33ceb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 31 Jul 2025 11:47:29 +0000 Subject: [PATCH 2/3] Bump mypy from 1.17.0 to 1.17.1 (#11376) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [mypy](https://github.com/python/mypy) from 1.17.0 to 1.17.1.
Changelog

Sourced from mypy's changelog.

Mypy 1.17.1

  • Retain None as constraints bottom if no bottoms were provided (Stanislav Terliakov, PR 19485)
  • Fix "ignored exception in hasattr" in dmypy (Stanislav Terliakov, PR 19428)
  • Prevent a crash when InitVar is redefined with a method in a subclass (Stanislav Terliakov, PR 19453)

Acknowledgements

Thanks to all mypy contributors who contributed to this release:

  • Alexey Makridenko
  • Brian Schubert
  • Chad Dombrova
  • Chainfire
  • Charlie Denton
  • Charulata
  • Christoph Tyralla
  • CoolCat467
  • Donal Burns
  • Guy Wilson
  • Ivan Levkivskyi
  • johnthagen
  • Jukka Lehtosalo
  • Łukasz Kwieciński
  • Marc Mueller
  • Michael J. Sullivan
  • Mikhail Golubev
  • Sebastian Rittau
  • Shantanu
  • Stanislav Terliakov
  • wyattscarpenter

I’d also like to thank my employer, Dropbox, for supporting mypy development.

Mypy 1.16

We’ve just uploaded mypy 1.16 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

Different Property Getter and Setter Types

Mypy now supports using different types for a property getter and setter:

class A:
    _value: int
</tr></table>

... (truncated)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=mypy&package-manager=pip&previous-version=1.17.0&new-version=1.17.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- requirements/test.txt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index f721db5a6b1..d8bdf4228f8 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -118,7 +118,7 @@ multidict==6.6.3 # -r requirements/multidict.in # -r requirements/runtime-deps.in # yarl -mypy==1.17.0 ; implementation_name == "cpython" +mypy==1.17.1 ; implementation_name == "cpython" # via # -r requirements/lint.in # -r requirements/test.in diff --git a/requirements/dev.txt b/requirements/dev.txt index e7a4e3d5ba5..4faef8baf19 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -115,7 +115,7 @@ multidict==6.6.3 # via # -r requirements/runtime-deps.in # yarl -mypy==1.17.0 ; implementation_name == "cpython" +mypy==1.17.1 ; implementation_name == "cpython" # via # -r requirements/lint.in # -r requirements/test.in diff --git a/requirements/lint.txt b/requirements/lint.txt index a16f5adfef2..4162e0de54a 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -45,7 +45,7 @@ markdown-it-py==3.0.0 # via rich mdurl==0.1.2 # via markdown-it-py -mypy==1.17.0 ; implementation_name == "cpython" +mypy==1.17.1 ; implementation_name == "cpython" # via -r requirements/lint.in mypy-extensions==1.1.0 # via mypy diff --git a/requirements/test.txt b/requirements/test.txt index 3f30e249fb9..12d07b5e3a2 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -61,7 +61,7 @@ multidict==6.6.3 # via # -r requirements/runtime-deps.in # yarl -mypy==1.17.0 ; implementation_name == "cpython" +mypy==1.17.1 ; implementation_name == "cpython" # via -r requirements/test.in mypy-extensions==1.1.0 # via mypy From f6941e738fd5f8b3b110dcf7d1e63ee41de86a70 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 31 Jul 2025 11:53:03 +0000 Subject: [PATCH 3/3] Bump pip-tools from 7.4.1 to 7.5.0 (#11375) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [pip-tools](https://github.com/jazzband/pip-tools) from 7.4.1 to 7.5.0.
Release notes

Sourced from pip-tools's releases.

v7.5.0

2025-07-30

Bug fixes

  • Fixed the ordering of format controls to preserve underlying pip behavior -- by @​sethmlarson.

    PRs and issues: #2082

  • Fixed NoCandidateFound exception to be compatible with pip >= 24.1 -- by @​chrysle.

    PRs and issues: #2083

  • pip-compile now produces relative paths for editable dependencies -- by @​macro1.

    PRs and issues: #2087

  • Fixed crash failures due to incompatibility with pip >= 25.1 -- by @​gkreitz and @​sirosen.

    PRs and issues: #2176, #2178

Features

  • pip-compile now treats package versions requested on the command line as constraints for the underlying pip usage. This applies to build deps in addition to normal package requirements.

    -- by @​chrysle

    PRs and issues: #2106

  • pip-tools now tests on and officially supports Python 3.12 -- by @​sirosen.

    PRs and issues: #2188

  • Requirements file paths in pip-compile output are now normalized to POSIX-style, even when pip-compile is run on Windows. This provides more consistent output across various platforms.

    -- by @​sirosen

    PRs and issues: #2195

  • pip-tools now tests against and supports pip up to version 25.1 -- by @​sirosen.

    PRs and issues: #2195

Removals and backward incompatible breaking changes

  • pip-compile will now relativize the requirements paths which are recorded in its output. Paths are made relative to the working directory. This provides more consistent results across pip versions.

... (truncated)

Changelog

Sourced from pip-tools's changelog.

v7.5.0

2025-07-30

Bug fixes

  • Fixed the ordering of format controls to preserve underlying pip behavior -- by {user}sethmlarson.

    PRs and issues: {issue}2082

  • Fixed NoCandidateFound exception to be compatible with pip >= 24.1 -- by {user}chrysle.

    PRs and issues: {issue}2083

  • pip-compile now produces relative paths for editable dependencies -- by {user}macro1.

    PRs and issues: {issue}2087

  • Fixed crash failures due to incompatibility with pip >= 25.1 -- by {user}gkreitz and {user}sirosen.

    PRs and issues: {issue}2176, {issue}2178

Features

  • pip-compile now treats package versions requested on the command line as constraints for the underlying pip usage. This applies to build deps in addition to normal package requirements.

    -- by {user}chrysle

    PRs and issues: {issue}2106

  • pip-tools now tests on and officially supports Python 3.12 -- by {user}sirosen.

    PRs and issues: {issue}2188

  • Requirements file paths in pip-compile output are now normalized to POSIX-style, even when pip-compile is run on Windows. This provides more consistent output across various platforms.

    -- by {user}sirosen

    PRs and issues: {issue}2195

  • pip-tools now tests against and supports pip up to version 25.1

... (truncated)

Commits
  • debe5a4 Update changelog for version 7.5.0
  • 1c7d9fb Merge pull request #2210 from webknjaz/bugfixes/release-env-context-access
  • 96ed4d2 Merge pull request #2209 from webknjaz/maintenance/release-attestations-cleanup
  • a180dd9 📝 Link the PR #2209 change note to PR #2149
  • 7f9512a 📝 Link the PR #2210 change note to PR #2149
  • 396da33 Run the dist build job in PRs
  • 7b1c22c Fix accessing repo id in the release workflow
  • 05daad6 Drop release attestations for Jazzband upload
  • b4ddd75 Merge pull request #2203 from sirosen/use-towncrier
  • a136172 Add a run of 'changelog-draft' to QA CI jobs
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip-tools&package-manager=pip&previous-version=7.4.1&new-version=7.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index d8bdf4228f8..713830e4290 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -135,7 +135,7 @@ packaging==25.0 # wheel pathspec==0.12.1 # via mypy -pip-tools==7.4.1 +pip-tools==7.5.0 # via -r requirements/dev.in pkgconfig==1.5.5 # via -r requirements/test.in diff --git a/requirements/dev.txt b/requirements/dev.txt index 4faef8baf19..bfd810234a8 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -132,7 +132,7 @@ packaging==25.0 # wheel pathspec==0.12.1 # via mypy -pip-tools==7.4.1 +pip-tools==7.5.0 # via -r requirements/dev.in pkgconfig==1.5.5 # via -r requirements/test.in