Skip to content

Bump the python group with 4 updates#533

Merged
honzajavorek merged 1 commit into
masterfrom
dependabot/pip/python-f2284d3194
May 19, 2026
Merged

Bump the python group with 4 updates#533
honzajavorek merged 1 commit into
masterfrom
dependabot/pip/python-f2284d3194

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 19, 2026

Updates the requirements on click, myst-parser, requests and uv-build to permit the latest version.
Updates click to 8.4.0

Release notes

Sourced from click's releases.

8.4.0

This is the Click 8.4.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecation, or introduce potentially breaking changes.

We encourage everyone to upgrade. You can read more about our Version Support Policy on our website.

PyPI: https://pypi.org/project/click/8.4.0/ Changes: https://click.palletsprojects.com/page/changes/#version-8-4-0 Milestone https://github.com/pallets/click/milestone/30

  • ParamType typing improvements. #3371

    • :class:ParamType is now a generic abstract base class, parameterized by its converted value type.
    • :meth:~ParamType.convert return types are narrowed on all concrete types (str for :class:STRING, int for :class:INT, etc.).
    • :meth:~ParamType.to_info_dict returns specific :class:~typing.TypedDict subclasses instead of dict[str, Any].
    • :class:CompositeParamType and the number-range base are now generic with abstract methods.

  • Refactor convert_type to extract type inference into a private _guess_type helper, and add :func:typing.overload signatures. #3372

  • Parameter typing improvements. #2805

    • :class:Parameter is now an abstract base class, making explicit that it cannot be instantiated directly.
    • :attr:Parameter.name is now str instead of str | None. When expose_value=False, the name is set to "" instead of None.
    • The ctx parameter of :meth:Parameter.get_error_hint is now typed as Context | None, matching the runtime behavior.

  • Split string values from default_map for parameters with nargs > 1 or :class:Tuple type, matching environment variable behavior. #2745 #3364

  • Auto-detect type=UNPROCESSED for flag_value of non-basic types (not str, int, float, or bool), so programmer-provided Python objects like classes and enum members are passed through unchanged instead of being stringified. Previously type=click.UNPROCESSED had to be set explicitly. #2012 #3363

  • The error hint now uses Command.get_help_option_names to pick non-shadowed help option names, so Try '... -h' no longer points to a subcommand option that shadows -h. All surviving names are shown (-h/--help). #2790 #3208

  • Fix readline functionality on non-Windows platforms. Prompt text is now passed directly to readline instead of being printed separately, allowing proper backspace, line editing, and line wrapping behavior. #2968

... (truncated)

Changelog

Sourced from click's changelog.

Version 8.4.0

Released 2026-05-17

  • :class:ParamType typing improvements. :pr:3371

    • :class:ParamType is now a generic abstract base class, parameterized by its converted value type.
    • :meth:~ParamType.convert return types are narrowed on all concrete types (str for :class:STRING, int for :class:INT, etc.).
    • :meth:~ParamType.to_info_dict returns specific :class:~typing.TypedDict subclasses instead of dict[str, Any].
    • :class:CompositeParamType and the number-range base are now generic with abstract methods.

  • Refactor convert_type to extract type inference into a private _guess_type helper, and add :func:typing.overload signatures. :pr:3372

  • :class:Parameter typing improvements. :pr:2805

    • :class:Parameter is now an abstract base class, making explicit that it cannot be instantiated directly.
    • :attr:Parameter.name is now str instead of str | None. When expose_value=False, the name is set to "" instead of None.
    • The ctx parameter of :meth:Parameter.get_error_hint is now typed as Context | None, matching the runtime behavior.

  • Split string values from default_map for parameters with nargs > 1 or :class:Tuple type, matching environment variable behavior. :issue:2745 :pr:3364

  • Auto-detect type=UNPROCESSED for flag_value of non-basic types (not str, int, float, or bool), so programmer-provided Python objects like classes and enum members are passed through unchanged instead of being stringified. Previously type=click.UNPROCESSED had to be set explicitly. :issue:2012 :pr:3363

  • The error hint now uses :meth:Command.get_help_option_names to pick non-shadowed help option names, so Try '... -h' no longer points to a subcommand option that shadows -h. All surviving names are shown (-h/--help). :issue:2790 :pr:3208

  • Fix readline functionality on non-Windows platforms. Prompt text is now passed directly to readline instead of being printed separately, allowing proper backspace, line editing, and line wrapping behavior. :issue:2968 :pr:2969

  • Use :func:os.startfile on Windows to open URLs in :func:open_url, replacing the start built-in which cannot be invoked without shell=True. :issue:3164 :pr:3186

  • Fix Fish shell completion errors when option help text contains newlines. :issue:3043 :pr:3126

... (truncated)

Commits
  • 41f410f Release 8.4.0
  • e3e69e3 Add type annotations for instance attributes in utils (#3422)
  • 3bb230d WIP: Fix HelpFormatter.write_usage producing spurious characters (#3434)
  • 63274a7 click.get_pager_file: add tests (#1572 followup) (#3405)
  • 0551bf5 Fix HelpFormatter.write_usage producing spurious characters
  • fc41aa1 Apply class-body annotations to KeepOpenFile for consistency
  • b761eda Skip some tests on Windows
  • 98302ac Check PAGER usage, color preservation and edge-cases
  • dbdae17 Fix documentation
  • 1aa2d53 Redesigned tests and get_pager_file branching to be more clear and not set color
  • Additional commits viewable in compare view

Updates myst-parser to 5.1.0

Release notes

Sourced from myst-parser's releases.

v5.1.0

✨ New Features

👌 Improvements

  • 👌 Update myst_gfm_only mode to use the unified gfm_plugin, which now includes GFM autolinks, alerts, and improved strikethrough/tasklist handling by @​chrisjsewell in #1128
  • 👌 Improve MathJax 4 compatibility for Sphinx 9 by @​chrisjsewell in #1110
  • 👌 Stop directive-option parsing at colon fences, fixing nested colon fence directives by @​chrisjsewell in #1133

🐛 Bug Fixes

⬆️ Dependency Upgrades

New Contributors

Full Changelog: executablebooks/MyST-Parser@v5.0.0...v5.1.0

Changelog

Sourced from myst-parser's changelog.

5.1.0 - 2026-05-13

✨ New Features

  • ✨ Add "alert" syntax extension for GFM alerts (e.g. > [!NOTE]), see by gh-user:chrisjsewell in gh-pr:1128
  • ✨ Add "gfm_autolink" syntax extension for GFM autolinks, see by gh-user:chrisjsewell in gh-pr:1128
  • ✨ Add myst_strikethrough_single_tilde config option to allow single tilde (~) for strikethrough by gh-user:chrisjsewell in gh-pr:1128
  • ✨ Add myst_colon_fence_exact_match config option to require the closing colon fence to have exactly the same number of colons as the opening, see by gh-user:chrisjsewell in gh-pr:1128

👌 Improvements

  • 👌 Update myst_gfm_only mode to use the unified gfm_plugin, which now includes GFM autolinks, alerts, and improved strikethrough/tasklist handling by gh-user:chrisjsewell in gh-pr:1128
  • 👌 Improve MathJax 4 compatibility for Sphinx 9 by gh-user:chrisjsewell in gh-pr:1110
  • 👌 Stop directive-option parsing at colon fences, fixing nested colon fence directives by gh-user:chrisjsewell in gh-pr:1133

🐛 Bug Fixes

  • 🐛 Use docname instead of source path in warning locations by gh-user:chrisjsewell in gh-pr:1114
  • 🐛 Correctly encode & in Markdown URLs by not HTML-escaping refuri by gh-user:chrisjsewell in gh-pr:1126
  • 🐛 Fix RemovedInSphinx10Warning for inventory item iteration by gh-user:chrisjsewell in gh-pr:1129
  • 🐛 Pin mdit-py-plugins>=0.6.1 for nested field list fix by gh-user:chrisjsewell in gh-pr:1134

⬆️ Dependency Upgrades

  • ⬆️ Upgrade to markdown-it-py~=4.2 and mdit-py-plugins~=0.6 by gh-user:chrisjsewell in gh-pr:1128
  • ⬆️ Update pygments requirement from <2.20 to <2.21 by gh-user:chrisjsewell in gh-pr:1117

Full Changelog: v5.0.0...v5.1.0

5.0.0 - 2026-01-15

This release significantly bumps the supported versions of core dependencies:

‼️ Breaking Changes

This release updates the minimum supported versions:

  • Python: >=3.11 (dropped Python 3.10, tests up to 3.14)
  • Sphinx: >=8,<10 (dropped Sphinx 7, added Sphinx 9)
  • Docutils: >=0.20,<0.23 (dropped docutils 0.19, added docutils 0.22)
  • markdown-it-py: ~=4.0 (upgraded from v3)

⬆️ Dependency Upgrades

  • ⬆️ Upgrade to markdown-it-py v4 by gh-user:chrisjsewell in gh-pr:1060
  • ⬆️ Drop Python 3.10 and Sphinx 7 by gh-user:chrisjsewell in gh-pr:1059
  • ⬆️ Drop docutils 0.19 by gh-user:chrisjsewell in gh-pr:1061
  • ⬆️ Add support for Python 3.14 by gh-user:chrisjsewell in gh-pr:1075
  • ⬆️ Support Sphinx v9 by gh-user:chrisjsewell in gh-pr:1076
  • ⬆️ Allow docutils 0.22 by gh-user:chrisjsewell in gh-pr:1084

... (truncated)

Commits
  • 2871eb9 🚀 Release v5.1.0 (#1135)
  • cc5db37 🐛 FIX: Pin mdit-py-plugins>=0.6.1 for nested field list fix (#1134)
  • 4ce57f9 👌 Stop directive-option parsing at colon fences (#1133)
  • cfcc327 ⬆️ Bump mypy from 2.0.0 to 2.1.0 (#1131)
  • 691738c ⬆️ Bump ruff from 0.15.10 to 0.15.12 (#1132)
  • 0fb1ae9 👌 IMPROVE: MathJax 4 compatibility (Sphinx 9) (#1110)
  • f153b4b ⬆️ Bump actions/setup-python from 5 to 6 (#1092)
  • 93acf8d [pre-commit.ci] pre-commit autoupdate (#1095)
  • a5f1d69 ⬆️ Update pygments requirement from <2.20 to <2.21 (#1117)
  • 8381296 🐛 FIX: Use docname instead of source path in warning locations (#1114)
  • Additional commits viewable in compare view

Updates requests to 2.34.2

Release notes

Sourced from requests's releases.

v2.34.2

2.34.2 (2026-05-14)

  • Moved headers input type back to Mapping to avoid invariance issues with MutableMapping and inferred dict types. Users calling Request.headers.update() may need to narrow typing in their code. (#7441)

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14

Changelog

Sourced from requests's changelog.

2.34.2 (2026-05-14)

  • Moved headers input type back to Mapping to avoid invariance issues with MutableMapping and inferred dict types. Users calling Request.headers.update() may need to narrow typing in their code. (#7441)

2.34.1 (2026-05-13)

Bugfixes

  • Widened json input type from dict and list to Mapping and Sequence. (#7436)
  • Changed headers input type to MutableMapping and removed None from Request.headers typing to improve handling for users. (#7431)
  • Response.reason moved from str | None to str to improve handling for users. (#7437)
  • Fixed a bug where some bodies with custom __getattr__ implementations weren't being properly detected as Iterables. (#7433)

2.34.0 (2026-05-11)

Announcements

  • Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue.

    Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for helping review and test the types ahead of the release. (#7272)

Improvements

  • Digest Auth hashing algorithms have added usedforsecurity=False to clarify security considerations. (#7310)
  • Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. (#7422)
  • Requests added support for Python 3.14t. (#7419)

Bugfixes

  • Response.history no longer contains a reference to itself, preventing accidental looping when traversing the history list. (#7328)
  • Requests no longer performs greedy matching on no_proxy domains. The proxy_bypass implementation has been updated with CPython's fix from bpo-39057. (#7427)
  • Requests no longer incorrectly strips duplicate leading slashes in URI paths. This should address user issues with specific presigned URLs. Note the full fix requires urllib3 2.7.0+. (#7315)

... (truncated)

Commits

Updates uv-build to 0.11.15

Release notes

Sourced from uv-build's releases.

0.11.15

Release Notes

Released on 2026-05-18.

Security

Enhancements

  • Add TOML v1.1 -> v1.0 backwards compatibility for source distributions (#18741)
  • Add support for Azure request signing (#19421)
  • Apply stricter validation to all wheel filename segments (#19364)
  • Reject empty strings as an invalid package name (#19435)
  • Use structured errors for signing authentication failures (#19422)

Preview

  • uv audit: Add JSON output (#19305)

Configuration

  • Respect required-environments in uv pip compile (#19378)

Performance

  • Avoid parsing JSON manifest when local Python is available (#19398)
  • Avoid walking nested directories in linker conflict registration (#19382)
  • Optimize async wheel ZIP writing (#19383)
  • Fix dead "already trimmed" fast-path in Version::only_release_trimmed (#19425)

Bug fixes

  • Apply workspace-member [tool.uv.sources] credentials under uv sync --frozen (#19423)
  • Skip empty directories in uv build outputs (#19437)
  • Fix Git submodule handling when using relative paths (#12156)
  • Fix line number reporting in netrc parsing (#19452)

Documentation

  • Move Bazel auth helper setup into integration guide (#19392)

Install uv 0.11.15

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.15/uv-installer.sh | sh
</tr></table>

... (truncated)

Changelog

Sourced from uv-build's changelog.

0.11.15

Released on 2026-05-18.

Security

Enhancements

  • Add TOML v1.1 -> v1.0 backwards compatibility for source distributions (#18741)
  • Add support for Azure request signing (#19421)
  • Apply stricter validation to all wheel filename segments (#19364)
  • Reject empty strings as an invalid package name (#19435)
  • Use structured errors for signing authentication failures (#19422)

Preview

  • uv audit: Add JSON output (#19305)

Configuration

  • Respect required-environments in uv pip compile (#19378)

Performance

  • Avoid parsing JSON manifest when local Python is available (#19398)
  • Avoid walking nested directories in linker conflict registration (#19382)
  • Optimize async wheel ZIP writing (#19383)
  • Fix dead "already trimmed" fast-path in Version::only_release_trimmed (#19425)

Bug fixes

  • Apply workspace-member [tool.uv.sources] credentials under uv sync --frozen (#19423)
  • Skip empty directories in uv build outputs (#19437)
  • Fix Git submodule handling when using relative paths (#12156)
  • Fix line number reporting in netrc parsing (#19452)

Documentation

  • Move Bazel auth helper setup into integration guide (#19392)

0.11.14

Released on 2026-05-12.

Enhancements

  • Add Astral mirror URL override (#19206)

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the python group with 4 updates
0fbd824 
Updates the requirements on [click](https://github.com/pallets/click), [myst-parser](https://github.com/executablebooks/MyST-Parser), [requests](https://github.com/psf/requests) and [uv-build](https://github.com/astral-sh/uv) to permit the latest version.

Updates `click` to 8.4.0
- [Release notes](https://github.com/pallets/click/releases)
- [Changelog](https://github.com/pallets/click/blob/main/CHANGES.rst)
- [Commits](pallets/click@8.3.3...8.4.0)

Updates `myst-parser` to 5.1.0
- [Release notes](https://github.com/executablebooks/MyST-Parser/releases)
- [Changelog](https://github.com/executablebooks/MyST-Parser/blob/master/CHANGELOG.md)
- [Commits](executablebooks/MyST-Parser@v5.0.0...v5.1.0)

Updates `requests` to 2.34.2
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.34.0...v2.34.2)

Updates `uv-build` to 0.11.15
- [Release notes](https://github.com/astral-sh/uv/releases)
- [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md)
- [Commits](astral-sh/uv@0.11.13...0.11.15)

---
updated-dependencies:
- dependency-name: click
  dependency-version: 8.4.0
  dependency-type: direct:production
  dependency-group: python
- dependency-name: myst-parser
  dependency-version: 5.1.0
  dependency-type: direct:production
  dependency-group: python
- dependency-name: requests
  dependency-version: 2.34.2
  dependency-type: direct:production
  dependency-group: python
- dependency-name: uv-build
  dependency-version: 0.11.15
  dependency-type: direct:development
  dependency-group: python
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels May 19, 2026
@honzajavorek honzajavorek merged commit ba677d5 into master May 19, 2026
3 checks passed
@honzajavorek honzajavorek deleted the dependabot/pip/python-f2284d3194 branch May 19, 2026 05:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@honzajavorek