MESH-2092 Bump the dependencies group across 1 directory with 13 updates

[dependabot]

Bumps the dependencies group with 12 updates in the / directory:

Package	From	To
types-python-dateutil	2.9.0.20251115	2.9.0.20260124
cryptography	46.0.3	46.0.4
fastapi	0.128.0	0.128.1
gunicorn	23.0.0	25.0.1
mesh-client	4.0.1	5.0.1
pytest	8.4.2	9.0.2
coverage	7.13.2	7.13.3
ruff	0.14.14	0.15.0
black	25.12.0	26.1.0
ipython	9.9.0	9.10.0
packaging	25.0	26.0
starlette	0.50.0	0.52.1

Updates types-python-dateutil from 2.9.0.20251115 to 2.9.0.20260124

Commits

• See full diff in compare view

Updates cryptography from 46.0.3 to 46.0.4

Changelog

Sourced from cryptography's changelog.

46.0.4 - 2026-01-27

* `Dropped support for win_arm64 wheels`_.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.
.. _v46-0-3:

Commits

• e6f44fc bump for 46.0.4 and drop win arm64 due to CI issues (#14217)
• See full diff in compare view

Updates fastapi from 0.128.0 to 0.128.1

Release notes

Sourced from fastapi's releases.

0.128.1

Features

• ✨ Add viewport meta tag to improve Swagger UI on mobile devices. PR #14777 by @​Joab0.
• 🚸 Improve error message for invalid query parameter type annotations. PR #14479 by @​retwish.

Fixes

• 🐛 Update ValidationError schema to include input and ctx. PR #14791 by @​jonathan-fulton.
• 🐛 Fix TYPE_CHECKING annotations for Python 3.14 (PEP 649). PR #14789 by @​mgu.
• 🐛 Strip whitespaces from Authorization header credentials. PR #14786 by @​WaveTheory1.
• 🐛 Fix OpenAPI duplication of anyOf refs for app-level responses with specified content and model as Union. PR #14463 by @​DJMcoder.

Refactors

• 🎨 Tweak types for mypy. PR #14816 by @​tiangolo.
• 🏷️ Re-export IncEx type from Pydantic instead of duplicating it. PR #14641 by @​mvanderlee.
• 💡 Update comment for Pydantic internals. PR #14814 by @​tiangolo.

Docs

• 📝 Update docs for contributing translations, simplify title. PR #14817 by @​tiangolo.
• 📝 Fix typing issue in docs_src/app_testing/app_b code example. PR #14573 by @​timakaa.
• 📝 Fix example of license identifier in documentation. PR #14492 by @​johnson-earls.
• 📝 Add banner to translated pages. PR #14809 by @​YuriiMotov.
• 📝 Add links to related sections of docs to docstrings. PR #14776 by @​YuriiMotov.
• 📝 Update embedded code examples to Python 3.10 syntax. PR #14758 by @​YuriiMotov.
• 📝 Fix dependency installation command in docs/en/docs/contributing.md. PR #14757 by @​YuriiMotov.
• 📝 Use return type annotation instead of response_model when possible. PR #14753 by @​YuriiMotov.
• 📝 Use WSGIMiddleware from a2wsgi instead of deprecated fastapi.middleware.wsgi.WSGIMiddleware. PR #14756 by @​YuriiMotov.
• 📝 Fix minor typos in release notes. PR #14780 by @​whyvineet.
• 🐛 Fix copy button in custom.js. PR #14722 by @​fcharrier.
• 📝 Add contribution instructions about LLM generated code and comments and automated tools for PRs. PR #14706 by @​tiangolo.
• 📝 Update docs for management tasks. PR #14705 by @​tiangolo.
• 📝 Update docs about managing translations. PR #14704 by @​tiangolo.
• 📝 Update docs for contributing with translations. PR #14701 by @​tiangolo.
• 📝 Specify language code for code block. PR #14656 by @​YuriiMotov.

Translations

• 🌐 Improve LLM prompt of uk documentation. PR #14795 by @​roli2py.
• 🌐 Update translations for ja (update-outdated). PR #14588 by @​tiangolo.
• 🌐 Update translations for uk (update outdated, found by fixer tool). PR #14739 by @​YuriiMotov.
• 🌐 Update translations for tr (update-outdated). PR #14745 by @​tiangolo.
• 🌐 Update llm-prompt.md for Korean language. PR #14763 by @​seuthootDev.
• 🌐 Update translations for ko (update outdated, found by fixer tool). PR #14738 by @​YuriiMotov.
• 🌐 Update translations for de (update-outdated). PR #14690 by @​tiangolo.
• 🌐 Update LLM prompt for Russian translations. PR #14733 by @​YuriiMotov.
• 🌐 Update translations for ru (update-outdated). PR #14693 by @​tiangolo.
• 🌐 Update translations for pt (update-outdated). PR #14724 by @​tiangolo.

... (truncated)

Commits

• 1de0de5 🔖 Release version 0.128.1
• 734c95b 📝 Update release notes
• 84a5bcf ⬇️ Downgrade LLM translations model to GPT-5 to reduce mistakes (#14823)
• 0e06400 📝 Update release notes
• ad29e44 🌐 Improve LLM prompt of uk documentation (#14795)
• 71ceac2 📝 Update release notes
• b0e99d6 🌐 Update translations for ja (update-outdated) (#14588)
• cec4be0 📝 Update release notes
• aea6137 🐛 Fix translation script commit in place (#14818)
• fe5b617 📝 Update release notes
• Additional commits viewable in compare view

Updates gunicorn from 23.0.0 to 25.0.1

Release notes

Sourced from gunicorn's releases.

25.0.1

Bug Fixes

• Fix ASGI streaming responses (SSE) hanging: add chunked transfer encoding for HTTP/1.1 responses without Content-Length header. Without chunked encoding, clients wait for connection close to determine end-of-response.

Changes

• Update celery_alternative example to use FastAPI with native ASGI worker and uvloop for async task execution

Testing

• Add ASGI compliance test suite with Docker-based integration tests covering HTTP, WebSocket, streaming, lifespan, framework integration (Starlette, FastAPI), HTTP/2, and concurrency scenarios

Gunicorn 25.0.0

New Features

• Dirty Arbiters: Separate process pool for executing long-running, blocking operations (AI model loading, heavy computation) without blocking HTTP workers ([PR #3460](benoitc/gunicorn#3460))

  • Inspired by Erlang's dirty schedulers
  • Asyncio-based with Unix socket IPC
  • Stateful workers that persist loaded resources
  • New settings: --dirty-app, --dirty-workers, --dirty-timeout, --dirty-threads, --dirty-graceful-timeout
  • Lifecycle hooks: on_dirty_starting, dirty_post_fork, dirty_worker_init, dirty_worker_exit

• Per-App Worker Allocation for Dirty Arbiters: Control how many dirty workers load each app for memory optimization with heavy models ([PR #3473](benoitc/gunicorn#3473))

  • Set workers class attribute on DirtyApp (e.g., workers = 2)
  • Or use config format module:class:N (e.g., myapp:HeavyModel:2)
  • Requests automatically routed to workers with the target app
  • New exception DirtyNoWorkersAvailableError for graceful error handling
  • Example: 8 workers × 10GB model = 80GB → with workers=2: 20GB (75% savings)

• HTTP/2 Support (Beta): Native HTTP/2 (RFC 7540) support for improved performance with modern clients ([PR #3468](benoitc/gunicorn#3468))

  • Multiplexed streams over a single connection
  • Header compression (HPACK)
  • Flow control and stream prioritization
  • Works with gthread, gevent, and ASGI workers
  • New settings: --http-protocols, --http2-max-concurrent-streams, --http2-initial-window-size, --http2-max-frame-size, --http2-max-header-list-size
  • Requires SSL/TLS and h2 library: pip install gunicorn[http2]

... (truncated)

Commits

• 3bf529f docs: sync news.md with 2026-news.md
• 1f4f245 Merge pull request #3478 from benoitc/feature/asgi-compliance-testbed
• e1519c0 docs: add ASGI compliance test suite to changelog
• 0885005 fix(tests): correct assertions in ASGI compliance tests
• 658924c docs: update changelog for 25.0.1
• c5b6e82 chore: bump version to 25.0.1
• ce352dc fix(asgi): add chunked transfer encoding for streaming responses
• 29b8a3a Merge pull request #3476 from benoitc/dependabot/github_actions/actions/check...
• 791ab46 chore(deps): bump actions/checkout from 4 to 6
• 9235b72 Merge pull request #3475 from benoitc/dependabot/github_actions/actions/uploa...
• Additional commits viewable in compare view

Updates mesh-client from 4.0.1 to 5.0.1

Commits

• 2167ad5 Merge pull request #132 from NHSDigital/develop
• 23e1730 Merge pull request #131 from NHSDigital/mesh-2771-dependabot
• c8a10ff mesh-2771: adding python 3.14 support
• b7a8047 mesh-2771:ruff fixes
• 734d904 mesh-2771: removing support for python 3.9
• 0393e72 mesh-2771: dependabot updates, but while still supporting python 3.9
• a031c93 Merge pull request #122 from NHSDigital/mesh-2092-dependabot-combined
• 79b8d2f mesh-2092: fix gitallowed
• da2a74c mesh-2092: add no redirects
• ceff126 Merge branch 'dependabot/github_actions/mikepenz/action-junit-report-6.0.1' o...
• Additional commits viewable in compare view

Updates pytest from 8.4.2 to 9.0.2

Release notes

Sourced from pytest's releases.

9.0.2

pytest 9.0.2 (2025-12-06)

Bug fixes

• #13896: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.

  You may enable it again by passing -p terminalprogress. We may enable it by default again once compatibility improves in the future.

  Additionally, when the environment variable TERM is dumb, the escape codes are no longer emitted, even if the plugin is enabled.

• #13904: Fixed the TOML type of the tmp_path_retention_count settings in the API reference from number to string.

• #13946: The private config.inicfg attribute was changed in a breaking manner in pytest 9.0.0. Due to its usage in the ecosystem, it is now restored to working order using a compatibility shim. It will be deprecated in pytest 9.1 and removed in pytest 10.

• #13965: Fixed quadratic-time behavior when handling unittest subtests in Python 3.10.

Improved documentation

• #4492: The API Reference now contains cross-reference-able documentation of pytest's command-line flags <command-line-flags>.

9.0.1

pytest 9.0.1 (2025-11-12)

Bug fixes

• #13895: Restore support for skipping tests via raise unittest.SkipTest.
• #13896: The terminal progress plugin added in pytest 9.0 is now automatically disabled when iTerm2 is detected, it generated desktop notifications instead of the desired functionality.
• #13904: Fixed the TOML type of the verbosity settings in the API reference from number to string.
• #13910: Fixed UserWarning: Do not expect file_or_dir on some earlier Python 3.12 and 3.13 point versions.

Packaging updates and notes for downstreams

• #13933: The tox configuration has been adjusted to make sure the desired version string can be passed into its package_env through the SETUPTOOLS_SCM_PRETEND_VERSION_FOR_PYTEST environment variable as a part of the release process -- by webknjaz.

Contributor-facing changes

• #13891, #13942: The CI/CD part of the release automation is now capable of creating GitHub Releases without having a Git checkout on disk -- by bluetech and webknjaz.
• #13933: The tox configuration has been adjusted to make sure the desired version string can be passed into its package_env through the SETUPTOOLS_SCM_PRETEND_VERSION_FOR_PYTEST environment variable as a part of the release process -- by webknjaz.

... (truncated)

Commits

• 3d10b51 Prepare release version 9.0.2
• 188750b Merge pull request #14030 from pytest-dev/patchback/backports/9.0.x/1e4b01d1f...
• b7d7bef Merge pull request #14014 from bluetech/compat-note
• bd08e85 Merge pull request #14013 from pytest-dev/patchback/backports/9.0.x/922b60377...
• bc78386 Add CLI options reference documentation (#13930)
• 5a4e398 Fix docs typo (#14005) (#14008)
• d7ae6df Merge pull request #14006 from pytest-dev/maintenance/update-plugin-list-tmpl...
• 556f6a2 pre-commit: fix rst-lint after new release (#13999) (#14001)
• c60fbe6 Fix quadratic-time behavior when handling unittest subtests in Python 3.10 ...
• 73d9b01 Merge pull request #13995 from nicoddemus/patchback/backports/9.0.x/1b5200c0f...
• Additional commits viewable in compare view

Updates pytest-asyncio from 1.2.0 to 0.23.3

Commits

• 260b791 [docs] Prepare release of v0.23.3.
• 6a253e2 [docs] Shorten changelog by combining multiple issues.
• e2cbb90 [docs] Mention correct issue in changelog.
• 0c522bf [fix] Fixes a bug that caused an internal pytest error when using ImportWarni...
• 31c7e6f Build(deps): Bump coverage from 7.3.3 to 7.3.4 in /dependencies/default
• 38d5c7e Build(deps): Bump sphinx-rtd-theme in /dependencies/docs
• 650ec58 Build(deps): Bump babel from 2.13.1 to 2.14.0 in /dependencies/docs
• 0166a7e Build(deps): Bump typing-extensions in /dependencies/default
• 3a15f30 Build(deps): Bump coverage from 7.3.2 to 7.3.3 in /dependencies/default
• 28e91f0 Build(deps): Bump hypothesis in /dependencies/default
• Additional commits viewable in compare view

Updates coverage from 7.13.2 to 7.13.3

Changelog

Sourced from coverage's changelog.

Version 7.13.3 — 2026-02-03

• Fix: in some situations, third-party code was measured when it shouldn't have been, slowing down test execution. This happened with layered virtual environments such as uv sometimes makes. The problem is fixed, closing issue 2082_. Now any directory on sys.path that is inside a virtualenv is considered third-party code.

.. _issue 2082: coveragepy/coveragepy#2082

.. _changes_7-13-2:

Commits

• 6bf962f docs: sample HTML for 7.13.3
• 9f2e54c docs: prep for 7.13.3
• 6208c42 fix: find third-party packages in more locations. #2082
• edb5016 refactor: make dataclass imports uniform
• b05826a chore: bump actions/setup-python in the action-dependencies group (#2126)
• b519e17 refactor: no need for ox_profile connection
• 775f1cb build: remove pudb, I can install it if I need it
• 0ccb1fe chore: make upgrade
• e9e2a0e chore: bump actions/checkout in the action-dependencies group (#2122)
• 77e1a04 chore: make upgrade
• Additional commits viewable in compare view

Updates ruff from 0.14.14 to 0.15.0

Release notes

Sourced from ruff's releases.

0.15.0

Release Notes

Released on 2026-02-03.

Check out the blog post for a migration guide and overview of the changes!

Breaking changes

• Ruff now formats your code according to the 2026 style guide. See the formatter section below or in the blog post for a detailed list of changes.

• The linter now supports block suppression comments. For example, to suppress N803 for all parameters in this function:

  # ruff: disable[N803]
  def foo(
      legacyArg1,
      legacyArg2,
      legacyArg3,
      legacyArg4,
  ): ...
  # ruff: enable[N803]

  See the documentation for more details.

• The ruff:alpine Docker image is now based on Alpine 3.23 (up from 3.21).

• The ruff:debian and ruff:debian-slim Docker images are now based on Debian 13 "Trixie" instead of Debian 12 "Bookworm."

• Binaries for the ppc64 (64-bit big-endian PowerPC) architecture are no longer included in our releases. It should still be possible to build Ruff manually for this platform, if needed.

• Ruff now resolves all extended configuration files before falling back on a default Python version.

Stabilization

The following rules have been stabilized and are no longer in preview:

• blocking-http-call-httpx-in-async-function (ASYNC212)
• blocking-path-method-in-async-function (ASYNC240)
• blocking-input-in-async-function (ASYNC250)
• map-without-explicit-strict (B912)
• if-exp-instead-of-or-operator (FURB110)
• single-item-membership-test (FURB171)
• missing-maxsplit-arg (PLC0207)
• unnecessary-lambda (PLW0108)
• unnecessary-empty-iterable-within-deque-call (RUF037)
• in-empty-collection (RUF060)
• legacy-form-pytest-raises (RUF061)
• non-octal-permissions (RUF064)

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.0

Released on 2026-02-03.

Check out the blog post for a migration guide and overview of the changes!

Breaking changes

• Ruff now formats your code according to the 2026 style guide. See the formatter section below or in the blog post for a detailed list of changes.

• The linter now supports block suppression comments. For example, to suppress N803 for all parameters in this function:

  # ruff: disable[N803]
  def foo(
      legacyArg1,
      legacyArg2,
      legacyArg3,
      legacyArg4,
  ): ...
  # ruff: enable[N803]

  See the documentation for more details.

• The ruff:alpine Docker image is now based on Alpine 3.23 (up from 3.21).

• The ruff:debian and ruff:debian-slim Docker images are now based on Debian 13 "Trixie" instead of Debian 12 "Bookworm."

• Binaries for the ppc64 (64-bit big-endian PowerPC) architecture are no longer included in our releases. It should still be possible to build Ruff manually for this platform, if needed.

• Ruff now resolves all extended configuration files before falling back on a default Python version.

Stabilization

The following rules have been stabilized and are no longer in preview:

• blocking-http-call-httpx-in-async-function (ASYNC212)
• blocking-path-method-in-async-function (ASYNC240)
• blocking-input-in-async-function (ASYNC250)
• map-without-explicit-strict (B912)
• if-exp-instead-of-or-operator (FURB110)
• single-item-membership-test (FURB171)

... (truncated)

Commits

• ce5f7b6 Bump 0.15.0 (#23055)
• b4e40f5 [ty] Fix __contains__ to respect descriptors (#23056)
• 848cb72 [ty] Fix narrowing of nonlocal variables with conditional assignments (#22966)
• da7f33a [ty] Add a diagnostic for Final without assignment (#23001)
• e65f9a6 Document markdown formatting feature (#22990)
• c0c1b98 Format markdown code blocks with line-by-line regex parse (#22996)
• 9f8f3e1 Allow positional-only params with defaults in method overrides (#23037)
• ef83810 [ty] ecosystem-analyzer: Support bare git repositories (#23054)
• 54dfee4 Customize where the fix_title sub-diagnostic appears (#23044)
• b534607 2026 Ruff Formatter Style (#22735)
• Additional commits viewable in compare view

Updates black from 25.12.0 to 26.1.0

Release notes

Sourced from black's releases.

26.1.0

Highlights

Introduces the 2026 stable style (#4892), stabilizing the following changes:

• always_one_newline_after_import: Always force one blank line after import statements, except when the line after the import is a comment or an import statement (#4489)
• fix_fmt_skip_in_one_liners: Fix # fmt: skip behavior on one-liner declarations, such as def foo(): return "mock" # fmt: skip, where previously the declaration would have been incorrectly collapsed (#4800)
• fix_module_docstring_detection: Fix module docstrings being treated as normal strings if preceded by comments (#4764)
• fix_type_expansion_split: Fix type expansions split in generic functions (#4777)
• multiline_string_handling: Make expressions involving multiline strings more compact (#1879)
• normalize_cr_newlines: Add \r style newlines to the potential newlines to normalize file newlines both from and to (#4710)
• remove_parens_around_except_types: Remove parentheses around multiple exception types in except and except* without as (#4720)
• remove_parens_from_assignment_lhs: Remove unnecessary parentheses from the left-hand side of assignments while preserving magic trailing commas and intentional multiline formatting (#4865)
• standardize_type_comments: Format type comments which have zero or more spaces between # and type: or between type: and value to # type: (value) (#4645)

The following change was not in any previous stable release:

• Regenerated the _width_table.py and added tests for the Khmer language (#4253)

This release alo bumps pathspec to v1 and fixes inconsistencies with Git's .gitignore logic (#4958). Now, files will be ignored if a pattern matches them, even if the parent directory is directly unignored. For example, Black would previously format exclude/not_this/foo.py with this .gitignore:

exclude/
!exclude/not_this/

Now, exclude/not_this/foo.py will remain ignored. To ensure exclude/not_this/ and all of it's children are included in formatting (and in Git), use this .gitignore:

*/exclude/*
!*/exclude/not_this/

This new behavior matches Git. The leading */ are only necessary if you wish to ignore matching subdirectories (like the previous behavior did), and not just matching root

... (truncated)

Changelog

Sourced from black's changelog.

26.1.0

Highlights

Introduces the 2026 stable style (#4892), stabilizing the following changes:

• always_one_newline_after_import: Always force one blank line after import statements, except when the line after the import is a comment or an import statement (#4489)
• fix_fmt_skip_in_one_liners: Fix # fmt: skip behavior on one-liner declarations, such as def foo(): return "mock" # fmt: skip, where previously the declaration would have been incorrectly collapsed (#4800)
• fix_module_docstring_detection: Fix module docstrings being treated as normal strings if preceded by comments (#4764)
• fix_type_expansion_split: Fix type expansions split in generic functions (#4777)
• multiline_string_handling: Make expressions involving multiline strings more compact (#1879)
• normalize_cr_newlines: Add \r style newlines to the potential newlines to normalize file newlines both from and to (#4710)
• remove_parens_around_except_types: Remove parentheses around multiple exception types in except and except* without as (#4720)
• remove_parens_from_assignment_lhs: Remove unnecessary parentheses from the left-hand side of assignments while preserving magic trailing commas and intentional multiline formatting (#4865)
• standardize_type_comments: Format type comments which have zero or more spaces between # and type: or between type: and value to # type: (value) (#4645)

The following change was not in any previous stable release:

• Regenerated the _width_table.py and added tests for the Khmer language (#4253)

This release alo bumps pathspec to v1 and fixes inconsistencies with Git's .gitignore logic (#4958). Now, files will be ignored if a pattern matches them, even if the parent directory is directly unignored. For example, Black would previously format exclude/not_this/foo.py with this .gitignore:

exclude/
!exclude/not_this/

Now, exclude/not_this/foo.py will remain ignored. To ensure exclude/not_this/ and all of it's children are included in formatting (and in Git), use this .gitignore:

*/exclude/*
!*/exclude/not_this/

This new behavior matches Git. The leading */ are only necessary if you wish to ignore

... (truncated)

Commits

• 6305bf1 Prepare 2026.1.0 release (#4892)
• e71305b Bump pypa/cibuildwheel from 3.3.0 to 3.3.1 (#4961)
• 21a2a8c Fix Shutdown multiprocessing Manager in schedule_formatting (#4952)
• e3146ce Bump docker/setup-buildx-action from 3.11.1 to 3.12.0 (#4919)
• fe1fbc4 Bump actions/upload-artifact from 5.0.0 to 6.0.0 (#4923)
• 2b4b7fc Bump actions/download-artifact from 6.0.0 to 7.0.0 (#4922)
• d745be6 docs: document --force-exclude for pre-commit workflows (#4957)
• b41acd6 Various CI and doc refactors (#4928)
• 6f43612 Handle pathspec v1 changes (#4958)
• 200c550 Bump furo from 2025.9.25 to 2025.12.19 in /docs (#4933)
• Additional commits viewable in compare view

Updates ipython from 9.9.0 to 9.10.0

Commits

• 178fef7 release 9.10.0
• 5bc8c99 what's new in 9.10 (#15120)
• 7188bbf whatsnew 9.10
• 3e5f4a0 Add debug info for autoreload. (#15118)
• d791458 Add debug info for autoreload.
• 8a5b3bf fix: bug#15089 - Removing leading indentation (#15110)
• 7dbbd24 Stop HistorySavingThread before fork (#15115)
• e602694 Register a single classmethod to stop threads for all HistoryManager instances
• add29df fix typing
• e3c66c0 conditional register_at_fork
• Additional commits viewable in compare view

Updates packaging from 25.0 to 26.0

Release notes

Sourced from packaging's releases.

26.0

Read about the performance improvements here: https://iscinumpy.dev/post/packaging-faster.

What's Changed

Features:

• PEP 751: support pylock by @​sbidoul in pypa/packaging#900
• PEP 794: import name metadata by @​brettcannon in pypa/packaging#948
• Support writing metadata by @​henryiii in pypa/packaging#846
• Support __replace__ for Version by @​henryiii in pypa/packaging#1003
• Support positional pattern matching for Version and Specifier by @​henryiii in pypa/packaging#1004

Behavior adaptations:

• PEP 440 handling of prereleases for Specifier.contains, SpecifierSet.contains, and SpecifierSet.filter by @​notatallshaw in pypa/packaging#897
• Handle PEP 440 edge case in SpecifierSet.filter by @​notatallshaw in pypa/packaging#942
• Adjust arbitrary equality intersection preservation in SpecifierSet by @​notatallshaw in pypa/packaging#951
• Return False instead of raising for .contains with invalid version by @​Liam-DeVoe in pypa/packaging#932
• Support arbitrary equality on arbitrary strings for Specifier and SpecifierSet's filter and contains method. by @​notatallshaw in pypa/packaging#954
• Only try to parse as Version on certain marker keys, return False on unequal ordered comparsions by @​JP-Ellis in pypa/packaging#939

Fixes:

• Update _hash when unpickling Tag() by @​dholth in pypa/packaging#860
• Correct comment and simplify implicit prerelease handling in Specifier.prereleases by @​notatallshaw in pypa/packaging#896
• Use explicit _GLibCVersion NamedTuple in _manylinux by @​cthoyt in pypa/packaging#868
• Detect invalid license expressions containing () by @​bwoodsend in pypa/packaging#879
• Correct regex for metadata 'name' format by @​di in pypa/packaging#925
• Improve the message around expecting a semicolon by @​pradyunsg in pypa/packaging#833
• Support nested parens in license expressions by @​Liam-DeVoe in pypa/packaging#931
• Add space before at symbol in Requirements string by @​henryiii in pypa/packaging#953
• A root logger use found by ruff LOG, use packaging logger instead by @​henryiii in pypa/packaging#965
• Better support for subclassing Marker and Requirement by @​henryiii in pypa/packaging#1022
• Normalize all extras, not just if it comes first by @​henryiii in pypa/packaging#1024
• Don't produce a broken repr if Marker fails to construct by @​henryiii in pypa/packaging#1033

Performance:

• Avoid recompiling regexes in the tokenizer for a 3x speedup by @​hauntsaninja in pypa/packaging#1019
• Improve performance in _manylinux.py by @​cthoyt in pypa/packaging#869
• Minor cleanups to Version by @​bearomorphism in pypa/packaging#913
• Skip redundant creation of Versions in specifier comparison by @​notatallshaw in pypa/packaging#986
• Cache Specifier's Version by @​notatallshaw in pypa/packaging#985
• Make Version a little faster by @​henryiii in pypa/packaging#987
• Minor Version regex cleanup by @​henryiii in pypa/packaging#990
• Faster regex on Python 3.11.5+ by @​henryiii in pypa/packaging#988 and pypa/packaging#1055
• Lazily calculate _key in Version by @​notatallshaw in pypa/packaging#989 and regression for packaging_legacy fixed by @​henryiii in pypa/packaging#1048
• Faster canonicalize_version by @​henryiii in pypa/packaging#993
• Use fullmatch in a couple more places by @​henryiii in pypa/packaging#992

... (truncated)

Changelog

Sourced from packaging's changelog.

26.0 - 2026-01-20

Features:

PEP 751: support pylock (:pull:900)
PEP 794: import name metadata (:pull:948)
Support for writing metadata to a file (:pull:846)
Support __replace__ on Version (:pull:1003)
Support positional pattern matching for Version and SpecifierSet (:pull:1004)

Behavior adaptations:

PEP 440 handling of prereleases for Specifier.contains, SpecifierSet.contains, and SpecifierSet.filter (:pull:897)
Handle PEP 440 edge case in SpecifierSet.filter (:pull:942)
Adjust arbitrary equality intersection preservation in SpecifierSet (:pull:951)
Return False instead of raising for .contains with invalid version (:pull:932)
Support arbitrary equality on arbitrary strings for Specifier and SpecifierSet's filter and contains method. (:pull:954)
Only try to parse as Version on certain marker keys, return False on unequal ordered comparisons (:pull:939)

Fixes:

Update _hash when unpickling Tag() (:pull:860)
Correct comment and simplify implicit prerelease handling in Specifier.prereleases (:pull:896)
Use explicit _GLibCVersion NamedTuple in _manylinux (:pull:868)
Detect invalid license expressions containing () (:pull:879)
Correct regex for metadata 'name' format (:pull:925)
Improve the message around expecting a semicolon (:pull:833)
Support nested parens in license expressions (:pull:931)
Add space before at symbol in Requirements string (:pull:953)
A root logger use found, use a packaging logger instead (:pull:965)
Better support for subclassing Marker and Requirement (:pull:1022)
Normalize all extras, not just if it comes first (:pull:<...
Description has been truncated