Skip to content

Bump the python-dependencies group with 3 updates#576

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/python-dependencies-29075fcd15
Open

Bump the python-dependencies group with 3 updates#576
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/python-dependencies-29075fcd15

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Jun 3, 2026

Bumps the python-dependencies group with 3 updates: poetry, uv and pip.

Updates poetry from 2.4.0 to 2.4.1

Release notes

Sourced from poetry's releases.

2.4.1

Changed

  • Re-allow installer==0.7.0 (#10887).

Fixed

  • Fix an issue where poetry update <package> failed when <package> was a transitive dependency (#10885).
Changelog

Sourced from poetry's changelog.

[2.4.1] - 2026-05-09

Changed

  • Re-allow installer==0.7.0 (#10887).

Fixed

  • Fix an issue where poetry update <package> failed when <package> was a transitive dependency (#10885).
Commits

Updates uv from 0.11.11 to 0.11.18

Release notes

Sourced from uv's releases.

0.11.18

Release Notes

Released on 2026-06-01.

Performance

  • Fix performance regression in unzip of local wheels (#19637)

Preview

  • Add uv check to run ty from uv (#19605)

Bug fixes

  • Update activation scripts with upstream fixes (#19628)

Other changes

Install uv 0.11.18

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.18/uv-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.18/uv-installer.ps1 | iex"

Download uv 0.11.18

File Platform Checksum
uv-aarch64-apple-darwin.tar.gz Apple Silicon macOS checksum
uv-x86_64-apple-darwin.tar.gz Intel macOS checksum
uv-aarch64-pc-windows-msvc.zip ARM64 Windows checksum
uv-i686-pc-windows-msvc.zip x86 Windows checksum
uv-x86_64-pc-windows-msvc.zip x64 Windows checksum
uv-aarch64-unknown-linux-gnu.tar.gz ARM64 Linux checksum
uv-i686-unknown-linux-gnu.tar.gz x86 Linux checksum
uv-powerpc64le-unknown-linux-gnu.tar.gz PPC64LE Linux checksum
uv-riscv64gc-unknown-linux-gnu.tar.gz RISCV Linux checksum
uv-s390x-unknown-linux-gnu.tar.gz S390x Linux checksum
uv-x86_64-unknown-linux-gnu.tar.gz x64 Linux checksum

... (truncated)

Changelog

Sourced from uv's changelog.

0.11.18

Released on 2026-06-01.

Performance

  • Fix performance regression in unzip of local wheels (#19637)

Preview

  • Add uv check to run ty from uv (#19605)

Bug fixes

  • Update activation scripts with upstream fixes (#19628)

Other changes

0.11.17

Released on 2026-05-28.

Enhancements

  • Add a diagnostic for uv add with standard library modules (#19572)
  • Expose uv workspace and its list subcommand in help output (#19533)
  • Improve the "403 forbidden" hint to suggest ignore-error-codes when applicable (#19521)
  • Skip direct URL lock freshness checks while offline (#19596)
  • Add import-names and import-namespaces support to uv-build (PEP 794) (#19380)
  • Add a --no-editable-package flag to various commands (#19584)
  • Infer Python version requests from source trees in uv tool invocations (#19577)

Preview features

  • Add module owners to uv workspace metadata (#19122)
  • Do not allow uv venv --clear to remove non-virtual environments (#19595)

Bug fixes

  • Improve the performance of large entries in tool.uv.conflicts (#19538)
  • Avoid modifying the parent process' env with --env-file in uv run (#19567)
  • Fix script environment creation for scripts with long filenames (#19539)
  • Fix transitive Git archive dependencies in lockfiles (#19589)
  • Preserve Git repository URLs in direct URL metadata (#19590)
  • Support redirects in --check-url (#19594)
  • Accept case-insensitive HTML tags in --find-links parsing (#19537)
  • Reject duplicate script metadata blocks (#19544)
  • Ban names like "python3" as script entry points (#19535, #19536)

... (truncated)

Commits

Updates pip from 26.1.1 to 26.1.2

Changelog

Sourced from pip's changelog.

26.1.2 (2026-05-31)

Bug Fixes

  • Reject console_scripts and gui_scripts entry points whose name would install a script outside the scripts directory. ([#14000](https://github.com/pypa/pip/issues/14000) <https://github.com/pypa/pip/issues/14000>_)
  • Fix installation incorrectly failing when the target path contains a doubled slash, such as with pip install --root //.... ([#14001](https://github.com/pypa/pip/issues/14001) <https://github.com/pypa/pip/issues/14001>_)
  • Send a consistent Accept-Encoding header to avoid a spurious Cache entry deserialization failed warning. ([#14012](https://github.com/pypa/pip/issues/14012) <https://github.com/pypa/pip/issues/14012>_)
Commits
  • 31d7d16 Bump for release
  • 79f348c Update AUTHORS.txt
  • 237a925 Merge pull request #14001 from notatallshaw/fix-is-within-directory
  • 34d0285 Merge pull request #14006 from laymonage/fix-requirements_from_scripts-space-...
  • 09d3e07 Merge pull request #14012 from notatallshaw/stable-accept-encoding
  • fa7854f Use is_within_directory for entry point check
  • d01b46c NEWS ENTRY
  • 7ff8bdd Fix is_within_directory for doubled-slash roots
  • 7ea3466 NEWS ENTRY
  • 85673ea Fix Accept-Encoding to gzip, deflate
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the python-dependencies group with 3 updates
1f703b5 
Bumps the python-dependencies group with 3 updates: [poetry](https://github.com/python-poetry/poetry), [uv](https://github.com/astral-sh/uv) and [pip](https://github.com/pypa/pip).


Updates `poetry` from 2.4.0 to 2.4.1
- [Release notes](https://github.com/python-poetry/poetry/releases)
- [Changelog](https://github.com/python-poetry/poetry/blob/main/CHANGELOG.md)
- [Commits](python-poetry/poetry@2.4.0...2.4.1)

Updates `uv` from 0.11.11 to 0.11.18
- [Release notes](https://github.com/astral-sh/uv/releases)
- [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md)
- [Commits](astral-sh/uv@0.11.11...0.11.18)

Updates `pip` from 26.1.1 to 26.1.2
- [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst)
- [Commits](pypa/pip@26.1.1...26.1.2)

---
updated-dependencies:
- dependency-name: poetry
  dependency-version: 2.4.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-dependencies
- dependency-name: uv
  dependency-version: 0.11.18
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-dependencies
- dependency-name: pip
  dependency-version: 26.1.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Dependabot PRs that update Python dependencies labels Jun 3, 2026
@dependabot dependabot Bot requested a review from edmorley as a code owner June 3, 2026 05:09
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Dependabot PRs that update Python dependencies labels Jun 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@edmorley edmorley Awaiting requested review from edmorley edmorley is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Dependabot PRs that update Python dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants