chore(deps): bump the python-dependencies group across 1 directory with 6 updates #6

Closed

dependabot[bot] wants to merge 1 commit from dependabot/pip/python-dependencies-92e91914bb into main

pull from: dependabot/pip/python-dependencies-92e91914bb

merge into: Nerdberg:main

Nerdberg:main

Conversation 1 Commits 1 Files changed 2 +8 -8

dependabot[bot] commented 2026-01-26 07:37:47 +01:00 (Migrated from github.com)

Copy link

Bumps the python-dependencies group with 6 updates in the / directory:

Package	From	To
bleak	2.0.0	2.1.1
pynacl	1.6.1	1.6.2
cbor2	5.7.1	5.8.0
greenlet	3.3.0	3.3.1
sqlalchemy	2.0.45	2.0.46
werkzeug	3.1.4	3.1.5

Updates bleak from 2.0.0 to 2.1.1

Release notes

Sourced from bleak's releases.

v2.1.1

Changed

• Changed default connect timeout for BleakClient from 10 to 30 seconds.

Fixed

• Fixed some cases of BleakError: Could not get GATT services: Unreachable in WinRT backend by adding a retry when getting GATT services.

v2.1.0

Added

• Added bluez parameter to BleakClient.start_notify() to allow forcing using "StartNotify" instead of "AcquireNotify" on BlueZ backend. Fixes #1885.
• Added bleak.args.SizedBuffer type for better type hinting of buffer protocol parameters.

Fixed

• Fixed calling logging.debug() in WinRT backend. Fixes #1882.
• Fixed calling logging.warning() in BlueZ backend.

Changelog

Sourced from bleak's changelog.

2.1.1_ (2025-12-31)

Changed

• Changed default connect timeout for BleakClient from 10 to 30 seconds.

Fixed

• Fixed some cases of BleakError: Could not get GATT services: Unreachable in WinRT backend by adding a retry when getting GATT services.

2.1.0_ (2025-12-28)

Added

• Added bluez parameter to BleakClient.start_notify() to allow forcing using "StartNotify" instead of "AcquireNotify" on BlueZ backend. Fixes #1885.
• Added bleak.args.SizedBuffer type for better type hinting of buffer protocol parameters.

Fixed

• Fixed calling logging.debug() in WinRT backend. Fixes #1882.
• Fixed calling logging.warning() in BlueZ backend.

Commits

• 5d76a62 v2.1.1
• 1f002b8 backends: clean up client timeout comments
• b5490e8 tests: add services arg to BleakClient in some tests
• ba9410f backends/winrt/client: add retry when getting GATT services
• f14a30d bleak: change default BleakClient timeout to 30 seconds
• 848b511 backends/corebluetooth: add helper function for call_soon_threadsafe()
• 6af24ae tests/integration: fix logging.info()
• 66f0b20 tests: Basic integrationtests for BleakClient
• 8a40874 tests/integration: remove add_default_services()
• ede4a03 github: build_and_test if pyproject.toml changes
• Additional commits viewable in compare view

Updates pynacl from 1.6.1 to 1.6.2

Changelog

Sourced from pynacl's changelog.

1.6.2 (2026-01-01)

• Updated libsodium to 1.0.20-stable (2025-12-31 build) to resolve CVE-2025-69277.

Commits

• ecf41f5 changelog and version bump for 1.6.2 (#923)
• 685a5e7 Switch to PyPI trusted publishing (#925)
• 78e0aa3 missed adding these files as part of the libsodium update (#924)
• 9631488 Bump libsodium to the latest 1.0.20 (#922)
• 563b25b Add script to update vendored libsodium (#921)
• d233105 Include libsodium license in wheels (#917)
• cabc3a8 Bump dessant/lock-threads from 5 to 6 (#914)
• f359617 Bump actions/download-artifact from 6.0.0 to 7.0.0 (#915)
• fb6e37f Bump actions/upload-artifact from 5 to 6 (#916)
• 526f992 Bump actions/checkout from 6.0.0 to 6.0.1 (#911)
• Additional commits viewable in compare view

Updates cbor2 from 5.7.1 to 5.8.0

Release notes

Sourced from cbor2's releases.

5.8.0

• Added readahead buffering to C decoder for improved performance. The decoder now uses a 4 KB buffer by default to reduce the number of read calls. Benchmarks show 20-140% performance improvements for decoding operations. (#268; PR by @​andreer)
• Fixed Python decoder not preserving share index when decoding array items containing nested shareable tags, causing shared references to resolve to wrong objects (#267; PR by @​andreer)
• Reset shared reference state at the start of each top-level encode/decode operation (#266; PR by @​andreer)

Commits

• c77cea8 Removed macos-13 from the OS matrix
• 2320d95 Bumped up the version
• 9ff48e3 Updated pre-commit modules
• 22acea4 Updated the version history entry for #268
• c368bb3 Fixed the links and the semver declaration
• fb4ee16 Added a read-ahead buffer to the C decoder (#268)
• 0bcf400 Bump the github-actions group with 5 updates (#269)
• 7aa6cad Added dependabot config for GitHub actions
• 6409f6a Added a security policy
• 403c2ce Fixed nested shareable in arrays (python decoder only) (#267)
• Additional commits viewable in compare view

Updates greenlet from 3.3.0 to 3.3.1

Changelog

Sourced from greenlet's changelog.

3.3.1 (2026-01-23)

• Publish Windows ARM binary wheels, where available.
• Fix compilation for 3.14t on Windows.
• Publish Windows 3.14t binary wheels for Intel.
• Switch from Appveyor for Windows to Github Actions.
• Fix compilation on MIPS with GCC 15 and binutils 2.45. See PR 487 by Rosen Penev <https://github.com/python-greenlet/greenlet/pull/487>_. Note that this is not a platform tested by this project's CI.
• Move most project metadata into the static pyproject.toml file. This updates licensing information to use the modern License-Expression field. See PR 480 by mrbean-bremen <https://github.com/python-greenlet/greenlet/pull/480/>_.

Commits

• d1a0a3f Preparing release 3.3.1
• bb11806 Merge pull request #482 from tacaswell/cp315_compat
• 0708965 Change note for #480
• 62ff68f pyproject: It's tool.zest-releaser, not tools.zest-releaser.
• 7081130 Move most of setuptools attributes to pyproject.toml
• b462f75 Add change note for #487.
• 918e888 Merge pull request #486 from python-greenlet/dependabot/github_actions/github...
• c5e2e6f Bump actions/upload-artifact from 5 to 6 in the github-actions group
• 54f257d Merge pull request #487 from neheb/mips
• b2cf41d Merge pull request #490 from python-greenlet/windows-on-github
• Additional commits viewable in compare view

Updates sqlalchemy from 2.0.45 to 2.0.46

Release notes

Sourced from sqlalchemy's releases.

2.0.46

Released: January 21, 2026

typing

• [typing] [bug] Fixed typing issues where ORM mapped classes and aliased entities could not be used as keys in result row mappings or as join targets in select statements. Patterns such as row._mapping[User], row._mapping[aliased(User)], row._mapping[with_polymorphic(...)] (rejected by both mypy and Pylance), and .join(aliased(User)) (rejected by Pylance) are documented and fully supported at runtime but were previously rejected by type checkers. The type definitions for _KeyType and _FromClauseArgument have been updated to accept these ORM entity types.

  References: #13075

postgresql

• [postgresql] [bug] Fixed issue where PostgreSQL JSONB operators _postgresql.JSONB.Comparator.path_match() and _postgresql.JSONB.Comparator.path_exists() were applying incorrect VARCHAR casts to the right-hand side operand when used with newer PostgreSQL drivers such as psycopg. The operators now indicate the right-hand type as JSONPATH, which currently results in no casting taking place, but is also compatible with explicit casts if the implementation were require it at a later point.

  References: #13059

• [postgresql] [bug] Fixed regression in PostgreSQL dialect where JSONB subscription syntax would generate incorrect SQL for cast() expressions returning JSONB, causing syntax errors. The dialect now properly wraps cast expressions in parentheses when using the [] subscription syntax, generating (CAST(...))[index] instead of CAST(...)[index] to comply with PostgreSQL syntax requirements. This extends the fix from #12778 which addressed the same issue for function calls.

  References: #13067

• [postgresql] [bug] Improved the foreign key reflection regular expression pattern used by the PostgreSQL dialect to be more permissive in matching identifier characters, allowing it to correctly handle unicode characters in table and column names. This change improves compatibility with PostgreSQL variants such as CockroachDB that may use different quoting patterns in combination with unicode characters in their identifiers. Pull request courtesy Gord Thompson.

... (truncated)

Commits

• See full diff in compare view

Updates werkzeug from 3.1.4 to 3.1.5

Release notes

Sourced from werkzeug's releases.

3.1.5

This is the Werkzeug 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Werkzeug/3.1.5/ Changes: https://werkzeug.palletsprojects.com/page/changes/#version-3-1-5 Milestone: https://github.com/pallets/werkzeug/milestone/43?closed=1

• safe_join on Windows does not allow more special device names, regardless of extension or surrounding spaces. GHSA-87hc-h4r5-73f7
• The multipart form parser handles a \r\n sequence at a chunk boundary. This fixes the previous attempt, which caused incorrect content lengths. #3065 #3077
• Fix AttributeError when initializing DebuggedApplication with pin_security=False. #3075

Changelog

Sourced from werkzeug's changelog.

Version 3.1.5

Released 2026-01-08

• safe_join on Windows does not allow more special device names, regardless of extension or surrounding spaces. :ghsa:87hc-h4r5-73f7
• The multipart form parser handles a \r\n sequence at a chunk boundary. This fixes the previous attempt, which caused incorrect content lengths. :issue:3065 :issue:3077
• Fix AttributeError when initializing DebuggedApplication with pin_security=False. :issue:3075

Commits

• e3d06f4 release version 3.1.5
• 7ae1d25 Merge commit from fork
• 37797ab safe_join prevents windows special device names with compound extensions
• 3db44c7 fix duplicate reference
• a40f8fa fix class name typo
• 0f76c35 Correct parsing up to a potential partial boundary (#3081)
• 1049dd6 Correct parsing up to a potential partial boundary
• b48878c initialize _pin in debugger (#3078)
• fa0f4f2 initialize _pin
• f637275 start version 3.1.5
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the python-dependencies group with 6 updates in the / directory: | Package | From | To | | --- | --- | --- | | [bleak](https://github.com/hbldh/bleak) | `2.0.0` | `2.1.1` | | [pynacl](https://github.com/pyca/pynacl) | `1.6.1` | `1.6.2` | | [cbor2](https://github.com/agronholm/cbor2) | `5.7.1` | `5.8.0` | | [greenlet](https://github.com/python-greenlet/greenlet) | `3.3.0` | `3.3.1` | | [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) | `2.0.45` | `2.0.46` | | [werkzeug](https://github.com/pallets/werkzeug) | `3.1.4` | `3.1.5` | Updates `bleak` from 2.0.0 to 2.1.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/hbldh/bleak/releases">bleak's releases</a>.</em></p> <blockquote> <h2>v2.1.1</h2> <h2>Changed</h2> <ul> <li>Changed default connect timeout for <code>BleakClient</code> from 10 to 30 seconds.</li> </ul> <h2>Fixed</h2> <ul> <li>Fixed some cases of <code>BleakError: Could not get GATT services: Unreachable</code> in WinRT backend by adding a retry when getting GATT services.</li> </ul> <h2>v2.1.0</h2> <h2>Added</h2> <ul> <li>Added <code>bluez</code> parameter to <code>BleakClient.start_notify()</code> to allow forcing using &quot;StartNotify&quot; instead of &quot;AcquireNotify&quot; on BlueZ backend. Fixes <a href="https://redirect.github.com/hbldh/bleak/issues/1885">#1885</a>.</li> <li>Added <code>bleak.args.SizedBuffer</code> type for better type hinting of buffer protocol parameters.</li> </ul> <h2>Fixed</h2> <ul> <li>Fixed calling <code>logging.debug()</code> in WinRT backend. Fixes <a href="https://redirect.github.com/hbldh/bleak/issues/1882">#1882</a>.</li> <li>Fixed calling <code>logging.warning()</code> in BlueZ backend.</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/hbldh/bleak/blob/develop/CHANGELOG.rst">bleak's changelog</a>.</em></p> <blockquote> <h1><code>2.1.1</code>_ (2025-12-31)</h1> <h2>Changed</h2> <ul> <li>Changed default connect timeout for <code>BleakClient</code> from 10 to 30 seconds.</li> </ul> <h2>Fixed</h2> <ul> <li>Fixed some cases of <code>BleakError: Could not get GATT services: Unreachable</code> in WinRT backend by adding a retry when getting GATT services.</li> </ul> <h1><code>2.1.0</code>_ (2025-12-28)</h1> <h2>Added</h2> <ul> <li>Added <code>bluez</code> parameter to <code>BleakClient.start_notify()</code> to allow forcing using &quot;StartNotify&quot; instead of &quot;AcquireNotify&quot; on BlueZ backend. Fixes <a href="https://redirect.github.com/hbldh/bleak/issues/1885">#1885</a>.</li> <li>Added <code>bleak.args.SizedBuffer</code> type for better type hinting of buffer protocol parameters.</li> </ul> <h2>Fixed</h2> <ul> <li>Fixed calling <code>logging.debug()</code> in WinRT backend. Fixes <a href="https://redirect.github.com/hbldh/bleak/issues/1882">#1882</a>.</li> <li>Fixed calling <code>logging.warning()</code> in BlueZ backend.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/hbldh/bleak/commit/5d76a62a549a4674c64ee151d38e2339e8ba948a"><code>5d76a62</code></a> v2.1.1</li> <li><a href="https://github.com/hbldh/bleak/commit/1f002b8b58206625562c5d568291096225555890"><code>1f002b8</code></a> backends: clean up client timeout comments</li> <li><a href="https://github.com/hbldh/bleak/commit/b5490e8e5810095e91abacb8eb3321b952604d72"><code>b5490e8</code></a> tests: add services arg to BleakClient in some tests</li> <li><a href="https://github.com/hbldh/bleak/commit/ba9410fc3e1637ae3be91fa8b937daffba624b36"><code>ba9410f</code></a> backends/winrt/client: add retry when getting GATT services</li> <li><a href="https://github.com/hbldh/bleak/commit/f14a30d5db031e69d52035314d48432ef89306d3"><code>f14a30d</code></a> bleak: change default BleakClient timeout to 30 seconds</li> <li><a href="https://github.com/hbldh/bleak/commit/848b51122c6b4308e90c5e907b7ebb6e08833863"><code>848b511</code></a> backends/corebluetooth: add helper function for call_soon_threadsafe()</li> <li><a href="https://github.com/hbldh/bleak/commit/6af24ae5b54a376b0dcc6432c943058107ec27a6"><code>6af24ae</code></a> tests/integration: fix logging.info()</li> <li><a href="https://github.com/hbldh/bleak/commit/66f0b209b22d05c6704ffea9d31e6c01d6fa2e69"><code>66f0b20</code></a> tests: Basic integrationtests for <code>BleakClient</code></li> <li><a href="https://github.com/hbldh/bleak/commit/8a408749f6cb8881cc6ca733cc211d94ad7b54a5"><code>8a40874</code></a> tests/integration: remove add_default_services()</li> <li><a href="https://github.com/hbldh/bleak/commit/ede4a033347be9eeb79a43cdbf1ca9b075ac62c3"><code>ede4a03</code></a> github: build_and_test if pyproject.toml changes</li> <li>Additional commits viewable in <a href="https://github.com/hbldh/bleak/compare/v2.0.0...v2.1.1">compare view</a></li> </ul> </details> <br /> Updates `pynacl` from 1.6.1 to 1.6.2 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pyca/pynacl/blob/main/CHANGELOG.rst">pynacl's changelog</a>.</em></p> <blockquote> <h2>1.6.2 (2026-01-01)</h2> <ul> <li>Updated <code>libsodium</code> to 1.0.20-stable (2025-12-31 build) to resolve <code>CVE-2025-69277</code>.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pyca/pynacl/commit/ecf41f55a3d8f1e10ce89c61c4b4d67f3f4467cf"><code>ecf41f5</code></a> changelog and version bump for 1.6.2 (<a href="https://redirect.github.com/pyca/pynacl/issues/923">#923</a>)</li> <li><a href="https://github.com/pyca/pynacl/commit/685a5e727772c2df81cfce61fb8768122102fa89"><code>685a5e7</code></a> Switch to PyPI trusted publishing (<a href="https://redirect.github.com/pyca/pynacl/issues/925">#925</a>)</li> <li><a href="https://github.com/pyca/pynacl/commit/78e0aa32b1a0acdd51e2b3bf394e7cb911fc1e68"><code>78e0aa3</code></a> missed adding these files as part of the libsodium update (<a href="https://redirect.github.com/pyca/pynacl/issues/924">#924</a>)</li> <li><a href="https://github.com/pyca/pynacl/commit/96314884d88d1089ff5f336dba61d7abbcddbbf7"><code>9631488</code></a> Bump libsodium to the latest 1.0.20 (<a href="https://redirect.github.com/pyca/pynacl/issues/922">#922</a>)</li> <li><a href="https://github.com/pyca/pynacl/commit/563b25bdedf666e86f0cc2a95321cd23a960260e"><code>563b25b</code></a> Add script to update vendored libsodium (<a href="https://redirect.github.com/pyca/pynacl/issues/921">#921</a>)</li> <li><a href="https://github.com/pyca/pynacl/commit/d23310561899d1ca4fd4026a646893b2af6b6c21"><code>d233105</code></a> Include libsodium license in wheels (<a href="https://redirect.github.com/pyca/pynacl/issues/917">#917</a>)</li> <li><a href="https://github.com/pyca/pynacl/commit/cabc3a879d142e62f7503a632e62e706ef5eccbb"><code>cabc3a8</code></a> Bump dessant/lock-threads from 5 to 6 (<a href="https://redirect.github.com/pyca/pynacl/issues/914">#914</a>)</li> <li><a href="https://github.com/pyca/pynacl/commit/f3596177b3a43a49b211ff2a3f9ea133f1cf8f23"><code>f359617</code></a> Bump actions/download-artifact from 6.0.0 to 7.0.0 (<a href="https://redirect.github.com/pyca/pynacl/issues/915">#915</a>)</li> <li><a href="https://github.com/pyca/pynacl/commit/fb6e37f76dcf9f93d3f65bb31abdb548816126b6"><code>fb6e37f</code></a> Bump actions/upload-artifact from 5 to 6 (<a href="https://redirect.github.com/pyca/pynacl/issues/916">#916</a>)</li> <li><a href="https://github.com/pyca/pynacl/commit/526f99278383ffda906bec9d08288191dcbbc3b3"><code>526f992</code></a> Bump actions/checkout from 6.0.0 to 6.0.1 (<a href="https://redirect.github.com/pyca/pynacl/issues/911">#911</a>)</li> <li>Additional commits viewable in <a href="https://github.com/pyca/pynacl/compare/1.6.1...1.6.2">compare view</a></li> </ul> </details> <br /> Updates `cbor2` from 5.7.1 to 5.8.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/agronholm/cbor2/releases">cbor2's releases</a>.</em></p> <blockquote> <h2>5.8.0</h2> <ul> <li>Added readahead buffering to C decoder for improved performance. The decoder now uses a 4 KB buffer by default to reduce the number of read calls. Benchmarks show 20-140% performance improvements for decoding operations. (<a href="https://redirect.github.com/agronholm/cbor2/issues/268">#268</a>; PR by <a href="https://github.com/andreer"><code>@​andreer</code></a>)</li> <li>Fixed Python decoder not preserving share index when decoding array items containing nested shareable tags, causing shared references to resolve to wrong objects (<a href="https://redirect.github.com/agronholm/cbor2/issues/267">#267</a>; PR by <a href="https://github.com/andreer"><code>@​andreer</code></a>)</li> <li>Reset shared reference state at the start of each top-level encode/decode operation (<a href="https://redirect.github.com/agronholm/cbor2/issues/266">#266</a>; PR by <a href="https://github.com/andreer"><code>@​andreer</code></a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/agronholm/cbor2/commit/c77cea8e0d77aebdb6eea051433352a1de824ff1"><code>c77cea8</code></a> Removed macos-13 from the OS matrix</li> <li><a href="https://github.com/agronholm/cbor2/commit/2320d95d93dbd1da5926a90351ccbfa78dfb70bc"><code>2320d95</code></a> Bumped up the version</li> <li><a href="https://github.com/agronholm/cbor2/commit/9ff48e3ce4ec3f0f2db8752558756b9e95dbc3d0"><code>9ff48e3</code></a> Updated pre-commit modules</li> <li><a href="https://github.com/agronholm/cbor2/commit/22acea4740f244e2d2f500a62501be08fb9506b1"><code>22acea4</code></a> Updated the version history entry for <a href="https://redirect.github.com/agronholm/cbor2/issues/268">#268</a></li> <li><a href="https://github.com/agronholm/cbor2/commit/c368bb394e8c8dd73669fdfa4cba633728ca20ae"><code>c368bb3</code></a> Fixed the links and the semver declaration</li> <li><a href="https://github.com/agronholm/cbor2/commit/fb4ee1612a8a1ac0dbd8cf2f2f6f931a4e06d824"><code>fb4ee16</code></a> Added a read-ahead buffer to the C decoder (<a href="https://redirect.github.com/agronholm/cbor2/issues/268">#268</a>)</li> <li><a href="https://github.com/agronholm/cbor2/commit/0bcf400a4575edce046ecdd2f9ab73ee606d8863"><code>0bcf400</code></a> Bump the github-actions group with 5 updates (<a href="https://redirect.github.com/agronholm/cbor2/issues/269">#269</a>)</li> <li><a href="https://github.com/agronholm/cbor2/commit/7aa6cad1840176affdbee97568cabfb2ef9ff566"><code>7aa6cad</code></a> Added dependabot config for GitHub actions</li> <li><a href="https://github.com/agronholm/cbor2/commit/6409f6aa994969333fd69c2688996d3e7aad9fc3"><code>6409f6a</code></a> Added a security policy</li> <li><a href="https://github.com/agronholm/cbor2/commit/403c2ce3d61ce5ddc2d2143127baf31b7ab4a75c"><code>403c2ce</code></a> Fixed nested shareable in arrays (python decoder only) (<a href="https://redirect.github.com/agronholm/cbor2/issues/267">#267</a>)</li> <li>Additional commits viewable in <a href="https://github.com/agronholm/cbor2/compare/5.7.1...5.8.0">compare view</a></li> </ul> </details> <br /> Updates `greenlet` from 3.3.0 to 3.3.1 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/python-greenlet/greenlet/blob/master/CHANGES.rst">greenlet's changelog</a>.</em></p> <blockquote> <h1>3.3.1 (2026-01-23)</h1> <ul> <li>Publish Windows ARM binary wheels, where available.</li> <li>Fix compilation for 3.14t on Windows.</li> <li>Publish Windows 3.14t binary wheels for Intel.</li> <li>Switch from Appveyor for Windows to Github Actions.</li> <li>Fix compilation on MIPS with GCC 15 and binutils 2.45. See <code>PR 487 by Rosen Penev &lt;https://github.com/python-greenlet/greenlet/pull/487&gt;</code>_. Note that this is not a platform tested by this project's CI.</li> <li>Move most project metadata into the static <code>pyproject.toml</code> file. This updates licensing information to use the modern <code>License-Expression</code> field. See <code>PR 480 by mrbean-bremen &lt;https://github.com/python-greenlet/greenlet/pull/480/&gt;</code>_.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/python-greenlet/greenlet/commit/d1a0a3fa740425b8dd4dceafbecedda21d70cc08"><code>d1a0a3f</code></a> Preparing release 3.3.1</li> <li><a href="https://github.com/python-greenlet/greenlet/commit/bb11806a5b59bda374d097bd3479874c6651daab"><code>bb11806</code></a> Merge pull request <a href="https://redirect.github.com/python-greenlet/greenlet/issues/482">#482</a> from tacaswell/cp315_compat</li> <li><a href="https://github.com/python-greenlet/greenlet/commit/07089655734136eb5a78b67607d1c493e0155301"><code>0708965</code></a> Change note for <a href="https://redirect.github.com/python-greenlet/greenlet/issues/480">#480</a></li> <li><a href="https://github.com/python-greenlet/greenlet/commit/62ff68fbe3b01a51f0c113537bfd71c466e2bf4f"><code>62ff68f</code></a> pyproject: It's tool.zest-releaser, not tools.zest-releaser.</li> <li><a href="https://github.com/python-greenlet/greenlet/commit/7081130b399dd47602a90e75924c5c5cd66b6085"><code>7081130</code></a> Move most of setuptools attributes to pyproject.toml</li> <li><a href="https://github.com/python-greenlet/greenlet/commit/b462f7521ca17947720d879c15dec7c5147812af"><code>b462f75</code></a> Add change note for <a href="https://redirect.github.com/python-greenlet/greenlet/issues/487">#487</a>.</li> <li><a href="https://github.com/python-greenlet/greenlet/commit/918e88850ffba91ec7492f42e7e33b7ff2c90534"><code>918e888</code></a> Merge pull request <a href="https://redirect.github.com/python-greenlet/greenlet/issues/486">#486</a> from python-greenlet/dependabot/github_actions/github...</li> <li><a href="https://github.com/python-greenlet/greenlet/commit/c5e2e6f7e674d26f418fb2e3c3cc851e80c92cc7"><code>c5e2e6f</code></a> Bump actions/upload-artifact from 5 to 6 in the github-actions group</li> <li><a href="https://github.com/python-greenlet/greenlet/commit/54f257d775cea6ef16b80ea5aa69e18ffba553db"><code>54f257d</code></a> Merge pull request <a href="https://redirect.github.com/python-greenlet/greenlet/issues/487">#487</a> from neheb/mips</li> <li><a href="https://github.com/python-greenlet/greenlet/commit/b2cf41d90f9b654029ce6039293511da91a46b35"><code>b2cf41d</code></a> Merge pull request <a href="https://redirect.github.com/python-greenlet/greenlet/issues/490">#490</a> from python-greenlet/windows-on-github</li> <li>Additional commits viewable in <a href="https://github.com/python-greenlet/greenlet/compare/3.3.0...3.3.1">compare view</a></li> </ul> </details> <br /> Updates `sqlalchemy` from 2.0.45 to 2.0.46 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sqlalchemy/sqlalchemy/releases">sqlalchemy's releases</a>.</em></p> <blockquote> <h1>2.0.46</h1> <p>Released: January 21, 2026</p> <h2>typing</h2> <ul> <li> <p><strong>[typing] [bug]</strong> Fixed typing issues where ORM mapped classes and aliased entities could not be used as keys in result row mappings or as join targets in select statements. Patterns such as <code>row._mapping[User]</code>, <code>row._mapping[aliased(User)]</code>, <code>row._mapping[with_polymorphic(...)]</code> (rejected by both mypy and Pylance), and <code>.join(aliased(User))</code> (rejected by Pylance) are documented and fully supported at runtime but were previously rejected by type checkers. The type definitions for <code>_KeyType</code> and <code>_FromClauseArgument</code> have been updated to accept these ORM entity types.</p> <p>References: <a href="https://www.sqlalchemy.org/trac/ticket/13075">#13075</a></p> </li> </ul> <h2>postgresql</h2> <ul> <li> <p><strong>[postgresql] [bug]</strong> Fixed issue where PostgreSQL JSONB operators <code>_postgresql.JSONB.Comparator.path_match()</code> and <code>_postgresql.JSONB.Comparator.path_exists()</code> were applying incorrect <code>VARCHAR</code> casts to the right-hand side operand when used with newer PostgreSQL drivers such as psycopg. The operators now indicate the right-hand type as <code>JSONPATH</code>, which currently results in no casting taking place, but is also compatible with explicit casts if the implementation were require it at a later point.</p> <p>References: <a href="https://www.sqlalchemy.org/trac/ticket/13059">#13059</a></p> </li> <li> <p><strong>[postgresql] [bug]</strong> Fixed regression in PostgreSQL dialect where JSONB subscription syntax would generate incorrect SQL for <code>cast()</code> expressions returning JSONB, causing syntax errors. The dialect now properly wraps cast expressions in parentheses when using the <code>[]</code> subscription syntax, generating <code>(CAST(...))[index]</code> instead of <code>CAST(...)[index]</code> to comply with PostgreSQL syntax requirements. This extends the fix from <a href="https://www.sqlalchemy.org/trac/ticket/12778">#12778</a> which addressed the same issue for function calls.</p> <p>References: <a href="https://www.sqlalchemy.org/trac/ticket/13067">#13067</a></p> </li> <li> <p><strong>[postgresql] [bug]</strong> Improved the foreign key reflection regular expression pattern used by the PostgreSQL dialect to be more permissive in matching identifier characters, allowing it to correctly handle unicode characters in table and column names. This change improves compatibility with PostgreSQL variants such as CockroachDB that may use different quoting patterns in combination with unicode characters in their identifiers. Pull request courtesy Gord Thompson.</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/sqlalchemy/sqlalchemy/commits">compare view</a></li> </ul> </details> <br /> Updates `werkzeug` from 3.1.4 to 3.1.5 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pallets/werkzeug/releases">werkzeug's releases</a>.</em></p> <blockquote> <h2>3.1.5</h2> <p>This is the Werkzeug 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.</p> <p>PyPI: <a href="https://pypi.org/project/Werkzeug/3.1.5/">https://pypi.org/project/Werkzeug/3.1.5/</a> Changes: <a href="https://werkzeug.palletsprojects.com/page/changes/#version-3-1-5">https://werkzeug.palletsprojects.com/page/changes/#version-3-1-5</a> Milestone: <a href="https://github.com/pallets/werkzeug/milestone/43?closed=1">https://github.com/pallets/werkzeug/milestone/43?closed=1</a></p> <ul> <li><code>safe_join</code> on Windows does not allow more special device names, regardless of extension or surrounding spaces. <a href="https://github.com/pallets/werkzeug/security/advisories/GHSA-87hc-h4r5-73f7">GHSA-87hc-h4r5-73f7</a></li> <li>The multipart form parser handles a <code>\r\n</code> sequence at a chunk boundary. This fixes the previous attempt, which caused incorrect content lengths. <a href="https://redirect.github.com/pallets/werkzeug/issues/3065">#3065</a> <a href="https://redirect.github.com/pallets/werkzeug/issues/3077">#3077</a></li> <li>Fix <code>AttributeError</code> when initializing <code>DebuggedApplication</code> with <code>pin_security=False</code>. <a href="https://redirect.github.com/pallets/werkzeug/issues/3075">#3075</a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pallets/werkzeug/blob/main/CHANGES.rst">werkzeug's changelog</a>.</em></p> <blockquote> <h2>Version 3.1.5</h2> <p>Released 2026-01-08</p> <ul> <li><code>safe_join</code> on Windows does not allow more special device names, regardless of extension or surrounding spaces. :ghsa:<code>87hc-h4r5-73f7</code></li> <li>The multipart form parser handles a <code>\r\n</code> sequence at a chunk boundary. This fixes the previous attempt, which caused incorrect content lengths. :issue:<code>3065</code> :issue:<code>3077</code></li> <li>Fix <code>AttributeError</code> when initializing <code>DebuggedApplication</code> with <code>pin_security=False</code>. :issue:<code>3075</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pallets/werkzeug/commit/e3d06f4b1f7ff40a63eba78f81d9cda18f805d6d"><code>e3d06f4</code></a> release version 3.1.5</li> <li><a href="https://github.com/pallets/werkzeug/commit/7ae1d254e04a0c33e241ac1cca4783ce6c875ca3"><code>7ae1d25</code></a> Merge commit from fork</li> <li><a href="https://github.com/pallets/werkzeug/commit/37797aba260022c871718e0908b472727d366d09"><code>37797ab</code></a> <code>safe_join</code> prevents windows special device names with compound extensions</li> <li><a href="https://github.com/pallets/werkzeug/commit/3db44c79caa74c00848ceefb0bd3d608e3d09cea"><code>3db44c7</code></a> fix duplicate reference</li> <li><a href="https://github.com/pallets/werkzeug/commit/a40f8fa05ff1108ba1096e7cd359d0599f5cd386"><code>a40f8fa</code></a> fix class name typo</li> <li><a href="https://github.com/pallets/werkzeug/commit/0f76c353b10afc2f8129aa3684ccc3262516a0c0"><code>0f76c35</code></a> Correct parsing up to a potential partial boundary (<a href="https://redirect.github.com/pallets/werkzeug/issues/3081">#3081</a>)</li> <li><a href="https://github.com/pallets/werkzeug/commit/1049dd6b2a363e1ef302b4161c340fb8582f627a"><code>1049dd6</code></a> Correct parsing up to a potential partial boundary</li> <li><a href="https://github.com/pallets/werkzeug/commit/b48878cf16dfca3c89ac58aca47ab1ecfcb71354"><code>b48878c</code></a> initialize <code>_pin</code> in debugger (<a href="https://redirect.github.com/pallets/werkzeug/issues/3078">#3078</a>)</li> <li><a href="https://github.com/pallets/werkzeug/commit/fa0f4f2710b8eaffef7f2b3fbc58fc3ca55247fb"><code>fa0f4f2</code></a> initialize _pin</li> <li><a href="https://github.com/pallets/werkzeug/commit/f637275bfa68ebd80bec1da9173211ce2dc4fa33"><code>f637275</code></a> start version 3.1.5</li> <li>Additional commits viewable in <a href="https://github.com/pallets/werkzeug/compare/3.1.4...3.1.5">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details>

dependabot[bot] commented 2026-02-02 07:33:49 +01:00 (Migrated from github.com)

Copy link

Looks like these dependencies are updatable in another way, so this is no longer needed.

Looks like these dependencies are updatable in another way, so this is no longer needed.

Pull request closed

This pull request cannot be reopened because the branch was deleted.

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

bug

Something isn't working

  

dependencies

  

documentation

Improvements or additions to documentation

  

duplicate

This issue or pull request already exists

  

enhancement

New feature or request

  

good first issue

Good for newcomers

  

help wanted

Extra attention is needed

  

invalid

This doesn't seem right

  

python

  

question

Further information is requested

  

wontfix

This will not be worked on

No labels

bug

dependencies

documentation

duplicate

enhancement

good first issue

help wanted

invalid

python

question

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

Nerdberg/Nerdlock!6

No description provided.