Skip to content

deps(deps): bump the python-dependencies group across 1 directory with 6 updates#3313

Open
dependabot[bot] wants to merge 1 commit into
devfrom
dependabot/pip/dev/python-dependencies-1bdbdee1fa
Open

deps(deps): bump the python-dependencies group across 1 directory with 6 updates#3313
dependabot[bot] wants to merge 1 commit into
devfrom
dependabot/pip/dev/python-dependencies-1bdbdee1fa

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 19, 2026
edited
Loading

Bumps the python-dependencies group with 6 updates in the / directory:

Package From To
pillow 12.1.1 12.2.0
pyopenssl 26.0.0 26.2.0
werkzeug 3.1.6 3.1.8
pytest-cov 7.0.0 7.1.0
black 26.3.1 26.5.1
gitpython 3.1.46 3.1.50

Updates pillow from 12.1.1 to 12.2.0

Release notes

Sourced from pillow's releases.

12.2.0

https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html

Documentation

Dependencies

Testing

Other changes

... (truncated)

Commits

Updates pyopenssl from 26.0.0 to 26.2.0

Changelog

Sourced from pyopenssl's changelog.

26.2.0 (2026-05-04)

Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  • Removed deprecated OpenSSL.crypto.X509Extension, OpenSSL.crypto.X509Req.add_extension, OpenSSL.crypto.X509Req.get_extensions, OpenSSL.crypto.X509.add_extension, OpenSSL.crypto.X509.get_extensions. cryptography.x509 should be used instead.
  • It is now an error to calling any mutating method on OpenSSL.SSL.Context after it has been used to create a Connection. This was previously deprecated and has always been unsafe.

Deprecations: ^^^^^^^^^^^^^

Changes: ^^^^^^^^

  • Maximum supported cryptography version is now 48.x.
  • Added OpenSSL.SSL.Connection.set_options to set options on a per-connection basis.

26.1.0 (2026-04-24)

Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Deprecations: ^^^^^^^^^^^^^

Changes: ^^^^^^^^

  • Maximum supported cryptography version is now 47.x.
  • Fixed X509Name field setters to correctly pass the value length to OpenSSL. Previously, values containing NUL bytes would be silently truncated, causing a divergence between the stored ASN.1 value and the value visible from Python. Credit to BudongJW for reporting the issue. CVE-2026-40475
Commits

Updates werkzeug from 3.1.6 to 3.1.8

Release notes

Sourced from werkzeug's releases.

3.1.8

This is the Werkzeug 3.1.8 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Werkzeug/3.1.8/ Changes: https://werkzeug.palletsprojects.com/page/changes/#version-3-1-8 Milestone: https://github.com/pallets/werkzeug/milestone/45?closed=1

  • Request.host and get_host return the empty string if the header is missing or has invalid characters. #3142

3.1.7

This is the Werkzeug 3.1.7 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Werkzeug/3.1.7/ Changes: https://werkzeug.palletsprojects.com/page/changes/#version-3-1-7 Milestone: https://github.com/pallets/werkzeug/milestone/44?closed=1

  • parse_list_header preserves partially quoted items, discards empty items, and returns empty for unclosed quoted values. #3128
  • WWWAuthenticate.to_header does not produce a trailing space when there are no parameters. #3127
  • Transfer-Encoding is parsed as a set. #3134
  • Request.host, get_host, and host_is_trusted validate the characters of the value. An empty value is no longer allowed. A Unix socket server address is ignored. The trusted_list argument to host_is_trusted is optional. #3113
  • Fix multipart form parser handling of newline at boundary. #3088
  • Response.make_conditional sets the Accept-Ranges header even if it is not a satisfiable range request. #3108
  • merge_slashes merges any number of consecutive slashes. #3121
Changelog

Sourced from werkzeug's changelog.

Version 3.1.8

Released 2026-04-02

  • Request.host and get_host return the empty string if the header is missing or has invalid characters. :issue:3142

Version 3.1.7

Released 2026-03-23

  • parse_list_header preserves partially quoted items, discards empty items, and returns empty for unclosed quoted values. :pr:3128
  • WWWAuthenticate.to_header does not produce a trailing space when there are no parameters. :issue:3127
  • Transfer-Encoding is parsed as a set. :pr:3134
  • Request.host, get_host, and host_is_trusted validate the characters of the value. An empty value is no longer allowed. A Unix socket server address is ignored. The trusted_list argument to host_is_trusted is optional. :pr:3113
  • Fix multipart form parser handling of newline at boundary. :issue:3088
  • Response.make_conditional sets the Accept-Ranges header even if it is not a satisfiable range request. :issue:3108
  • merge_slashes merges any number of consecutive slashes. :issue:3121
Commits

Updates pytest-cov from 7.0.0 to 7.1.0

Changelog

Sourced from pytest-cov's changelog.

7.1.0 (2026-03-21)

  • Fixed total coverage computation to always be consistent, regardless of reporting settings. Previously some reports could produce different total counts, and consequently can make --cov-fail-under behave different depending on reporting options. See [#641](https://github.com/pytest-dev/pytest-cov/issues/641) <https://github.com/pytest-dev/pytest-cov/issues/641>_.

  • Improve handling of ResourceWarning from sqlite3.

    The plugin adds warning filter for sqlite3 ResourceWarning unclosed database (since 6.2.0). It checks if there is already existing plugin for this message by comparing filter regular expression. When filter is specified on command line the message is escaped and does not match an expected message. A check for an escaped regular expression is added to handle this case.

    With this fix one can suppress ResourceWarning from sqlite3 from command line::

    pytest -W "ignore:unclosed database in <sqlite3.Connection object at:ResourceWarning" ...

  • Various improvements to documentation. Contributed by Art Pelling in [#718](https://github.com/pytest-dev/pytest-cov/issues/718) <https://github.com/pytest-dev/pytest-cov/pull/718>_ and "vivodi" in [#738](https://github.com/pytest-dev/pytest-cov/issues/738) <https://github.com/pytest-dev/pytest-cov/pull/738>. Also closed [#736](https://github.com/pytest-dev/pytest-cov/issues/736) <https://github.com/pytest-dev/pytest-cov/issues/736>.

  • Fixed some assertions in tests. Contributed by in Markéta Machová in [#722](https://github.com/pytest-dev/pytest-cov/issues/722) <https://github.com/pytest-dev/pytest-cov/pull/722>_.

  • Removed unnecessary coverage configuration copying (meant as a backup because reporting commands had configuration side-effects before coverage 5.0).

Commits
  • 66c8a52 Bump version: 7.0.0 → 7.1.0
  • f707662 Make the examples use pypy 3.11.
  • 6049a78 Make context test use the old ctracer (seems the new sysmon tracer behaves di...
  • 8ebf20b Update changelog.
  • 861d30e Remove the backup context manager - shouldn't be needed since coverage 5.0, ...
  • fd4c956 Pass the precision on the nulled total (seems that there's some caching goion...
  • 78c9c4e Only run the 3.9 on older deps.
  • 4849a92 Punctuation.
  • 197c35e Update changelog and hopefully I don't forget to publish release again :))
  • 14dc1c9 Update examples to use 3.11 and make the adhoc layout example look a bit more...
  • Additional commits viewable in compare view

Updates black from 26.3.1 to 26.5.1

Release notes

Sourced from black's releases.

26.5.1

Stable style

  • Fix unstable formatting of annotated assignments whose subscript annotation contains an inline comment (e.g. x: list[ # pyright: ignore[...]) (#5130)
  • Preserve inline comments (including # type: ignore) immediately before a # fmt: skip line, avoiding AST equivalence failures (#5139)

Packaging

  • Correct the version in the published executables (#5137)

Documentation

  • Add Neovim integration guide covering conform.nvim, ALE, and simple command approaches (#5124)

26.5.0

Highlights

  • Add support for unpacking in comprehensions (PEP 798) and for lazy imports (PEP 810), both new syntactic features in Python 3.15 (#5048)
  • Python 3.15 is now supported. Compiled wheels are not yet provided for Python 3.15, so performance may be slower than on existing Python versions. Wheels will be provided once Python 3.15 is later in its release cycle. (#5127)

Stable style

  • Fix # fmt: skip being ignored in nested if expressions with parenthesized in clauses (#4903)
  • Add syntactic support for Python 3.15 (#5048)
  • Fix crash when an f-string follows a # fmt: off comment inside brackets (#5097)
  • Preserve multiline compound statement headers when # fmt: skip is placed on the colon line (#5117)

Preview style

  • Improve heuristics around whether blank lines should appear before, within and after groups of same-name decorated functions (such as @overload groups) in .pyi stub files (#5021)
  • Fix blank lines being removed between a function and a decorated class in .pyi stub files (#5092)
  • Prevent string merger from creating unsplittable long lines when a pragma comment (e.g. # type: ignore) follows the closing bracket (#5096)

Packaging

Output

... (truncated)

Changelog

Sourced from black's changelog.

Version 26.5.1

Stable style

  • Fix unstable formatting of annotated assignments whose subscript annotation contains an inline comment (e.g. x: list[ # pyright: ignore[...]) (#5130)
  • Preserve inline comments (including # type: ignore) immediately before a # fmt: skip line, avoiding AST equivalence failures (#5139)

Packaging

  • Correct the version in the published executables (#5137)

Documentation

  • Add Neovim integration guide covering conform.nvim, ALE, and simple command approaches (#5124)

Version 26.5.0

Highlights

  • Add support for unpacking in comprehensions (PEP 798) and for lazy imports (PEP 810), both new syntactic features in Python 3.15 (#5048)
  • Python 3.15 is now supported. Compiled wheels are not yet provided for Python 3.15, so performance may be slower than on existing Python versions. Wheels will be provided once Python 3.15 is later in its release cycle. (#5127)

Stable style

  • Fix # fmt: skip being ignored in nested if expressions with parenthesized in clauses (#4903)
  • Add syntactic support for Python 3.15 (#5048)
  • Fix crash when an f-string follows a # fmt: off comment inside brackets (#5097)
  • Preserve multiline compound statement headers when # fmt: skip is placed on the colon line (#5117)

Preview style

  • Improve heuristics around whether blank lines should appear before, within and after groups of same-name decorated functions (such as @overload groups) in .pyi stub files (#5021)
  • Fix blank lines being removed between a function and a decorated class in .pyi stub files (#5092)
  • Prevent string merger from creating unsplittable long lines when a pragma comment (e.g. # type: ignore) follows the closing bracket (#5096)

Packaging

... (truncated)

Commits

Updates gitpython from 3.1.46 to 3.1.50

Release notes

Sourced from gitpython's releases.

3.1.50

What's Changed

New Contributors

Full Changelog: gitpython-developers/GitPython@3.1.49...3.1.50

3.1.49 - Security

What's Changed

Full Changelog: gitpython-developers/GitPython@3.1.48...3.1.49

3.1.48 - Security

Accidentally deleted the previous GH release, it did mention the advisory this fixes.

What's Changed

Full Changelog: gitpython-developers/GitPython@3.1.47...3.1.48

3.1.47 - with security fixes

Advisories

What's Changed

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
deps(deps): bump the python-dependencies group across 1 directory wit…
9d53a13 
…h 6 updates

Bumps the python-dependencies group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [pillow](https://github.com/python-pillow/Pillow) | `12.1.1` | `12.2.0` |
| [pyopenssl](https://github.com/pyca/pyopenssl) | `26.0.0` | `26.2.0` |
| [werkzeug](https://github.com/pallets/werkzeug) | `3.1.6` | `3.1.8` |
| [pytest-cov](https://github.com/pytest-dev/pytest-cov) | `7.0.0` | `7.1.0` |
| [black](https://github.com/psf/black) | `26.3.1` | `26.5.1` |
| [gitpython](https://github.com/gitpython-developers/GitPython) | `3.1.46` | `3.1.50` |



Updates `pillow` from 12.1.1 to 12.2.0
- [Release notes](https://github.com/python-pillow/Pillow/releases)
- [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst)
- [Commits](python-pillow/Pillow@12.1.1...12.2.0)

Updates `pyopenssl` from 26.0.0 to 26.2.0
- [Changelog](https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst)
- [Commits](pyca/pyopenssl@26.0.0...26.2.0)

Updates `werkzeug` from 3.1.6 to 3.1.8
- [Release notes](https://github.com/pallets/werkzeug/releases)
- [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst)
- [Commits](pallets/werkzeug@3.1.6...3.1.8)

Updates `pytest-cov` from 7.0.0 to 7.1.0
- [Changelog](https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst)
- [Commits](pytest-dev/pytest-cov@v7.0.0...v7.1.0)

Updates `black` from 26.3.1 to 26.5.1
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](psf/black@26.3.1...26.5.1)

Updates `gitpython` from 3.1.46 to 3.1.50
- [Release notes](https://github.com/gitpython-developers/GitPython/releases)
- [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES)
- [Commits](gitpython-developers/GitPython@3.1.46...3.1.50)

---
updated-dependencies:
- dependency-name: pillow
  dependency-version: 12.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: pyopenssl
  dependency-version: 26.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: werkzeug
  dependency-version: 3.1.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-dependencies
- dependency-name: pytest-cov
  dependency-version: 7.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: black
  dependency-version: 26.5.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: gitpython
  dependency-version: 3.1.50
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: python-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels May 19, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants