Skip to content

deps: bump the python-dependencies group across 1 directory with 8 updates#145

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/pip/python-dependencies-4535448a81
Open

deps: bump the python-dependencies group across 1 directory with 8 updates#145
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/pip/python-dependencies-4535448a81

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 27, 2026

Copy link
Copy Markdown
Contributor

Updates the requirements on setuptools, protobuf, requests, future, tox, wheel, twine and opentelemetry-instrumentation-logging to permit the latest version.
Updates setuptools from 82.0.0 to 82.0.1

Changelog

Sourced from setuptools's changelog.

v82.0.1

Bugfixes

  • Fix the loading of launcher manifest.xml file. (#5047)
  • Replaced deprecated json.__version__ with fixture in tests. (#5186)

Improved Documentation

  • Add advice about how to improve predictability when installing sdists. (#5168)

Misc

Commits
  • 5a13876 Bump version: 82.0.0 → 82.0.1
  • 51ab8f1 Avoid using (deprecated) 'json.version' in tests (#5194)
  • f9c37b2 Docs/CI: Fix intersphinx references (#5195)
  • 8173db2 Docs: Fix intersphinx references
  • 09bafbc Fix past tense on newsfragment
  • 461ea56 Add news fragment
  • c4ffe53 Avoid using (deprecated) 'json.version' in tests
  • 749258b Cleanup pkg_resources dependencies and configuration (#5175)
  • 2019c16 Parse ext-module.define-macros from pyproject.toml as list of tuples (#5169)
  • b809c86 Sync setuptools schema with validate-pyproject (#5157)
  • Additional commits viewable in compare view

Updates protobuf from 6.33.5 to 7.35.1

Release notes

Sourced from protobuf's releases.

Protocol Buffers v34.0-rc1

Announcements

Bazel

Compiler

C++

... (truncated)

Commits

Updates requests from 2.32.5 to 2.34.2

Release notes

Sourced from requests's releases.

v2.34.2

2.34.2 (2026-05-14)

  • Moved headers input type back to Mapping to avoid invariance issues with MutableMapping and inferred dict types. Users calling Request.headers.update() may need to narrow typing in their code. (#7441)

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14

v2.34.1

2.34.1 (2026-05-13)

Bugfixes

  • Widened json input type from dict and list to Mapping and Sequence. (#7436)
  • Changed headers input type to MutableMapping and removed None from Request.headers typing to improve handling for users. (#7431)
  • Response.reason moved from str | None to str to improve handling for users. (#7437)
  • Fixed a bug where some bodies with custom __getattr__ implementations weren't being properly detected as Iterables. (#7433)

New Contributors

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13

v2.34.0

2.34.0 (2026-05-11)

Announcements

  • Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue.

    Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for helping review and test the types ahead of the release. (#7272)

Improvements

  • Digest Auth hashing algorithms have added usedforsecurity=False to clarify security considerations. (#7310)
  • Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. (#7422)
  • Requests added support for Python 3.14t. (#7419)

Bugfixes

  • Response.history no longer contains a reference to itself, preventing accidental looping when traversing the history list. (#7328)
  • Requests no longer performs greedy matching on no_proxy domains. The

... (truncated)

Changelog

Sourced from requests's changelog.

2.34.2 (2026-05-14)

  • Moved headers input type back to Mapping to avoid invariance issues with MutableMapping and inferred dict types. Users calling Request.headers.update() may need to narrow typing in their code. (#7441)

2.34.1 (2026-05-13)

Bugfixes

  • Widened json input type from dict and list to Mapping and Sequence. (#7436)
  • Changed headers input type to MutableMapping and removed None from Request.headers typing to improve handling for users. (#7431)
  • Response.reason moved from str | None to str to improve handling for users. (#7437)
  • Fixed a bug where some bodies with custom __getattr__ implementations weren't being properly detected as Iterables. (#7433)

2.34.0 (2026-05-11)

Announcements

  • Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue.

    Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for helping review and test the types ahead of the release. (#7272)

Improvements

  • Digest Auth hashing algorithms have added usedforsecurity=False to clarify security considerations. (#7310)
  • Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. (#7422)
  • Requests added support for Python 3.14t. (#7419)

Bugfixes

  • Response.history no longer contains a reference to itself, preventing accidental looping when traversing the history list. (#7328)
  • Requests no longer performs greedy matching on no_proxy domains. The proxy_bypass implementation has been updated with CPython's fix from bpo-39057. (#7427)
  • Requests no longer incorrectly strips duplicate leading slashes in URI paths. This should address user issues with specific presigned URLs. Note the full fix requires urllib3 2.7.0+. (#7315)

... (truncated)

Commits

Updates future to 1.0.0

Release notes

Sourced from future's releases.

v1.0.0

The new version number of 1.0.0 indicates that the python-future project, like Python 2, is now done.

The most important change in this release is adding support for Python 3.12 (ba1cc50 and a6222d2 and bcced95).

This release also includes these fixes:

  • Small updates to the docs
  • Add SECURITY.md describing security policy (0598d1b)
  • Fix pasteurize: NameError: name 'unicode' is not defined (de68c10)
  • Move CI to GitHub Actions (8cd11e8)
  • Add setuptools to requirements for building docs (0c347ff)
  • Fix typos in docs (350e87a)
  • Make the fix_unpacking fixer more robust (de68c10)
  • Small improvements to shell scripts according to shellcheck (6153844)
Changelog

Sourced from future's changelog.

.. _whats-old:

Changes in previous versions


Changes in the most recent major version are here: :ref:whats-new.

Changes in version 0.18.3 (2023-01-13)

This is a minor bug-fix release containing a number of fixes:

  • Backport fix for bpo-38804 (c91d70b)
  • Fix bug in fix_print.py fixer (dffc579)
  • Fix bug in fix_raise.py fixer (3401099)
  • Fix newint bool in py3 (fe645ba)
  • Fix bug in super() with metaclasses (6e27aac)
  • docs: fix simple typo, reqest -> request (974eb1f)
  • Correct eq (c780bf5)
  • Pass if lint fails (2abe00d)
  • Update docker image and parcel out to constant variable. Add comment to update version constant (45cf382)
  • fix order (f96a219)
  • Add flake8 to image (046ff18)
  • Make lint.sh executable (58cc984)
  • Add docker push to optimize CI (01e8440)
  • Build System (42b3025)
  • Add docs build status badge to README.md (3f40bd7)
  • Use same docs requirements in tox (18ecc5a)
  • Add docs/requirements.txt (5f9893f)
  • Add PY37_PLUS, PY38_PLUS, and PY39_PLUS (bee0247)
  • fix 2.6 test, better comment (ddedcb9)
  • fix 2.6 test (3f1ff7e)
  • remove nan test (4dbded1)
  • include list test values (e3f1a12)
  • fix other python2 test issues (c051026)
  • fix missing subTest (f006cad)
  • import from old imp library on older python versions (fc84fa8)
  • replace fstrings with format for python 3.4,3.5 (4a687ea)
  • minor style/spelling fixes (8302d8c)
  • improve cmp function, add unittest (0d95a40)
  • Pin typing==3.7.4.1 for Python 3.3 compatiblity (1a48f1b)
  • Fix various py26 unit test failures (9ca5a14)
  • Add initial contributing guide with docs build instruction (e55f915)
  • Add docs building to tox.ini (3ee9e7f)
  • Support NumPy's specialized int types in builtins.round (b4b54f0)
  • Added r""" to the docstring to avoid warnings in python3 (5f94572)
  • Add subclasscheck for past.types.basestring (c9bc0ff)
  • Correct example in README (681e78c)
  • Add simple documentation (6c6e3ae)
  • Add pre-commit hooks (a9c6a37)
  • Handling of next and next by future.utils.get_next was reversed (52b0ff9)

... (truncated)

Commits

Updates tox to 4.56.1

Release notes

Sourced from tox's releases.

v4.56.1

What's Changed

New Contributors

Full Changelog: tox-dev/tox@4.56.0...4.56.1

Changelog

Sourced from tox's changelog.

Bug fixes - 4.56.1

  • Fix { replace = "if" ... extend = true } corrupting the resulting list when then or else is a scalar string (e.g. then = "-v"): a non-empty scalar string is now appended as a single element instead of being iterated character-by-character, while a false if with no else (yielding "") contributes nothing rather than an empty element, and list/set results are still spread into the parent. (:issue:3969)

v4.56.0 (2026-06-23)


Features - 4.56.0

  • Derive :ref:virtualenv_spec automatically: when an environment targets a Python version the installed :pypi:virtualenv can no longer create (e.g. py38 with virtualenv 21.5+), tox now pins the newest virtualenv that still supports it and bootstraps it for that environment only. The downgrade happens only when every base_python candidate is unsupported, so environments targeting current interpreters are unaffected. This fixes py38 (and other end-of-life interpreters) being silently skipped after a virtualenv upgrade - by :user:gaborbernat. (:issue:3965) (:issue:3965)

Bug fixes - 4.56.0

  • The default value of skip_missing_interpreters changed from True to False — missing interpreters now fail the run by default, matching tox 3 behavior. The tox 4 rewrite unintentionally changed this default. To restore the previous (incorrect) behavior, set skip_missing_interpreters = true in your tox configuration or pass --skip-missing-interpreters on the command line. (:issue:3965)

Improved documentation - 4.56.0

  • Fix nested list items being rendered with continued numbering instead of as sub-items in development.rst, onboarding.rst and explanation.rst. (:issue:3960)
  • Replace stale http://tox.readthedocs.org URL with https://tox.wiki in pyproject.toml (Homepage), .github/CONTRIBUTING.md, and .github/PULL_REQUEST_TEMPLATE.md. (:issue:3963)

v4.55.1 (2026-06-03)


Bug fixes - 4.55.1

  • TOX_OVERRIDE (and -x/--override) now propagates through configuration references. Previously, overriding a base value that was later referenced via {[section]key} (ini) or {replace = "ref", of = [...]} (toml) was ignored because reference resolution read the raw file value, bypassing the override system - by :user:tales-aparecida. (:issue:3950) (:issue:3950)

... (truncated)

Commits

Updates wheel from 0.46.3 to 0.47.0

Release notes

Sourced from wheel's releases.

0.47.0

  • Added the wheel info subcommand to display metadata about wheel files without unpacking them (#639)
  • Fixed WheelFile raising Missing RECORD file when the wheel filename contains uppercase characters (e.g. Django-3.2.5.whl) but the .dist-info directory inside uses normalized lowercase naming (#411)
Changelog

Sourced from wheel's changelog.

Release Notes

0.47.0 (2026-04-22)

  • Added the wheel info subcommand to display metadata about wheel files without unpacking them ([#639](https://github.com/pypa/wheel/issues/639) <https://github.com/pypa/wheel/issues/639>_)
  • Fixed WheelFile raising Missing RECORD file when the wheel filename contains uppercase characters (e.g. Django-3.2.5.whl) but the .dist-info directory inside uses normalized lowercase naming ([#411](https://github.com/pypa/wheel/issues/411) <https://github.com/pypa/wheel/issues/411>_)

0.46.3 (2026-01-22)

  • Fixed ImportError: cannot import name '_setuptools_logging' from 'wheel' when installed alongside an old version of setuptools and running the bdist_wheel command ([#676](https://github.com/pypa/wheel/issues/676) <https://github.com/pypa/wheel/issues/676>_)

0.46.2 (2026-01-22)

  • Restored the bdist_wheel command for compatibility with setuptools older than v70.1
  • Importing wheel.bdist_wheel now emits a FutureWarning instead of a DeprecationWarning
  • Fixed wheel unpack potentially altering the permissions of files outside of the destination tree with maliciously crafted wheels (CVE-2026-24049)

0.46.1 (2025-04-08)

  • Temporarily restored the wheel.macosx_libfile module ([#659](https://github.com/pypa/wheel/issues/659) <https://github.com/pypa/wheel/issues/659>_)

0.46.0 (2025-04-03)

  • Dropped support for Python 3.8
  • Removed the bdist_wheel setuptools command implementation and entry point. The wheel.bdist_wheel module is now just an alias to setuptools.command.bdist_wheel, emitting a deprecation warning on import.
  • Removed vendored packaging in favor of a run-time dependency on it
  • Made the wheel.metadata module private (with a deprecation warning if it's imported
  • Made the wheel.cli package private (no deprecation warning)
  • Fixed an exception when calling the convert command with an empty description field

0.45.1 (2024-11-23)

  • Fixed pure Python wheels converted from eggs and wininst files having the ABI tag in the file name

... (truncated)

Commits
  • efd83a7 Created a new release
  • bb69216 Reordered the changelog entries
  • d5a1763 fix(wheelfile): resolve .dist-info path case-insensitively when reading wheel...
  • 5718957 [pre-commit.ci] pre-commit autoupdate (#685)
  • 6258068 chore: log_level is better than log_cli_level (#684)
  • 2975deb Require tox >= 4.22
  • 47674ba chore: add check-sdist to checks (#681)
  • 56223f6 __package____spec__.parent (#679)
  • 0ce509e Added the wheel info subcommand (#669)
  • 39039c0 Improved the index page
  • Additional commits viewable in compare view

Updates twine to 6.2.0

Changelog

Sourced from twine's changelog.

twine 6.2.0 (2025-09-04)

Features ^^^^^^^^

  • Automatically refresh short-lived PyPI token in long running Trusted Publishing uploads.

    In the event that a trusted publishing upload job is taking longer than the validity period of a trusted publishing token (15 minutes at the time of this writing), and we are already 10 minutes into that validity period, we will begin to attempt to replace the token on each subsequent request. ([#1246](https://github.com/pypa/twine/issues/1246) <https://github.com/pypa/twine/issues/1246>_)

Bugfixes ^^^^^^^^

  • Fix compatibility kludge for invalid License-File metadata entries emitted by build backends to work also with packaging version 24.0. ([#1217](https://github.com/pypa/twine/issues/1217) <https://github.com/pypa/twine/issues/1217>_)
  • Fix a couple of incorrectly rendered error messages. ([#1224](https://github.com/pypa/twine/issues/1224) <https://github.com/pypa/twine/issues/1224>_)
  • twine now enforces keyring >= 21.2.0, which was previously implicitly required by API usage. ([#1229](https://github.com/pypa/twine/issues/1229) <https://github.com/pypa/twine/issues/1229>_)
  • twine now catches configparser.Error to prevent accidental leaks of secret tokens or passwords to the user's console. ([#1240](https://github.com/pypa/twine/issues/1240) <https://github.com/pypa/twine/issues/1240>_)

Deprecations and Removals ^^^^^^^^^^^^^^^^^^^^^^^^^

  • Remove hacks that support --skip-existing for indexes other than PyPI and TestPyPI.

    To date, these hacks continue to accrue and there have been numerous issues with them, not the least of which being that every time we update them, the paid index providers change things to break the compatibility we implement for them. Beyond that, these hacks do not work when text is internationalized in the response from the index provider.

    For a sample of past issues, see:

... (truncated)

Commits
  • 14ceb29 Update changelog for 6.2.0 (#1264)
  • 60e377b build(deps): bump actions/checkout from 4.2.2 to 5.0.0 (#1263)
  • 88821f2 feat(package): remove MD5 hashing entirely (#1262)
  • ce5fe53 build(deps): bump actions/download-artifact from 4.3.0 to 5.0.0
  • 6a696ed PEP 639 compliance
  • 9175334 rename 1247.misc.rst to changelog/1247.misc.rst
  • d94a475 fix(tests): update expected error message
  • c1c02d1 Remove --skip-existing support for non-PyPI indices
  • a24d308 Set trusted publishing logging to INFO/WARN (#1247)
  • becf1a8 Fix py3.9 mypy error in __init__ around PackageMetadata
  • Additional commits viewable in compare view

Updates opentelemetry-instrumentation-logging from 0.60b1 to 0.64b0

Changelog

Sourced from opentelemetry-instrumentation-logging's changelog.

Version 1.43.0/0.64b0 (2026-06-24)

Added

  • opentelemetry-instrumentation-exceptions: add instrumentation to emit OpenTelemetry logs for uncaught process, thread, and asyncio exceptions. (#4503)
  • opentelemetry-instrumentation-botocore: loosen aiobotocore version constraints to allow for 3.x (#4601)
  • opentelemetry-instrumentation-logging: add optional inject_trace_context argument for injecting trace context attributes (#4626)
  • opentelemetry-instrumentation-redis: gracefully handle hook exceptions (#4696)

Changed

  • opentelemetry-instrumentation-requests: remove multiple calls to sanitize_method (#4719)

Fixed

  • opentelemetry-instrumentation-django: Remove duplicate query logging in SQLCommenter middleware that broke Django's assertNumQueries (#4367)
  • opentelemetry-instrumentation-flask: wrap wsgi_app call in try/except to prevent active_requests gauge leak (#4433)
  • opentelemetry-instrumentation-asyncpg: instrument prepared statements (#4529)
  • opentelemetry-instrumentation-aiokafka, opentelemetry-instrumentation-confluent-kafka, opentelemetry-instrumentation-kafka-python: fix malformed RST formatting in module docstrings (#4613)
  • opentelemetry-instrumentation-dbapi: Fix pyodbc DB-API instrumentation examples to wrap connect. (#4657)
  • opentelemetry-instrumentation-tornado: reduce cardinality of http.target metrics attribute with old semantic conventions (#4666)
  • opentelemetry-instrumentation-dbapi: implement proper handling of t-string queries (#4697)
  • opentelemetry-instrumentation-fastapi: fix AttributeError when resolving routes added via include_router on FastAPI 0.137+ (#4700)
  • opentelemetry-instrumentation-tornado: sanitize the request http method in

... (truncated)

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Apr 27, 2026

@claude claude Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Claude Code Review

This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.

Tip: disable this comment in your organization's Code Review settings.

…dates

Updates the requirements on [setuptools](https://github.com/pypa/setuptools), [protobuf](https://github.com/protocolbuffers/protobuf), [requests](https://github.com/psf/requests), [future](https://github.com/PythonCharmers/python-future), [tox](https://github.com/tox-dev/tox), [wheel](https://github.com/pypa/wheel), [twine](https://github.com/pypa/twine) and [opentelemetry-instrumentation-logging](https://github.com/open-telemetry/opentelemetry-python-contrib) to permit the latest version.

Updates `setuptools` from 82.0.0 to 82.0.1
- [Release notes](https://github.com/pypa/setuptools/releases)
- [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst)
- [Commits](pypa/setuptools@v82.0.0...v82.0.1)

Updates `protobuf` from 6.33.5 to 7.35.1
- [Release notes](https://github.com/protocolbuffers/protobuf/releases)
- [Commits](https://github.com/protocolbuffers/protobuf/commits)

Updates `requests` from 2.32.5 to 2.34.2
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.32.5...v2.34.2)

Updates `future` to 1.0.0
- [Release notes](https://github.com/PythonCharmers/python-future/releases)
- [Changelog](https://github.com/PythonCharmers/python-future/blob/master/docs/changelog.rst)
- [Commits](PythonCharmers/python-future@v0.18.3...v1.0.0)

Updates `tox` to 4.56.1
- [Release notes](https://github.com/tox-dev/tox/releases)
- [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst)
- [Commits](tox-dev/tox@4.15.0...4.56.1)

Updates `wheel` from 0.46.3 to 0.47.0
- [Release notes](https://github.com/pypa/wheel/releases)
- [Changelog](https://github.com/pypa/wheel/blob/main/docs/news.rst)
- [Commits](pypa/wheel@0.46.3...0.47.0)

Updates `twine` to 6.2.0
- [Release notes](https://github.com/pypa/twine/releases)
- [Changelog](https://github.com/pypa/twine/blob/main/docs/changelog.rst)
- [Commits](pypa/twine@5.0.0...6.2.0)

Updates `opentelemetry-instrumentation-logging` from 0.60b1 to 0.64b0
- [Release notes](https://github.com/open-telemetry/opentelemetry-python-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-python-contrib/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-python-contrib/commits)

---
updated-dependencies:
- dependency-name: future
  dependency-version: 1.0.0
  dependency-type: direct:production
  dependency-group: python-dependencies
- dependency-name: opentelemetry-instrumentation-logging
  dependency-version: 0.62b1
  dependency-type: direct:development
  dependency-group: python-dependencies
- dependency-name: protobuf
  dependency-version: 7.34.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: python-dependencies
- dependency-name: requests
  dependency-version: 2.33.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: setuptools
  dependency-version: 82.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-dependencies
- dependency-name: tox
  dependency-version: 4.53.0
  dependency-type: direct:production
  dependency-group: python-dependencies
- dependency-name: twine
  dependency-version: 6.2.0
  dependency-type: direct:production
  dependency-group: python-dependencies
- dependency-name: wheel
  dependency-version: 0.47.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/python-dependencies-4535448a81 branch from 619af3f to cd9e1a6 Compare June 29, 2026 06:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants