Skip to content

Bump the python-minor group across 1 directory with 7 updates#13

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/pip/python-minor-2f7d8d1eaf
Open

Bump the python-minor group across 1 directory with 7 updates#13
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/pip/python-minor-2f7d8d1eaf

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Apr 22, 2026

Updates the requirements on rich, ruff, pydantic, idna, lxml, pydantic-core and psutil to permit the latest version.
Updates rich from 13.9.4 to 15.0.0

Release notes

Sourced from rich's releases.

The So Long 3.8 Release

A few fixes. The major version bump is to honor the passing of 3.8 support which reached its EOL in October 7, 2024

[15.0.0] - 2026-04-12

Changed

  • Breaking change: Dropped support for Python3.8

Fixed

The Faster Startup Release

No new features in this release, but there should be improved startup time for Rich apps, and potentially improved runtime if you have a lot of links.

[14.3.4] - 2026-04-11

Changed

The infinite Release

Fixed a infinite loop in split_graphemes

[14.3.3] - 2026-02-19

Fixed

The ZWJy release

A fix for cell_len edge cases

[14.3.2] - 2026-02-01

Fixed

The Nerdy Fix release

Fixed issue with characters outside of unicode range reporting 0 cell size

[14.3.1] - 2026-01-24

... (truncated)

Changelog

Sourced from rich's changelog.

[15.0.0] - 2026-04-12

Changed

  • Breaking change: Dropped support for Python3.8

Fixed

[14.3.4] - 2026-04-11

Changed

[14.3.3] - 2026-02-19

Fixed

[14.3.2] - 2026-02-01

Fixed

[14.3.1] - 2026-01-24

Fixed

[14.3.0] - 2026-01-24

Fixed

Added

... (truncated)

Commits

Updates ruff from 0.15.10 to 0.15.11

Release notes

Sourced from ruff's releases.

0.15.11

Release Notes

Released on 2026-04-16.

Preview features

  • [ruff] Ignore RUF029 when function is decorated with asynccontextmanager (#24642)
  • [airflow] Implement airflow-xcom-pull-in-template-string (AIR201) (#23583)
  • [flake8-bandit] Fix S103 false positives and negatives in mask analysis (#24424)

Bug fixes

  • [flake8-async] Omit overridden methods for ASYNC109 (#24648)

Documentation

  • [flake8-async] Add override mention to ASYNC109 docs (#24666)
  • Update Neovim config examples to use vim.lsp.config (#24577)

Contributors

Install ruff 0.15.11

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ruff/releases/download/0.15.11/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/ruff/releases/download/0.15.11/ruff-installer.ps1 | iex"

Download ruff 0.15.11

File Platform Checksum
ruff-aarch64-apple-darwin.tar.gz Apple Silicon macOS checksum
ruff-x86_64-apple-darwin.tar.gz Intel macOS checksum
ruff-aarch64-pc-windows-msvc.zip ARM64 Windows checksum
ruff-i686-pc-windows-msvc.zip x86 Windows checksum

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.11

Released on 2026-04-16.

Preview features

  • [ruff] Ignore RUF029 when function is decorated with asynccontextmanager (#24642)
  • [airflow] Implement airflow-xcom-pull-in-template-string (AIR201) (#23583)
  • [flake8-bandit] Fix S103 false positives and negatives in mask analysis (#24424)

Bug fixes

  • [flake8-async] Omit overridden methods for ASYNC109 (#24648)

Documentation

  • [flake8-async] Add override mention to ASYNC109 docs (#24666)
  • Update Neovim config examples to use vim.lsp.config (#24577)

Contributors

Commits

Updates pydantic from 2.13.0 to 2.13.3

Release notes

Sourced from pydantic's releases.

v2.13.3 2026-04-20

v2.13.3 (2026-04-20)

What's Changed

Fixes

Full Changelog: pydantic/pydantic@v2.13.2...v2.13.3

v2.13.2 2026-04-17

v2.13.2 (2026-04-17)

What's Changed

Fixes

  • Fix ValidationInfo.field_name missing with model_validate_json() by @​Viicos in #13084

Full Changelog: pydantic/pydantic@v2.13.1...v2.13.2

v2.13.1 2026-04-15

v2.13.1 (2026-04-15)

What's Changed

Fixes

Full Changelog: pydantic/pydantic@v2.13.0...v2.13.1

Changelog

Sourced from pydantic's changelog.

v2.13.3 (2026-04-20)

GitHub release

What's Changed

Fixes

v2.13.2 (2026-04-17)

GitHub release

What's Changed

Fixes

  • Fix ValidationInfo.field_name missing with model_validate_json() by @​Viicos in #13084

v2.13.1 (2026-04-15)

GitHub release

What's Changed

Fixes

Commits
  • 9e9a111 Fix backported test
  • 1ec8c6a Prepare release v2.13.3
  • fb4f204 Handle AttributeError subclasses with from_attributes
  • ca3ddd1 Prepare release v2.13.2
  • 000e823 Fix ValidationInfo.field_name missing with model_validate_json()
  • d45d8be Prepare release 2.13.1
  • 54aca60 Fix ValidationInfo.data missing with model_validate_json()
  • See full diff in compare view

Updates idna from 3.11 to 3.12

Changelog

Sourced from idna's changelog.

3.12 (2026-04-21) +++++++++++++++++

  • Update to Unicode 17.0.0.
  • Issue a deprecation warning for the transitional argument.
  • Added lazy-loading to provide some performance improvements.
  • Removed vestiges of code related to Python 2 support, including segmentation of data structures specific to Jython.

Thanks to Rodrigo Nogueira for contributions to this release.

Commits
  • d80d6f9 Release v3.12
  • 1bb44dd Merge pull request #218 from kjd/release-candidate-3.12rc0
  • 909c49d Release candidate for 3.12
  • c5459a1 Merge pull request #217 from kjd/housekeeping-2
  • f1ab8f6 Add tests for transitional deprecation warning
  • 94bcdc3 Add deprecation warning for transitional argument
  • 199b7ca Code quality and CI housekeeping
  • a5fcbef Merge pull request #216 from kjd/unicode-17-bis
  • 80915cf Fix ruff format compliance in generated idnadata.py
  • 007bcb6 Update to Unicode 17.0.0
  • Additional commits viewable in compare view

Updates lxml from 6.0.4 to 6.1.0

Changelog

Sourced from lxml's changelog.

6.1.0 (2026-04-17)

This release fixes a possible external entity injection (XXE) vulnerability in iterparse() and the ETCompatXMLParser.

Features added

  • GH#486: The HTML ARIA accessibility attributes were added to the set of safe attributes in lxml.html.defs. This allows lxml_html_clean to pass them through. Patch by oomsveta.

  • The default chunk size for reading from file-likes in iterparse() is now configurable with a new chunk_size argument.

Bugs fixed

  • LP#2146291: The resolve_entities option was still set to True for iterparse and ETCompatXMLParser, allowing for external entity injection (XXE) when using these parsers without setting this option explicitly. The default was now changed to 'internal' only (as for the normal XML and HTML parsers since lxml 5.0). Issue found by Sihao Qiu as CVE-2026-41066.
Commits
  • 43722f4 Update changelog.
  • 8747040 Name version of option change in docstring.
  • 6c36e6c Fix pypistats URL in download statistics script.
  • c7d76d6 Change security policy to point to Github security advisories.
  • 378ccf8 Update project income report.
  • 315270b Docs: Reduce TOC depth of package pages and move module contents first.
  • 6dbba7f Docs: Show current year in copyright line.
  • e4385bf Update project income report.
  • 5bed1e1 Validate file hashes in release download script.
  • c13ee10 Prepare release of 6.1.0.
  • Additional commits viewable in compare view

Updates pydantic-core from 2.46.0 to 2.46.3

Commits

Updates psutil to 7.2.2

Changelog

Sourced from psutil's changelog.

7.2.2 — 2026-01-28 ^^^^^^^^^^^^^^^^^^

Enhancements

  • :gh:2705: [Linux]: :meth:Process.wait now uses pidfd_open() + poll() (no busy loop). Requires Linux >= 5.3 and Python >= 3.9.
  • :gh:2705: [macOS], [BSD]: :meth:Process.wait now uses kqueue() (no busy loop).

Bug fixes

  • :gh:2701, [macOS]: fix compilation error on macOS < 10.7. (patch by Sergey Fedorov)
  • :gh:2707, [macOS]: fix potential memory leaks in error paths of :meth:Process.memory_full_info and :meth:Process.threads.
  • :gh:2708, [macOS]: :meth:Process.cmdline and :meth:Process.environ may fail with OSError: [Errno 0] Undefined error (from sysctl(KERN_PROCARGS2)). They now raise :exc:AccessDenied instead.

7.2.1 — 2025-12-29 ^^^^^^^^^^^^^^^^^^

Bug fixes

  • :gh:2699, [FreeBSD], [NetBSD]: :func:heap_info does not detect small allocations (<= 1K). In order to fix that, we now flush internal jemalloc cache before fetching the metrics.

7.2.0 — 2025-12-23 ^^^^^^^^^^^^^^^^^^

Enhancements

  • :gh:1275: new :func:heap_info and :func:heap_trim functions, providing direct access to the platform's native C heap allocator (glibc, mimalloc, libmalloc). Useful to create tools to detect memory leaks.
  • :gh:2403, [Linux]: publish wheels for Linux musl.
  • :gh:2680: unit tests are no longer installed / part of the distribution. They now live under tests/ instead of psutil/tests.

Bug fixes

  • :gh:2684, [FreeBSD], [critical]: compilation fails on FreeBSD 14 due to missing include.
  • :gh:2691, [Windows]: fix memory leak in :func:net_if_stats due to missing Py_CLEAR.

Compatibility notes

... (truncated)

Commits
  • 9eea97d Pre-release
  • 938ac64 Rm sphinxcontrib.googleanalytics; override layout.html
  • 9dcbb7e Add sphinxcontrib-googleanalytics to requirements.txt
  • 76eaf9a Try to add google analytics to doc
  • de1cafa Update doc mentioning Process.wait() internal details
  • bb30943 Refact can_use_pidfd_open() and can_use_kqueue()
  • a571717 #2708, macos / cmdline / environ; raise AD instead of OSError(0) (#2709)
  • 8b98c3e Pre-release
  • 700b7e6 [macOS] fix potential leaks in error paths (#2707)
  • 7cc7923 Windows / cmdline(): be more defensive in free()ing in case of error
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the python-minor group across 1 directory with 7 updates
c8e864c 
Updates the requirements on [rich](https://github.com/Textualize/rich), [ruff](https://github.com/astral-sh/ruff), [pydantic](https://github.com/pydantic/pydantic), [idna](https://github.com/kjd/idna), [lxml](https://github.com/lxml/lxml), [pydantic-core](https://github.com/pydantic/pydantic) and [psutil](https://github.com/giampaolo/psutil) to permit the latest version.

Updates `rich` from 13.9.4 to 15.0.0
- [Release notes](https://github.com/Textualize/rich/releases)
- [Changelog](https://github.com/Textualize/rich/blob/master/CHANGELOG.md)
- [Commits](Textualize/rich@v13.9.4...v15.0.0)

Updates `ruff` from 0.15.10 to 0.15.11
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.10...0.15.11)

Updates `pydantic` from 2.13.0 to 2.13.3
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)
- [Commits](pydantic/pydantic@v2.13.0...v2.13.3)

Updates `idna` from 3.11 to 3.12
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst)
- [Commits](kjd/idna@v3.11...v3.12)

Updates `lxml` from 6.0.4 to 6.1.0
- [Release notes](https://github.com/lxml/lxml/releases)
- [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt)
- [Commits](lxml/lxml@lxml-6.0.4...lxml-6.1.0)

Updates `pydantic-core` from 2.46.0 to 2.46.3
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)
- [Commits](https://github.com/pydantic/pydantic/commits)

Updates `psutil` to 7.2.2
- [Changelog](https://github.com/giampaolo/psutil/blob/master/docs/changelog.rst)
- [Commits](giampaolo/psutil@v5.9.0...v7.2.2)

---
updated-dependencies:
- dependency-name: rich
  dependency-version: 15.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: python-minor
- dependency-name: ruff
  dependency-version: 0.15.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-minor
- dependency-name: pydantic
  dependency-version: 2.13.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-minor
- dependency-name: idna
  dependency-version: '3.12'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor
- dependency-name: lxml
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor
- dependency-name: pydantic-core
  dependency-version: 2.46.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-minor
- dependency-name: psutil
  dependency-version: 7.2.2
  dependency-type: direct:production
  dependency-group: python-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Apr 22, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants