Skip to content

build(deps): bump the pip group across 3 directories with 4 updates#303

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/pip/pip-1147473bbd
Open

build(deps): bump the pip group across 3 directories with 4 updates#303
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/pip/pip-1147473bbd

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 17, 2026

Bumps the pip group with 3 updates in the / directory: black, marshmallow and pymdown-extensions.
Bumps the pip group with 1 update in the /api directory: marshmallow.
Bumps the pip group with 2 updates in the /cli directory: marshmallow and urllib3.

Updates black from 24.10.0 to 26.3.1

Release notes

Sourced from black's releases.

26.3.1

Stable style

  • Prevent Jupyter notebook magic masking collisions from corrupting cells by using exact-length placeholders for short magics and aborting if a placeholder can no longer be unmasked safely (#5038)

Configuration

  • Always hash cache filename components derived from --python-cell-magics so custom magic names cannot affect cache paths (#5038)

Blackd

  • Disable browser-originated requests by default, add configurable origin allowlisting and request body limits, and bound executor submissions to improve backpressure (#5039)

26.3.0

Stable style

  • Don't double-decode input, causing non-UTF-8 files to be corrupted (#4964)
  • Fix crash on standalone comment in lambda default arguments (#4993)
  • Preserve parentheses when # type: ignore comments would be merged with other comments on the same line, preventing AST equivalence failures (#4888)

Preview style

  • Fix bug where if guards in case blocks were incorrectly split when the pattern had a trailing comma (#4884)
  • Fix string_processing crashing on unassigned long string literals with trailing commas (one-item tuples) (#4929)
  • Simplify implementation of the power operator "hugging" logic (#4918)

Packaging

  • Fix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in frozen environments (#4930)

Performance

  • Introduce winloop for windows as an alternative to uvloop (#4996)
  • Remove deprecated function uvloop.install() in favor of uvloop.new_event_loop() (#4996)
  • Rename maybe_install_uvloop function to maybe_use_uvloop to simplify loop installation and creation of either a uvloop/winloop evenloop or default eventloop (#4996)

Output

... (truncated)

Changelog

Sourced from black's changelog.

26.3.1

Stable style

  • Prevent Jupyter notebook magic masking collisions from corrupting cells by using exact-length placeholders for short magics and aborting if a placeholder can no longer be unmasked safely (#5038)

Configuration

  • Always hash cache filename components derived from --python-cell-magics so custom magic names cannot affect cache paths (#5038)

Blackd

  • Disable browser-originated requests by default, add configurable origin allowlisting and request body limits, and bound executor submissions to improve backpressure (#5039)

26.3.0

Stable style

  • Don't double-decode input, causing non-UTF-8 files to be corrupted (#4964)
  • Fix crash on standalone comment in lambda default arguments (#4993)
  • Preserve parentheses when # type: ignore comments would be merged with other comments on the same line, preventing AST equivalence failures (#4888)

Preview style

  • Fix bug where if guards in case blocks were incorrectly split when the pattern had a trailing comma (#4884)
  • Fix string_processing crashing on unassigned long string literals with trailing commas (one-item tuples) (#4929)
  • Simplify implementation of the power operator "hugging" logic (#4918)

Packaging

  • Fix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in frozen environments (#4930)

Performance

  • Introduce winloop for windows as an alternative to uvloop (#4996)
  • Remove deprecated function uvloop.install() in favor of uvloop.new_event_loop() (#4996)
  • Rename maybe_install_uvloop function to maybe_use_uvloop to simplify loop installation and creation of either a uvloop/winloop evenloop or default eventloop (#4996)

... (truncated)

Commits

Updates marshmallow from 3.23.2 to 3.26.2

Changelog

Sourced from marshmallow's changelog.

3.26.2 (2025-12-19)

Bug fixes:

  • :cve:2025-68480: Merge error store messages without rebuilding collections. Thanks 카푸치노 for reporting and :user:deckar01 for the fix.

3.26.1 (2025-02-03)

Bug fixes:

  • Typing: Fix type annotations for class Meta <marshmallow.Schema.Meta> options (:issue:2804). Thanks :user:lawrence-law for reporting.

Other changes:

  • Remove default value for the data param of Nested._deserialize <marshmallow.fields.Nested._deserialize> (:issue:2802). Thanks :user:gbenson for reporting.

3.26.0 (2025-01-22)

Features:

  • Typing: Add type annotations and improved documentation for class Meta <marshmallow.Schema.Meta> options (:pr:2760).
  • Typing: Improve type coverage of marshmallow.Schema.SchemaMeta (:pr:2761).
  • Typing: marshmallow.Schema.loads parameter allows bytes and bytesarray (:pr:2769).

Bug fixes:

  • Respect data_key when schema validators raise a ValidationError <marshmallow.exceptions.ValidationError> with a field_name argument (:issue:2170). Thanks :user:matejsp for reporting.
  • Correctly handle multiple @post_load <marshmallow.post_load> methods where one method appends to the data and another passes pass_original=True (:issue:1755). Thanks :user:ghostwheel42 for reporting.
  • URL fields now properly validate file paths (:issue:2249). Thanks :user:0xDEC0DE for reporting and fixing.

Documentation:

  • Add :doc:upgrading guides <upgrading> for 3.24 and 3.26 (:pr:2780).
  • Various documentation improvements (:pr:2757, :pr:2759, :pr:2765, :pr:2774, :pr:2778, :pr:2783, :pr:2796).

Deprecations:

  • The ordered class Meta <marshmallow.Schema.Meta> option is deprecated (:issue:2146, :pr:2762). Field order is already preserved by default. Set marshmallow.Schema.dict_class to collections.OrderedDict

... (truncated)

Commits
  • 1407d51 Merge pull request #2878 from marshmallow-code/3.x-mypy-unreachable
  • b2292f5 Fix mypy errors
  • 8acd211 Merge pull request #2877 from marshmallow-code/3.x-delint
  • b4bcb4a [pre-commit.ci] auto fixes from pre-commit.com hooks
  • b78af7a Delint
  • 2c4451e Merge commit from fork
  • 86d101a Bump version and update changelog
  • 489a8d4 Only deep copy error message collections
  • 6d4a17d Add test coverage for error message modification
  • 0356a3f Merge error store messages without rebuilding collections
  • Additional commits viewable in compare view

Updates pymdown-extensions from 10.12 to 10.16.1

Release notes

Sourced from pymdown-extensions's releases.

10.6.1

10.16.1

  • FIX: Inefficient regular expression pattern for figure caption numbers.

10.16

  • NEW: Add early support for Python 3.14.
  • NEW: Drop support for Python 3.8.
  • NEW: Snippets: Added max_retries and backoff_retries options to configure new retry logic for HTTP 429 errors (Too Many Requests client error).
  • NEW: Caption: Prefix templates are now preserved exactly as specified allowing the insertion of HTML tags if desired.
  • FIX: Caption: Fix issue where manual numbers in auto were not respected appropriately.

10.15.0

  • NEW: SuperFences: Add relaxed_headers option which can tolerate bad content in the fenced code header. When enabled, code blocks with bad content in the header will likely still convert into code blocks, often respecting the specified language.
  • NEW: Add type hints to the Blocks interface and a few additional files.
  • FIX: Blocks: Fix some corner cases of nested blocks with lists.
  • FIX: Tab and Tabbed: Fix a case where tabs could fail if combine_header_slug was enabled and there was no header.

10.14.3

  • FIX: Blocks: An empty, raw block type should not cause an error.

10.14.2

  • FIX: Blocks: Fix some corner cases with md_in_html.

10.14.1

  • FIX: MagicLink: Ensure that repo names that start with . are handled correctly.
  • FIX: FancyLists: Fix case were lists could be falsely created when a line started with . or ).

10.14

  • NEW: Blocks.HTML: Add new custom option to specify tags and the assumed handling for them when automatic mode is assumed. This can also be used to override the handling for recognized tags with automatic handling.
  • FIX: Fix tests to pass with Pygments 2.19+.

10.13

  • NEW: Snippets: Allow multiple line numbers or line number blocks separated by ,.
  • NEW: Snippets: Allow using a negative index for number start indexes and end indexes. Negative indexes are converted to positive indexes based on the number of lines in the snippet.
  • FIX: Snippets: Properly capture empty newline at end of file.
  • FIX: Snippets: Fix issue where when non sections of files are included, section labels are not stripped.

... (truncated)

Commits

Updates marshmallow from 3.26.1 to 3.26.2

Changelog

Sourced from marshmallow's changelog.

3.26.2 (2025-12-19)

Bug fixes:

  • :cve:2025-68480: Merge error store messages without rebuilding collections. Thanks 카푸치노 for reporting and :user:deckar01 for the fix.

3.26.1 (2025-02-03)

Bug fixes:

  • Typing: Fix type annotations for class Meta <marshmallow.Schema.Meta> options (:issue:2804). Thanks :user:lawrence-law for reporting.

Other changes:

  • Remove default value for the data param of Nested._deserialize <marshmallow.fields.Nested._deserialize> (:issue:2802). Thanks :user:gbenson for reporting.

3.26.0 (2025-01-22)

Features:

  • Typing: Add type annotations and improved documentation for class Meta <marshmallow.Schema.Meta> options (:pr:2760).
  • Typing: Improve type coverage of marshmallow.Schema.SchemaMeta (:pr:2761).
  • Typing: marshmallow.Schema.loads parameter allows bytes and bytesarray (:pr:2769).

Bug fixes:

  • Respect data_key when schema validators raise a ValidationError <marshmallow.exceptions.ValidationError> with a field_name argument (:issue:2170). Thanks :user:matejsp for reporting.
  • Correctly handle multiple @post_load <marshmallow.post_load> methods where one method appends to the data and another passes pass_original=True (:issue:1755). Thanks :user:ghostwheel42 for reporting.
  • URL fields now properly validate file paths (:issue:2249). Thanks :user:0xDEC0DE for reporting and fixing.

Documentation:

  • Add :doc:upgrading guides <upgrading> for 3.24 and 3.26 (:pr:2780).
  • Various documentation improvements (:pr:2757, :pr:2759, :pr:2765, :pr:2774, :pr:2778, :pr:2783, :pr:2796).

Deprecations:

  • The ordered class Meta <marshmallow.Schema.Meta> option is deprecated (:issue:2146, :pr:2762). Field order is already preserved by default. Set marshmallow.Schema.dict_class to collections.OrderedDict

... (truncated)

Commits
  • 1407d51 Merge pull request #2878 from marshmallow-code/3.x-mypy-unreachable
  • b2292f5 Fix mypy errors
  • 8acd211 Merge pull request #2877 from marshmallow-code/3.x-delint
  • b4bcb4a [pre-commit.ci] auto fixes from pre-commit.com hooks
  • b78af7a Delint
  • 2c4451e Merge commit from fork
  • 86d101a Bump version and update changelog
  • 489a8d4 Only deep copy error message collections
  • 6d4a17d Add test coverage for error message modification
  • 0356a3f Merge error store messages without rebuilding collections
  • Additional commits viewable in compare view

Updates marshmallow from 3.26.1 to 3.26.2

Changelog

Sourced from marshmallow's changelog.

3.26.2 (2025-12-19)

Bug fixes:

  • :cve:2025-68480: Merge error store messages without rebuilding collections. Thanks 카푸치노 for reporting and :user:deckar01 for the fix.

3.26.1 (2025-02-03)

Bug fixes:

  • Typing: Fix type annotations for class Meta <marshmallow.Schema.Meta> options (:issue:2804). Thanks :user:lawrence-law for reporting.

Other changes:

  • Remove default value for the data param of Nested._deserialize <marshmallow.fields.Nested._deserialize> (:issue:2802). Thanks :user:gbenson for reporting.

3.26.0 (2025-01-22)

Features:

  • Typing: Add type annotations and improved documentation for class Meta <marshmallow.Schema.Meta> options (:pr:2760).
  • Typing: Improve type coverage of marshmallow.Schema.SchemaMeta (:pr:2761).
  • Typing: marshmallow.Schema.loads parameter allows bytes and bytesarray (:pr:2769).

Bug fixes:

  • Respect data_key when schema validators raise a ValidationError <marshmallow.exceptions.ValidationError> with a field_name argument (:issue:2170). Thanks :user:matejsp for reporting.
  • Correctly handle multiple @post_load <marshmallow.post_load> methods where one method appends to the data and another passes pass_original=True (:issue:1755). Thanks :user:ghostwheel42 for reporting.
  • URL fields now properly validate file paths (:issue:2249). Thanks :user:0xDEC0DE for reporting and fixing.

Documentation:

  • Add :doc:upgrading guides <upgrading> for 3.24 and 3.26 (:pr:2780).
  • Various documentation improvements (:pr:2757, :pr:2759, :pr:2765, :pr:2774, :pr:2778, :pr:2783, :pr:2796).

Deprecations:

  • The ordered class Meta <marshmallow.Schema.Meta> option is deprecated (:issue:2146, :pr:2762). Field order is already preserved by default. Set marshmallow.Schema.dict_class to collections.OrderedDict

... (truncated)

Commits
  • 1407d51 Merge pull request #2878 from marshmallow-code/3.x-mypy-unreachable
  • b2292f5 Fix mypy errors
  • 8acd211 Merge pull request #2877 from marshmallow-code/3.x-delint
  • b4bcb4a [pre-commit.ci] auto fixes from pre-commit.com hooks
  • b78af7a Delint
  • 2c4451e Merge commit from fork
  • 86d101a Bump version and update changelog
  • 489a8d4 Only deep copy error message collections
  • 6d4a17d Add test coverage for error message modification
  • 0356a3f Merge error store messages without rebuilding collections
  • Additional commits viewable in compare view

Updates urllib3 from 2.6.2 to 2.6.3

Release notes

Sourced from urllib3's releases.

2.6.3

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Changes

Changelog

Sourced from urllib3's changelog.

2.6.3 (2026-01-07)

  • Fixed a high-severity security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (GHSA-38jv-5279-wg99 <https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99>__)
  • Started treating Retry-After times greater than 6 hours as 6 hours by default. ([#3743](https://github.com/urllib3/urllib3/issues/3743) <https://github.com/urllib3/urllib3/issues/3743>__)
  • Fixed urllib3.connection.VerifiedHTTPSConnection on Emscripten. ([#3752](https://github.com/urllib3/urllib3/issues/3752) <https://github.com/urllib3/urllib3/issues/3752>__)
Commits
  • 0248277 Release 2.6.3
  • 8864ac4 Merge commit from fork
  • 70cecb2 Fix Scorecard issues related to vulnerable dev dependencies (#3755)
  • 41f249a Move "v2.0 Migration Guide" to the end of the table of contents (#3747)
  • fd4dffd Patch VerifiedHTTPSConnection for Emscripten (#3752)
  • 13f0bfd Handle massive values in Retry-After when calculating time to sleep for (#3743)
  • 8c480bf Bump actions/upload-artifact from 5.0.0 to 6.0.0 (#3748)
  • 4b40616 Bump actions/cache from 4.3.0 to 5.0.1 (#3750)
  • 82b8479 Bump actions/download-artifact from 6.0.0 to 7.0.0 (#3749)
  • 34284cb Mention experimental features in the security policy (#3746)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
build(deps): bump the pip group across 3 directories with 4 updates
ee7109e 
Bumps the pip group with 3 updates in the / directory: [black](https://github.com/psf/black), [marshmallow](https://github.com/marshmallow-code/marshmallow) and [pymdown-extensions](https://github.com/facelessuser/pymdown-extensions).
Bumps the pip group with 1 update in the /api directory: [marshmallow](https://github.com/marshmallow-code/marshmallow).
Bumps the pip group with 2 updates in the /cli directory: [marshmallow](https://github.com/marshmallow-code/marshmallow) and [urllib3](https://github.com/urllib3/urllib3).


Updates `black` from 24.10.0 to 26.3.1
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](psf/black@24.10.0...26.3.1)

Updates `marshmallow` from 3.23.2 to 3.26.2
- [Changelog](https://github.com/marshmallow-code/marshmallow/blob/dev/CHANGELOG.rst)
- [Commits](marshmallow-code/marshmallow@3.23.2...3.26.2)

Updates `pymdown-extensions` from 10.12 to 10.16.1
- [Release notes](https://github.com/facelessuser/pymdown-extensions/releases)
- [Commits](facelessuser/pymdown-extensions@10.12...10.16.1)

Updates `marshmallow` from 3.26.1 to 3.26.2
- [Changelog](https://github.com/marshmallow-code/marshmallow/blob/dev/CHANGELOG.rst)
- [Commits](marshmallow-code/marshmallow@3.23.2...3.26.2)

Updates `marshmallow` from 3.26.1 to 3.26.2
- [Changelog](https://github.com/marshmallow-code/marshmallow/blob/dev/CHANGELOG.rst)
- [Commits](marshmallow-code/marshmallow@3.23.2...3.26.2)

Updates `urllib3` from 2.6.2 to 2.6.3
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.6.2...2.6.3)

---
updated-dependencies:
- dependency-name: black
  dependency-version: 26.3.1
  dependency-type: direct:development
  dependency-group: pip
- dependency-name: marshmallow
  dependency-version: 3.26.2
  dependency-type: indirect
  dependency-group: pip
- dependency-name: pymdown-extensions
  dependency-version: 10.16.1
  dependency-type: indirect
  dependency-group: pip
- dependency-name: marshmallow
  dependency-version: 3.26.2
  dependency-type: indirect
  dependency-group: pip
- dependency-name: marshmallow
  dependency-version: 3.26.2
  dependency-type: indirect
  dependency-group: pip
- dependency-name: urllib3
  dependency-version: 2.6.3
  dependency-type: indirect
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Mar 17, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants