Skip to content

Bump the pip group across 1 directory with 5 updates#59

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/pip-9cdddb1f45
Open

Bump the pip group across 1 directory with 5 updates#59
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/pip-9cdddb1f45

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 4, 2026

Bumps the pip group with 5 updates in the / directory:

Package From To
black 23.9.1 26.3.1
filelock 3.12.4 3.20.3
pillow 10.0.1 12.2.0
setuptools 68.2.2 78.1.1
virtualenv 20.24.5 20.36.1

Updates black from 23.9.1 to 26.3.1

Release notes

Sourced from black's releases.

26.3.1

Stable style

  • Prevent Jupyter notebook magic masking collisions from corrupting cells by using exact-length placeholders for short magics and aborting if a placeholder can no longer be unmasked safely (#5038)

Configuration

  • Always hash cache filename components derived from --python-cell-magics so custom magic names cannot affect cache paths (#5038)

Blackd

  • Disable browser-originated requests by default, add configurable origin allowlisting and request body limits, and bound executor submissions to improve backpressure (#5039)

26.3.0

Stable style

  • Don't double-decode input, causing non-UTF-8 files to be corrupted (#4964)
  • Fix crash on standalone comment in lambda default arguments (#4993)
  • Preserve parentheses when # type: ignore comments would be merged with other comments on the same line, preventing AST equivalence failures (#4888)

Preview style

  • Fix bug where if guards in case blocks were incorrectly split when the pattern had a trailing comma (#4884)
  • Fix string_processing crashing on unassigned long string literals with trailing commas (one-item tuples) (#4929)
  • Simplify implementation of the power operator "hugging" logic (#4918)

Packaging

  • Fix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in frozen environments (#4930)

Performance

  • Introduce winloop for windows as an alternative to uvloop (#4996)
  • Remove deprecated function uvloop.install() in favor of uvloop.new_event_loop() (#4996)
  • Rename maybe_install_uvloop function to maybe_use_uvloop to simplify loop installation and creation of either a uvloop/winloop evenloop or default eventloop (#4996)

Output

... (truncated)

Changelog

Sourced from black's changelog.

Version 26.3.1

Stable style

  • Prevent Jupyter notebook magic masking collisions from corrupting cells by using exact-length placeholders for short magics and aborting if a placeholder can no longer be unmasked safely (#5038)

Configuration

  • Always hash cache filename components derived from --python-cell-magics so custom magic names cannot affect cache paths (#5038)

Blackd

  • Disable browser-originated requests by default, add configurable origin allowlisting and request body limits, and bound executor submissions to improve backpressure (#5039)

Version 26.3.0

Stable style

  • Don't double-decode input, causing non-UTF-8 files to be corrupted (#4964)
  • Fix crash on standalone comment in lambda default arguments (#4993)
  • Preserve parentheses when # type: ignore comments would be merged with other comments on the same line, preventing AST equivalence failures (#4888)

Preview style

  • Fix bug where if guards in case blocks were incorrectly split when the pattern had a trailing comma (#4884)
  • Fix string_processing crashing on unassigned long string literals with trailing commas (one-item tuples) (#4929)
  • Simplify implementation of the power operator "hugging" logic (#4918)

Packaging

  • Fix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in frozen environments (#4930)

Performance

  • Introduce winloop for windows as an alternative to uvloop (#4996)
  • Remove deprecated function uvloop.install() in favor of uvloop.new_event_loop() (#4996)
  • Rename maybe_install_uvloop function to maybe_use_uvloop to simplify loop installation and creation of either a uvloop/winloop eventloop or default eventloop (#4996)

... (truncated)

Commits

Updates filelock from 3.12.4 to 3.20.3

Release notes

Sourced from filelock's releases.

3.20.3

What's Changed

Full Changelog: tox-dev/filelock@3.20.2...3.20.3

3.20.2

What's Changed

New Contributors

Full Changelog: tox-dev/filelock@3.20.1...3.20.2

3.20.1

What's Changed

Full Changelog: tox-dev/filelock@3.20.0...3.20.1

3.20.0

What's Changed

New Contributors

Full Changelog: tox-dev/filelock@3.19.1...3.20.0

3.19.1

What's Changed

... (truncated)

Changelog

Sourced from filelock's changelog.

########### Changelog ###########

3.29.0 (2026-04-19)

  • ✨ feat(soft): enable stale lock detection on Windows :pr:534
  • 🐛 fix(async): use single-thread executor for lock consistency :pr:533
  • build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 :pr:530 - by :user:dependabot[bot]

3.28.0 (2026-04-14)

  • 🐛 fix(ci): unbreak release workflow, publish to PyPI again :pr:529

3.26.1 (2026-04-09)

  • 🐛 fix(asyncio): add exit to BaseAsyncFileLock and fix del loop handling :pr:518 - by :user:naarob
  • build(deps): bump pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0 :pr:525 - by :user:dependabot[bot]

3.26.0 (2026-04-06)

  • ✨ feat(soft): add PID inspection and lock breaking :pr:524
  • [pre-commit.ci] pre-commit autoupdate :pr:523 - by :user:pre-commit-ci[bot]
  • build(deps): bump astral-sh/setup-uv from 7.6.0 to 8.0.0 :pr:522 - by :user:dependabot[bot]
  • Remove persist-credentials: false from release job :pr:520
  • [pre-commit.ci] pre-commit autoupdate :pr:519 - by :user:pre-commit-ci[bot]
  • 🔒 ci(workflows): add zizmor security auditing :pr:517
  • [pre-commit.ci] pre-commit autoupdate :pr:516 - by :user:pre-commit-ci[bot]
  • [pre-commit.ci] pre-commit autoupdate :pr:514 - by :user:pre-commit-ci[bot]

3.25.2 (2026-03-11)

  • 🐛 fix(unix): suppress EIO on close in Docker bind mounts :pr:513

3.25.1 (2026-03-09)

  • [pre-commit.ci] pre-commit autoupdate :pr:510 - by :user:pre-commit-ci[bot]
  • 🐛 fix(win): restore best-effort lock file cleanup on release :pr:511

... (truncated)

Commits

Updates pillow from 10.0.1 to 12.2.0

Release notes

Sourced from pillow's releases.

12.2.0

https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html

Documentation

Dependencies

Testing

Other changes

... (truncated)

Changelog

Sourced from pillow's changelog.

Changelog (Pillow)

11.1.0 and newer

See GitHub Releases:

11.0.0 (2024-10-15)

  • Update licence to MIT-CMU #8460 [hugovk]

  • Conditionally define ImageCms type hint to avoid requiring core #8197 [radarhere]

  • Support writing LONG8 offsets in AppendingTiffWriter #8417 [radarhere]

  • Use ImageFile.MAXBLOCK when saving TIFF images #8461 [radarhere]

  • Do not close provided file handles with libtiff when saving #8458 [radarhere]

  • Support ImageFilter.BuiltinFilter for I;16* images #8438 [radarhere]

  • Use ImagingCore.ptr instead of ImagingCore.id #8341 [homm, radarhere, hugovk]

  • Updated EPS mode when opening images without transparency #8281 [Yay295, radarhere]

  • Use transparency when combining P frames from APNGs #8443 [radarhere]

  • Support all resampling filters when resizing I;16* images #8422 [radarhere]

  • Free memory on early return #8413 [radarhere]

  • Cast int before potentially exceeding INT_MAX #8402 [radarhere]

... (truncated)

Commits

Updates setuptools from 68.2.2 to 78.1.1

Changelog

Sourced from setuptools's changelog.

v78.1.1

Bugfixes

  • More fully sanitized the filename in PackageIndex._download. (#4946)

v78.1.0

Features

  • Restore access to _get_vc_env with a warning. (#4874)

v78.0.2

Bugfixes

  • Postponed removals of deprecated dash-separated and uppercase fields in setup.cfg. All packages with deprecated configurations are advised to move before 2026. (#4911)

v78.0.1

Misc

v78.0.0

Bugfixes

  • Reverted distutils changes that broke the monkey patching of command classes. (#4902)

Deprecations and Removals

  • Setuptools no longer accepts options containing uppercase or dash characters in setup.cfg.

... (truncated)

Commits

Updates virtualenv from 20.24.5 to 20.36.1

Release notes

Sourced from virtualenv's releases.

20.36.0

What's Changed

New Contributors

Full Changelog: pypa/virtualenv@20.35.3...20.36.0

20.35.4

What's Changed

New Contributors

Full Changelog: pypa/virtualenv@20.35.3...20.35.4

20.35.3

What's Changed

Full Changelog: pypa/virtualenv@20.35.1...20.35.3

20.35.2

... (truncated)

Changelog

Sourced from virtualenv's changelog.

Bugfixes - 20.36.1

  • Fix TOCTOU vulnerabilities in app_data and lock directory creation that could be exploited via symlink attacks - reported by :user:tsigouris007, fixed by :user:gaborbernat. (:issue:3013)

v20.36.0 (2026-01-07)

Features - 20.36.0

  • Add support for PEP 440 version specifiers in the --python flag. Users can now specify Python versions using operators like >=, <=, ~=, etc. For example: virtualenv --python=">=3.12" myenv . (:issue:2994`)

v20.35.4 (2025-10-28)

Bugfixes - 20.35.4

  • Fix race condition in _virtualenv.py when file is overwritten during import, preventing NameError when _DISTUTILS_PATCH is accessed - by :user:gracetyy. (:issue:2969)

  • Upgrade embedded wheels:

    • pip to 25.3 from 25.2 (:issue:2989)

v20.35.3 (2025-10-10)

Bugfixes - 20.35.3

  • Accept RuntimeError in test_too_many_open_files, by :user:esafak (:issue:2935)

v20.35.2 (2025-10-10)

Bugfixes - 20.35.2

  • Revert out changes related to the extraction of the discovery module - by :user:gaborbernat. (:issue:2978)

v20.35.1 (2025-10-09)

... (truncated)

Commits
  • d0ad11d release 20.36.1
  • dec4cec Merge pull request #3013 from gaborbernat/fix-sec
  • 5fe5d38 release 20.36.0 (#3011)
  • 9719376 release 20.36.0
  • 0276db6 Add support for PEP 440 version specifiers in the --python flag. (#3008)
  • 4f900c2 Fix Interpreter discovery bug wrt. Microsoft Store shortcut using Latin-1 (#3...
  • 13afcc6 fix: resolve EncodingWarning in tox upgrade environment (#3007)
  • 31b5d31 [pre-commit.ci] pre-commit autoupdate (#2997)
  • 7c28422 fix: update filelock dependency version to 3.20.1 to fix CVE CVE-2025-68146 (...
  • 365628c test_too_many_open_files: assert on errno.EMFILE instead of strerror (#3001)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the pip group across 1 directory with 5 updates
5b2ea4b 
Bumps the pip group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [black](https://github.com/psf/black) | `23.9.1` | `26.3.1` |
| [filelock](https://github.com/tox-dev/py-filelock) | `3.12.4` | `3.20.3` |
| [pillow](https://github.com/python-pillow/Pillow) | `10.0.1` | `12.2.0` |
| [setuptools](https://github.com/pypa/setuptools) | `68.2.2` | `78.1.1` |
| [virtualenv](https://github.com/pypa/virtualenv) | `20.24.5` | `20.36.1` |



Updates `black` from 23.9.1 to 26.3.1
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](psf/black@23.9.1...26.3.1)

Updates `filelock` from 3.12.4 to 3.20.3
- [Release notes](https://github.com/tox-dev/py-filelock/releases)
- [Changelog](https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst)
- [Commits](tox-dev/filelock@3.12.4...3.20.3)

Updates `pillow` from 10.0.1 to 12.2.0
- [Release notes](https://github.com/python-pillow/Pillow/releases)
- [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst)
- [Commits](python-pillow/Pillow@10.0.1...12.2.0)

Updates `setuptools` from 68.2.2 to 78.1.1
- [Release notes](https://github.com/pypa/setuptools/releases)
- [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst)
- [Commits](pypa/setuptools@v68.2.2...v78.1.1)

Updates `virtualenv` from 20.24.5 to 20.36.1
- [Release notes](https://github.com/pypa/virtualenv/releases)
- [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst)
- [Commits](pypa/virtualenv@20.24.5...20.36.1)

---
updated-dependencies:
- dependency-name: black
  dependency-version: 26.3.1
  dependency-type: direct:development
  dependency-group: pip
- dependency-name: filelock
  dependency-version: 3.20.3
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: pillow
  dependency-version: 12.2.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: setuptools
  dependency-version: 78.1.1
  dependency-type: indirect
  dependency-group: pip
- dependency-name: virtualenv
  dependency-version: 20.36.1
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels May 4, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants