Skip to content

Bump the python-minor group across 1 directory with 5 updates #348

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump the python-minor group across 1 directory with 5 updates #348

wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 10, 2025
edited
Loading

Bumps the python-minor group with 5 updates in the / directory:

Package From To
flask 3.1.1 3.1.2
pyyaml 6.0.2 6.0.3
requests 2.32.4 2.32.5
eventlet 0.40.2 0.40.3
coverage 7.10.3 7.11.3

Updates flask from 3.1.1 to 3.1.2

Release notes

Sourced from flask's releases.

3.1.2

This is the Flask 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Flask/3.1.2/ Changes: https://flask.palletsprojects.com/page/changes/#version-3-1-2 Milestone: https://github.com/pallets/flask/milestone/38?closed=1

  • stream_with_context does not fail inside async views. #5774
  • When using follow_redirects in the test client, the final state of session is correct. #5786
  • Relax type hint for passing bytes IO to send_file. #5776
Changelog

Sourced from flask's changelog.

Version 3.1.2

Released 2025-08-19

  • stream_with_context does not fail inside async views. :issue:5774
  • When using follow_redirects in the test client, the final state of session is correct. :issue:5786
  • Relax type hint for passing bytes IO to send_file. :issue:5776
Commits
  • 2c1b30d release version 3.1.2
  • 1292419 Update GitHub Actions workflow for artifact handling (#5795)
  • 4dd52ca Update GitHub Actions workflow for artifact handling
  • 55c6255 update dev dependencies
  • d8259eb use Jinja name consistently
  • 38b4c1e refactor stream_with_context for async views (#5799)
  • 9822a03 refactor stream_with_context for async views
  • 49b7e7b security docs for TRUSTED_HOSTS (#5798)
  • b228ca3 security docs for TRUSTED_HOSTS
  • ff64079 update flask-talisman link
  • Additional commits viewable in compare view

Updates pyyaml from 6.0.2 to 6.0.3

Release notes

Sourced from pyyaml's releases.

6.0.3

What's Changed

  • Support for Python 3.14 and free-threading (experimental).

Full Changelog: yaml/pyyaml@6.0.2...6.0.3

Changelog

Sourced from pyyaml's changelog.

6.0.3 (2025-09-25)

  • yaml/pyyaml#864 -- Support for Python 3.14 and free-threading (experimental)
Commits

Updates requests from 2.32.4 to 2.32.5

Release notes

Sourced from requests's releases.

v2.32.5

2.32.5 (2025-08-18)

Bugfixes

  • The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

  • Added support for Python 3.14.
  • Dropped support for Python 3.8 following its end of support.
Changelog

Sourced from requests's changelog.

2.32.5 (2025-08-18)

Bugfixes

  • The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

  • Added support for Python 3.14.
  • Dropped support for Python 3.8 following its end of support.
Commits
  • b25c87d v2.32.5
  • 131e506 Merge pull request #7010 from psf/dependabot/github_actions/actions/checkout-...
  • b336cb2 Bump actions/checkout from 4.2.0 to 5.0.0
  • 46e939b Update publish workflow to use artifact-id instead of name
  • 4b9c546 Merge pull request #6999 from psf/dependabot/github_actions/step-security/har...
  • 7618dbe Bump step-security/harden-runner from 2.12.0 to 2.13.0
  • 2edca11 Add support for Python 3.14 and drop support for Python 3.8 (#6993)
  • fec96cd Update Makefile rules (#6996)
  • d58d8aa docs: clarify timeout parameter uses seconds in Session.request (#6994)
  • 91a3eab Bump github/codeql-action from 3.28.5 to 3.29.0
  • Additional commits viewable in compare view

Updates eventlet from 0.40.2 to 0.40.3

Changelog

Sourced from eventlet's changelog.

0.40.3

  • [SECURITY] Fix request smuggling vulnerability by discarding trailers (#1062)
Commits

Updates coverage from 7.10.3 to 7.11.3

Release notes

Sourced from coverage's releases.

7.11.3

Version 7.11.3 — 2025-11-09

  • Fix: the 7.11.1 changes meant that conflicts between a requested measurement core and other settings would raise an error. This was a breaking change from previous behavior, as reported in issue 2076 and issue 2078.

    The previous behavior has been restored: when the requested core conflicts with other settings, another core is used instead, and a warning is issued.

  • For contributors: the repo has moved from Ned’s nedbat GitHub account to the coveragepy GitHub organization. The default branch has changed from master to main.

➡️  PyPI page: coverage 7.11.3. :arrow_right:  To install: python3 -m pip install coverage==7.11.3

7.11.2

Version 7.11.2 — 2025-11-08

  • Fix: using the “sysmon” measurement core in 7.11.1, if Python code was claimed to come from a non-Python file, a NotPython exception could be raised. This could happen for example with Jinja templates compiled to Python, as reported in issue 2077. This is now fixed.
  • Doc: corrected the first entry in the 7.11.1 changelog.

➡️  PyPI page: coverage 7.11.2. :arrow_right:  To install: python3 -m pip install coverage==7.11.2

7.11.1

Version 7.11.1 — 2025-11-07

  • Fix: some chanages to details of how the measurement core is chosen, and how conflicting settings are handled. The “sysmon” core cannot be used with some conurrency settings, with dynamic context, and in Python 3.12/3.13, with branch measurement.
    • If the core is not specified and defaults to “sysmon” (Python 3.14+), but other settings conflict with sysmon, then the “ctrace” core will be used instead with no warning. For concurrency conflicts, this used to produce an error, as described in issue 2064.
    • If the “sysmon” core is explicitly requested in your configuration, but other settings conflict, an error is now raised. This used to produce a warning.
  • Fix: some multi-line case clauses or for loops (and probably other constructs) could cause incorrect claims of missing branches with the sys.monitoring core, as described in issue 2070. This is now fixed.
  • Fix: when running in pytest under coverage, a breakpoint() would stop in the wrong frame, one level down from where it should, as described in issue 1420. This was due to a coverage change in v6.4.1 that seemed to give a slight performance improvement, but I couldn’t reproduce the performance gain, so it’s been reverted, fixing the debugger problem.
  • A new debug option --debug=core shows which core is in use and why.
  • Split sqlite debugging information out of the sys coverage debug and --debug option options since it’s bulky and not very useful.
  • Updated the How coverage.py works page to better describe the three different measurement cores.

➡️  PyPI page: coverage 7.11.1. :arrow_right:  To install: python3 -m pip install coverage==7.11.1

7.11.1

Version 7.11.1 — 2025-11-07

  • Fix: some chanages to details of how the measurement core is chosen, and how conflicting settings are handled. The “sysmon” core cannot be used with some conurrency settings, with dynamic context, and in Python 3.12/3.13, with branch measurement.
    • If the core is not specified and defaults to “sysmon” (Python 3.14+), but other settings conflict with sysmon, then the “ctrace” core will be used instead with no warning. For concurrency conflicts, this used to produce an error, as described in issue 2064.
    • If the “sysmon” core is explicitly requested in your configuration, but other settings conflict, an error is now raised. This used to produce a warning.
  • Fix: some multi-line case clauses or for loops (and probably other constructs) could cause incorrect claims of missing branches with the sys.monitoring core, as described in issue 2070. This is now fixed.
  • Fix: when running in pytest under coverage, a breakpoint() would stop in the wrong frame, one level down from where it should, as described in issue 1420. This was due to a coverage change in v6.4.1 that seemed to give a slight performance improvement, but I couldn’t reproduce the performance gain, so it’s been reverted, fixing the debugger problem.
  • A new debug option --debug=core shows which core is in use and why.
  • Split sqlite debugging information out of the sys coverage debug and --debug option options since it’s bulky and not very useful.
  • Updated the How coverage.py works page to better describe the three different measurement cores.

➡️  PyPI page: coverage 7.11.1. :arrow_right:  To install: python3 -m pip install coverage==7.11.1

... (truncated)

Changelog

Sourced from coverage's changelog.

Version 7.11.3 — 2025-11-09

  • Fix: the 7.11.1 changes meant that conflicts between a requested measurement core and other settings would raise an error. This was a breaking change from previous behavior, as reported in issue 2076_ and issue 2078_.

    The previous behavior has been restored: when the requested core conflicts with other settings, another core is used instead, and a warning is issued.

  • For contributors: the repo has moved from Ned's nedbat GitHub account_ to the coveragepy GitHub organization_. The default branch has changed from master to main.

.. _issue 2076: coveragepy/coveragepy#2076 .. _issue 2078: coveragepy/coveragepy#2078 .. _nedbat GitHub account: https://github.com/nedbat .. _coveragepy GitHub organization: https://github.com/coveragepy

.. _changes_7-11-2:

Version 7.11.2 — 2025-11-08

  • Fix: using the "sysmon" measurement core in 7.11.1, if Python code was claimed to come from a non-Python file, a NotPython exception could be raised. This could happen for example with Jinja templates compiled to Python, as reported in issue 2077_. This is now fixed.

  • Doc: corrected the first entry in the 7.11.1 changelog.

.. _issue 2077: coveragepy/coveragepy#2077

.. _changes_7-11-1:

Version 7.11.1 — 2025-11-07

  • Fix: some chanages to details of how the measurement core is chosen, and how conflicting settings are handled. The "sysmon" core cannot be used with some conurrency settings, with dynamic context, and in Python 3.12/3.13, with branch measurement.

    • If the core is not specified and defaults to "sysmon" (Python 3.14+), but other settings conflict with sysmon, then the "ctrace" core will be used instead with no warning. For concurrency conflicts, this used to produce an error, as described in issue 2064_.

... (truncated)

Commits
  • 8bb1230 docs: remove duplicate entry in the changelog
  • 06c493c docs: sample HTML for 7.11.3
  • 0823a70 docs: prep for 7.11.3
  • 8434792 fix: sysmon conflicts no longer cause errors
  • 1f21184 chore: bump docker/setup-qemu-action in the action-dependencies group (#2080)
  • bd61620 docs: django_coverage_plugin moved
  • 1bd73f1 build: nedbat/coverage-reports moved to coveragepy/metacov-reports
  • b54131f docs: moved to coveragepy, master->main
  • f2d740f build: change more github urls to the coveragepy org
  • 776f313 docs: issue and pr references moved to coveragepy org
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the python-minor group across 1 directory with 5 updates
44c0048 
Bumps the python-minor group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [flask](https://github.com/pallets/flask) | `3.1.1` | `3.1.2` |
| [pyyaml](https://github.com/yaml/pyyaml) | `6.0.2` | `6.0.3` |
| [requests](https://github.com/psf/requests) | `2.32.4` | `2.32.5` |
| [eventlet](https://github.com/eventlet/eventlet) | `0.40.2` | `0.40.3` |
| [coverage](https://github.com/coveragepy/coveragepy) | `7.10.3` | `7.11.3` |



Updates `flask` from 3.1.1 to 3.1.2
- [Release notes](https://github.com/pallets/flask/releases)
- [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst)
- [Commits](pallets/flask@3.1.1...3.1.2)

Updates `pyyaml` from 6.0.2 to 6.0.3
- [Release notes](https://github.com/yaml/pyyaml/releases)
- [Changelog](https://github.com/yaml/pyyaml/blob/6.0.3/CHANGES)
- [Commits](yaml/pyyaml@6.0.2...6.0.3)

Updates `requests` from 2.32.4 to 2.32.5
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.32.4...v2.32.5)

Updates `eventlet` from 0.40.2 to 0.40.3
- [Changelog](https://github.com/eventlet/eventlet/blob/master/NEWS)
- [Commits](eventlet/eventlet@0.40.2...0.40.3)

Updates `coverage` from 7.10.3 to 7.11.3
- [Release notes](https://github.com/coveragepy/coveragepy/releases)
- [Changelog](https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst)
- [Commits](coveragepy/coveragepy@7.10.3...7.11.3)

---
updated-dependencies:
- dependency-name: flask
  dependency-version: 3.1.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-minor
- dependency-name: pyyaml
  dependency-version: 6.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-minor
- dependency-name: requests
  dependency-version: 2.32.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-minor
- dependency-name: eventlet
  dependency-version: 0.40.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-minor
- dependency-name: coverage
  dependency-version: 7.11.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Nov 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant