From 12ea5a580ac02f5062b927ac3fa278000d7abb04 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 11 Jun 2026 11:18:06 +0000
Subject: [PATCH] Bump filelock from 3.29.1 to 3.29.3 (#12901)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [filelock](https://github.com/tox-dev/py-filelock) from 3.29.1 to
3.29.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tox-dev/py-filelock/releases">filelock's
releases</a>.</em></p>
<blockquote>
<h2>3.29.3</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>🔧 ci(release): publish to PyPI on tag push by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/tox-dev/filelock/pull/557">tox-dev/filelock#557</a></li>
<li>validate pid range in _parse_lock_holder by <a
href="https://github.com/dxbjavid"><code>@​dxbjavid</code></a> in <a
href="https://redirect.github.com/tox-dev/filelock/pull/556">tox-dev/filelock#556</a></li>
<li>🐛 fix(ci): restore release environment on tag job by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/tox-dev/filelock/pull/559">tox-dev/filelock#559</a></li>
<li>🐛 fix(ci): publish from release.yaml on tag push by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/tox-dev/filelock/pull/560">tox-dev/filelock#560</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/tox-dev/filelock/compare/3.29.2...3.29.3">https://github.com/tox-dev/filelock/compare/3.29.2...3.29.3</a></p>
<h2>3.29.2</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>open marker reads non-blocking to refuse attacker-placed fifo by <a
href="https://github.com/dxbjavid"><code>@​dxbjavid</code></a> in <a
href="https://redirect.github.com/tox-dev/filelock/pull/549">tox-dev/filelock#549</a></li>
<li>🔒 fix(soft): harden stale-lock breaking and self-heal malformed
locks by <a
href="https://github.com/gaborbernat"><code>@​gaborbernat</code></a> in
<a
href="https://redirect.github.com/tox-dev/filelock/pull/551">tox-dev/filelock#551</a></li>
<li>check hostname in is_lock_held_by_us by <a
href="https://github.com/dxbjavid"><code>@​dxbjavid</code></a> in <a
href="https://redirect.github.com/tox-dev/filelock/pull/553">tox-dev/filelock#553</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/tox-dev/filelock/compare/3.29.1...3.29.2">https://github.com/tox-dev/filelock/compare/3.29.1...3.29.2</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst">filelock's
changelog</a>.</em></p>
<blockquote>
<p>###########
Changelog
###########</p>
<hr />
<p>3.29.3 (2026-06-10)</p>
<hr />
<ul>
<li>🐛 fix(ci): restore release environment on tag job
:pr:<code>559</code></li>
<li>validate pid range in _parse_lock_holder :pr:<code>556</code> - by
:user:<code>dxbjavid</code></li>
<li>🔧 ci(release): publish to PyPI on tag push :pr:<code>557</code></li>
<li>build(deps): bump astral-sh/setup-uv from 8.1.0 to 8.2.0
:pr:<code>558</code> - by :user:<code>dependabot[bot]</code></li>
</ul>
<hr />
<p>3.29.2 (2026-06-10)</p>
<hr />
<ul>
<li>build(deps): bump actions/checkout from 6.0.2 to 6.0.3
:pr:<code>555</code> - by :user:<code>dependabot[bot]</code></li>
<li>[pre-commit.ci] pre-commit autoupdate :pr:<code>554</code> - by
:user:<code>pre-commit-ci[bot]</code></li>
<li>check hostname in is_lock_held_by_us :pr:<code>553</code> - by
:user:<code>dxbjavid</code></li>
<li>🔒 fix(soft): harden stale-lock breaking and self-heal malformed
locks :pr:<code>551</code></li>
<li>open marker reads non-blocking to refuse attacker-placed fifo
:pr:<code>549</code> - by :user:<code>dxbjavid</code></li>
</ul>
<hr />
<p>3.29.1 (2026-06-03)</p>
<hr />
<ul>
<li>🐛 fix(soft): refuse to follow symlinks when reading the lock file
:pr:<code>548</code> - by :user:<code>dxbjavid</code></li>
<li>[pre-commit.ci] pre-commit autoupdate :pr:<code>547</code> - by
:user:<code>pre-commit-ci[bot]</code></li>
<li>[pre-commit.ci] pre-commit autoupdate :pr:<code>546</code> - by
:user:<code>pre-commit-ci[bot]</code></li>
<li>chore: improve filelock maintenance path :pr:<code>545</code> - by
:user:<code>lphuc2250gma</code></li>
<li>chore: improve filelock maintenance path :pr:<code>544</code> - by
:user:<code>lphuc2250gma</code></li>
<li>chore: improve filelock maintenance path :pr:<code>542</code> - by
:user:<code>lphuc2250gma</code></li>
<li>docs: clarify per-thread scope of FileLock configuration
:pr:<code>543</code> - by :user:<code>Gares95</code></li>
<li>[pre-commit.ci] pre-commit autoupdate :pr:<code>541</code> - by
:user:<code>pre-commit-ci[bot]</code></li>
<li>docs: fix API docs of <code>release()</code> :pr:<code>540</code> -
by :user:<code>MrAnno</code></li>
<li>[pre-commit.ci] pre-commit autoupdate :pr:<code>539</code> - by
:user:<code>pre-commit-ci[bot]</code></li>
<li>[pre-commit.ci] pre-commit autoupdate :pr:<code>538</code> - by
:user:<code>pre-commit-ci[bot]</code></li>
<li>[pre-commit.ci] pre-commit autoupdate :pr:<code>537</code> - by
:user:<code>pre-commit-ci[bot]</code></li>
<li>build(deps): bump astral-sh/setup-uv from 8.0.0 to 8.1.0
:pr:<code>536</code> - by :user:<code>dependabot[bot]</code></li>
<li>[pre-commit.ci] pre-commit autoupdate :pr:<code>535</code> - by
:user:<code>pre-commit-ci[bot]</code></li>
</ul>
<hr />
<p>3.29.0 (2026-04-19)</p>
<hr />
<ul>
<li>✨ feat(soft): enable stale lock detection on Windows
:pr:<code>534</code></li>
<li>🐛 fix(async): use single-thread executor for lock consistency
:pr:<code>533</code></li>
<li>build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1
:pr:<code>530</code> - by :user:<code>dependabot[bot]</code></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/tox-dev/filelock/commit/85e73d7f0575e30a3d94a00452255e381c7b8eb3"><code>85e73d7</code></a>
🐛 fix(ci): publish from release.yaml on tag push (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/560">#560</a>)</li>
<li><a
href="https://github.com/tox-dev/filelock/commit/f86dcb1abca36bb02b65232d411d7e8dce8569e6"><code>f86dcb1</code></a>
Release 3.29.3</li>
<li><a
href="https://github.com/tox-dev/filelock/commit/643bdbe89bff3c61e29d14d7657d045bb89ade6d"><code>643bdbe</code></a>
🐛 fix(ci): restore release environment on tag job (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/559">#559</a>)</li>
<li><a
href="https://github.com/tox-dev/filelock/commit/7a8f74a904cf7d98b6baf24eb37175d128a5f818"><code>7a8f74a</code></a>
validate pid range in _parse_lock_holder (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/556">#556</a>)</li>
<li><a
href="https://github.com/tox-dev/filelock/commit/d1d49a0b232a6d904ff29b22213834df75ffc59b"><code>d1d49a0</code></a>
🔧 ci(release): publish to PyPI on tag push (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/557">#557</a>)</li>
<li><a
href="https://github.com/tox-dev/filelock/commit/b37e162e316ec0ef6e5b8c37a1c04bdaaa411487"><code>b37e162</code></a>
build(deps): bump astral-sh/setup-uv from 8.1.0 to 8.2.0 (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/558">#558</a>)</li>
<li><a
href="https://github.com/tox-dev/filelock/commit/d9216dea26f31d369c7d3422bfe14c08b51232f1"><code>d9216de</code></a>
Release 3.29.2</li>
<li><a
href="https://github.com/tox-dev/filelock/commit/ab6844ddde56e0a93d34d918f90eef6fc74d2c6a"><code>ab6844d</code></a>
build(deps): bump actions/checkout from 6.0.2 to 6.0.3 (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/555">#555</a>)</li>
<li><a
href="https://github.com/tox-dev/filelock/commit/b862ead7201e8a602311bbc29e444db343b07967"><code>b862ead</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/554">#554</a>)</li>
<li><a
href="https://github.com/tox-dev/filelock/commit/2ff7c3cffc5d872a890783890fd6fd3b9fd27643"><code>2ff7c3c</code></a>
check hostname in is_lock_held_by_us (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/553">#553</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/tox-dev/py-filelock/compare/3.29.1...3.29.3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=filelock&package-manager=pip&previous-version=3.29.1&new-version=3.29.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 requirements/constraints.txt | 2 +-
 requirements/dev.txt         | 2 +-
 requirements/lint.txt        | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/requirements/constraints.txt b/requirements/constraints.txt
index 98e8187c9eb..0f90f34229b 100644
--- a/requirements/constraints.txt
+++ b/requirements/constraints.txt
@@ -81,7 +81,7 @@ exceptiongroup==1.3.1
     # via pytest
 execnet==2.1.2
     # via pytest-xdist
-filelock==3.29.1
+filelock==3.29.3
     # via
     #   python-discovery
     #   virtualenv
diff --git a/requirements/dev.txt b/requirements/dev.txt
index 43a7bacfb1a..ab0a9996ba5 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -79,7 +79,7 @@ exceptiongroup==1.3.1
     # via pytest
 execnet==2.1.2
     # via pytest-xdist
-filelock==3.29.1
+filelock==3.29.3
     # via
     #   python-discovery
     #   virtualenv
diff --git a/requirements/lint.txt b/requirements/lint.txt
index cbfe8c2d12b..cec19f60ec5 100644
--- a/requirements/lint.txt
+++ b/requirements/lint.txt
@@ -40,7 +40,7 @@ distlib==0.4.2
     # via virtualenv
 exceptiongroup==1.3.1
     # via pytest
-filelock==3.29.1
+filelock==3.29.3
     # via
     #   python-discovery
     #   virtualenv