chore(deps): bump the python-dependencies group with 6 updates #1

Merged

dependabot[bot] merged 3 commits from dependabot/pip/python-dependencies-2a6e6dd2fb into main 2025-12-11 12:48:37 +01:00

Conversation 1 Commits 3 Files changed 2 +9 -9

dependabot[bot] commented 2025-12-11 12:46:33 +01:00 (Migrated from github.com)

Copy link

Bumps the python-dependencies group with 6 updates:

Package	From	To
flask-security-too	5.7.0	5.7.1
pynacl	1.5.0	1.6.1
pytest	9.0.1	9.0.2
greenlet	3.2.4	3.3.0
sqlalchemy	2.0.44	2.0.45
werkzeug	3.1.3	3.1.4

Updates flask-security-too from 5.7.0 to 5.7.1

Release notes

Sourced from flask-security-too's releases.

Release 5.7.1

This release contains a single fix for a regression in password automatic algorithm upgrade. See #1147

Changelog

Sourced from flask-security-too's changelog.

Version 5.7.1

Released November 23, 2025

Fixes +++++

• (:issue:1147) Regression when updating hash algorithm from bcrypt (willcroft)

Commits

• 7aa8f7e Release 5.7.1 with fix for regression in password updating.
• d141399 Add test for verify_and_update_password bug
• aac604f Fix: don’t pass modified input to hash_password (#1146)
• 1301951 Set for 5.7.0 (#1145)
• See full diff in compare view

Updates pynacl from 1.5.0 to 1.6.1

Changelog

Sourced from pynacl's changelog.

1.6.1 (2025-11-10)

• The MAKE environment variable can now be used to specify the make binary that should be used in the build process.

1.6.0 (2025-09-11)

• BACKWARDS INCOMPATIBLE: Removed support for Python 3.6 and 3.7.
• Added support for the low level AEAD AES bindings.
• Added support for crypto_core_ed25519_from_uniform.
• Update libsodium to 1.0.20-stable (2025-08-27 build).
• Added support for free-threaded Python 3.14.
• Added support for Windows on ARM wheels.

Commits

• 077559e bump for 1.6.1 (#906)
• 4f2eada Bump actions/upload-artifact from 4 to 5 (#904)
• d8185db Bump actions/download-artifact from 5.0.0 to 6.0.0 (#903)
• f986caa Update Python version from 3.14t-dev to 3.14t (#901)
• e8d3bc7 use 3.14.0 in CI (#900)
• f08cb9c build macOS wheels on macos-15 (arm64) (#898)
• eb41815 Update macOS runner version in CI workflow (#897)
• 7f418a0 Honor MAKE environment variable (#895)
• 84afafd Require CFFI 2.0.0 or newer on Python >= 3.9 (#894)
• 3209bf1 release 1.6.0 (#891)
• Additional commits viewable in compare view

Updates pytest from 9.0.1 to 9.0.2

Release notes

Sourced from pytest's releases.

9.0.2

pytest 9.0.2 (2025-12-06)

Bug fixes

• #13896: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.

  You may enable it again by passing -p terminalprogress. We may enable it by default again once compatibility improves in the future.

  Additionally, when the environment variable TERM is dumb, the escape codes are no longer emitted, even if the plugin is enabled.

• #13904: Fixed the TOML type of the tmp_path_retention_count settings in the API reference from number to string.

• #13946: The private config.inicfg attribute was changed in a breaking manner in pytest 9.0.0. Due to its usage in the ecosystem, it is now restored to working order using a compatibility shim. It will be deprecated in pytest 9.1 and removed in pytest 10.

• #13965: Fixed quadratic-time behavior when handling unittest subtests in Python 3.10.

Improved documentation

• #4492: The API Reference now contains cross-reference-able documentation of pytest's command-line flags <command-line-flags>.

Commits

• 3d10b51 Prepare release version 9.0.2
• 188750b Merge pull request #14030 from pytest-dev/patchback/backports/9.0.x/1e4b01d1f...
• b7d7bef Merge pull request #14014 from bluetech/compat-note
• bd08e85 Merge pull request #14013 from pytest-dev/patchback/backports/9.0.x/922b60377...
• bc78386 Add CLI options reference documentation (#13930)
• 5a4e398 Fix docs typo (#14005) (#14008)
• d7ae6df Merge pull request #14006 from pytest-dev/maintenance/update-plugin-list-tmpl...
• 556f6a2 pre-commit: fix rst-lint after new release (#13999) (#14001)
• c60fbe6 Fix quadratic-time behavior when handling unittest subtests in Python 3.10 ...
• 73d9b01 Merge pull request #13995 from nicoddemus/patchback/backports/9.0.x/1b5200c0f...
• Additional commits viewable in compare view

Updates greenlet from 3.2.4 to 3.3.0

Changelog

Sourced from greenlet's changelog.

3.3.0 (2025-12-04)

• Drop support for Python 3.9.

• Switch to distributing manylinux_2_28 wheels instead of manylinux2014 wheels. Likewise, switch from musllinux_1_1 to 1_2.

• Add initial support for free-threaded builds of CPython 3.14. Due to limitations, we do not distribute binary wheels for free-threaded CPython on Windows. (Free-threaded CPython 3.13 may work, but is untested and unsupported.)

  .. caution::

  Under some rare scenarios with free-threaded 3.14, the interpreter may crash on accessing a variable or attribute or when shutting down. If this happens, try disabling the thread-local bytecode cache. See the greenlet documentation for more details. See PR 472 by T. Wouters <https://github.com/python-greenlet/greenlet/pull/472>_ for the initial free-threaded support and a discussion of the current known issues.

Commits

• 0f90431 Preparing release 3.3.0
• 296058a Tweak changelog. [skip ci]
• d4392ab fixup
• e6fead2 Update docs regarding free-threading.
• d5b1346 3.14: Save/restore PyInterpreterFrame.stackpointer.
• b54c4bd Fix some crashes with CPython assertions enabled, pointing to things we were ...
• 47e9925 Add a test that we're not enabling the GIL.
• 0778d50 Use our Python allocator on free-threaded builds, but do it correctly with Py...
• 5f661f4 Add free-threaded CI builds and manylinux builds; update manylinux away from ...
• 5331b0a Merge pull request #475 from clin1234/capi
• Additional commits viewable in compare view

Updates sqlalchemy from 2.0.44 to 2.0.45

Release notes

Sourced from sqlalchemy's releases.

2.0.45

Released: December 9, 2025

orm

• [orm] [bug] Fixed issue where calling Mapper.add_property() within mapper event hooks such as MapperEvents.instrument_class(), MapperEvents.after_mapper_constructed(), or MapperEvents.before_mapper_configured() would raise an AttributeError because the mapper's internal property collections were not yet initialized. The Mapper.add_property() method now handles early-stage property additions correctly, allowing properties including column properties, deferred columns, and relationships to be added during mapper initialization events. Pull request courtesy G Allajmi.

  References: #12858

• [orm] [bug] Fixed issue in Python 3.14 where dataclass transformation would fail when a mapped class using MappedAsDataclass included a relationship() referencing a class that was not available at runtime (e.g., within a TYPE_CHECKING block). This occurred when using Python 3.14's PEP 649 deferred annotations feature, which is the default behavior without a from __future__ import annotations directive.

  References: #12952

examples

• [examples] [bug] Fixed the "short_selects" performance example where the cache was being used in all the examples, making it impossible to compare performance with and without the cache. Less important comparisons like "lambdas" and "baked queries" have been removed.

sql

• [sql] [bug] Some improvements to the _sql.ClauseElement.params() method to replace bound parameters in a query were made, however the ultimate issue in #12915 involving ORM _orm.aliased() cannot be fixed fully until 2.1, where the method is being rewritten to work without relying on Core cloned traversal.

  References: #12915

• [sql] [bug] Fixed issue where using the ColumnOperators.in_() operator with a nested CompoundSelect statement (e.g. an INTERSECT of UNION queries) would raise a NotImplementedError when the

... (truncated)

Commits

• See full diff in compare view

Updates werkzeug from 3.1.3 to 3.1.4

Release notes

Sourced from werkzeug's releases.

3.1.4

This is the Werkzeug 3.1.4 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Werkzeug/3.1.4/ Changes: https://werkzeug.palletsprojects.com/page/changes/#version-3-1-4 Milestone: https://github.com/pallets/werkzeug/milestone/42?closed=1

• safe_join on Windows does not allow special device names. This prevents reading from these when using send_from_directory. secure_filename already prevented writing to these. ghsa-hgf8-39gv-g3f2
• The debugger pin fails after 10 attempts instead of 11. #3020
• The multipart form parser handles a \r\n sequence at a chunk boundary. #3065
• Improve CPU usage during Watchdog reloader. #3054
• Request.json annotation is more accurate. #3067
• Traceback rendering handles when the line number is beyond the available source lines. #3044
• HTTPException.get_response annotation and doc better conveys the distinction between WSGI and sans-IO responses. #3056

Changelog

Sourced from werkzeug's changelog.

Version 3.1.4

Released 2025-11-28

• safe_join on Windows does not allow special device names. This prevents reading from these when using send_from_directory. secure_filename already prevented writing to these. :ghsa:hgf8-39gv-g3f2
• The debugger pin fails after 10 attempts instead of 11. :pr:3020
• The multipart form parser handles a \r\n sequence at a chunk boundary. :issue:3065
• Improve CPU usage during Watchdog reloader. :issue:3054
• Request.json annotation is more accurate. :issue:3067
• Traceback rendering handles when the line number is beyond the available source lines. :issue:3044
• HTTPException.get_response annotation and doc better conveys the distinction between WSGI and sans-IO responses. :issue:3056

Commits

• 1c7beb6 release version 3.1.4
• 9c8b754 install less to run tox
• 474e22f update dev dependencies
• 4b83337 Merge commit from fork
• 9bdec46 safe_join prevents windows special device names
• b11713e better HTTPException.get_response annotation (#3072)
• 1131dbd distinguish wsgi and sansio response annotation
• 5d9a403 skip rendering missing source (#3071)
• 60ea32c skip rendering missing source
• c0e67e9 Request.json property is only Any (#3070)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the python-dependencies group with 6 updates: | Package | From | To | | --- | --- | --- | | [flask-security-too](https://github.com/pallets-eco/flask-security) | `5.7.0` | `5.7.1` | | [pynacl](https://github.com/pyca/pynacl) | `1.5.0` | `1.6.1` | | [pytest](https://github.com/pytest-dev/pytest) | `9.0.1` | `9.0.2` | | [greenlet](https://github.com/python-greenlet/greenlet) | `3.2.4` | `3.3.0` | | [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) | `2.0.44` | `2.0.45` | | [werkzeug](https://github.com/pallets/werkzeug) | `3.1.3` | `3.1.4` | Updates `flask-security-too` from 5.7.0 to 5.7.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pallets-eco/flask-security/releases">flask-security-too's releases</a>.</em></p> <blockquote> <h2>Release 5.7.1</h2> <p>This release contains a single fix for a regression in password automatic algorithm upgrade. See <a href="https://redirect.github.com/pallets-eco/flask-security/issues/1147">#1147</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pallets-eco/flask-security/blob/main/CHANGES.rst">flask-security-too's changelog</a>.</em></p> <blockquote> <h2>Version 5.7.1</h2> <p>Released November 23, 2025</p> <p>Fixes +++++</p> <ul> <li>(:issue:<code>1147</code>) Regression when updating hash algorithm from bcrypt (willcroft)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pallets-eco/flask-security/commit/7aa8f7e5f5abaf306171223d34a4cf2f7e2065a6"><code>7aa8f7e</code></a> Release 5.7.1 with fix for regression in password updating.</li> <li><a href="https://github.com/pallets-eco/flask-security/commit/d14139927f5c3db003e608d41820a2c6ae9c36e3"><code>d141399</code></a> Add test for verify_and_update_password bug</li> <li><a href="https://github.com/pallets-eco/flask-security/commit/aac604f54c98a499da57b28ec54fe279ef7c58bb"><code>aac604f</code></a> Fix: don’t pass modified input to hash_password (<a href="https://redirect.github.com/pallets-eco/flask-security/issues/1146">#1146</a>)</li> <li><a href="https://github.com/pallets-eco/flask-security/commit/1301951c1ee7ea03fad69eb2ebb43e7f3e929261"><code>1301951</code></a> Set for 5.7.0 (<a href="https://redirect.github.com/pallets-eco/flask-security/issues/1145">#1145</a>)</li> <li>See full diff in <a href="https://github.com/pallets-eco/flask-security/compare/5.7.0...5.7.1">compare view</a></li> </ul> </details> <br /> Updates `pynacl` from 1.5.0 to 1.6.1 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pyca/pynacl/blob/main/CHANGELOG.rst">pynacl's changelog</a>.</em></p> <blockquote> <h2>1.6.1 (2025-11-10)</h2> <ul> <li>The <code>MAKE</code> environment variable can now be used to specify the <code>make</code> binary that should be used in the build process.</li> </ul> <h2>1.6.0 (2025-09-11)</h2> <ul> <li><strong>BACKWARDS INCOMPATIBLE:</strong> Removed support for Python 3.6 and 3.7.</li> <li>Added support for the low level AEAD AES bindings.</li> <li>Added support for <code>crypto_core_ed25519_from_uniform</code>.</li> <li>Update <code>libsodium</code> to 1.0.20-stable (2025-08-27 build).</li> <li>Added support for free-threaded Python 3.14.</li> <li>Added support for Windows on ARM wheels.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pyca/pynacl/commit/077559e610d90b9b67ee9b7915934570cacfe005"><code>077559e</code></a> bump for 1.6.1 (<a href="https://redirect.github.com/pyca/pynacl/issues/906">#906</a>)</li> <li><a href="https://github.com/pyca/pynacl/commit/4f2eada50cd44d3b65c12c936553da75aa2ea35e"><code>4f2eada</code></a> Bump actions/upload-artifact from 4 to 5 (<a href="https://redirect.github.com/pyca/pynacl/issues/904">#904</a>)</li> <li><a href="https://github.com/pyca/pynacl/commit/d8185db3cec8875e18aa3e4fa8d865682012fecf"><code>d8185db</code></a> Bump actions/download-artifact from 5.0.0 to 6.0.0 (<a href="https://redirect.github.com/pyca/pynacl/issues/903">#903</a>)</li> <li><a href="https://github.com/pyca/pynacl/commit/f986caa8de4db8064f7b73f8c884151a337c5765"><code>f986caa</code></a> Update Python version from 3.14t-dev to 3.14t (<a href="https://redirect.github.com/pyca/pynacl/issues/901">#901</a>)</li> <li><a href="https://github.com/pyca/pynacl/commit/e8d3bc7a6f162ffa624463bf34baa0e8a7c55760"><code>e8d3bc7</code></a> use 3.14.0 in CI (<a href="https://redirect.github.com/pyca/pynacl/issues/900">#900</a>)</li> <li><a href="https://github.com/pyca/pynacl/commit/f08cb9c399b5f2f0a797563eb44a1132c997f057"><code>f08cb9c</code></a> build macOS wheels on macos-15 (arm64) (<a href="https://redirect.github.com/pyca/pynacl/issues/898">#898</a>)</li> <li><a href="https://github.com/pyca/pynacl/commit/eb41815abae874bb5fc632c7817875e9698d1938"><code>eb41815</code></a> Update macOS runner version in CI workflow (<a href="https://redirect.github.com/pyca/pynacl/issues/897">#897</a>)</li> <li><a href="https://github.com/pyca/pynacl/commit/7f418a0894e0d7b9bc9271c43ff0e4b5c20826a3"><code>7f418a0</code></a> Honor MAKE environment variable (<a href="https://redirect.github.com/pyca/pynacl/issues/895">#895</a>)</li> <li><a href="https://github.com/pyca/pynacl/commit/84afafd90e94f423df92a07ed3e1eb72954fa2b5"><code>84afafd</code></a> Require CFFI 2.0.0 or newer on Python &gt;= 3.9 (<a href="https://redirect.github.com/pyca/pynacl/issues/894">#894</a>)</li> <li><a href="https://github.com/pyca/pynacl/commit/3209bf1df1bcfcbaebc6fb0f54cc2a02da524c11"><code>3209bf1</code></a> release 1.6.0 (<a href="https://redirect.github.com/pyca/pynacl/issues/891">#891</a>)</li> <li>Additional commits viewable in <a href="https://github.com/pyca/pynacl/compare/1.5.0...1.6.1">compare view</a></li> </ul> </details> <br /> Updates `pytest` from 9.0.1 to 9.0.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pytest-dev/pytest/releases">pytest's releases</a>.</em></p> <blockquote> <h2>9.0.2</h2> <h1>pytest 9.0.2 (2025-12-06)</h1> <h2>Bug fixes</h2> <ul> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/13896">#13896</a>: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.</p> <p>You may enable it again by passing <code>-p terminalprogress</code>. We may enable it by default again once compatibility improves in the future.</p> <p>Additionally, when the environment variable <code>TERM</code> is <code>dumb</code>, the escape codes are no longer emitted, even if the plugin is enabled.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/13904">#13904</a>: Fixed the TOML type of the <code>tmp_path_retention_count</code> settings in the API reference from number to string.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/13946">#13946</a>: The private <code>config.inicfg</code> attribute was changed in a breaking manner in pytest 9.0.0. Due to its usage in the ecosystem, it is now restored to working order using a compatibility shim. It will be deprecated in pytest 9.1 and removed in pytest 10.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/13965">#13965</a>: Fixed quadratic-time behavior when handling <code>unittest</code> subtests in Python 3.10.</p> </li> </ul> <h2>Improved documentation</h2> <ul> <li><a href="https://redirect.github.com/pytest-dev/pytest/issues/4492">#4492</a>: The API Reference now contains cross-reference-able documentation of <code>pytest's command-line flags &lt;command-line-flags&gt;</code>.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pytest-dev/pytest/commit/3d10b5148e03eb82b3ee29181dbdc73cf82699e2"><code>3d10b51</code></a> Prepare release version 9.0.2</li> <li><a href="https://github.com/pytest-dev/pytest/commit/188750b725add8c3400eee6fbb6b80559c296d69"><code>188750b</code></a> Merge pull request <a href="https://redirect.github.com/pytest-dev/pytest/issues/14030">#14030</a> from pytest-dev/patchback/backports/9.0.x/1e4b01d1f...</li> <li><a href="https://github.com/pytest-dev/pytest/commit/b7d7bef90cb9a6db8ac1d3dd5b9ae0eb9abd6c58"><code>b7d7bef</code></a> Merge pull request <a href="https://redirect.github.com/pytest-dev/pytest/issues/14014">#14014</a> from bluetech/compat-note</li> <li><a href="https://github.com/pytest-dev/pytest/commit/bd08e85ac76614ff5ca9ae338aee8d8b06c8fae0"><code>bd08e85</code></a> Merge pull request <a href="https://redirect.github.com/pytest-dev/pytest/issues/14013">#14013</a> from pytest-dev/patchback/backports/9.0.x/922b60377...</li> <li><a href="https://github.com/pytest-dev/pytest/commit/bc783862991241c442c9f9c068e51737ec15ea10"><code>bc78386</code></a> Add CLI options reference documentation (<a href="https://redirect.github.com/pytest-dev/pytest/issues/13930">#13930</a>)</li> <li><a href="https://github.com/pytest-dev/pytest/commit/5a4e398ce89bc23d2cf3fd98c042fdffb6fa8afa"><code>5a4e398</code></a> Fix docs typo (<a href="https://redirect.github.com/pytest-dev/pytest/issues/14005">#14005</a>) (<a href="https://redirect.github.com/pytest-dev/pytest/issues/14008">#14008</a>)</li> <li><a href="https://github.com/pytest-dev/pytest/commit/d7ae6df394398168bf9d926f803c26849c8f07ee"><code>d7ae6df</code></a> Merge pull request <a href="https://redirect.github.com/pytest-dev/pytest/issues/14006">#14006</a> from pytest-dev/maintenance/update-plugin-list-tmpl...</li> <li><a href="https://github.com/pytest-dev/pytest/commit/556f6a22e12d13d1ffeceaf64424eb95d5e0fb87"><code>556f6a2</code></a> pre-commit: fix rst-lint after new release (<a href="https://redirect.github.com/pytest-dev/pytest/issues/13999">#13999</a>) (<a href="https://redirect.github.com/pytest-dev/pytest/issues/14001">#14001</a>)</li> <li><a href="https://github.com/pytest-dev/pytest/commit/c60fbe63a26f64a42738e3f3527a8f79024fdf50"><code>c60fbe6</code></a> Fix quadratic-time behavior when handling <code>unittest</code> subtests in Python 3.10 ...</li> <li><a href="https://github.com/pytest-dev/pytest/commit/73d9b011183d9a1c4a7007c1119d97a6e627788e"><code>73d9b01</code></a> Merge pull request <a href="https://redirect.github.com/pytest-dev/pytest/issues/13995">#13995</a> from nicoddemus/patchback/backports/9.0.x/1b5200c0f...</li> <li>Additional commits viewable in <a href="https://github.com/pytest-dev/pytest/compare/9.0.1...9.0.2">compare view</a></li> </ul> </details> <br /> Updates `greenlet` from 3.2.4 to 3.3.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/python-greenlet/greenlet/blob/master/CHANGES.rst">greenlet's changelog</a>.</em></p> <blockquote> <h1>3.3.0 (2025-12-04)</h1> <ul> <li> <p>Drop support for Python 3.9.</p> </li> <li> <p>Switch to distributing manylinux_2_28 wheels instead of manylinux2014 wheels. Likewise, switch from musllinux_1_1 to 1_2.</p> </li> <li> <p>Add initial support for free-threaded builds of CPython 3.14. Due to limitations, we do not distribute binary wheels for free-threaded CPython on Windows. (Free-threaded CPython 3.13 may work, but is untested and unsupported.)</p> <p>.. caution::</p> <p>Under some rare scenarios with free-threaded 3.14, the interpreter may crash on accessing a variable or attribute or when shutting down. If this happens, try disabling the thread-local bytecode cache. See the greenlet documentation for more details. See <code>PR 472 by T. Wouters &lt;https://github.com/python-greenlet/greenlet/pull/472&gt;</code>_ for the initial free-threaded support and a discussion of the current known issues.</p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/python-greenlet/greenlet/commit/0f904314e2fe11835bdff9d928f9f039116aebff"><code>0f90431</code></a> Preparing release 3.3.0</li> <li><a href="https://github.com/python-greenlet/greenlet/commit/296058a43da5a76c2406a91aa998413b93537940"><code>296058a</code></a> Tweak changelog. [skip ci]</li> <li><a href="https://github.com/python-greenlet/greenlet/commit/d4392ab171036bf73cc64ed47109e0d2e1f41275"><code>d4392ab</code></a> fixup</li> <li><a href="https://github.com/python-greenlet/greenlet/commit/e6fead23d967fd6194c5a1eaa48d55a07b4bda40"><code>e6fead2</code></a> Update docs regarding free-threading.</li> <li><a href="https://github.com/python-greenlet/greenlet/commit/d5b134610187f94a641e0cf40be56992c8e9f667"><code>d5b1346</code></a> 3.14: Save/restore PyInterpreterFrame.stackpointer.</li> <li><a href="https://github.com/python-greenlet/greenlet/commit/b54c4bdaaade13139d54005df51a9d21df5db7c4"><code>b54c4bd</code></a> Fix some crashes with CPython assertions enabled, pointing to things we were ...</li> <li><a href="https://github.com/python-greenlet/greenlet/commit/47e99259263968560422c9b69bc8c50f9068cf87"><code>47e9925</code></a> Add a test that we're not enabling the GIL.</li> <li><a href="https://github.com/python-greenlet/greenlet/commit/0778d50792888afa043c8a368085358c3fea0146"><code>0778d50</code></a> Use our Python allocator on free-threaded builds, but do it correctly with Py...</li> <li><a href="https://github.com/python-greenlet/greenlet/commit/5f661f4f5a023438e944d36e4f255c7a706ae998"><code>5f661f4</code></a> Add free-threaded CI builds and manylinux builds; update manylinux away from ...</li> <li><a href="https://github.com/python-greenlet/greenlet/commit/5331b0ad33a7380b91d8a9849f61aa61b7b1ade2"><code>5331b0a</code></a> Merge pull request <a href="https://redirect.github.com/python-greenlet/greenlet/issues/475">#475</a> from clin1234/capi</li> <li>Additional commits viewable in <a href="https://github.com/python-greenlet/greenlet/compare/3.2.4...3.3.0">compare view</a></li> </ul> </details> <br /> Updates `sqlalchemy` from 2.0.44 to 2.0.45 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sqlalchemy/sqlalchemy/releases">sqlalchemy's releases</a>.</em></p> <blockquote> <h1>2.0.45</h1> <p>Released: December 9, 2025</p> <h2>orm</h2> <ul> <li> <p><strong>[orm] [bug]</strong> Fixed issue where calling <code>Mapper.add_property()</code> within mapper event hooks such as <code>MapperEvents.instrument_class()</code>, <code>MapperEvents.after_mapper_constructed()</code>, or <code>MapperEvents.before_mapper_configured()</code> would raise an <code>AttributeError</code> because the mapper's internal property collections were not yet initialized. The <code>Mapper.add_property()</code> method now handles early-stage property additions correctly, allowing properties including column properties, deferred columns, and relationships to be added during mapper initialization events. Pull request courtesy G Allajmi.</p> <p>References: <a href="https://www.sqlalchemy.org/trac/ticket/12858">#12858</a></p> </li> <li> <p><strong>[orm] [bug]</strong> Fixed issue in Python 3.14 where dataclass transformation would fail when a mapped class using <code>MappedAsDataclass</code> included a <code>relationship()</code> referencing a class that was not available at runtime (e.g., within a <code>TYPE_CHECKING</code> block). This occurred when using Python 3.14's <a href="https://peps.python.org/pep-0649">PEP 649</a> deferred annotations feature, which is the default behavior without a <code>from __future__ import annotations</code> directive.</p> <p>References: <a href="https://www.sqlalchemy.org/trac/ticket/12952">#12952</a></p> </li> </ul> <h2>examples</h2> <ul> <li><strong>[examples] [bug]</strong> Fixed the &quot;short_selects&quot; performance example where the cache was being used in all the examples, making it impossible to compare performance with and without the cache. Less important comparisons like &quot;lambdas&quot; and &quot;baked queries&quot; have been removed.</li> </ul> <h2>sql</h2> <ul> <li> <p><strong>[sql] [bug]</strong> Some improvements to the <code>_sql.ClauseElement.params()</code> method to replace bound parameters in a query were made, however the ultimate issue in <a href="https://www.sqlalchemy.org/trac/ticket/12915">#12915</a> involving ORM <code>_orm.aliased()</code> cannot be fixed fully until 2.1, where the method is being rewritten to work without relying on Core cloned traversal.</p> <p>References: <a href="https://www.sqlalchemy.org/trac/ticket/12915">#12915</a></p> </li> <li> <p><strong>[sql] [bug]</strong> Fixed issue where using the <code>ColumnOperators.in_()</code> operator with a nested <code>CompoundSelect</code> statement (e.g. an <code>INTERSECT</code> of <code>UNION</code> queries) would raise a <code>NotImplementedError</code> when the</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/sqlalchemy/sqlalchemy/commits">compare view</a></li> </ul> </details> <br /> Updates `werkzeug` from 3.1.3 to 3.1.4 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pallets/werkzeug/releases">werkzeug's releases</a>.</em></p> <blockquote> <h2>3.1.4</h2> <p>This is the Werkzeug 3.1.4 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.</p> <p>PyPI: <a href="https://pypi.org/project/Werkzeug/3.1.4/">https://pypi.org/project/Werkzeug/3.1.4/</a> Changes: <a href="https://werkzeug.palletsprojects.com/page/changes/#version-3-1-4">https://werkzeug.palletsprojects.com/page/changes/#version-3-1-4</a> Milestone: <a href="https://github.com/pallets/werkzeug/milestone/42?closed=1">https://github.com/pallets/werkzeug/milestone/42?closed=1</a></p> <ul> <li><code>safe_join</code> on Windows does not allow special device names. This prevents reading from these when using <code>send_from_directory</code>. <code>secure_filename</code> already prevented writing to these. <a href="https://github.com/pallets/werkzeug/security/advisories/GHSA-hgf8-39gv-g3f2">ghsa-hgf8-39gv-g3f2</a></li> <li>The debugger pin fails after 10 attempts instead of 11. <a href="https://redirect.github.com/pallets/werkzeug/issues/3020">#3020</a></li> <li>The multipart form parser handles a <code>\r\n</code> sequence at a chunk boundary. <a href="https://redirect.github.com/pallets/werkzeug/issues/3065">#3065</a></li> <li>Improve CPU usage during Watchdog reloader. <a href="https://redirect.github.com/pallets/werkzeug/issues/3054">#3054</a></li> <li><code>Request.json</code> annotation is more accurate. <a href="https://redirect.github.com/pallets/werkzeug/issues/3067">#3067</a></li> <li>Traceback rendering handles when the line number is beyond the available source lines. <a href="https://redirect.github.com/pallets/werkzeug/issues/3044">#3044</a></li> <li><code>HTTPException.get_response</code> annotation and doc better conveys the distinction between WSGI and sans-IO responses. <a href="https://redirect.github.com/pallets/werkzeug/issues/3056">#3056</a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pallets/werkzeug/blob/main/CHANGES.rst">werkzeug's changelog</a>.</em></p> <blockquote> <h2>Version 3.1.4</h2> <p>Released 2025-11-28</p> <ul> <li><code>safe_join</code> on Windows does not allow special device names. This prevents reading from these when using <code>send_from_directory</code>. <code>secure_filename</code> already prevented writing to these. :ghsa:<code>hgf8-39gv-g3f2</code></li> <li>The debugger pin fails after 10 attempts instead of 11. :pr:<code>3020</code></li> <li>The multipart form parser handles a <code>\r\n</code> sequence at a chunk boundary. :issue:<code>3065</code></li> <li>Improve CPU usage during Watchdog reloader. :issue:<code>3054</code></li> <li><code>Request.json</code> annotation is more accurate. :issue:<code>3067</code></li> <li>Traceback rendering handles when the line number is beyond the available source lines. :issue:<code>3044</code></li> <li><code>HTTPException.get_response</code> annotation and doc better conveys the distinction between WSGI and sans-IO responses. :issue:<code>3056</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pallets/werkzeug/commit/1c7beb671d1af67a07684ffa1fffdb0fc76c7fa4"><code>1c7beb6</code></a> release version 3.1.4</li> <li><a href="https://github.com/pallets/werkzeug/commit/9c8b7546c51787c61982d5a87c4b52be6342c62c"><code>9c8b754</code></a> install less to run tox</li> <li><a href="https://github.com/pallets/werkzeug/commit/474e22f1ac8ee8531d6cb6fae4e062d4d7a5ea8f"><code>474e22f</code></a> update dev dependencies</li> <li><a href="https://github.com/pallets/werkzeug/commit/4b833376a45c323a189cd11d2362bcffdb1c0c13"><code>4b83337</code></a> Merge commit from fork</li> <li><a href="https://github.com/pallets/werkzeug/commit/9bdec46fe4955f085348ffc666b9edafff83aee2"><code>9bdec46</code></a> safe_join prevents windows special device names</li> <li><a href="https://github.com/pallets/werkzeug/commit/b11713e82dd2baad4c48d4baad2ad7d03d653a55"><code>b11713e</code></a> better <code>HTTPException.get_response</code> annotation (<a href="https://redirect.github.com/pallets/werkzeug/issues/3072">#3072</a>)</li> <li><a href="https://github.com/pallets/werkzeug/commit/1131dbd4d4aa4a65e12b5f75bd039b67a34787ce"><code>1131dbd</code></a> distinguish wsgi and sansio response annotation</li> <li><a href="https://github.com/pallets/werkzeug/commit/5d9a40366b3a62ac7478b98b3bac9f90633edff0"><code>5d9a403</code></a> skip rendering missing source (<a href="https://redirect.github.com/pallets/werkzeug/issues/3071">#3071</a>)</li> <li><a href="https://github.com/pallets/werkzeug/commit/60ea32c88ee1fc97559872fac55708af9c147a05"><code>60ea32c</code></a> skip rendering missing source</li> <li><a href="https://github.com/pallets/werkzeug/commit/c0e67e96384bb0aa4e3165e1efeed1e9835cf260"><code>c0e67e9</code></a> <code>Request.json</code> property is only <code>Any</code> (<a href="https://redirect.github.com/pallets/werkzeug/issues/3070">#3070</a>)</li> <li>Additional commits viewable in <a href="https://github.com/pallets/werkzeug/compare/3.1.3...3.1.4">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details>

dependabot[bot] commented 2025-12-11 12:46:34 +01:00 (Migrated from github.com)

Copy link

Labels

The following labels could not be found: dependencies, python. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

### Labels The following labels could not be found: `dependencies`, `python`. Please create them before Dependabot can add them to a pull request. Please fix the above issues or remove invalid values from `dependabot.yml`.

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

bug

Something isn't working

  

dependencies

  

documentation

Improvements or additions to documentation

  

duplicate

This issue or pull request already exists

  

enhancement

New feature or request

  

good first issue

Good for newcomers

  

help wanted

Extra attention is needed

  

invalid

This doesn't seem right

  

python

  

question

Further information is requested

  

wontfix

This will not be worked on

No labels

bug

dependencies

documentation

duplicate

enhancement

good first issue

help wanted

invalid

python

question

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

Nerdberg/Nerdlock!1

No description provided.