Skip to content

deps(deps): bump the python-dependencies group across 1 directory with 9 updates#3337

Open
dependabot[bot] wants to merge 1 commit into
devfrom
dependabot/pip/dev/python-dependencies-5ae8c4ba92
Open

deps(deps): bump the python-dependencies group across 1 directory with 9 updates#3337
dependabot[bot] wants to merge 1 commit into
devfrom
dependabot/pip/dev/python-dependencies-5ae8c4ba92

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 8, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps the python-dependencies group with 9 updates in the / directory:

Package From To
pytest-cov 7.0.0 7.1.0
black 26.3.1 26.5.1
beautifulsoup4 4.14.3 4.15.0
djlint 1.36.4 1.39.0
gitpython 3.1.46 3.1.50
pillow 12.1.1 12.2.0
flask-cors 6.0.2 6.0.4
pyopenssl 26.0.0 26.2.0
werkzeug 3.1.6 3.1.8

Updates pytest-cov from 7.0.0 to 7.1.0

Changelog

Sourced from pytest-cov's changelog.

7.1.0 (2026-03-21)

  • Fixed total coverage computation to always be consistent, regardless of reporting settings. Previously some reports could produce different total counts, and consequently can make --cov-fail-under behave different depending on reporting options. See [#641](https://github.com/pytest-dev/pytest-cov/issues/641) <https://github.com/pytest-dev/pytest-cov/issues/641>_.

  • Improve handling of ResourceWarning from sqlite3.

    The plugin adds warning filter for sqlite3 ResourceWarning unclosed database (since 6.2.0). It checks if there is already existing plugin for this message by comparing filter regular expression. When filter is specified on command line the message is escaped and does not match an expected message. A check for an escaped regular expression is added to handle this case.

    With this fix one can suppress ResourceWarning from sqlite3 from command line::

    pytest -W "ignore:unclosed database in <sqlite3.Connection object at:ResourceWarning" ...

  • Various improvements to documentation. Contributed by Art Pelling in [#718](https://github.com/pytest-dev/pytest-cov/issues/718) <https://github.com/pytest-dev/pytest-cov/pull/718>_ and "vivodi" in [#738](https://github.com/pytest-dev/pytest-cov/issues/738) <https://github.com/pytest-dev/pytest-cov/pull/738>. Also closed [#736](https://github.com/pytest-dev/pytest-cov/issues/736) <https://github.com/pytest-dev/pytest-cov/issues/736>.

  • Fixed some assertions in tests. Contributed by in Markéta Machová in [#722](https://github.com/pytest-dev/pytest-cov/issues/722) <https://github.com/pytest-dev/pytest-cov/pull/722>_.

  • Removed unnecessary coverage configuration copying (meant as a backup because reporting commands had configuration side-effects before coverage 5.0).

Commits
  • 66c8a52 Bump version: 7.0.0 → 7.1.0
  • f707662 Make the examples use pypy 3.11.
  • 6049a78 Make context test use the old ctracer (seems the new sysmon tracer behaves di...
  • 8ebf20b Update changelog.
  • 861d30e Remove the backup context manager - shouldn't be needed since coverage 5.0, ...
  • fd4c956 Pass the precision on the nulled total (seems that there's some caching goion...
  • 78c9c4e Only run the 3.9 on older deps.
  • 4849a92 Punctuation.
  • 197c35e Update changelog and hopefully I don't forget to publish release again :))
  • 14dc1c9 Update examples to use 3.11 and make the adhoc layout example look a bit more...
  • Additional commits viewable in compare view

Updates black from 26.3.1 to 26.5.1

Release notes

Sourced from black's releases.

26.5.1

Stable style

  • Fix unstable formatting of annotated assignments whose subscript annotation contains an inline comment (e.g. x: list[ # pyright: ignore[...]) (#5130)
  • Preserve inline comments (including # type: ignore) immediately before a # fmt: skip line, avoiding AST equivalence failures (#5139)

Packaging

  • Correct the version in the published executables (#5137)

Documentation

  • Add Neovim integration guide covering conform.nvim, ALE, and simple command approaches (#5124)

26.5.0

Highlights

  • Add support for unpacking in comprehensions (PEP 798) and for lazy imports (PEP 810), both new syntactic features in Python 3.15 (#5048)
  • Python 3.15 is now supported. Compiled wheels are not yet provided for Python 3.15, so performance may be slower than on existing Python versions. Wheels will be provided once Python 3.15 is later in its release cycle. (#5127)

Stable style

  • Fix # fmt: skip being ignored in nested if expressions with parenthesized in clauses (#4903)
  • Add syntactic support for Python 3.15 (#5048)
  • Fix crash when an f-string follows a # fmt: off comment inside brackets (#5097)
  • Preserve multiline compound statement headers when # fmt: skip is placed on the colon line (#5117)

Preview style

  • Improve heuristics around whether blank lines should appear before, within and after groups of same-name decorated functions (such as @overload groups) in .pyi stub files (#5021)
  • Fix blank lines being removed between a function and a decorated class in .pyi stub files (#5092)
  • Prevent string merger from creating unsplittable long lines when a pragma comment (e.g. # type: ignore) follows the closing bracket (#5096)

Packaging

Output

... (truncated)

Changelog

Sourced from black's changelog.

Version 26.5.1

Stable style

  • Fix unstable formatting of annotated assignments whose subscript annotation contains an inline comment (e.g. x: list[ # pyright: ignore[...]) (#5130)
  • Preserve inline comments (including # type: ignore) immediately before a # fmt: skip line, avoiding AST equivalence failures (#5139)

Packaging

  • Correct the version in the published executables (#5137)

Documentation

  • Add Neovim integration guide covering conform.nvim, ALE, and simple command approaches (#5124)

Version 26.5.0

Highlights

  • Add support for unpacking in comprehensions (PEP 798) and for lazy imports (PEP 810), both new syntactic features in Python 3.15 (#5048)
  • Python 3.15 is now supported. Compiled wheels are not yet provided for Python 3.15, so performance may be slower than on existing Python versions. Wheels will be provided once Python 3.15 is later in its release cycle. (#5127)

Stable style

  • Fix # fmt: skip being ignored in nested if expressions with parenthesized in clauses (#4903)
  • Add syntactic support for Python 3.15 (#5048)
  • Fix crash when an f-string follows a # fmt: off comment inside brackets (#5097)
  • Preserve multiline compound statement headers when # fmt: skip is placed on the colon line (#5117)

Preview style

  • Improve heuristics around whether blank lines should appear before, within and after groups of same-name decorated functions (such as @overload groups) in .pyi stub files (#5021)
  • Fix blank lines being removed between a function and a decorated class in .pyi stub files (#5092)
  • Prevent string merger from creating unsplittable long lines when a pragma comment (e.g. # type: ignore) follows the closing bracket (#5096)

Packaging

... (truncated)

Commits

Updates beautifulsoup4 from 4.14.3 to 4.15.0

Updates djlint from 1.36.4 to 1.39.0

Release notes

Sourced from djlint's releases.

v1.39.0

Feature

  • Add preserve_class_newlines / --preserve-class-newlines to keep authored line breaks inside multiline class attributes. #495

Fix

  • Fix Django 6.0 {% partialdef %} block indentation so {% endpartialdef %} aligns with its opener. #1556
  • Preserve multiline Django/Jinja control-flow blocks instead of condensing short bodies onto one line. #1597
  • Preserve single-line inline HTML and template tag bodies during expansion, even when they exceed max_line_length.

v1.38.2

  • Fix python -m djlint not working due to mypyc compilation.

v1.38.1

Fix

  • Match exclude paths on path boundaries. #1028

v1.38.0

Feature

  • Add support for .djlint.toml project and global config files. #1181

Fix

  • Preserve single-line inline HTML tag bodies when they fit within max_line_length. #637 #2041
  • Avoid evaluating template expressions while formatting tag contents. #784 #828 #1030 #1158

Packaging

  • Fix npm publish workflow.

v1.37.0

This release was not published on npm, as I am waiting for the owner to set up trusted publishing.

Feature

  • Add --format-attribute-js-json for formatting JavaScript and JSON inside HTML attributes. It also supports format_attribute_js_json_pattern and format_attribute_js_json_min_props for tuning which attributes are formatted. Thanks, @​oliverhaas.
  • Add --github-output for GitHub Actions annotations. Thanks, @​iloveitaly.

Fix

  • Fix ignore_blocks matching when ignored blocks are indented. Thanks, @​tdryer.
  • Use relative paths for --exclude and --use-gitignore matching so path filters work consistently from nested directories. Thanks, @​satya-waylit.
  • Stop D018/J018 from flagging root links such as href="/". Thanks, @​SAY-5.
  • Do not treat soft hyphen entities as text for H023. Thanks, @​kotutuloro.
  • Fix Handlebars {{#unless}} indentation. Thanks, @​S1mplePixels.
  • Fix formatting when /> appears inside an HTML attribute value. Thanks, @​novucs.
  • Improve CPU count handling for worker setup.

... (truncated)

Changelog

Sourced from djlint's changelog.

[1.39.0] - 2026-06-05

Feature

  • Add preserve_class_newlines / --preserve-class-newlines to keep authored line breaks inside multiline class attributes.

Fix

  • Fix Django 6.0 {% partialdef %} block indentation so {% endpartialdef %} aligns with its opener.
  • Preserve multiline Django/Jinja control-flow blocks instead of condensing short bodies onto one line.
  • Preserve single-line inline HTML and template tag bodies during expansion, even when they exceed max_line_length.

[1.38.2] - 2026-06-05

Fix

  • Fix python -m djlint not working due to mypyc compilation.

[1.38.1] - 2026-06-04

Fix

  • Match exclude paths on path boundaries.

[1.38.0] - 2026-06-04

Feature

  • Add support for .djlint.toml project and global config files.

Fix

  • Preserve single-line inline HTML tag bodies when they fit within max_line_length.
  • Avoid evaluating template expressions while formatting tag contents.

Packaging

  • Fix npm publish workflow.

[1.37.0] - 2026-06-04

Feature

  • Add --format-attribute-js-json for formatting JavaScript and JSON inside HTML attributes. It also supports format_attribute_js_json_pattern and format_attribute_js_json_min_props for tuning which attributes are formatted. Thanks, @​oliverhaas.
  • Add --github-output for GitHub Actions annotations. Thanks, @​iloveitaly.

Fix

  • Fix ignore_blocks matching when ignored blocks are indented. Thanks, @​tdryer.
  • Use relative paths for --exclude and --use-gitignore matching so path filters work consistently from nested directories. Thanks, @​satya-waylit.

... (truncated)

Commits
  • cc4a310 v1.39.0
  • cbe1778 feat(formatter): preserve multiline class attribute breaks
  • 1d10cd8 fix: preserve multiline template control blocks
  • 4a29553 Fix Django partialdef indentation
  • dbfcf6d chore: reformat
  • d2ce695 fix(formatter): preserve single-line inline bodies during expansion
  • 24eea19 chore(deps): lock file maintenance (#2051)
  • 506da77 Fix python -m djlint not working due to mypyc compilation
  • 854c897 chore(deps): lock file maintenance (#2049)
  • 3f5a83a docs: update config options
  • Additional commits viewable in compare view

Updates gitpython from 3.1.46 to 3.1.50

Release notes

Sourced from gitpython's releases.

3.1.50

What's Changed

New Contributors

Full Changelog: gitpython-developers/GitPython@3.1.49...3.1.50

3.1.49 - Security

What's Changed

Full Changelog: gitpython-developers/GitPython@3.1.48...3.1.49

3.1.48 - Security

Accidentally deleted the previous GH release, it did mention the advisory this fixes.

What's Changed

Full Changelog: gitpython-developers/GitPython@3.1.47...3.1.48

3.1.47 - with security fixes

Advisories

What's Changed

... (truncated)

Commits

Updates pillow from 12.1.1 to 12.2.0

Release notes

Sourced from pillow's releases.

12.2.0

https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html

Documentation

Dependencies

Testing

Other changes

... (truncated)

Commits

Updates flask-cors from 6.0.2 to 6.0.4

Release notes

Sourced from flask-cors's releases.

6.0.4

What's Changed

Full Changelog: corydolphin/flask-cors@6.0.3...6.0.4

6.0.3

What's Changed

Full Changelog: corydolphin/flask-cors@6.0.2...6.0.3

6.0.3-pre

What's Changed

Full Changelog: corydolphin/flask-cors@6.0.2...6.0.3

Commits

Updates pyopenssl from 26.0.0 to 26.2.0

Changelog

Sourced from pyopenssl's changelog.

26.2.0 (2026-05-04)

Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  • Removed deprecated OpenSSL.crypto.X509Extension, OpenSSL.crypto.X509Req.add_extension, OpenSSL.crypto.X509Req.get_extensions, OpenSSL.crypto.X509.add_extension, OpenSSL.crypto.X509.get_extensions. cryptography.x509 should be used instead.
  • It is now an error to calling any mutating method on OpenSSL.SSL.Context after it has been used to create a Connection. This was previously deprecated and has always been unsafe.

Deprecations: ^^^^^^^^^^^^^

Changes: ^^^^^^^^

  • Maximum supported cryptography version is now 48.x.
  • Added OpenSSL.SSL.Connection.set_options to set options on a per-connection basis.

26.1.0 (2026-04-24)

Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Deprecations: ^^^^^^^^^^^^^

Changes: ^^^^^^^^

  • Maximum supported cryptography version is now 47.x.
  • Fixed X509Name field setters to correctly pass the value length to OpenSSL. Previously, values containing NUL bytes would be silently truncated, causing a divergence between the stored ASN.1 value and the value visible from Python. Credit to BudongJW for reporting the issue. CVE-2026-40475
Commits

Updates werkzeug from 3.1.6 to 3.1.8

Release notes

Sourced from werkzeug's releases.

3.1.8

This is the Werkzeug 3.1.8 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Werkzeug/3.1.8/ Changes: https://werkzeug.palletsprojects.com/page/changes/#version-3-1-8 Milestone: https://github.com/pallets/werkzeug/milestone/45?closed=1

  • Request.host and get_host return the empty string if the header is missing or has invalid characters. #3142

3.1.7

This is the Werkzeug 3.1.7 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Werkzeug/3.1.7/ Changes: https://werkzeug.palletsprojects.com/page/changes/#version-3-1-7 Milestone: https://github.com/pallets/werkzeug/milestone/44?closed=1

  • parse_list_header preserves partially quoted items, discards empty items, and returns empty for unclosed quoted values. #3128
  • WWWAuthenticate.to_header does not produce a trailing space when there are no parameters. #3127
  • Transfer-Encoding is parsed as a set. #3134
  • Request.host, get_host, and host_is_trusted validate the characters of the value. An empty value is no longer allowed. A Unix socket server address is ignored. The trusted_list argument to host_is_trusted is optional. #3113
  • Fix multipart form parser handling of newline at boundary. #3088
  • Response.make_conditional sets the Accept-Ranges header even if it is not a satisfiable range request. #3108
  • merge_slashes merges any number of consecutive slashes. #3121
Changelog

Sourced from werkzeug's changelog.

Version 3.1.8

Released 2026-04-02

  • Request.host and get_host return the empty string if the header is missing or has invalid characters. :issue:3142

Version 3.1.7

Released 2026-03-23

  • parse_list_header preserves partially quoted items, discards empty items, and returns empty for unclosed quoted values. :pr:3128
  • WWWAuthenticate.to_header does not produce a trailing space when there are no parameters. :issue:3127
  • Transfer-Encoding is parsed as a set. :pr:3134
  • Request.host, get_host, and host_is_trusted validate the characters of the value. An empty value is no longer allowed. A Unix socket server address is ignored. The trusted_list argument to host_is_trusted is optional. :pr:3113
  • Fix multipart form parser handling of newline at boundary. :issue:3088
  • Response.make_conditional sets the Accept-Ranges header even if it is not a satisfiable range request. :issue:3108
  • merge_slashes merges any number of consecutive slashes. :issue:3121
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
deps(deps): bump the python-dependencies group across 1 directory wit…
e2b867c 
…h 9 updates

Bumps the python-dependencies group with 9 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [pytest-cov](https://github.com/pytest-dev/pytest-cov) | `7.0.0` | `7.1.0` |
| [black](https://github.com/psf/black) | `26.3.1` | `26.5.1` |
| [beautifulsoup4](https://www.crummy.com/software/BeautifulSoup/bs4/) | `4.14.3` | `4.15.0` |
| [djlint](https://github.com/djlint/djLint) | `1.36.4` | `1.39.0` |
| [gitpython](https://github.com/gitpython-developers/GitPython) | `3.1.46` | `3.1.50` |
| [pillow](https://github.com/python-pillow/Pillow) | `12.1.1` | `12.2.0` |
| [flask-cors](https://github.com/corydolphin/flask-cors) | `6.0.2` | `6.0.4` |
| [pyopenssl](https://github.com/pyca/pyopenssl) | `26.0.0` | `26.2.0` |
| [werkzeug](https://github.com/pallets/werkzeug) | `3.1.6` | `3.1.8` |



Updates `pytest-cov` from 7.0.0 to 7.1.0
- [Changelog](https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst)
- [Commits](pytest-dev/pytest-cov@v7.0.0...v7.1.0)

Updates `black` from 26.3.1 to 26.5.1
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](psf/black@26.3.1...26.5.1)

Updates `beautifulsoup4` from 4.14.3 to 4.15.0

Updates `djlint` from 1.36.4 to 1.39.0
- [Release notes](https://github.com/djlint/djLint/releases)
- [Changelog](https://github.com/djlint/djLint/blob/master/CHANGELOG.md)
- [Commits](djlint/djLint@v1.36.4...v1.39.0)

Updates `gitpython` from 3.1.46 to 3.1.50
- [Release notes](https://github.com/gitpython-developers/GitPython/releases)
- [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES)
- [Commits](gitpython-developers/GitPython@3.1.46...3.1.50)

Updates `pillow` from 12.1.1 to 12.2.0
- [Release notes](https://github.com/python-pillow/Pillow/releases)
- [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst)
- [Commits](python-pillow/Pillow@12.1.1...12.2.0)

Updates `flask-cors` from 6.0.2 to 6.0.4
- [Release notes](https://github.com/corydolphin/flask-cors/releases)
- [Changelog](https://github.com/corydolphin/flask-cors/blob/main/CHANGELOG.md)
- [Commits](corydolphin/flask-cors@6.0.2...6.0.4)

Updates `pyopenssl` from 26.0.0 to 26.2.0
- [Changelog](https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst)
- [Commits](pyca/pyopenssl@26.0.0...26.2.0)

Updates `werkzeug` from 3.1.6 to 3.1.8
- [Release notes](https://github.com/pallets/werkzeug/releases)
- [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst)
- [Commits](pallets/werkzeug@3.1.6...3.1.8)

---
updated-dependencies:
- dependency-name: pytest-cov
  dependency-version: 7.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: black
  dependency-version: 26.5.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: beautifulsoup4
  dependency-version: 4.15.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: djlint
  dependency-version: 1.39.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: gitpython
  dependency-version: 3.1.50
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: python-dependencies
- dependency-name: pillow
  dependency-version: 12.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: flask-cors
  dependency-version: 6.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-dependencies
- dependency-name: pyopenssl
  dependency-version: 26.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: werkzeug
  dependency-version: 3.1.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jun 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants