Skip to content

deps(deps): bump the python-dependencies group across 1 directory with 9 updates#3337

Open
dependabot[bot] wants to merge 1 commit into
devfrom
dependabot/pip/dev/python-dependencies-5ae8c4ba92
Open

deps(deps): bump the python-dependencies group across 1 directory with 9 updates#3337
dependabot[bot] wants to merge 1 commit into
devfrom
dependabot/pip/dev/python-dependencies-5ae8c4ba92

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 8, 2026

Copy link
Copy Markdown
Contributor

Bumps the python-dependencies group with 9 updates in the / directory:

Package From To
flask-cors 6.0.2 6.0.5
pyopenssl 26.0.0 26.3.0
werkzeug 3.1.6 3.1.8
pillow 12.1.1 12.2.0
pytest-cov 7.0.0 7.1.0
black 26.3.1 26.5.1
beautifulsoup4 4.14.3 4.15.0
djlint 1.36.4 1.39.2
gitpython 3.1.46 3.1.50

Updates flask-cors from 6.0.2 to 6.0.5

Release notes

Sourced from flask-cors's releases.

6.0.5

Supersedes 6.0.4

What's Changed

Full Changelog: corydolphin/flask-cors@6.0.3...6.0.5

6.0.4

What's Changed

Full Changelog: corydolphin/flask-cors@6.0.3...6.0.4

6.0.3

What's Changed

Full Changelog: corydolphin/flask-cors@6.0.2...6.0.3

6.0.3-pre

What's Changed

Full Changelog: corydolphin/flask-cors@6.0.2...6.0.3

Commits
  • 91ebc49 Typing Hotfix: support blueprints in the type system
  • d601665 Add strict MyPy Typing
  • c8e8871 Harden release publishing workflow (#406)
  • e1d4034 Derive package version from git tag via setuptools-scm (#405)
  • See full diff in compare view

Updates pyopenssl from 26.0.0 to 26.3.0

Changelog

Sourced from pyopenssl's changelog.

26.3.0 (2026-06-12)

Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  • Dropped support for Python 3.8.
  • The minimum cryptography version is now 49.0.0.
  • Removed deprecated OpenSSL.crypto.X509Req, OpenSSL.crypto.dump_certificate_request, and OpenSSL.crypto.load_certificate_request. cryptography.x509 should be used instead.
  • OpenSSL.SSL.Connection.set_session now raises ValueError if the Session was obtained from a Connection that was using a different Context than this one. OpenSSL requires (but does not verify) that sessions only be re-used with a compatible SSL_CTX, so this contract is now enforced.

Deprecations: ^^^^^^^^^^^^^

  • Deprecated OpenSSL.crypto.PKey.generate_key and OpenSSL.crypto.PKey.check. The key generation and loading APIs in cryptography should be used instead.
  • Deprecated OpenSSL.crypto.dump_privatekey. The serialization APIs on cryptography private key types should be used instead.
  • Deprecated all the mutable APIs on OpenSSL.crypto.X509: set_version, set_pubkey, sign, set_serial_number, gmtime_adj_notAfter, gmtime_adj_notBefore, set_notBefore, set_notAfter, set_issuer, and set_subject. cryptography.x509.CertificateBuilder should be used instead.
  • Deprecated OpenSSL.SSL.Context.set_passwd_cb. Users should decrypt and load their private keys themselves, with cryptography's key loading APIs, and then call OpenSSL.SSL.Context.use_privatekey.
  • Deprecated OpenSSL.crypto.X509Name, as well as the remaining APIs that consume or return it: OpenSSL.crypto.X509.get_issuer, OpenSSL.crypto.X509.get_subject, and OpenSSL.SSL.Context.set_client_ca_list. The APIs in cryptography.x509 should be used instead.

Changes: ^^^^^^^^

  • OpenSSL.SSL.Connection.get_client_ca_list now takes an as_cryptography keyword-argument. When True is passed then cryptography.x509.Name are returned, instead of OpenSSL.crypto.X509Name. In the future, passing False (the default) will be deprecated.

26.2.0 (2026-05-04)

Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  • Removed deprecated OpenSSL.crypto.X509Extension, OpenSSL.crypto.X509Req.add_extension, OpenSSL.crypto.X509Req.get_extensions, OpenSSL.crypto.X509.add_extension, OpenSSL.crypto.X509.get_extensions. cryptography.x509 should be used instead.
  • It is now an error to calling any mutating method on OpenSSL.SSL.Context after it has been used to create a Connection. This was previously deprecated and has always been unsafe.

Deprecations: ^^^^^^^^^^^^^

Changes: ^^^^^^^^

  • Maximum supported cryptography version is now 48.x.
  • Added OpenSSL.SSL.Connection.set_options to set options on a per-connection basis.

26.1.0 (2026-04-24)

Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

... (truncated)

Commits
  • a34aa1d Prepare 26.3.0 release (#1515)
  • 24db880 Deprecate X509Name and the remaining APIs that consume or return it (#1514)
  • 1dc08be Add as_cryptography parameter to Connection.get_client_ca_list (#1508)
  • 55653a5 Require cryptography 49, drop Python 3.8 (#1513)
  • 9bad760 Remove deprecated CSR functionality (#1507)
  • 98ca874 Enforce that Session is only re-used with the Context it came from (#1512)
  • cbcb1da Deprecate Context.set_passwd_cb (#1511)
  • 3b9d07d Deprecate all the mutable APIs on X509 (#1510)
  • e096920 Deprecate PKey.generate_key, PKey.check, and dump_privatekey (#1509)
  • 7079d6d Fix zizmor findings in GitHub Actions workflows (#1506)
  • Additional commits viewable in compare view

Updates werkzeug from 3.1.6 to 3.1.8

Release notes

Sourced from werkzeug's releases.

3.1.8

This is the Werkzeug 3.1.8 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Werkzeug/3.1.8/ Changes: https://werkzeug.palletsprojects.com/page/changes/#version-3-1-8 Milestone: https://github.com/pallets/werkzeug/milestone/45?closed=1

  • Request.host and get_host return the empty string if the header is missing or has invalid characters. #3142

3.1.7

This is the Werkzeug 3.1.7 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Werkzeug/3.1.7/ Changes: https://werkzeug.palletsprojects.com/page/changes/#version-3-1-7 Milestone: https://github.com/pallets/werkzeug/milestone/44?closed=1

  • parse_list_header preserves partially quoted items, discards empty items, and returns empty for unclosed quoted values. #3128
  • WWWAuthenticate.to_header does not produce a trailing space when there are no parameters. #3127
  • Transfer-Encoding is parsed as a set. #3134
  • Request.host, get_host, and host_is_trusted validate the characters of the value. An empty value is no longer allowed. A Unix socket server address is ignored. The trusted_list argument to host_is_trusted is optional. #3113
  • Fix multipart form parser handling of newline at boundary. #3088
  • Response.make_conditional sets the Accept-Ranges header even if it is not a satisfiable range request. #3108
  • merge_slashes merges any number of consecutive slashes. #3121
Changelog

Sourced from werkzeug's changelog.

Version 3.1.8

Released 2026-04-02

  • Request.host and get_host return the empty string if the header is missing or has invalid characters. :issue:3142

Version 3.1.7

Released 2026-03-23

  • parse_list_header preserves partially quoted items, discards empty items, and returns empty for unclosed quoted values. :pr:3128
  • WWWAuthenticate.to_header does not produce a trailing space when there are no parameters. :issue:3127
  • Transfer-Encoding is parsed as a set. :pr:3134
  • Request.host, get_host, and host_is_trusted validate the characters of the value. An empty value is no longer allowed. A Unix socket server address is ignored. The trusted_list argument to host_is_trusted is optional. :pr:3113
  • Fix multipart form parser handling of newline at boundary. :issue:3088
  • Response.make_conditional sets the Accept-Ranges header even if it is not a satisfiable range request. :issue:3108
  • merge_slashes merges any number of consecutive slashes. :issue:3121
Commits

Updates pillow from 12.1.1 to 12.2.0

Release notes

Sourced from pillow's releases.

12.2.0

https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html

Documentation

Dependencies

Testing

Other changes

... (truncated)

Commits

Updates pytest-cov from 7.0.0 to 7.1.0

Changelog

Sourced from pytest-cov's changelog.

7.1.0 (2026-03-21)

  • Fixed total coverage computation to always be consistent, regardless of reporting settings. Previously some reports could produce different total counts, and consequently can make --cov-fail-under behave different depending on reporting options. See [#641](https://github.com/pytest-dev/pytest-cov/issues/641) <https://github.com/pytest-dev/pytest-cov/issues/641>_.

  • Improve handling of ResourceWarning from sqlite3.

    The plugin adds warning filter for sqlite3 ResourceWarning unclosed database (since 6.2.0). It checks if there is already existing plugin for this message by comparing filter regular expression. When filter is specified on command line the message is escaped and does not match an expected message. A check for an escaped regular expression is added to handle this case.

    With this fix one can suppress ResourceWarning from sqlite3 from command line::

    pytest -W "ignore:unclosed database in <sqlite3.Connection object at:ResourceWarning" ...

  • Various improvements to documentation. Contributed by Art Pelling in [#718](https://github.com/pytest-dev/pytest-cov/issues/718) <https://github.com/pytest-dev/pytest-cov/pull/718>_ and "vivodi" in [#738](https://github.com/pytest-dev/pytest-cov/issues/738) <https://github.com/pytest-dev/pytest-cov/pull/738>. Also closed [#736](https://github.com/pytest-dev/pytest-cov/issues/736) <https://github.com/pytest-dev/pytest-cov/issues/736>.

  • Fixed some assertions in tests. Contributed by in Markéta Machová in [#722](https://github.com/pytest-dev/pytest-cov/issues/722) <https://github.com/pytest-dev/pytest-cov/pull/722>_.

  • Removed unnecessary coverage configuration copying (meant as a backup because reporting commands had configuration side-effects before coverage 5.0).

Commits
  • 66c8a52 Bump version: 7.0.0 → 7.1.0
  • f707662 Make the examples use pypy 3.11.
  • 6049a78 Make context test use the old ctracer (seems the new sysmon tracer behaves di...
  • 8ebf20b Update changelog.
  • 861d30e Remove the backup context manager - shouldn't be needed since coverage 5.0, ...
  • fd4c956 Pass the precision on the nulled total (seems that there's some caching goion...
  • 78c9c4e Only run the 3.9 on older deps.
  • 4849a92 Punctuation.
  • 197c35e Update changelog and hopefully I don't forget to publish release again :))
  • 14dc1c9 Update examples to use 3.11 and make the adhoc layout example look a bit more...
  • Additional commits viewable in compare view

Updates black from 26.3.1 to 26.5.1

Release notes

Sourced from black's releases.

26.5.1

Stable style

  • Fix unstable formatting of annotated assignments whose subscript annotation contains an inline comment (e.g. x: list[ # pyright: ignore[...]) (#5130)
  • Preserve inline comments (including # type: ignore) immediately before a # fmt: skip line, avoiding AST equivalence failures (#5139)

Packaging

  • Correct the version in the published executables (#5137)

Documentation

  • Add Neovim integration guide covering conform.nvim, ALE, and simple command approaches (#5124)

26.5.0

Highlights

  • Add support for unpacking in comprehensions (PEP 798) and for lazy imports (PEP 810), both new syntactic features in Python 3.15 (#5048)
  • Python 3.15 is now supported. Compiled wheels are not yet provided for Python 3.15, so performance may be slower than on existing Python versions. Wheels will be provided once Python 3.15 is later in its release cycle. (#5127)

Stable style

  • Fix # fmt: skip being ignored in nested if expressions with parenthesized in clauses (#4903)
  • Add syntactic support for Python 3.15 (#5048)
  • Fix crash when an f-string follows a # fmt: off comment inside brackets (#5097)
  • Preserve multiline compound statement headers when # fmt: skip is placed on the colon line (#5117)

Preview style

  • Improve heuristics around whether blank lines should appear before, within and after groups of same-name decorated functions (such as @overload groups) in .pyi stub files (#5021)
  • Fix blank lines being removed between a function and a decorated class in .pyi stub files (#5092)
  • Prevent string merger from creating unsplittable long lines when a pragma comment (e.g. # type: ignore) follows the closing bracket (#5096)

Packaging

Output

... (truncated)

Changelog

Sourced from black's changelog.

Version 26.5.1

Stable style

  • Fix unstable formatting of annotated assignments whose subscript annotation contains an inline comment (e.g. x: list[ # pyright: ignore[...]) (#5130)
  • Preserve inline comments (including # type: ignore) immediately before a # fmt: skip line, avoiding AST equivalence failures (#5139)

Packaging

  • Correct the version in the published executables (#5137)

Documentation

  • Add Neovim integration guide covering conform.nvim, ALE, and simple command approaches (#5124)

Version 26.5.0

Highlights

  • Add support for unpacking in comprehensions (PEP 798) and for lazy imports (PEP 810), both new syntactic features in Python 3.15 (#5048)
  • Python 3.15 is now supported. Compiled wheels are not yet provided for Python 3.15, so performance may be slower than on existing Python versions. Wheels will be provided once Python 3.15 is later in its release cycle. (#5127)

Stable style

  • Fix # fmt: skip being ignored in nested if expressions with parenthesized in clauses (#4903)
  • Add syntactic support for Python 3.15 (#5048)
  • Fix crash when an f-string follows a # fmt: off comment inside brackets (#5097)
  • Preserve multiline compound statement headers when # fmt: skip is placed on the colon line (#5117)

Preview style

  • Improve heuristics around whether blank lines should appear before, within and after groups of same-name decorated functions (such as @overload groups) in .pyi stub files (#5021)
  • Fix blank lines being removed between a function and a decorated class in .pyi stub files (#5092)
  • Prevent string merger from creating unsplittable long lines when a pragma comment (e.g. # type: ignore) follows the closing bracket (#5096)

Packaging

... (truncated)

Commits

Updates beautifulsoup4 from 4.14.3 to 4.15.0

Updates djlint from 1.36.4 to 1.39.2

Release notes

Sourced from djlint's releases.

v1.39.2

v1.39.1 was not published due to mypyc compilation error.

Packaging

  • Fix mypyc compilation.

v1.39.1

This release was not published due to mypyc compilation error.

Fix

  • Avoid false T027 reports for apostrophes inside quoted template strings.
  • Format Alpine.js object methods in attributes when format_attribute_js_json is enabled.
  • Preserve indentation after inline Jinja control-flow blocks that start with whitespace trim markers, such as {%- if ... %}...{% endif %}.
  • Preserve safe inner quote style for Jinja function calls inside quoted HTML attributes.

v1.39.0

Feature

  • Add preserve_class_newlines / --preserve-class-newlines to keep authored line breaks inside multiline class attributes. #495

Fix

  • Fix Django 6.0 {% partialdef %} block indentation so {% endpartialdef %} aligns with its opener. #1556
  • Preserve multiline Django/Jinja control-flow blocks instead of condensing short bodies onto one line. #1597
  • Preserve single-line inline HTML and template tag bodies during expansion, even when they exceed max_line_length.

v1.38.2

  • Fix python -m djlint not working due to mypyc compilation.

v1.38.1

Fix

  • Match exclude paths on path boundaries. #1028

v1.38.0

Feature

  • Add support for .djlint.toml project and global config files. #1181

Fix

  • Preserve single-line inline HTML tag bodies when they fit within max_line_length. #637 #2041
  • Avoid evaluating template expressions while formatting tag contents. #784 #828 #1030 #1158

Packaging

  • Fix npm publish workflow.

... (truncated)

Changelog

Sourced from djlint's changelog.

[1.39.2] - 2026-06-11

v1.39.1 was not published due to mypyc compilation error.

Packaging

  • Fix mypyc compilation.

[1.39.1] - 2026-06-11

Fix

  • Avoid false T027 reports for apostrophes inside quoted template strings.
  • Format Alpine.js object methods in attributes when format_attribute_js_json is enabled.
  • Preserve indentation after inline Jinja control-flow blocks that start with whitespace trim markers, such as {%- if ... %}...{% endif %}.
  • Preserve safe inner quote style for Jinja function calls inside quoted HTML attributes.

[1.39.0] - 2026-06-05

Feature

  • Add preserve_class_newlines / --preserve-class-newlines to keep authored line breaks inside multiline class attributes.

Fix

  • Fix Django 6.0 {% partialdef %} block indentation so {% endpartialdef %} aligns with its opener.
  • Preserve multiline Django/Jinja control-flow blocks instead of condensing short bodies onto one line.
  • Preserve single-line inline HTML and template tag bodies during expansion, even when they exceed max_line_length.

[1.38.2] - 2026-06-05

Fix

  • Fix python -m djlint not working due to mypyc compilation.

[1.38.1] - 2026-06-04

Fix

  • Match exclude paths on path boundaries.

[1.38.0] - 2026-06-04

Feature

  • Add support for .djlint.toml project and global config files.

Fix

  • Preserve single-line inline HTML tag bodies when they fit within max_line_length.

... (truncated)

Commits
  • a8264dd v1.39.2
  • 0a59136 fix mypyc compilation
  • 5daa5dd v1.39.1
  • 27bae44 fix(linter): avoid false T027 for apostrophes in quoted strings
  • 8a9d8f0 Fix Alpine x-data method attribute formatting
  • c12d4e1 improve parenthesis tests
  • d575507 fix(formatter): preserve Jinja quotes in HTML attributes
  • 4129b05 chore(deps): update pre-commit hook types-tqdm to v4.68.0.20260608 (#2074)
  • 0730bff Fix indentation after inline trim-marker Jinja blocks
  • 338dee3 chore(deps): lock file maintenance (#2073)
  • Additional commits viewable in compare view

Updates gitpython from 3.1.46 to 3.1.50

Release notes

Sourced from gitpython's releases.

3.1.50

What's Changed

New Contributors

Full Changelog: gitpython-developers/GitPython@3.1.49...3.1.50

3.1.49 - Security

What's Changed

Full Changelog: gitpython-developers/GitPython@3.1.48...3.1.49

3.1.48 - Security

Accidentally deleted the previous GH release, it did mention the advisory this fixes.

What's Changed

Full Changelog: gitpython-developers/GitPython@3.1.47...3.1.48

3.1.47 - with security fixes

Advisories

What's Changed

... (truncated)

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jun 8, 2026
…h 9 updates

Bumps the python-dependencies group with 9 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [flask-cors](https://github.com/corydolphin/flask-cors) | `6.0.2` | `6.0.5` |
| [pyopenssl](https://github.com/pyca/pyopenssl) | `26.0.0` | `26.3.0` |
| [werkzeug](https://github.com/pallets/werkzeug) | `3.1.6` | `3.1.8` |
| [pillow](https://github.com/python-pillow/Pillow) | `12.1.1` | `12.2.0` |
| [pytest-cov](https://github.com/pytest-dev/pytest-cov) | `7.0.0` | `7.1.0` |
| [black](https://github.com/psf/black) | `26.3.1` | `26.5.1` |
| [beautifulsoup4](https://www.crummy.com/software/BeautifulSoup/bs4/) | `4.14.3` | `4.15.0` |
| [djlint](https://github.com/djlint/djLint) | `1.36.4` | `1.39.2` |
| [gitpython](https://github.com/gitpython-developers/GitPython) | `3.1.46` | `3.1.50` |



Updates `flask-cors` from 6.0.2 to 6.0.5
- [Release notes](https://github.com/corydolphin/flask-cors/releases)
- [Changelog](https://github.com/corydolphin/flask-cors/blob/main/CHANGELOG.md)
- [Commits](corydolphin/flask-cors@6.0.2...6.0.5)

Updates `pyopenssl` from 26.0.0 to 26.3.0
- [Changelog](https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst)
- [Commits](pyca/pyopenssl@26.0.0...26.3.0)

Updates `werkzeug` from 3.1.6 to 3.1.8
- [Release notes](https://github.com/pallets/werkzeug/releases)
- [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst)
- [Commits](pallets/werkzeug@3.1.6...3.1.8)

Updates `pillow` from 12.1.1 to 12.2.0
- [Release notes](https://github.com/python-pillow/Pillow/releases)
- [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst)
- [Commits](python-pillow/Pillow@12.1.1...12.2.0)

Updates `pytest-cov` from 7.0.0 to 7.1.0
- [Changelog](https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst)
- [Commits](pytest-dev/pytest-cov@v7.0.0...v7.1.0)

Updates `black` from 26.3.1 to 26.5.1
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](psf/black@26.3.1...26.5.1)

Updates `beautifulsoup4` from 4.14.3 to 4.15.0

Updates `djlint` from 1.36.4 to 1.39.2
- [Release notes](https://github.com/djlint/djLint/releases)
- [Changelog](https://github.com/djlint/djLint/blob/master/CHANGELOG.md)
- [Commits](djlint/djLint@v1.36.4...v1.39.2)

Updates `gitpython` from 3.1.46 to 3.1.50
- [Release notes](https://github.com/gitpython-developers/GitPython/releases)
- [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES)
- [Commits](gitpython-developers/GitPython@3.1.46...3.1.50)

---
updated-dependencies:
- dependency-name: beautifulsoup4
  dependency-version: 4.15.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: black
  dependency-version: 26.5.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: djlint
  dependency-version: 1.39.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: flask-cors
  dependency-version: 6.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-dependencies
- dependency-name: gitpython
  dependency-version: 3.1.50
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: python-dependencies
- dependency-name: pillow
  dependency-version: 12.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: pyopenssl
  dependency-version: 26.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: pytest-cov
  dependency-version: 7.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: werkzeug
  dependency-version: 3.1.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/dev/python-dependencies-5ae8c4ba92 branch from e2b867c to 56bf6b2 Compare June 15, 2026 17:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants