Bump the allpip group across 1 directory with 19 updates

[dependabot]

Bumps the allpip group with 19 updates in the / directory:

Package	From	To
fastapi	0.124.0	0.128.0
uvicorn	0.38.0	0.40.0
sqlalchemy	2.0.44	2.0.45
sqlalchemy-utils	0.42.0	0.42.1
authlib	1.6.5	1.6.6
aiosqlite	0.21.0	0.22.1
python-multipart	0.0.20	0.0.21
vcrpy	8.1.0	8.1.1
urllib3	2.6.1	2.6.2
coverage	7.13.0	7.13.1
ruff	0.14.8	0.14.10
pre-commit	4.5.0	4.5.1
certifi	2025.11.12	2026.1.4
filelock	3.20.1	3.20.2
jaraco-context	6.0.1	6.0.2
jaraco-functools	4.3.0	4.4.0
json5	0.12.1	0.13.0
nodeenv	1.9.1	1.10.0
pbs-installer	2025.12.5	2025.12.17

Updates fastapi from 0.124.0 to 0.128.0

Release notes

Sourced from fastapi's releases.

0.128.0

Breaking Changes

• ➖ Drop support for pydantic.v1. PR #14609 by @​tiangolo.

Internal

• ✅ Run performance tests only on Pydantic v2. PR #14608 by @​tiangolo.

0.127.1

Refactors

• 🔊 Add a custom FastAPIDeprecationWarning. PR #14605 by @​tiangolo.

Docs

• 📝 Add documentary to website. PR #14600 by @​tiangolo.

Translations

• 🌐 Update translations for de (update-outdated). PR #14602 by @​nilslindemann.
• 🌐 Update translations for de (update-outdated). PR #14581 by @​nilslindemann.

Internal

• 🔧 Update pre-commit to use local Ruff instead of hook. PR #14604 by @​tiangolo.
• ✅ Add missing tests for code examples. PR #14569 by @​YuriiMotov.
• 👷 Remove lint job from test CI workflow. PR #14593 by @​YuriiMotov.
• 👷 Update secrets check. PR #14592 by @​tiangolo.
• 👷 Run CodSpeed tests in parallel to other tests to speed up CI. PR #14586 by @​tiangolo.
• 🔨 Update scripts and pre-commit to autofix files. PR #14585 by @​tiangolo.

0.127.0

Breaking Changes

• 🔊 Add deprecation warnings when using pydantic.v1. PR #14583 by @​tiangolo.

Translations

• 🔧 Add LLM prompt file for Korean, generated from the existing translations. PR #14546 by @​tiangolo.
• 🔧 Add LLM prompt file for Japanese, generated from the existing translations. PR #14545 by @​tiangolo.

Internal

• ⬆️ Upgrade OpenAI model for translations to gpt-5.2. PR #14579 by @​tiangolo.

0.126.0

Upgrades

• ➖ Drop support for Pydantic v1, keeping short temporary support for Pydantic v2's pydantic.v1. PR #14575 by @​tiangolo.

... (truncated)

Commits

• 8322a44 🔖 Release version 0.128.0
• 4b2cfcf 📝 Update release notes
• e300630 ➖ Drop support for pydantic.v1 (#14609)
• 1b3bea8 📝 Update release notes
• 34e8841 ✅ Run performance tests only on Pydantic v2 (#14608)
• cd90c78 🔖 Release version 0.127.1
• 93f4dfd 📝 Update release notes
• 535b5da 🔊 Add a custom FastAPIDeprecationWarning (#14605)
• 6b53786 📝 Update release notes
• d98f4eb 🔧 Update pre-commit to use local Ruff instead of hook (#14604)
• Additional commits viewable in compare view

Updates uvicorn from 0.38.0 to 0.40.0

Release notes

Sourced from uvicorn's releases.

Version 0.40.0

What's Changed

• Drop Python 3.9 by @​Kludex in Kludex/uvicorn#2772

Full Changelog: Kludex/uvicorn@0.39.0...0.40.0

Version 0.39.0

What's Changed

• explicitly start ASGI run with empty context by @​pmeier in Kludex/uvicorn#2742
• fix(websockets): Send close frame on ASGI return by @​Kludex in Kludex/uvicorn#2769

New Contributors

• @​pmeier made their first contribution in Kludex/uvicorn#2742

Full Changelog: Kludex/uvicorn@0.38.0...0.39.0

Changelog

Sourced from uvicorn's changelog.

0.40.0 (December 21, 2025)

Remove

• Drop support for Python 3.9 (#2772)

0.39.0 (December 21, 2025)

Fixed

• Send close frame on ASGI return for WebSockets (#2769)
• Explicitly start ASGI run with empty context (#2742)

Commits

• 9ff6004 Version 0.40.0 (#2773)
• 19df042 Drop Python 3.9 (#2772)
• 865ce7c Run strict mypy on test suite (#2771)
• 4f40b84 Version 0.39.0 (#2770)
• 5692dfc fix(websockets): Send close frame on ASGI return (#2769)
• 4194764 chore(deps): bump the github-actions group with 2 updates (#2763)
• d94bf28 explicitly start ASGI run with empty context (#2742)
• 8ae0bcb chore(deps): bump the github-actions group with 2 updates (#2748)
• 4744ff9 Add groups configuration for GitHub Actions (#2747)
• 0391372 chore(deps): bump astral-sh/setup-uv from 6.8.0 to 7.1.2 (#2746)
• Additional commits viewable in compare view

Updates sqlalchemy from 2.0.44 to 2.0.45

Release notes

Sourced from sqlalchemy's releases.

2.0.45

Released: December 9, 2025

orm

• [orm] [bug] Fixed issue where calling Mapper.add_property() within mapper event hooks such as MapperEvents.instrument_class(), MapperEvents.after_mapper_constructed(), or MapperEvents.before_mapper_configured() would raise an AttributeError because the mapper's internal property collections were not yet initialized. The Mapper.add_property() method now handles early-stage property additions correctly, allowing properties including column properties, deferred columns, and relationships to be added during mapper initialization events. Pull request courtesy G Allajmi.

  References: #12858

• [orm] [bug] Fixed issue in Python 3.14 where dataclass transformation would fail when a mapped class using MappedAsDataclass included a relationship() referencing a class that was not available at runtime (e.g., within a TYPE_CHECKING block). This occurred when using Python 3.14's PEP 649 deferred annotations feature, which is the default behavior without a from __future__ import annotations directive.

  References: #12952

examples

• [examples] [bug] Fixed the "short_selects" performance example where the cache was being used in all the examples, making it impossible to compare performance with and without the cache. Less important comparisons like "lambdas" and "baked queries" have been removed.

sql

• [sql] [bug] Some improvements to the _sql.ClauseElement.params() method to replace bound parameters in a query were made, however the ultimate issue in #12915 involving ORM _orm.aliased() cannot be fixed fully until 2.1, where the method is being rewritten to work without relying on Core cloned traversal.

  References: #12915

• [sql] [bug] Fixed issue where using the ColumnOperators.in_() operator with a nested CompoundSelect statement (e.g. an INTERSECT of UNION queries) would raise a NotImplementedError when the

... (truncated)

Commits

• See full diff in compare view

Updates sqlalchemy-utils from 0.42.0 to 0.42.1

Release notes

Sourced from sqlalchemy-utils's releases.

0.42.1

• Fix AttributeError with Sequence defaults in instant_defaults_listener by @​wadinj in kvesteri/sqlalchemy-utils#793

Changelog

Sourced from sqlalchemy-utils's changelog.

0.42.1 (2025-12-12) ^^^^^^^^^^^^^^^^^^^

• Fix AttributeError with Sequence defaults in instant_defaults_listener (#793)

Commits

• ed0cc46 Bump version to 0.42.1
• 11cf519 Bump urllib3 from 2.5.0 to 2.6.0 in /requirements/docs
• 881fed4 Merge pull request #797 from kvesteri/dependabot/github_actions/github-action...
• 81a5f82 Bump actions/checkout from 5 to 6 in the github-actions group
• e8b12f8 Merge pull request #794 from kvesteri/dependabot/github_actions/github-action...
• 19570dc Bump actions/setup-python from 5 to 6 in the github-actions group
• 4a7d764 Fix AttributeError with Sequence defaults in instant_defaults_listener (#...
• 9645938 Fix AttributeError with Sequence defaults in instant_defaults_listener
• e4b9f72 Merge pull request #792 from kvesteri/dependabot/github_actions/github-action...
• 755064d Bump actions/checkout from 4 to 5 in the github-actions group
• Additional commits viewable in compare view

Updates authlib from 1.6.5 to 1.6.6

Changelog

Sourced from authlib's changelog.

Version 1.6.6

Released on Dec 12, 2025

• get_jwt_config takes a client parameter, :pr:844.
• Fix incorrect signature when Content-Type is x-www-form-urlencoded for OAuth 1.0 Client, :pr:778.
• Use expires_in in OAuth2Token when expires_at is unparsable, :pr:842.
• Always track state in session for OAuth client integrations.

Commits

• bb7a315 chore: release 1.6.6
• 0a423d4 Merge pull request #844 from azmeuk/806-get-jwt-config-client
• 2808378 Merge commit from fork
• 714502a feat: get_jwt_config takes a client parameter
• 260d04e Fix: Use expires_in when expires_at is unparsable
• eb37124 Merge pull request #778 from shc261392/fix-httpx-oauth1-form-data-incorrect-s...
• 0ba9ec4 docs: fix guide on requests self signed certificate
• a2e9943 docs: indicate that #743 needs a migration
• 06015d2 test: factorize the token fixture
• See full diff in compare view

Updates aiosqlite from 0.21.0 to 0.22.1

Changelog

Sourced from aiosqlite's changelog.

v0.22.1

Bug fix release

NOTE: Starting with v0.22.0, the aiosqlite.Connection object no longer inherits from threading.Thread. If not using aiosqlite as a context manager, clients must await connection.close() or call connection.stop() to ensure the helper thread is completed and terminated correctly. A ResourceWarning will be emitted for any connection that is garbage collected without being closed or stopped.

• Added synchronous stop() method to aiosqlite.Connection to enable safe cleanup and termination of the background thread without dependence on having an active event loop (#370)

$ git shortlog -s v0.22.0...v0.22.1
     2	Amethyst Reese

v0.22.0

Feature release

• Support set_authorizer query access controls (#349)
• Wait for transaction queue to complete when closing connection (#305)
• Emit warning when connection goes out of scope without being closed (#355)
• Remove dependency on typing_extensions (#365)

$ git shortlog -s v0.21.0...v0.22.0
     1	Alec Berryman
     1	Amethyst Reese
     1	David Andreoletti
     1	Markus Heidelberg
     1	beerpsi
    19	dependabot[bot]

Commits

• 9b127ce Version bump v0.22.1
• 5c3f61c Improve stop semantics for connections (#370)
• a869d73 Version bump v0.22.0
• 1cd60ad Emit warning if connection is deleted before it is closed (#355)
• 611d7b4 Add set_authorizer support for fine-grained access control (#349)
• 81d00c8 Bump actions/setup-python from 5 to 6 (#357)
• 7a26722 Bump coverage[toml] from 7.8.0 to 7.10.7 (#358)
• 4457540 Bump flake8 from 7.2.0 to 7.3.0 (#346)
• b650dad Bump actions/checkout from 5 to 6 (#366)
• 065ffdd Bump mypy from 1.15.0 to 1.19.0 (#367)
• Additional commits viewable in compare view

Updates python-multipart from 0.0.20 to 0.0.21

Release notes

Sourced from python-multipart's releases.

Version 0.0.21

What's Changed

• Add support for Python 3.14 and drop EOL 3.8 and 3.9 by @​hugovk in Kludex/python-multipart#216

New Contributors

• @​waketzheng made their first contribution in Kludex/python-multipart#203

Full Changelog: Kludex/python-multipart@0.0.20...0.0.21

Changelog

Sourced from python-multipart's changelog.

0.0.21 (2025-12-17)

• Add support for Python 3.14 and drop EOL 3.8 and 3.9 #216.

Commits

• 1f72955 Version 0.0.21 (#217)
• 47ecfed Add support for Python 3.14 and drop EOL 3.8 and 3.9 (#216)
• f18b709 Bump the github-actions group across 1 directory with 4 updates (#214)
• b388e9a chore: use depedency-groups in pyproject.toml (#212)
• 6113e75 Bump the github-actions group across 1 directory with 3 updates (#210)
• 7aa8d99 Bump ruff from 0.8.0 to 0.11.7 (#203)
• 3e909f5 Bump astral-sh/setup-uv from 4 to 5 in the github-actions group (#198)
• See full diff in compare view

Updates vcrpy from 8.1.0 to 8.1.1

Release notes

Sourced from vcrpy's releases.

v8.1.1

What's Changed

• Fix sync requests in async contexts for HTTPX (#965) - thanks @​seowalex
• CI: bump peter-evans/create-pull-request from 7 to 8 (#969)

Changelog

Sourced from vcrpy's changelog.

Changelog

For a full list of triaged issues, bugs and PRs and what release they are targeted for please see the following link.

ROADMAP MILESTONES <https://github.com/kevin1024/vcrpy/milestones>_

All help in providing PRs to close out bug issues is appreciated. Even if that is providing a repo that fully replicates issues. We have very generous contributors that have added these to bug issues which meant another contributor picked up the bug and closed it out.

• 8.1.1

  • Fix sync requests in async contexts for HTTPX (#965) - thanks @​seowalex
  • CI: bump peter-evans/create-pull-request from 7 to 8 (#969)

• 8.1.0

  • Enable brotli decompression if available (via brotli, brotlipy or brotlicffi) (#620) - thanks @​immerrr
  • Fix aiohttp allowing both data and json arguments when one is None (#624) - thanks @​leorochael
  • Fix usage of io-like interface with VCR.py (#906) - thanks @​tito and @​kevdevg
  • Migrate to declarative Python package config (#767) - thanks @​deronnax
  • Various linting fixes - thanks @​jairhenrique
  • CI: bump actions/checkout from 5 to 6 (#955)

• 8.0.0

  • BREAKING: Drop support for Python 3.9 (major version bump) - thanks @​jairhenrique
  • BREAKING: Drop support for urllib3 < 2 - fixes CVE warnings from urllib3 1.x (#926, #880) - thanks @​jairhenrique
  • New feature: drop_unused_requests option to remove unused interactions from cassettes (#763) - thanks @​danielnsilva
  • Rewrite httpx support to patch httpcore instead of httpx (#943) - thanks @​seowalex
    • Fixes httpx.ResponseNotRead exceptions (#832, #834)
    • Fixes KeyError: 'follow_redirects' (#945)
    • Adds support for custom httpx transports
  • Fix HTTPS proxy handling - proxy address no longer ends up in cassette URIs (#809, #914) - thanks @​alga
  • Fix iscoroutinefunction deprecation warning on Python 3.14 - thanks @​kloczek
  • Only log message if response is appended - thanks @​talfus-laddus
  • Optimize urllib.parse calls - thanks @​Martin-Brunthaler
  • Fix CI for Ubuntu 24.04 - thanks @​hartwork
  • Various CI improvements: migrate to uv, update GitHub Actions - thanks @​jairhenrique
  • Various linting and test improvements - thanks @​jairhenrique and @​hartwork

• 7.0.0

  • Drop support for python 3.8 (major version bump) - thanks @​jairhenrique
  • Various linting and test fixes - thanks @​jairhenrique
  • Bugfix for urllib2>=2.3.0 - missing version_string (#888)
  • Bugfix for asyncio.run - thanks @​alekeik1

• 6.0.2

  • Ensure body is consumed only once (#846) - thanks @​sathieu
  • Permit urllib3 2.x for non-PyPy Python >=3.10
  • Fix typos in test commands - thanks @​chuckwondo
  • Several test and workflow improvements - thanks @​hartwork and @​graingert

• 6.0.1

  • Bugfix with to Tornado cassette generator (thanks @​graingert)

• 6.0.0

... (truncated)

Commits

• 9b58663 Release v8.1.1
• 3780f58 build(deps): bump peter-evans/create-pull-request from 7 to 8 (#969)
• 1b70394 Split sync and async HTTPX handlers (#965)
• ca4b1e1 Merge pull request #960 from kevin1024/precommit-autoupdate
• 8d47ca1 pre-commit: Autoupdate
• See full diff in compare view

Updates urllib3 from 2.6.1 to 2.6.2

Release notes

Sourced from urllib3's releases.

2.6.2

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Changes

• Fixed HTTPResponse.read_chunked() to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (urllib3/urllib3#3734)

Changelog

Sourced from urllib3's changelog.

2.6.2 (2025-12-11)

• Fixed HTTPResponse.read_chunked() to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. ([#3734](https://github.com/urllib3/urllib3/issues/3734) <https://github.com/urllib3/urllib3/issues/3734>__)

Commits

• 83f8643 Release 2.6.2
• 571a9b7 Fix HTTPResponse.read_chunked when leftover data is present in decoder's bu...
• See full diff in compare view

Updates coverage from 7.13.0 to 7.13.1

Changelog

Sourced from coverage's changelog.

Version 7.13.1 — 2025-12-28

• Added: the JSON report now includes a "start_line" key for function and class regions, indicating the first line of the region in the source. Closes issue 2110_.

• Added: The debug data command now takes file names as arguments on the command line, so you can inspect specific data files without needing to set the COVERAGE_FILE environment variable.

• Fix: the JSON report used to report module docstrings as executed lines, which no other report did, as described in issue 2105_. This is now fixed, thanks to Jianrong Zhao.

• Fix: coverage.py uses a more disciplined approach to detecting where third-party code is installed, and avoids measuring it. This shouldn't change any behavior. If you find that it does, please get in touch.

• Performance: data files that will be combined now record their hash as part of the file name. This lets us skip duplicate data more quickly, speeding the combining step.

• Docs: added a section explaining more about what is considered a missing branch and how it is reported: :ref:branch_explain, as requested in issue 1597. Thanks to Ayisha Mohammed <pull 2092_>.

• Tests: the test suite misunderstood what core was being tested if COVERAGE_CORE wasn't set on 3.14+. This is now fixed, closing issue 2109_.

.. _issue 1597: coveragepy/coveragepy#1597 .. _pull 2092: coveragepy/coveragepy#2092 .. _issue 2105: coveragepy/coveragepy#2105 .. _issue 2109: coveragepy/coveragepy#2109 .. _issue 2110: coveragepy/coveragepy#2110

.. _changes_7-13-0:

Commits

• a6afdc3 docs: sample HTML for 7.13.1
• a497081 docs: prep for 7.13.1
• e992033 docs: polish up CHANGES
• 18bba6e chore: bump the action-dependencies group with 4 updates (#2111)
• 80fb808 refactor: (?x:...) lets us use re.VERBOSE even when combining later
• cc272bd docs: leave a comment so we'll find this when 3.12 is the minimum
• 70d007d types: be explicit
• a2c1940 types: fully import modules that will be patched
• 57b975d types: explicit Protocol inheritance permits changing parameter names
• 63ec12d types: clarify that morfs arguments can be a single morf
• Additional commits viewable in compare view

Updates ruff from 0.14.8 to 0.14.10

Release notes

Sourced from ruff's releases.

0.14.10

Release Notes

Released on 2025-12-18.

Preview features

• [formatter] Fluent formatting of method chains (#21369)
• [formatter] Keep lambda parameters on one line and parenthesize the body if it expands (#21385)
• [flake8-implicit-str-concat] New rule to prevent implicit string concatenation in collections (ISC004) (#21972)
• [flake8-use-pathlib] Make fixes unsafe when types change in compound statements (PTH104, PTH105, PTH109, PTH115) (#22009)
• [refurb] Extend support for Path.open (FURB101, FURB103) (#21080)

Bug fixes

• [pyupgrade] Fix parsing named Unicode escape sequences (UP032) (#21901)

Rule changes

• [eradicate] Ignore ruff:disable and ruff:enable comments in ERA001 (#22038)
• [flake8-pytest-style] Allow match and check keyword arguments without an expected exception type (PT010) (#21964)
• [syntax-errors] Annotated name cannot be global (#20868)

Documentation

• Add uv and ty to the Ruff README (#21996)
• Document known lambda formatting deviations from Black (#21954)
• Update setup.md (#22024)
• [flake8-bandit] Fix broken link (S704) (#22039)

Other changes

• Fix playground Share button showing "Copied!" before clipboard copy completes (#21942)

Contributors

• @​dylwil3
• @​charliecloudberry
• @​charliermarsh
• @​chirizxc
• @​ntBre
• @​zanieb
• @​amyreese
• @​hauntsaninja
• @​11happy
• @​mahiro72
• @​MichaReiser
• @​phongddo
• @​PeterJCLaw

... (truncated)

Changelog

Sourced from ruff's changelog.

0.14.10

Released on 2025-12-18.

Preview features

• [formatter] Fluent formatting of method chains (#21369)
• [formatter] Keep lambda parameters on one line and parenthesize the body if it expands (#21385)
• [flake8-implicit-str-concat] New rule to prevent implicit string concatenation in collections (ISC004) (#21972)
• [flake8-use-pathlib] Make fixes unsafe when types change in compound statements (PTH104, PTH105, PTH109, PTH115) (#22009)
• [refurb] Extend support for Path.open (FURB101, FURB103) (#21080)

Bug fixes

• [pyupgrade] Fix parsing named Unicode escape sequences (UP032) (#21901)

Rule changes

• [eradicate] Ignore ruff:disable and ruff:enable comments in ERA001 (#22038)
• [flake8-pytest-style] Allow match and check keyword arguments without an expected exception type (PT010) (#21964)
• [syntax-errors] Annotated name cannot be global (#20868)

Documentation

• Add uv and ty to the Ruff README (#21996)
• Document known lambda formatting deviations from Black (#21954)
• Update setup.md (#22024)
• [flake8-bandit] Fix broken link (S704) (#22039)

Other changes

• Fix playground Share button showing "Copied!" before clipboard copy completes (#21942)

Contributors

• @​dylwil3
• @​charliecloudberry
• @​charliermarsh
• @​chirizxc
• @​ntBre
• @​zanieb
• @​amyreese
• @​hauntsaninja
• @​11happy
• @​mahiro72
• @​MichaReiser
• @​phongddo
• @​PeterJCLaw

0.14.9

... (truncated)

Commits

• 45bbb4c Bump 0.14.10 (#22058)
• 42b9727 [ty] Use datatest instead of dirtest (#21937)
• f7ec178 [ty] Gracefully handle client requests that can't be deserialized (#22051)
• c315164 [ty] Don't suggest keyword statements when only expressions are valid
• bb1955e [ty] Use cursor context in a few more places...
• 070e08a [ty] Move completion function to the top
• bab3924 [ty] Refactor completion generation
• 10748b2 [flake8-pytest-style] Allow match and check keyword arguments without a...
• 56539db [ty] Fix some configuration panics in the LSP (#22040)
• 8d32ad1 [ty] Add support for attribute docstrings (#22036)
• Additional commits viewable in compare view

Updates pre-commit from 4.5.0 to 4.5.1

Release notes

Sourced from pre-commit's releases.

pre-commit v4.5.1

Fixes

• Fix language: python with repo: local without additional_dependencies.
  • #3597 PR by @​asottile.

Changelog

Sourced from pre-commit's changelog.

4.5.1 - 2025-12-16

Fixes

• Fix language: python with repo: local without additional_dependencies.
  • #3597 PR by @​asottile.

Commits

• 8a0630c v4.5.1
• fcbc745 Merge pull request #3597 from pre-commit/empty-setup-py
• 51592ee fix python local template when artifact dirs are present
• 67e8faf Merge pull request #3596 from pre-commit/pre-commit-ci-update-config
• c251e6b [pre-commit.ci] pre-commit autoupdate
• 98ccafa Merge pull request #3593 from pre-commit/pre-commit-ci-update-config
• 4895355 [pre-commit.ci] pre-commit autoupdate
• 2cedd58 Merge pull request #3588 from pre-commit/pre-commit-ci-update-config
• 465192d [pre-commit.ci] pre-commit autoupdate
• fd42f96 Merge pull request #3586 from pre-commit/zipapp-sha256-file-not-needed
• Additional commits viewable in compare view

Updates certifi from 2025.11.12 to 2026.1.4

Commits

• c64d9f3 2026.01.04 (#389)
• 4ac232f Bump actions/download-artifact from 6.0.0 to 7.0.0 (#387)
• 95ae4b2 Update CI workflow to use Ubuntu 24.04 and Python 3.14 stable (#386)
• b72a7b1 Bump dessant/lock-threads from 5.0.1 to 6.0.0 (#385)
• ecc2672 Bump actions/upload-artifact from 5.0.0 to 6.0.0 (#384)
• 6a897db Bump peter-evans/create-pull-request from 7.0.11 to 8.0.0 (#383)
• 27ca98a Bump peter-evans/create-pull-request from 7.0.9 to 7.0.11 (#381)
• 56c59a6 Bump actions/checkout from 6.0.0 to 6.0.1 (#382)
• ae0021c Bump actions/setup-python from 6.0.0 to 6.1.0 (#380)
• ddf5d0b Bump actions/checkout from 5.0.1 to 6.0.0 (#378)
• Additional commits viewable in compare view

Updates filelock from 3.20.1 to 3.20.2

Release notes

Sourced from filelock's releases.

3.20.2

What's Changed

• Support Unix systems without O_NOFOLLOW by @​mwilliamson in tox-dev/filelock#463
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in tox-dev/filelock#464

New Contributors

• @​mwilliamson made their first contribution in tox-dev/filelock#463

Full Changelog: tox-dev/filelock@3.20.1...3.20.2

Commits

• f2e7d40 [pre-commit.ci] pre-commit autoupdate (#464)
• 5088854 Support Unix systems without O_NOFOLLOW (#463)
• See full diff in compare view

Updates jaraco-context from 6.0.1 to 6.0.2

Changelog

Sourced from jaraco-context's changelog.

v6.0.2

No significant changes.

Commits

• 1fe5de1 Finalize
• 6016235 Add fixtures to skip tests for repo_context.
• 2b251ee Merge https://github.com/jaraco/skeleton
• 0bc3e96 Merge pull request #17 from Avasam/Re-run-checkers
• 8f3d95e Pin mypy on PyPy.
• d47a969 Specify the directory for news fragments.
• 8c5810ejaraco/skeleton#177
• 04ff554Description has been truncated

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.