Skip to content

Bump filelock from 3.29.7 to 3.30.0#1618

Merged
github-actions[bot] merged 1 commit into
mainfrom
dependabot/pip/filelock-3.30.0
Jul 16, 2026
Merged

Bump filelock from 3.29.7 to 3.30.0#1618
github-actions[bot] merged 1 commit into
mainfrom
dependabot/pip/filelock-3.30.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 16, 2026

Copy link
Copy Markdown
Contributor

Bumps filelock from 3.29.7 to 3.30.0.

Release notes

Sourced from filelock's releases.

3.30.0

What's Changed

Full Changelog: tox-dev/filelock@3.29.7...3.30.0

Changelog

Sourced from filelock's changelog.

########### Changelog ###########

.. towncrier-draft-entries:: Unreleased

.. towncrier release notes start


3.30.0 (2026-07-16)


  • Add context_error_policy to surface body and release failures as a :exc:BaseExceptionGroup. :pr:618
  • Add close_error_policy to control an :func:os.close failure after the OS unlock. :pr:619
  • Add :func:~filelock.lock_descriptor and :func:~filelock.unlock_descriptor to lock a caller-owned file descriptor. :pr:620
  • Add fallback_to_soft to fail closed instead of downgrading to :class:~filelock.SoftFileLock on ENOSYS. :pr:622
  • Add preserve_lock_file so native locks keep the lock pathname on release. :pr:624
  • Add an on_acquired hook that runs a callback on the locked descriptor once the lock is held. :pr:625
  • Add StrictSoftFileLock, which treats every marker it did not publish as contention, and SoftFileLease, whose claim expires and whose holder learns through on_compromise when it is lost. SoftFileLock(lifetime=...) now warns and names them. Both publish a record SoftFileLock evicts, so do not mix contracts on one path. :pr:636
  • Add StrictSoftFileLock and AsyncStrictSoftFileLock with owner-specific hard-linked claims. Strict mode fails closed on claim damage, exposes each recovery token, and requires an exact claim name for a force break. :pr:637
  • Ignore lifetime on native locks with a warning; only :class:~filelock.SoftFileLock honors it. :pr:593
  • Stop mutating the Unix lock file before :func:fcntl.flock is held. :pr:594
  • Bind the Windows reparse-point check to the locked handle to close a symlink-swap race. :pr:596
  • Evict a non-regular soft lock file without reading it. :pr:597
  • Write a soft lock's holder record atomically so a short write cannot create overlapping holders. :pr:614
  • Make native lock release transactional so a failed unlock is retried, not dropped. :pr:615
  • Open the Windows lock file via NtCreateFile so a real access denial is raised, not reported as a timeout. :pr:617
  • Canonicalize singleton keys so equivalent path spellings share an instance, without following a final symlink. :pr:621
  • Preserve parent lock ownership across fork(). A child closes an inherited descriptor only while its identity still matches, so it neither unlocks nor unlinks the parent's lock. It clears inherited ownership state and singleton caches, then requires a new lock instance before acquiring. Fork-time construction replaces inherited cache mutexes and omits an instance whose construction crossed into the child from the cache. If fstat() cannot establish the identity, child cleanup skips the descriptor number because an earlier fork callback may have reused it. Descriptor tracking also covers third-party backends that fail after assigning a descriptor. :pr:634
  • Open a SQLite connection per outer acquisition and close it on final release, so a forked child can no longer close its parent's handle. A child rejects inherited databases until exec(), and a PyPy child rejects read-write locks once the parent has used SQLite. :pr:635
  • Keep executor-backed lock operations alive until they finish when a caller cancels. Serialize acquisitions on the same async lock so cancellation rollback cannot release a later caller's hold. Roll back acquisitions that finish after cancellation and surface release failures. SQLite read-write locks keep their state until rollback ends the transaction; callers can retry cleanup with release(force=True) or another acquisition. :pr:640
  • Reject negative and non-finite lifetime values during lock construction and assignment. :pr:644
  • Read the saved Windows process-probe error before deciding that a soft-lock holder has exited. :pr:645
  • Reject non-default lock options that a narrow subclass constructor cannot honor, and forward all options through subclasses that accept arbitrary keyword arguments. :pr:646
  • Release now removes the path identity that acquisition recorded instead of resolving a symlinked parent again. When acquisition raises, its rollback no longer deletes the holder's deadlock record. :pr:647

... (truncated)

Commits
  • 1b09406 Release 3.30.0
  • 5f2d663 👷 ci(matrix): add SMB, capability, and matrix docs (#665)
  • 2345750 Replace prettier with mdformat and yamlfmt (#667)
  • 69d7cd3 👷 ci(perf): add the performance and NFS matrix (#664)
  • f734c8f 📝 docs: state the lock trust boundaries once (#663)
  • 4afb930 build(deps): bump astral-sh/setup-uv from 8.3.1 to 8.3.2 (#662)
  • 9cbcbcc 🔒 fix(soft): fail safe on transient heartbeat errors (#661)
  • 0f86a94 🐛 fix(soft): detect a reused PID via process start time (#660)
  • 650c17c ✨ feat(strict): replace shared markers with owner claims (#659)
  • 126cab7 ✨ feat(soft): add strict soft locks and leases (#658)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [filelock](https://github.com/tox-dev/py-filelock) from 3.29.7 to 3.30.0.
- [Release notes](https://github.com/tox-dev/py-filelock/releases)
- [Changelog](https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst)
- [Commits](tox-dev/filelock@3.29.7...3.30.0)

---
updated-dependencies:
- dependency-name: filelock
  dependency-version: 3.30.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jul 16, 2026
@github-actions
github-actions Bot merged commit 40587c3 into main Jul 16, 2026
15 of 22 checks passed
@dependabot
dependabot Bot deleted the dependabot/pip/filelock-3.30.0 branch July 16, 2026 13:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants