Skip to content

Bump the pip group across 4 directories with 5 updates#6

Closed
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/pip/python/helpers/pydev/ci-requirements/pip-e862b0d187
Closed

Bump the pip group across 4 directories with 5 updates#6
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/pip/python/helpers/pydev/ci-requirements/pip-e862b0d187

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 24, 2026

Copy link
Copy Markdown

Bumps the pip group with 1 update in the /python/helpers/pydev/ci-requirements directory: pip.
Bumps the pip group with 2 updates in the /python/helpers/pydev/test-requirements directory: pytest and django.
Bumps the pip group with 1 update in the /python/helpers/typeshed directory: uv.
Bumps the pip group with 2 updates in the /python/testData/requirement/generation/baseFileUnchanged directory: django and cookiecutter.

Updates pip from 20.3.4 to 26.0.1

Changelog

Sourced from pip's changelog.

26.0.1 (2026-02-04)

Bug Fixes

  • Fix --pre not being respected from the command line when a requirement file includes an option e.g. -extra-index-url. ([#13788](https://github.com/pypa/pip/issues/13788) <https://github.com/pypa/pip/issues/13788>_)

26.0 (2026-01-30)

Deprecations and Removals

  • Remove support for non-bare project names in egg fragments. Affected users should use the Direct URL requirement syntax <https://packaging.python.org/en/latest/specifications/version-specifiers/#direct-references>. ([#13157](https://github.com/pypa/pip/issues/13157) <https://github.com/pypa/pip/issues/13157>)

Features

  • Display pip's command-line help in colour, if possible. ([#12134](https://github.com/pypa/pip/issues/12134) <https://github.com/pypa/pip/issues/12134>_)

  • Support installing dependencies declared with inline script metadata (:pep:723) with --requirements-from-script. ([#12891](https://github.com/pypa/pip/issues/12891) <https://github.com/pypa/pip/issues/12891>_)

  • Add --all-releases and --only-final options to control pre-release and final release selection during package installation. ([#13221](https://github.com/pypa/pip/issues/13221) <https://github.com/pypa/pip/issues/13221>_)

  • Add --uploaded-prior-to option to only consider packages uploaded prior to a given datetime when the upload-time field is available from a remote index. ([#13625](https://github.com/pypa/pip/issues/13625) <https://github.com/pypa/pip/issues/13625>_)

  • Add --use-feature inprocess-build-deps to request that build dependencies are installed within the same pip install process. This new mechanism is faster, supports --no-clean and --no-cache-dir reliably, and supports prompting for authentication.

    Enabling this feature will also enable --use-feature build-constraints. This feature will become the default in a future pip version. ([#9081](https://github.com/pypa/pip/issues/9081) <https://github.com/pypa/pip/issues/9081>_)

  • pip cache purge and pip cache remove now clean up empty directories and legacy files left by older pip versions. ([#9058](https://github.com/pypa/pip/issues/9058) <https://github.com/pypa/pip/issues/9058>_)

Bug Fixes

  • Fix selecting pre-release versions when only pre-releases match. For example, package>1.0 with versions 1.0, 2.0rc1 now installs 2.0rc1 instead of failing. ([#13746](https://github.com/pypa/pip/issues/13746) <https://github.com/pypa/pip/issues/13746>_)
  • Revisions in version control URLs now must be percent-encoded. For example, use git+https://example.com/repo.git@issue%231 to specify the branch issue#1. If you previously used a branch name containing a % character in a version control URL, you now need to replace it with %25 to ensure correct percent-encoding. ([#13407](https://github.com/pypa/pip/issues/13407) <https://github.com/pypa/pip/issues/13407>_)
  • Preserve original casing when a path is displayed. ([#6823](https://github.com/pypa/pip/issues/6823) <https://github.com/pypa/pip/issues/6823>_)
  • Fix bash completion when the $IFS variable has been modified from its default. ([#13555](https://github.com/pypa/pip/issues/13555) <https://github.com/pypa/pip/issues/13555>_)
  • Precompute Python requirements on each candidate, reducing time of long resolutions. ([#13656](https://github.com/pypa/pip/issues/13656) <https://github.com/pypa/pip/issues/13656>_)
  • Skip redundant work converting version objects to strings when using the

... (truncated)

Commits

Updates pytest from 4.6.11 to 9.0.3

Release notes

Sourced from pytest's releases.

9.0.3

pytest 9.0.3 (2026-04-07)

Bug fixes

  • #12444: Fixed pytest.approx which now correctly takes into account ~collections.abc.Mapping keys order to compare them.

  • #13634: Blocking a conftest.py file using the -p no: option is now explicitly disallowed.

    Previously this resulted in an internal assertion failure during plugin loading.

    Pytest now raises a clear UsageError explaining that conftest files are not plugins and cannot be disabled via -p.

  • #13734: Fixed crash when a test raises an exceptiongroup with __tracebackhide__ = True.

  • #14195: Fixed an issue where non-string messages passed to unittest.TestCase.subTest() were not printed.

  • #14343: Fixed use of insecure temporary directory (CVE-2025-71176).

Improved documentation

  • #13388: Clarified documentation for -p vs PYTEST_PLUGINS plugin loading and fixed an incorrect -p example.
  • #13731: Clarified that capture fixtures (e.g. capsys and capfd) take precedence over the -s / --capture=no command-line options in Accessing captured output from a test function <accessing-captured-output>.
  • #14088: Clarified that the default pytest_collection hook sets session.items before it calls pytest_collection_finish, not after.
  • #14255: TOML integer log levels must be quoted: Updating reference documentation.

Contributor-facing changes

  • #12689: The test reports are now published to Codecov from GitHub Actions. The test statistics is visible on the web interface.

    -- by aleguy02

9.0.2

pytest 9.0.2 (2025-12-06)

Bug fixes

  • #13896: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.

    You may enable it again by passing -p terminalprogress. We may enable it by default again once compatibility improves in the future.

    Additionally, when the environment variable TERM is dumb, the escape codes are no longer emitted, even if the plugin is enabled.

  • #13904: Fixed the TOML type of the tmp_path_retention_count settings in the API reference from number to string.

  • #13946: The private config.inicfg attribute was changed in a breaking manner in pytest 9.0.0. Due to its usage in the ecosystem, it is now restored to working order using a compatibility shim. It will be deprecated in pytest 9.1 and removed in pytest 10.

... (truncated)

Commits

Updates django from 1.11.29 to 4.2.30

Commits

Updates uv from 0.9.22 to 0.11.6

Release notes

Sourced from uv's releases.

0.11.6

Release Notes

Released on 2026-04-09.

This release resolves a low severity security advisory in which wheels with malformed RECORD entries could delete arbitrary files on uninstall. See GHSA-pjjw-68hj-v9mw for details.

Bug fixes

  • Do not remove files outside the venv on uninstall (#18942)
  • Validate and heal wheel RECORD during installation (#18943)
  • Avoid uv cache clean errors due to Win32 path normalization (#18856)

Install uv 0.11.6

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.6/uv-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.6/uv-installer.ps1 | iex"

Download uv 0.11.6

File Platform Checksum
uv-aarch64-apple-darwin.tar.gz Apple Silicon macOS checksum
uv-x86_64-apple-darwin.tar.gz Intel macOS checksum
uv-aarch64-pc-windows-msvc.zip ARM64 Windows checksum
uv-i686-pc-windows-msvc.zip x86 Windows checksum
uv-x86_64-pc-windows-msvc.zip x64 Windows checksum
uv-aarch64-unknown-linux-gnu.tar.gz ARM64 Linux checksum
uv-i686-unknown-linux-gnu.tar.gz x86 Linux checksum
uv-powerpc64le-unknown-linux-gnu.tar.gz PPC64LE Linux checksum
uv-riscv64gc-unknown-linux-gnu.tar.gz RISCV Linux checksum
uv-s390x-unknown-linux-gnu.tar.gz S390x Linux checksum
uv-x86_64-unknown-linux-gnu.tar.gz x64 Linux checksum
uv-armv7-unknown-linux-gnueabihf.tar.gz ARMv7 Linux checksum
uv-aarch64-unknown-linux-musl.tar.gz ARM64 MUSL Linux checksum
uv-i686-unknown-linux-musl.tar.gz x86 MUSL Linux checksum
uv-riscv64gc-unknown-linux-musl.tar.gz RISCV MUSL Linux checksum
uv-x86_64-unknown-linux-musl.tar.gz x64 MUSL Linux checksum
uv-arm-unknown-linux-musleabihf.tar.gz ARMv6 MUSL Linux (Hardfloat) checksum
uv-armv7-unknown-linux-musleabihf.tar.gz ARMv7 MUSL Linux checksum

... (truncated)

Changelog

Sourced from uv's changelog.

0.11.6

Released on 2026-04-09.

This release resolves a low severity security advisory in which wheels with malformed RECORD entries could delete arbitrary files on uninstall. See GHSA-pjjw-68hj-v9mw for details.

Bug fixes

  • Do not remove files outside the venv on uninstall (#18942)
  • Validate and heal wheel RECORD during installation (#18943)
  • Avoid uv cache clean errors due to Win32 path normalization (#18856)

0.11.5

Released on 2026-04-08.

Python

  • Add CPython 3.13.13, 3.14.4, and 3.15.0a8 (#18908)

Enhancements

  • Fix build_system.requires error message (#18911)
  • Remove trailing path separators in path normalization (#18915)
  • Improve error messages for unsupported or invalid TLS certificates (#18924)

Preview features

  • Add exclude-newer to [[tool.uv.index]] (#18839)
  • uv audit: add context/warnings for ignored vulnerabilities (#18905)

Bug fixes

  • Normalize persisted fork markers before lock equality checks (#18612)
  • Clear junction properly when uninstalling Python versions on Windows (#18815)
  • Report error cleanly instead of panicking on TLS certificate error (#18904)

Documentation

  • Remove the legacy PIP_COMPATIBILITY.md redirect file (#18928)
  • Fix uv init example-bare --bare examples (#18822, #18925)

0.11.4

Released on 2026-04-07.

Enhancements

  • Add support for --upgrade-group (#18266)
  • Merge repeated archive URL hashes by version ID (#18841)

... (truncated)

Commits

Updates django from 1.1.1 to 4.2.30

Commits

Updates cookiecutter from 1.7.0 to 2.1.1

Release notes

Sourced from cookiecutter's releases.

2.1.1

Documentation updates

Bugfixes

  • Sanitize Mercurial branch information before checkout. (#1689) @​ericof

This release is made by wonderful contributors:

@​alkatar21, @​ericof and @​jensens

2.1.0

Preamble

This release log lists all changes from 1.7.3 to this release. It includes the log of the 2.0.x releases, which were never published on PyPI. Because of that it might look a bit blurry.

We release the current stable state of the project, knowing there are a bunch of open pull requests. Those will be reviewed by the core-committers and merged or dropped.

Future releases will happen more frequently. Stay tuned.

Fetch fresh from PyPI https://pypi.org/project/cookiecutter/2.1.0/

Changes

Breaking Changes

Minor Changes

... (truncated)

Changelog

Sourced from cookiecutter's changelog.

2.1.1 (2022-06-01)

Documentation updates

Bugfixes

  • Sanitize Mercurial branch information before checkout. (#1689) @​ericof

This release is made by wonderfull contributors:

@​alkatar21, @​ericof and @​jensens

2.1.0 (2022-05-30)

Changes

CI/CD and QA changes

Documentation updates

Bugfixes

This release was made possible by our wonderful contributors:

@​doobrie, @​jensens, @​ericof, @​luzfcb

2.0.2 (2021-12-27)

Remark: This release never made it to official PyPI

... (truncated)

Commits
  • f9376a9 Prepare release 2.1.1
  • fdffddb Merge pull request #1689 from cookiecutter/sanitize-mercurial-checkout
  • 85a7884 Lint fixes
  • e26c465 Sanitize Mercurial branch information before checkout.
  • 94036d0 Merge pull request #1687 from cookiecutter/bump-version-back-to-dev
  • 70b2ee2 Merge pull request #1686 from alkatar21/patch-1
  • 8b33e96 Bump version to 2.1.1.dev0
  • 58d716f [Docs] Fix local extensions documentation
  • f601b71 Merge pull request #1684 from cookiecutter/bump-release-2.1.0
  • 96c6826 bump version and edit historie
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the pip group across 4 directories with 5 updates
d76ec55 
Bumps the pip group with 1 update in the /python/helpers/pydev/ci-requirements directory: [pip](https://github.com/pypa/pip).
Bumps the pip group with 2 updates in the /python/helpers/pydev/test-requirements directory: [pytest](https://github.com/pytest-dev/pytest) and [django](https://github.com/django/django).
Bumps the pip group with 1 update in the /python/helpers/typeshed directory: [uv](https://github.com/astral-sh/uv).
Bumps the pip group with 2 updates in the /python/testData/requirement/generation/baseFileUnchanged directory: [django](https://github.com/django/django) and [cookiecutter](https://github.com/cookiecutter/cookiecutter).


Updates `pip` from 20.3.4 to 26.0.1
- [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst)
- [Commits](pypa/pip@20.3.4...26.0.1)

Updates `pytest` from 4.6.11 to 9.0.3
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](pytest-dev/pytest@4.6.11...9.0.3)

Updates `django` from 1.11.29 to 4.2.30
- [Commits](django/django@1.11.29...4.2.30)

Updates `uv` from 0.9.22 to 0.11.6
- [Release notes](https://github.com/astral-sh/uv/releases)
- [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md)
- [Commits](astral-sh/uv@0.9.22...0.11.6)

Updates `django` from 1.1.1 to 4.2.30
- [Commits](django/django@1.11.29...4.2.30)

Updates `cookiecutter` from 1.7.0 to 2.1.1
- [Release notes](https://github.com/cookiecutter/cookiecutter/releases)
- [Changelog](https://github.com/cookiecutter/cookiecutter/blob/2.1.1/HISTORY.md)
- [Commits](cookiecutter/cookiecutter@1.7.0...2.1.1)

---
updated-dependencies:
- dependency-name: pip
  dependency-version: 26.0.1
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: pytest
  dependency-version: 9.0.3
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: django
  dependency-version: 4.2.30
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: uv
  dependency-version: 0.11.6
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: django
  dependency-version: 4.2.30
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: cookiecutter
  dependency-version: 2.1.1
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Apr 24, 2026
@dependabot dependabot Bot mentioned this pull request Apr 24, 2026
Closed
@dependabot @github

dependabot Bot commented on behalf of github May 6, 2026

Copy link
Copy Markdown
Author

Superseded by #7.

@dependabot dependabot Bot closed this May 6, 2026
@dependabot dependabot Bot deleted the dependabot/pip/python/helpers/pydev/ci-requirements/pip-e862b0d187 branch May 6, 2026 17:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants