Skip to content

build(deps): bump the minor-and-patch group with 12 updates #741

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

build(deps): bump the minor-and-patch group with 12 updates #741

dependabot wants to merge 1 commit into from
+181 −183

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 22, 2025

Bumps the minor-and-patch group with 12 updates:

Package From To
pystac 1.14.1 1.14.2
furo 2025.9.25 2025.12.19
pre-commit 4.5.0 4.5.1
filelock 3.20.0 3.20.1
librt 0.7.3 0.7.4
marshmallow 4.1.1 4.1.2
nodeenv 1.9.1 1.10.0
numpy 2.3.5 2.4.0
ruamel-yaml 0.18.16 0.18.17
soupsieve 2.8 2.8.1
typer 0.20.0 0.20.1
uvicorn 0.38.0 0.40.0

Updates pystac from 1.14.1 to 1.14.2

Release notes

Sourced from pystac's releases.

v1.14.2

1.14.2 (2025-12-17)

Bug Fixes

Changelog

Sourced from pystac's changelog.

1.14.2 (2025-12-17)

Bug Fixes

  • Remove unused pystac.validation import (#1583)
  • clone extra_fields for Item (#1601) (6ba7da1)
  • make release-please two separate jobs (#1607) (bb6d289)
  • Make extent not required for VerticalSpatialDimension (#1596)
  • Asset.get_absolute_href() now properly resolves root relative hrefs (#1599)
  • Clone extra fields on Item (#1601)
Commits

Updates furo from 2025.9.25 to 2025.12.19

Release notes

Sourced from furo's releases.

2025.12.19

  • Bump the supported Sphinx version range

Full Changelog: pradyunsg/furo@2025.09.25...2025.12.19

Changelog

Sourced from furo's changelog.

2025.12.19 -- Harmonious Honeydew

  • ✨ Add support for Sphinx 9.
  • Drop support for Sphinx 6.

2025.09.25 -- Gleaming Green

  • Change the dark mode code back to native.

2025.07.19 -- Frozen Flame

  • ✨ Switch to accessible-pygments themes
  • ✨ Prefetch the sidebar logos
  • ✨ Fix flickering header drop shadow on Safari
  • Add rel=edit attribute to "Edit this page" link/icon
  • Bump NodeJS and npm dependency versions
  • Bump Saas & Webpack major versions
  • Improve current page detection to be resilient to sticky elements above header
  • Modernise Sass and use @use + @forward
  • Remove top of code border-radius with captions
  • Remove "debug printf" for headerTop value
  • Use distinct images for light and dark mode in the documentation
  • Use the modern Saas Modules

2024.08.06 -- Energetic Eminence

  • ✨ Add support for Sphinx 8
  • ✨ Add smoother transitions between breakpoints
  • Increase specificity of table-wrapper selector
  • Avoid page breaks inside paragraphs

2024.07.18 -- Dull Denim

  • Improve how icons are handled and aligned.
  • Improve scroll event handler.
  • Hide the copybutton by default.
  • Fix source_view_link configuration handling.
  • Fix close tag on pencil icon.

2024.05.06 -- Cheerful Cerulean

  • ✨ Add new custom icons for auto mode, reflecting the currently active theme.
  • ✨ Add a view this page button.
  • ✨ Add colours and highlighting to "version modified" API helpers.
  • ✨ Add release information to various customisation knobs.
  • Make all icons bigger and use a thinner stroke with them.

2024.04.27 -- Bold Burgundy

  • Add a skip to content link.

... (truncated)

Commits

Updates pre-commit from 4.5.0 to 4.5.1

Release notes

Sourced from pre-commit's releases.

pre-commit v4.5.1

Fixes

  • Fix language: python with repo: local without additional_dependencies.
Changelog

Sourced from pre-commit's changelog.

4.5.1 - 2025-12-16

Fixes

  • Fix language: python with repo: local without additional_dependencies.
Commits
  • 8a0630c v4.5.1
  • fcbc745 Merge pull request #3597 from pre-commit/empty-setup-py
  • 51592ee fix python local template when artifact dirs are present
  • 67e8faf Merge pull request #3596 from pre-commit/pre-commit-ci-update-config
  • c251e6b [pre-commit.ci] pre-commit autoupdate
  • 98ccafa Merge pull request #3593 from pre-commit/pre-commit-ci-update-config
  • 4895355 [pre-commit.ci] pre-commit autoupdate
  • 2cedd58 Merge pull request #3588 from pre-commit/pre-commit-ci-update-config
  • 465192d [pre-commit.ci] pre-commit autoupdate
  • fd42f96 Merge pull request #3586 from pre-commit/zipapp-sha256-file-not-needed
  • Additional commits viewable in compare view

Updates filelock from 3.20.0 to 3.20.1

Release notes

Sourced from filelock's releases.

3.20.1

What's Changed

Full Changelog: tox-dev/filelock@3.20.0...3.20.1

Commits

Updates librt from 0.7.3 to 0.7.4

Commits

Updates marshmallow from 4.1.1 to 4.1.2

Changelog

Sourced from marshmallow's changelog.

4.1.2 (2025-12-19) ++++++++++++++++++

Bug fixes:

  • :cve:CVE-2025-68480: Merge error store messages without rebuilding collections. Thanks 카푸치노 for reporting and :user:deckar01 for the fix.
Commits
  • 692e79d Merge pull request #2876 from marshmallow-code/delint
  • 045c5f6 [pre-commit.ci] auto fixes from pre-commit.com hooks
  • 94c4d98 Delint
  • d24a0c9 Merge commit from fork
  • 1682640 Bump version and update changelog
  • 36f8787 Only deep copy error message collections
  • 70141f4 Add test coverage for error message modification
  • 218d98a Merge error store messages without rebuilding collections
  • See full diff in compare view

Updates nodeenv from 1.9.1 to 1.10.0

Release notes

Sourced from nodeenv's releases.

1.10.0 - drop

What's Changed

Fixed bugs 🐛

Improvements 🛠

Other Changes

New Contributors

Full Changelog: ekalinin/nodeenv@1.9.1...1.10.0

Commits
  • 9dee547 chore: bump nodeenv version to 1.10.0
  • d45aabb chore: add pyright ignore comments for compatibility
  • 55d6c21 chore: update AUTHORS
  • 5f694e6 test: update test test_node_system_creates_shim
  • fa3fdfb Merge branch 'master' of github.com:ekalinin/nodeenv
  • e868dbe Replace additional use of which(1) with shutil.which() (#355)
  • b4cd00d test: enhance activation tests for nodeenv with custom prompts and file handling
  • 0b5ea9d refactor(tests): improve readability of mock patches in nodeenv tests
  • 37c0c30 ci: add GH workflow for testing and coverage in PR
  • 326a7a4 test: add comprehensive tests for install_npm and install_npm_win functions
  • Additional commits viewable in compare view

Updates numpy from 2.3.5 to 2.4.0

Release notes

Sourced from numpy's releases.

2.4.0 (Dec 20, 2025)

NumPy 2.4.0 Release Notes

The NumPy 2.4.0 release continues the work to improve free threaded Python support, user dtypes implementation, and annotations. There are many expired deprecations and bug fixes as well.

This release supports Python versions 3.11-3.14

Highlights

Apart from annotations and same_value kwarg, the 2.4 highlights are mostly of interest to downstream developers. They should help in implementing new user dtypes.

  • Many annotation improvements. In particular, runtime signature introspection.
  • New casting kwarg 'same_value' for casting by value.
  • New PyUFunc_AddLoopsFromSpec function that can be used to add user sort loops using the ArrayMethod API.
  • New __numpy_dtype__ protocol.

Deprecations

Setting the strides attribute is deprecated

Setting the strides attribute is now deprecated since mutating an array is unsafe if an array is shared, especially by multiple threads. As an alternative, you can create a new view (no copy) via:

  • np.lib.stride_tricks.strided_window_view if applicable,
  • np.lib.stride_tricks.as_strided for the general case,
  • or the np.ndarray constructor (buffer is the original array) for a light-weight version.

(gh-28925)

Positional out argument to np.maximum, np.minimum is deprecated

Passing the output array out positionally to numpy.maximum and numpy.minimum is deprecated. For example, np.maximum(a, b, c) will emit a deprecation warning, since c is treated as the output buffer rather than a third input.

Always pass the output with the keyword form, e.g. np.maximum(a, b, out=c). This makes intent clear and simplifies type annotations.

(gh-29052)

align= must be passed as boolean to np.dtype()

... (truncated)

Changelog

Sourced from numpy's changelog.

Update 2.4.0 milestones

Look at the issues/prs with 2.4.0 milestones and either push them off to a later version, or maybe remove the milestone. You may need to add a milestone.

Check the numpy-release repo

The things to check are the cibuildwheel version in .github/workflows/wheels.yml and the openblas versions in openblas_requirements.txt.

Make a release PR

Four documents usually need to be updated or created for the release PR:

  • The changelog
  • The release notes
  • The .mailmap file
  • The pyproject.toml file

These changes should be made in an ordinary PR against the maintenance branch. Other small, miscellaneous fixes may be part of this PR. The commit message might be something like::

REL: Prepare for the NumPy 2.4.0 release

    

  • Create 2.4.0-changelog.rst.
    • 

  • Update 2.4.0-notes.rst.
    • 

  • Update .mailmap.
    • 

  • Update pyproject.toml

Set the release version

Check the pyproject.toml file and set the release version and update the classifier if needed::

$ gvim pyproject.toml

Check the doc/source/release.rst file

make sure that the release notes have an entry in the release.rst file::

... (truncated)

Commits

Updates ruamel-yaml from 0.18.16 to 0.18.17

Updates soupsieve from 2.8 to 2.8.1

Release notes

Sourced from soupsieve's releases.

2.8.1

  • FIX: Changes in tests to accommodate latest Python HTML parser changes.
Commits

Updates typer from 0.20.0 to 0.20.1

Release notes

Sourced from typer's releases.

0.20.1

Features

  • ✨ Add support for standard tracebacks via the env TYPER_STANDARD_TRACEBACK. PR #1299 by @​colin-nolan.

Fixes

  • 🐛 Ensure that options_metavar is passed through correctly. PR #816 by @​gar1t.
  • 🐛 Ensure an optional argument is shown in brackets, even when metavar is set. PR #1409 by @​svlandeg.
  • 🐛 Ensure that the default rich_markup_mode is interpreted correctly. PR #1304 by @​svlandeg.

Refactors

Docs

  • 📝 Ensure that bold letters are rendered correctly in printing.md. PR #1365 by @​svlandeg.
  • 🩺 Update test badge to only reflect pushes to master. PR #1414 by @​svlandeg.
  • 📝 Update console output on the Rich help formatting page. PR #1430 by @​svlandeg.
  • 📝 Update emoji used in Rich help formatting tutorial. PR #1429 by @​svlandeg.
  • 📝 Remove duplicate explanation how the path is resolved. PR #956 by @​dennis-rall.
  • 📝 Update docs to use Typer() more prominently. PR #1418 by @​svlandeg.
  • 💄 Use font 'Fira Code' to fix display of Rich panels in docs in Windows. PR #1419 by @​tiangolo.

Internal

... (truncated)

Changelog

Sourced from typer's changelog.

0.20.1

Features

  • ✨ Add support for standard tracebacks via the env TYPER_STANDARD_TRACEBACK. PR #1299 by @​colin-nolan.

Fixes

  • 🐛 Ensure that options_metavar is passed through correctly. PR #816 by @​gar1t.
  • 🐛 Ensure an optional argument is shown in brackets, even when metavar is set. PR #1409 by @​svlandeg.
  • 🐛 Ensure that the default rich_markup_mode is interpreted correctly. PR #1304 by @​svlandeg.

Refactors

Docs

  • 📝 Ensure that bold letters are rendered correctly in printing.md. PR #1365 by @​svlandeg.
  • 🩺 Update test badge to only reflect pushes to master. PR #1414 by @​svlandeg.
  • 📝 Update console output on the Rich help formatting page. PR #1430 by @​svlandeg.
  • 📝 Update emoji used in Rich help formatting tutorial. PR #1429 by @​svlandeg.
  • 📝 Remove duplicate explanation how the path is resolved. PR #956 by @​dennis-rall.
  • 📝 Update docs to use Typer() more prominently. PR #1418 by @​svlandeg.
  • 💄 Use font 'Fira Code' to fix display of Rich panels in docs in Windows. PR #1419 by @​tiangolo.

Internal

... (truncated)

Commits
  • e777d1d 🔖 Release version 0.20.1
  • 0cbd43f 📝 Update release notes
  • 10f23a4 🐛 Ensure that options_metavar is passed through correctly (#816)
  • f61933c 📝 Update release notes
  • 2cfdb99 🐛 Ensure an optional argument is shown in brackets, even when metavar is se...
  • bc43a7a 📝 Update release notes
  • fd4241f ♻️ Refactor the handling of shellingham (#1347)
  • b400735 📝 Update release notes
  • f0a432a 📝 Ensure that bold letters are rendered correctly in printing.md (#1365)
  • f654f9d 📝 Update release notes
  • Additional commits viewable in compare view

Updates uvicorn from 0.38.0 to 0.40.0

Release notes

Sourced from uvicorn's releases.

Version 0.40.0

What's Changed

Full Changelog: Kludex/uvicorn@0.39.0...0.40.0

Version 0.39.0

What's Changed

New Contributors

Full Changelog: Kludex/uvicorn@0.38.0...0.39.0

Changelog

Sourced from uvicorn's changelog.

0.40.0 (December 21, 2025)

Remove

  • Drop support for Python 3.9 (#2772)

0.39.0 (December 21, 2025)

Fixed

  • Send close frame on ASGI return for WebSockets (#2769)
  • Explicitly start ASGI run with empty context (#2742)
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): bump the minor-and-patch group with 12 updates
b95635f 
Bumps the minor-and-patch group with 12 updates:

| Package | From | To |
| --- | --- | --- |
| [pystac](https://github.com/stac-utils/pystac) | `1.14.1` | `1.14.2` |
| [furo](https://github.com/pradyunsg/furo) | `2025.9.25` | `2025.12.19` |
| [pre-commit](https://github.com/pre-commit/pre-commit) | `4.5.0` | `4.5.1` |
| [filelock](https://github.com/tox-dev/py-filelock) | `3.20.0` | `3.20.1` |
| [librt](https://github.com/mypyc/librt) | `0.7.3` | `0.7.4` |
| [marshmallow](https://github.com/marshmallow-code/marshmallow) | `4.1.1` | `4.1.2` |
| [nodeenv](https://github.com/ekalinin/nodeenv) | `1.9.1` | `1.10.0` |
| [numpy](https://github.com/numpy/numpy) | `2.3.5` | `2.4.0` |
| ruamel-yaml | `0.18.16` | `0.18.17` |
| [soupsieve](https://github.com/facelessuser/soupsieve) | `2.8` | `2.8.1` |
| [typer](https://github.com/fastapi/typer) | `0.20.0` | `0.20.1` |
| [uvicorn](https://github.com/Kludex/uvicorn) | `0.38.0` | `0.40.0` |


Updates `pystac` from 1.14.1 to 1.14.2
- [Release notes](https://github.com/stac-utils/pystac/releases)
- [Changelog](https://github.com/stac-utils/pystac/blob/main/CHANGELOG.md)
- [Commits](stac-utils/pystac@v1.14.1...v1.14.2)

Updates `furo` from 2025.9.25 to 2025.12.19
- [Release notes](https://github.com/pradyunsg/furo/releases)
- [Changelog](https://github.com/pradyunsg/furo/blob/main/docs/changelog.md)
- [Commits](pradyunsg/furo@2025.09.25...2025.12.19)

Updates `pre-commit` from 4.5.0 to 4.5.1
- [Release notes](https://github.com/pre-commit/pre-commit/releases)
- [Changelog](https://github.com/pre-commit/pre-commit/blob/main/CHANGELOG.md)
- [Commits](pre-commit/pre-commit@v4.5.0...v4.5.1)

Updates `filelock` from 3.20.0 to 3.20.1
- [Release notes](https://github.com/tox-dev/py-filelock/releases)
- [Changelog](https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst)
- [Commits](tox-dev/filelock@3.20.0...3.20.1)

Updates `librt` from 0.7.3 to 0.7.4
- [Commits](mypyc/librt@v0.7.3...v0.7.4)

Updates `marshmallow` from 4.1.1 to 4.1.2
- [Changelog](https://github.com/marshmallow-code/marshmallow/blob/dev/CHANGELOG.rst)
- [Commits](marshmallow-code/marshmallow@4.1.1...4.1.2)

Updates `nodeenv` from 1.9.1 to 1.10.0
- [Release notes](https://github.com/ekalinin/nodeenv/releases)
- [Changelog](https://github.com/ekalinin/nodeenv/blob/master/CHANGES)
- [Commits](ekalinin/nodeenv@1.9.1...1.10.0)

Updates `numpy` from 2.3.5 to 2.4.0
- [Release notes](https://github.com/numpy/numpy/releases)
- [Changelog](https://github.com/numpy/numpy/blob/main/doc/RELEASE_WALKTHROUGH.rst)
- [Commits](numpy/numpy@v2.3.5...v2.4.0)

Updates `ruamel-yaml` from 0.18.16 to 0.18.17

Updates `soupsieve` from 2.8 to 2.8.1
- [Release notes](https://github.com/facelessuser/soupsieve/releases)
- [Commits](facelessuser/soupsieve@2.8...2.8.1)

Updates `typer` from 0.20.0 to 0.20.1
- [Release notes](https://github.com/fastapi/typer/releases)
- [Changelog](https://github.com/fastapi/typer/blob/master/docs/release-notes.md)
- [Commits](fastapi/typer@0.20.0...0.20.1)

Updates `uvicorn` from 0.38.0 to 0.40.0
- [Release notes](https://github.com/Kludex/uvicorn/releases)
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md)
- [Commits](Kludex/uvicorn@0.38.0...0.40.0)

---
updated-dependencies:
- dependency-name: pystac
  dependency-version: 1.14.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: furo
  dependency-version: 2025.12.19
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: pre-commit
  dependency-version: 4.5.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: filelock
  dependency-version: 3.20.1
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: librt
  dependency-version: 0.7.4
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: marshmallow
  dependency-version: 4.1.2
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: nodeenv
  dependency-version: 1.10.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: numpy
  dependency-version: 2.4.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: ruamel-yaml
  dependency-version: 0.18.17
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: soupsieve
  dependency-version: 2.8.1
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: typer
  dependency-version: 0.20.1
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: uvicorn
  dependency-version: 0.40.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Dec 22, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant