Skip to content

Bump the ci-constraints group across 1 directory with 4 updates#51

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/ci/ci-constraints-c0b5d002e8
Open

Bump the ci-constraints group across 1 directory with 4 updates#51
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/ci/ci-constraints-c0b5d002e8

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 13, 2026

Copy link
Copy Markdown
Contributor

Bumps the ci-constraints group with 4 updates in the /ci directory: charset-normalizer, filelock, coverage and asttokens.

Updates charset-normalizer from 3.4.7 to 3.4.9

Release notes

Sourced from charset-normalizer's releases.

Version 3.4.9

3.4.9 (2026-07-07)

Fixed

  • Regression in our fallback path leading to a decode error. (#771) We've yanked 3.4.8 as a result of that bug.

Version 3.4.8

3.4.8 (2026-07-06)

Fixed

  • Wall import time due to cascade codec imports for our multibyte first sort of iana supported codecs (#742)
  • Unnecessary json import at runtime (#753)
  • Inverse capitalization not seen by noise detector (#731)

Changed

  • No longer holding a global cache for our noise / coherence measurements. Relax RSS memory usage.
  • Micro-optimizations in our noise / coherence measurements.
  • No longer using regex search by default for our preemptive charset mark algorithm.
  • Raised upperbound of setuptools to v83.
  • Raised upperbound of mypy(c) to v2.1.

Removed

  • Redundant UTF7 BOM marker (#730)
Changelog

Sourced from charset-normalizer's changelog.

3.4.9 (2026-07-07)

Fixed

  • Regression in our fallback path leading to a decode error. (#771) We've yanked 3.4.8 as a result of that bug.

3.4.8 (2026-07-06)

Fixed

  • Wall import time due to cascade codec imports for our multibyte first sort of iana supported codecs (#742)
  • Unnecessary json import at runtime (#753)
  • Inverse capitalization not seen by noise detector (#731)

Changed

  • No longer holding a global cache for our noise / coherence measurements. Relax RSS memory usage.
  • Micro-optimizations in our noise / coherence measurements.
  • No longer using regex search by default for our preemptive charset mark algorithm.
  • Raised upperbound of setuptools to v83.
  • Raised upperbound of mypy(c) to v2.1.

Removed

  • Redundant UTF7 BOM marker (#730)
Commits
  • cc68407 Merge pull request #772 from jawah/fix-regression-fallback-path
  • 152b923 chore: release 3.4.9
  • 2bc2607 fix: unicodedecodeerror in fallback path
  • be252d7 chore(deps): bump docker/setup-qemu-action from 4.1.0 to 4.2.0 (#767)
  • 71c7bdd chore(deps): bump actions/setup-python from 6.2.0 to 6.3.0 (#768)
  • aeea391 chore(deps): bump pypa/cibuildwheel from 3.4.1 to 4.1.0 (#758)
  • a6f8feb Merge pull request #770 from jawah/unblock-ci
  • 528e16c chore: add osv-scanner.toml
  • 5993498 chore: ast_serialize musl missing prebuilt riscv,s390x,ppc64le
  • aa2ddd8 Release 3.4.8 (#766)
  • Additional commits viewable in compare view

Updates filelock from 3.29.5 to 3.29.7

Release notes

Sourced from filelock's releases.

3.29.7

What's Changed

Full Changelog: tox-dev/filelock@3.29.6...3.29.7

3.29.6

What's Changed

Full Changelog: tox-dev/filelock@3.29.5...3.29.6

Commits
  • 1efb893 _util: drop the dead st_mtime=0 short-circuit in raise_on_not_writable_file (...
  • 3547d58 soft_rw: evict a non-regular write marker without reading it (#588)
  • 616400e asyncio: detect cross-instance reentrant deadlocks before the poll loop (#586)
  • f8b0e93 test: silence fork DeprecationWarning on 3.15 (#585)
  • b68be65 _util: drop the dead st_mtime=0 short-circuit in raise_on_not_writable_file (...
  • a833dd9 serialise singleton construction in FileLockMeta (#581)
  • bb2f884 [pre-commit.ci] pre-commit autoupdate (#583)
  • da9c3ed 💰 Surface GitHub Sponsors + thanks.dev
  • See full diff in compare view

Updates coverage from 7.15.0 to 7.15.1

Changelog

Sourced from coverage's changelog.

Version 7.15.1 — 2026-07-12

  • Fix: in the HTML report with show_contexts enabled, a context label containing </script> (for example a parametrized pytest node id) could close the inline <script> element in a file page early, injecting markup. Context labels are now fully escaped. Thanks, Rajath Mohare <pull 2224_>_.

  • A number of performance improvements thanks to Paul Kehrer, in pull requests 2213 <pull 2213_>, 2214 <pull 2214_>, 2215 <pull 2215_>, 2216 <pull 2216_>, 2218 <pull 2218_>, 2220 <pull 2220_>, and 2221 <pull 2221_>_.

.. _pull 2213: coveragepy/coveragepy#2213 .. _pull 2214: coveragepy/coveragepy#2214 .. _pull 2215: coveragepy/coveragepy#2215 .. _pull 2216: coveragepy/coveragepy#2216 .. _pull 2218: coveragepy/coveragepy#2218 .. _pull 2220: coveragepy/coveragepy#2220 .. _pull 2221: coveragepy/coveragepy#2221 .. _pull 2224: coveragepy/coveragepy#2224

.. _changes_7-15-0:

Commits
  • da63bed docs: sample HTML for 7.15.1
  • bc35e64 docs: prep for 7.15.1
  • 182b010 perf: resolve sysmon branch events lazily, one pair at a time (#2221)
  • ee271ee perf: compute multiline maps cheaply in the sysmon core (#2220)
  • 1441b96 chore: bump the action-dependencies group with 6 updates (#2225)
  • dd80635 fix: escape context labels in html report inline script block (#2224)
  • 7c3ae71 docs: normalize earlier history order (#2222)
  • 088dc60 chore: make upgrade
  • f7e15a8 test: upload .json and .xml coverage reports
  • 3b62112 docs: thanks, Paul Kehrer
  • Additional commits viewable in compare view

Updates asttokens from 3.0.1 to 3.0.2

Release notes

Sourced from asttokens's releases.

v3.0.2

What's Changed

New Contributors

Full Changelog: gristlabs/asttokens@v3.0.1...v3.0.2

Commits
  • f97a6e1 Release modernization, and publish to PyPI from CI via trusted publishing (#175)
  • bb3c487 Fix IndexError on source mixing lone CR with LF line endings (#105) (#174)
  • d1eed10 Fix pypy CI by skipping redundant mypy runs on it (#173)
  • b8834d3 Modernize type annotations (#172)
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the ci-constraints group with 4 updates in the /ci directory: [charset-normalizer](https://github.com/jawah/charset_normalizer), [filelock](https://github.com/tox-dev/py-filelock), [coverage](https://github.com/coveragepy/coveragepy) and [asttokens](https://github.com/gristlabs/asttokens).


Updates `charset-normalizer` from 3.4.7 to 3.4.9
- [Release notes](https://github.com/jawah/charset_normalizer/releases)
- [Changelog](https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md)
- [Commits](jawah/charset_normalizer@3.4.7...3.4.9)

Updates `filelock` from 3.29.5 to 3.29.7
- [Release notes](https://github.com/tox-dev/py-filelock/releases)
- [Changelog](https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst)
- [Commits](tox-dev/filelock@3.29.5...3.29.7)

Updates `coverage` from 7.15.0 to 7.15.1
- [Release notes](https://github.com/coveragepy/coveragepy/releases)
- [Changelog](https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst)
- [Commits](coveragepy/coveragepy@7.15.0...7.15.1)

Updates `asttokens` from 3.0.1 to 3.0.2
- [Release notes](https://github.com/gristlabs/asttokens/releases)
- [Commits](gristlabs/asttokens@v3.0.1...v3.0.2)

---
updated-dependencies:
- dependency-name: charset-normalizer
  dependency-version: 3.4.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: ci-constraints
- dependency-name: filelock
  dependency-version: 3.29.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: ci-constraints
- dependency-name: coverage
  dependency-version: 7.15.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: ci-constraints
- dependency-name: asttokens
  dependency-version: 3.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: ci-constraints
...

Signed-off-by: dependabot[bot] <support@github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants