Skip to content

Bump the python-ci group across 1 directory with 7 updates#50

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/python-ci-687bfda57a
Open

Bump the python-ci group across 1 directory with 7 updates#50
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/python-ci-687bfda57a

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 29, 2026

Bumps the python-ci group with 7 updates in the / directory:

Package From To
requests 2.33.1 2.34.2
pytest-asyncio 1.3.0 1.4.0
ruff 0.15.12 0.15.15
mypy 1.20.2 2.1.0
gunicorn 25.3.0 26.0.0
types-pyyaml 6.0.12.20260408 6.0.12.20260518
types-requests 2.33.0.20260408 2.33.0.20260518

Updates requests from 2.33.1 to 2.34.2

Release notes

Sourced from requests's releases.

v2.34.2

2.34.2 (2026-05-14)

  • Moved headers input type back to Mapping to avoid invariance issues with MutableMapping and inferred dict types. Users calling Request.headers.update() may need to narrow typing in their code. (#7441)

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14

v2.34.1

2.34.1 (2026-05-13)

Bugfixes

  • Widened json input type from dict and list to Mapping and Sequence. (#7436)
  • Changed headers input type to MutableMapping and removed None from Request.headers typing to improve handling for users. (#7431)
  • Response.reason moved from str | None to str to improve handling for users. (#7437)
  • Fixed a bug where some bodies with custom __getattr__ implementations weren't being properly detected as Iterables. (#7433)

New Contributors

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13

v2.34.0

2.34.0 (2026-05-11)

Announcements

  • Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue.

    Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for helping review and test the types ahead of the release. (#7272)

Improvements

  • Digest Auth hashing algorithms have added usedforsecurity=False to clarify security considerations. (#7310)
  • Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. (#7422)
  • Requests added support for Python 3.14t. (#7419)

Bugfixes

  • Response.history no longer contains a reference to itself, preventing accidental looping when traversing the history list. (#7328)
  • Requests no longer performs greedy matching on no_proxy domains. The

... (truncated)

Changelog

Sourced from requests's changelog.

2.34.2 (2026-05-14)

  • Moved headers input type back to Mapping to avoid invariance issues with MutableMapping and inferred dict types. Users calling Request.headers.update() may need to narrow typing in their code. (#7441)

2.34.1 (2026-05-13)

Bugfixes

  • Widened json input type from dict and list to Mapping and Sequence. (#7436)
  • Changed headers input type to MutableMapping and removed None from Request.headers typing to improve handling for users. (#7431)
  • Response.reason moved from str | None to str to improve handling for users. (#7437)
  • Fixed a bug where some bodies with custom __getattr__ implementations weren't being properly detected as Iterables. (#7433)

2.34.0 (2026-05-11)

Announcements

  • Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue.

    Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for helping review and test the types ahead of the release. (#7272)

Improvements

  • Digest Auth hashing algorithms have added usedforsecurity=False to clarify security considerations. (#7310)
  • Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. (#7422)
  • Requests added support for Python 3.14t. (#7419)

Bugfixes

  • Response.history no longer contains a reference to itself, preventing accidental looping when traversing the history list. (#7328)
  • Requests no longer performs greedy matching on no_proxy domains. The proxy_bypass implementation has been updated with CPython's fix from bpo-39057. (#7427)
  • Requests no longer incorrectly strips duplicate leading slashes in URI paths. This should address user issues with specific presigned URLs. Note the full fix requires urllib3 2.7.0+. (#7315)
Commits

Updates pytest-asyncio from 1.3.0 to 1.4.0

Release notes

Sourced from pytest-asyncio's releases.

pytest-asyncio v1.4.0

1.4.0 - 2026-05-26

Deprecated

  • Overriding the event_loop_policy fixture is deprecated. Use the pytest_asyncio_loop_factories hook instead. (#1419)

Added

  • Added the pytest_asyncio_loop_factories hook to parametrize asyncio tests with custom event loop factories.

    The hook returns a mapping of factory names to loop factories, and pytest.mark.asyncio(loop_factories=[...]) selects a subset of configured factories per test. When a single factory is configured, test names are unchanged.

    Synchronous @pytest_asyncio.fixture functions now see the correct event loop when custom loop factories are configured, even when test code disrupts the current event loop (e.g., via asyncio.run() or asyncio.set_event_loop(None)). (#1164)

Changed

  • Improved the readability of the warning message that is displayed when asyncio_default_fixture_loop_scope is unset (#1298)
  • Only import asyncio.AbstractEventLoopPolicy for type checking to avoid raising a DeprecationWarning. (#1394)
  • Updated minimum supported pytest version to v8.4.0. (#1397)

Fixed

  • Fixed a ResourceWarning: unclosed event loop warning that could occur when a synchronous test called asyncio.run() or otherwise unset the current event loop after pytest-asyncio had run an async test or fixture. (#724)

Notes for Downstream Packagers

  • Added dependency on sphinx-tabs >= 3.5 to organize documentation examples into tabs. (#1395)

pytest-asyncio v1.4.0a2

1.4.0a2 - 2026-05-02

Deprecated

  • Overriding the event_loop_policy fixture is deprecated. Use the pytest_asyncio_loop_factories hook instead. (#1419)

Added

  • Added the pytest_asyncio_loop_factories hook to parametrize asyncio tests with custom event loop factories.

    The hook returns a mapping of factory names to loop factories, and pytest.mark.asyncio(loop_factories=[...]) selects a subset of configured factories per test. When a single factory is configured, test names are unchanged on pytest 8.4+.

    Synchronous @pytest_asyncio.fixture functions now see the correct event loop when custom loop factories are configured, even when test code disrupts the current event loop (e.g., via asyncio.run() or asyncio.set_event_loop(None)). (#1164)

Changed

  • Improved the readability of the warning message that is displayed when asyncio_default_fixture_loop_scope is unset (#1298)
  • Only import asyncio.AbstractEventLoopPolicy for type checking to avoid raising a DeprecationWarning. (#1394)

... (truncated)

Commits
  • 6e14cd2 chore: Prepare release of v1.4.0.
  • 4b900fb Build(deps): Bump codecov/codecov-action from 6.0.0 to 6.0.1
  • ab9f632 Build(deps): Bump zipp from 3.23.1 to 4.1.0
  • a56fc77 Build(deps): Bump hypothesis from 6.152.6 to 6.152.8
  • e8bae9b Build(deps): Bump requests from 2.34.0 to 2.34.2
  • fc43340 Build(deps): Bump idna from 3.14 to 3.15
  • 762eaf5 Build(deps): Bump jaraco-functools from 4.4.0 to 4.5.0
  • b62e222 Build(deps): Bump click from 8.3.3 to 8.4.0
  • 9190447 Build(deps): Bump pydantic from 2.13.3 to 2.13.4
  • 82a393c ci: Remove unnecessary debug output.
  • Additional commits viewable in compare view

Updates ruff from 0.15.12 to 0.15.15

Release notes

Sourced from ruff's releases.

0.15.15

Release Notes

Released on 2026-05-28.

Preview features

  • Fix Markdown closing fence handling (#25310)
  • [pyflakes] Report duplicate imports in typing.TYPE_CHECKING block (F811) (#22560)

Bug fixes

  • [pyflakes] Treat function-scope bare annotations as locals per PEP 526 (F821) (#21540)

Performance

  • Avoid redundant TokenValue drops in the lexer (#25300)
  • Reduce memory usage by dropping token-excess capacity and improve performance by approximating the initial tokens Vec size (#25354)
  • Use ThinVec in AST to shrink Stmt (#25361)

Documentation

  • Fix line-length example for --config option (#25389)
  • [flake8-comprehensions] Document RecursionError edge case in __len__ (C416) (#25286)
  • [mccabe] Improve example (C901) (#25287)
  • [pyupgrade] Clarify fix safety docs (UP007, UP045) (#25288)
  • [refurb] Document FURB192 exception change for empty sequences (#25317)
  • [ruff] Document false negative for user-defined types (RUF013) (#25289)

Formatter

  • Fix formatting of lambdas nested within f-strings (#25398)

Server

  • Return code action for codeAction/resolve requests that contain no or no valid URL (#25365)

Other changes

  • Expand semantic syntax errors for invalid walruses (#25415)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.15

Released on 2026-05-28.

Preview features

  • Fix Markdown closing fence handling (#25310)
  • [pyflakes] Report duplicate imports in typing.TYPE_CHECKING block (F811) (#22560)

Bug fixes

  • [pyflakes] Treat function-scope bare annotations as locals per PEP 526 (F821) (#21540)

Performance

  • Avoid redundant TokenValue drops in the lexer (#25300)
  • Reduce memory usage by dropping token-excess capacity and improve performance by approximating the initial tokens Vec size (#25354)
  • Use ThinVec in AST to shrink Stmt (#25361)

Documentation

  • Fix line-length example for --config option (#25389)
  • [flake8-comprehensions] Document RecursionError edge case in __len__ (C416) (#25286)
  • [mccabe] Improve example (C901) (#25287)
  • [pyupgrade] Clarify fix safety docs (UP007, UP045) (#25288)
  • [refurb] Document FURB192 exception change for empty sequences (#25317)
  • [ruff] Document false negative for user-defined types (RUF013) (#25289)

Formatter

  • Fix formatting of lambdas nested within f-strings (#25398)

Server

  • Return code action for codeAction/resolve requests that contain no or no valid URL (#25365)

Other changes

  • Expand semantic syntax errors for invalid walruses (#25415)

Contributors

... (truncated)

Commits
  • db5aa0a Bump 0.15.15 (#25431)
  • 366fe21 [ty] Improve diagnostics for syntax errors in forward annotations (#25158)
  • e2e1e64 [ty] Remove excess capacity from more Salsa cached collections (#25411)
  • 1bd77e1 [ty] Use diagnostic message as tie breaker when sorting (#25424)
  • 7e1bc1e Add agent skills for working on ty (#25422)
  • 574e107 Expand semantic syntax errors for invalid walruses (#25415)
  • 4a7ca06 [ty] Display docs for matching parameter when hovering over the name of an ar...
  • 5432709 Refine a few agents instructions (#25423)
  • 3cb09eb [ty] Support typing.TypeForm (#25334)
  • c8cd59f [ty] Infer class attributes assigned by metaclass initialization (#25342)
  • Additional commits viewable in compare view

Updates mypy from 1.20.2 to 2.1.0

Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next Release

Mypy 2.1

We’ve just uploaded mypy 2.1.0 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

librt.vecs: Fast Growable Array Type for Mypyc

The new librt.vecs module provides an efficient growable array type vec that is optimized for mypyc use. It provides fast, packed arrays with integer and floating point value types, which can be several times faster than list, and tens of times faster than array.array in code compiled using mypyc. It also supports nested vec objects and non-value-type items, such as vec[vec[str]].

Refer to the documentation for the details.

Contributed by Jukka Lehtosalo.

librt.random: Fast Pseudo-Random Number Generation

The new librt.random module provides fast pseudo-random number generation that is optimized for code compiled using mypyc. It can be 3x to 10x faster than the stdlib random module in compiled code.

Refer to the documentation for the details.

Contributed by Jukka Lehtosalo (PR 21433).

Mypyc Improvements

  • Make compilation order with multiple files consistent (Piotr Sawicki, PR 21419)
  • Fix crash on accessing StopAsyncIteration (Piotr Sawicki, PR 21406)
  • Fix incremental compilation with separate flag (Vaggelis Danias, PR 21299)

Fixes to Crashes

  • Fix crash on partial type with --allow-redefinition and global declaration (Jukka Lehtosalo, PR 21428)
  • Fix broken awaitable generator patching (Ivan Levkivskyi, PR 21435)

Changes to Messages

... (truncated)

Commits

Updates gunicorn from 25.3.0 to 26.0.0

Release notes

Sourced from gunicorn's releases.

26.0.0

Breaking Changes

  • Eventlet worker removed: The eventlet worker class has been dropped. Migrate to gevent, gthread, or tornado.

New Features

  • ASGI Framework Compatibility Suite: New end-to-end compatibility test harness covering Starlette, FastAPI, Litestar, Quart, Sanic, and BlackSheep. Current grid passes 438/444 tests (98%).
  • ASGI Test Suite Expansion: 134 additional ASGI unit tests covering protocol semantics, lifespan, websockets, and chunked framing.

Security

  • HTTP/1.1 Request-Target Validation (RFC 9112 sections 3.2.3, 3.2.4):
    • Reject authority-form request-target outside CONNECT
    • Reject asterisk-form request-target outside OPTIONS
    • Reject relative-reference request-targets
  • Header Field Hardening (RFC 9110):
    • Reject control characters in header field-value (section 5.5)
    • Reject forbidden trailer field-names (section 6.5.1)
    • Reject Content-Length list form (RFC 9112 section 6.3)
  • Request Smuggling Hardening:
    • Tighten keepalive gate and scope finish_body byte cap
    • Keep _body_receiver alive across the keepalive smuggling gate so pipelined requests cannot re-enter a closed body
    • Address parser/protocol findings from a six-point WSGI/ASGI audit
  • PROXY Protocol (ASGI): Enforce proxy_allow_ips and tighten v1/v2 parsing in the ASGI callback parser.
  • Connection Draining: Drain the connection on close per RFC 9112 section 9.6 to prevent reset-on-close truncation.

Bug Fixes

  • Body Framing on HEAD/204/304:
    • Keep Content-Length on HEAD and 304 responses (#3621)
    • Drop body framing on HEAD/204/304 even when the framework set it
    • Warn once when an ASGI app emits a body for a no-body response
  • HTTP/2 ASGI:
    • Fix _handle_stream_ended to set _body_complete in the async HTTP/2 handler so request bodies finalize correctly on stream end
    • Add InvalidChunkExtension mapping and fast-parser support in ASGI tests (#3565)
  • HTTP/1.1 100-Continue: Stop adding Transfer-Encoding: chunked to 100-Continue interim responses.
  • WebSocket Close Handshake (RFC 6455):
    • Comply with the close handshake state machine
    • Close the transport after the close handshake completes
    • Fix binary send when the text key is None
  • Early Hints: Validate headers in the early_hints callback to match process_headers; pass only the header name to InvalidHeader (#3588).
  • ASGI Framework Fixes:
    • Fix ASGI disconnect handling for Django-style apps
    • Fix Litestar request handling (use raw ASGI receive for body/headers)
    • Fix Litestar HTTP endpoints for compatibility tests
    • Fix Quart headers endpoint to normalize keys to lowercase
    • Fix Quart WebSocket close test app (missing accept())
    • Fix duplicate Transfer-Encoding header for BlackSheep streaming

... (truncated)

Commits
  • 5d819cf release: 26.0.0
  • b45c70d Merge pull request #3611 from zc-mattcen/docs-typo
  • 99c8d48 Merge pull request #3623 from benoitc/chore/drop-eventlet-add-h2-uvloop-test-...
  • 5a655af Merge pull request #3622 from benoitc/test/docker-port-and-ipv4-fixes
  • 201df19 chore: remove eventlet worker; add h2 and uvloop to test deps
  • f4ac8e1 test: pass action name to dirty client and stabilize after TTOU spam
  • 54d38af test: unblock docker fixtures on macOS hosts
  • 68843c8 Merge pull request #3621 from benoitc/fix/asgi-preserve-content-length-on-hea...
  • 31f2618 Merge pull request #3620 from benoitc/fix/asgi-proxy-protocol-trust-and-parsing
  • 41ec752 fix: keep Content-Length on HEAD and 304 responses
  • Additional commits viewable in compare view

Updates types-pyyaml from 6.0.12.20260408 to 6.0.12.20260518

Commits

Updates types-requests from 2.33.0.20260408 to 2.33.0.20260518

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the python-ci group across 1 directory with 7 updates
8e877f8 
Bumps the python-ci group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [requests](https://github.com/psf/requests) | `2.33.1` | `2.34.2` |
| [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio) | `1.3.0` | `1.4.0` |
| [ruff](https://github.com/astral-sh/ruff) | `0.15.12` | `0.15.15` |
| [mypy](https://github.com/python/mypy) | `1.20.2` | `2.1.0` |
| [gunicorn](https://github.com/benoitc/gunicorn) | `25.3.0` | `26.0.0` |
| [types-pyyaml](https://github.com/python/typeshed) | `6.0.12.20260408` | `6.0.12.20260518` |
| [types-requests](https://github.com/python/typeshed) | `2.33.0.20260408` | `2.33.0.20260518` |



Updates `requests` from 2.33.1 to 2.34.2
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.33.1...v2.34.2)

Updates `pytest-asyncio` from 1.3.0 to 1.4.0
- [Release notes](https://github.com/pytest-dev/pytest-asyncio/releases)
- [Commits](pytest-dev/pytest-asyncio@v1.3.0...v1.4.0)

Updates `ruff` from 0.15.12 to 0.15.15
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.12...0.15.15)

Updates `mypy` from 1.20.2 to 2.1.0
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md)
- [Commits](python/mypy@v1.20.2...v2.1.0)

Updates `gunicorn` from 25.3.0 to 26.0.0
- [Release notes](https://github.com/benoitc/gunicorn/releases)
- [Commits](benoitc/gunicorn@25.3.0...26.0.0)

Updates `types-pyyaml` from 6.0.12.20260408 to 6.0.12.20260518
- [Commits](https://github.com/python/typeshed/commits)

Updates `types-requests` from 2.33.0.20260408 to 2.33.0.20260518
- [Commits](https://github.com/python/typeshed/commits)

---
updated-dependencies:
- dependency-name: requests
  dependency-version: 2.34.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-ci
- dependency-name: pytest-asyncio
  dependency-version: 1.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-ci
- dependency-name: ruff
  dependency-version: 0.15.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-ci
- dependency-name: mypy
  dependency-version: 2.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: python-ci
- dependency-name: gunicorn
  dependency-version: 26.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: python-ci
- dependency-name: types-pyyaml
  dependency-version: 6.0.12.20260518
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-ci
- dependency-name: types-requests
  dependency-version: 2.33.0.20260518
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-ci
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels May 29, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants