Skip to content

Bump the python-dependencies group across 2 directories with 2 updates#665

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/pip/master/python-dependencies-d9eaea4334
Open

Bump the python-dependencies group across 2 directories with 2 updates#665
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/pip/master/python-dependencies-d9eaea4334

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 23, 2026
edited
Loading

Updates the requirements on paramiko and pip-tools to permit the latest version.
Updates paramiko to 4.0.0

Commits
  • aad0370 Cut 4.0.0 in changelog
  • 76f2406 Speling
  • 8c4277c Fix syntax-warning-throwing unittest method call
  • d3a9617 Test existence of root module dunder version
  • 9579700 Nuke mentions of specific Python 3.x versions from docs etc
  • dbfd52c Administrivia update: Python>=3.9, pyproject.toml, etc
  • c2ba378 Remove outdated version check in GSS module
  • 2af0dd7 I'm good at my job, honest
  • e534b1a Fixes #973: remove DSA/DSS support
  • 3523feb Tweak .gitignore to more safely ignore top level docs/
  • Additional commits viewable in compare view

Updates pip-tools from 7.5.1 to 7.5.3

Release notes

Sourced from pip-tools's releases.

v7.5.3

2026-02-11

Bug fixes

  • The option --unsafe-package is now normalized -- by @​shifqu.

    PRs and issues: #2150

  • Fixed a bug in which pip-compile lost any index URL options when looking up hashes -- by @​sirosen.

    This caused errors when a package was only available from an extra index, and caused pip-compile to incorrectly drop index URL options from output, even when they were present in the input requirements.

    PRs and issues: #2220, #2294, #2305

  • Fixed removal of temporary files used when reading requirements from stdin -- by @​sirosen.

Features

  • pip-tools is now tested against Python 3.14 and 3.14t in CI, and marks them as supported in the core packaging metadata -- by @​webknjaz.

    PRs and issues: #2255

  • pip-tools is now compatible with pip 26.0 -- by @​sirosen.

    PRs and issues: #2319, #2320

Removals and backward incompatible breaking changes

Improved documentation

  • The change log management infra now allows the maintainers to add notes before and after the regular categories -- by @​webknjaz.

    PRs and issues: #2287, #2322

  • Added documentation clarifying that pip-compile reads the existing output file as a constraint source, and how to use --upgrade to refresh dependencies -- by @​maliktafheem.

    PRs and issues: #2307

... (truncated)

Changelog

Sourced from pip-tools's changelog.

v7.5.3

2026-02-09

Bug fixes

  • The option --unsafe-package is now normalized -- by {user}shifqu.

    PRs and issues: {issue}2150

  • Fixed a bug in which pip-compile lost any index URL options when looking up hashes -- by {user}sirosen.

    This caused errors when a package was only available from an extra index, and caused pip-compile to incorrectly drop index URL options from output, even when they were present in the input requirements.

    PRs and issues: {issue}2220, {issue}2294, {issue}2305

  • Fixed removal of temporary files used when reading requirements from stdin -- by {user}sirosen.

Features

  • pip-tools is now tested against Python 3.14 and 3.14t in CI, and marks them as supported in the core packaging metadata -- by {user}webknjaz.

    PRs and issues: {issue}2255

  • pip-tools is now compatible with pip 26.0 -- by {user}sirosen.

    PRs and issues: {issue}2319, {issue}2320

Removals and backward incompatible breaking changes

  • Removed support for Python 3.8 -- by {user}sirosen.

Improved documentation

  • The change log management infra now allows the maintainers to add notes before and after the regular categories -- by {user}webknjaz.

    PRs and issues: {issue}2287, {issue}2322

  • Added documentation clarifying that pip-compile reads the existing output file as a constraint source, and how to use --upgrade to refresh dependencies -- by {user}maliktafheem.

    PRs and issues: {issue}2307

... (truncated)

Commits
  • 5f31d8a Merge pull request #2332 from sirosen/fix-release-version-normalization
  • 106f1d6 Fix CI workflow to normalize versions (for release)
  • 3a0f5ed Merge pull request #2329 from sirosen/release/v7.5.3
  • e4bd31d Merge pull request #2328 from jazzband/pre-commit-ci-update-config
  • 08107ab Update changelog for version 7.5.3
  • 5b4d130 Merge pull request #2325 from sirosen/ensure-tmpfile-cleanup
  • cc6a2b9 Apply feedback/suggestions from review
  • fc53265 [pre-commit.ci] pre-commit autoupdate
  • 6c27507 Add 'tempfile_compat' to handle windows tmp files
  • 9ac94db Fix leak of temp files when reading from stdin
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the python-dependencies group across 2 directories with 2 updates
911ab64 
Updates the requirements on [paramiko](https://github.com/paramiko/paramiko) and [pip-tools](https://github.com/jazzband/pip-tools) to permit the latest version.

Updates `paramiko` to 4.0.0
- [Commits](paramiko/paramiko@release-1.7.4...4.0.0)

Updates `pip-tools` from 7.5.1 to 7.5.3
- [Release notes](https://github.com/jazzband/pip-tools/releases)
- [Changelog](https://github.com/jazzband/pip-tools/blob/main/CHANGELOG.md)
- [Commits](jazzband/pip-tools@v7.5.1...v7.5.3)

---
updated-dependencies:
- dependency-name: paramiko
  dependency-version: 4.0.0
  dependency-type: direct:production
  dependency-group: python-dependencies
- dependency-name: pip-tools
  dependency-version: 7.5.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added CI/CD Continuous integration (CI) and/or continuous deployment (CD) skip-changelog Skip this issue or PR in the CHANGELOG labels Feb 23, 2026
@dependabot dependabot bot mentioned this pull request Feb 23, 2026
Closed
@TEAM4-0 TEAM4-0 enabled auto-merge (squash) February 23, 2026 05:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

CI/CD Continuous integration (CI) and/or continuous deployment (CD) skip-changelog Skip this issue or PR in the CHANGELOG

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants