Skip to content

Bump the python group across 1 directory with 12 updates#983

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/python-da6682abb4
Open

Bump the python group across 1 directory with 12 updates#983
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/python-da6682abb4

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 16, 2026

Bumps the python group with 12 updates in the / directory:

Package From To
jinja2 3.1.5 3.1.6
jsonschema 4.23.0 4.26.0
pyyaml 6.0.2 6.0.3
tomli 2.2.1 2.4.0
typing-extensions 4.14.1 4.15.0
zstandard 0.23.0 0.25.0
certifi 2025.11.12 2026.1.4
rpds-py 0.29.0 0.30.0
urllib3 2.5.0 2.6.3
mypy 1.18.1 1.19.1
ruff 0.13.0 0.14.14
types-jsonschema 4.25.1.20250822 4.26.0.20260202

Updates jinja2 from 3.1.5 to 3.1.6

Release notes

Sourced from jinja2's releases.

3.1.6

This is the Jinja 3.1.6 security release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Jinja2/3.1.6/ Changes: https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6

  • The |attr filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. GHSA-cpwx-vrp4-4pq7
Changelog

Sourced from jinja2's changelog.

Version 3.1.6

Released 2025-03-05

  • The |attr filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. :ghsa:cpwx-vrp4-4pq7
Commits

Updates jsonschema from 4.23.0 to 4.26.0

Release notes

Sourced from jsonschema's releases.

v4.26.0

What's Changed

New Contributors

Full Changelog: python-jsonschema/jsonschema@v4.25.1...v4.26.0

v4.25.1

What's Changed

... (truncated)

Changelog

Sourced from jsonschema's changelog.

v4.26.0

  • Decrease import time by delaying importing of urllib.request (#1416).

v4.25.1

  • Fix an incorrect required argument in the Validator protocol's type annotations (#1396).

v4.25.0

  • Add support for the iri and iri-reference formats to the format-nongpl extra via the MIT-licensed rfc3987-syntax. They were alread supported by the format extra. (#1388).

v4.24.1

  • Properly escape segments in ValidationError.json_path (#139).

v4.24.0

  • Fix improper handling of unevaluatedProperties in the presence of additionalProperties (#1351).
  • Support for Python 3.8 has been dropped, as it is end-of-life.
Commits
  • a727743 Add a changelog entry for 4.26.
  • 6d28c13 Update the lockfile.
  • 739499e Update pre-commit hooks.
  • cb2d779 Merge pull request #1443 from python-jsonschema/pre-commit-ci-update-config
  • e6bbbb7 [pre-commit.ci] pre-commit autoupdate
  • d56037a Merge pull request #1442 from python-jsonschema/dependabot/github_actions/ast...
  • e54ce13 Bump astral-sh/setup-uv from 7.1.4 to 7.1.6
  • 1f7c9fb Partially update docs requirements.
  • 241aec9 Merge pull request #1441 from python-jsonschema/pre-commit-ci-update-config
  • 2818efb Apache-2.0 -> nongpl
  • Additional commits viewable in compare view

Updates pyyaml from 6.0.2 to 6.0.3

Release notes

Sourced from pyyaml's releases.

6.0.3

What's Changed

  • Support for Python 3.14 and free-threading (experimental).

Full Changelog: yaml/pyyaml@6.0.2...6.0.3

Changelog

Sourced from pyyaml's changelog.

6.0.3 (2025-09-25)

  • yaml/pyyaml#864 -- Support for Python 3.14 and free-threading (experimental)
Commits

Updates tomli from 2.2.1 to 2.4.0

Changelog

Sourced from tomli's changelog.

2.4.0

  • Added
    • TOML v1.1.0 compatibility
    • Binary wheels for Windows arm64

2.3.0

  • Added
    • Binary wheels for Python 3.14 (also free-threaded)
  • Performance
    • Reduced import time
Commits
  • a678e6f Bump version: 2.3.0 → 2.4.0
  • b8a1358 Tests: remove now needless "TOML compliance"->"burntsushi" format conversion
  • 4979375 Update GitHub actions
  • f890dd1 Update pre-commit hooks
  • d9c65c3 Add 2.4.0 change log
  • 0efe49d Update README for v2.4.0
  • 9eb2125 TOML 1.1: Make seconds optional in Date-Time and Time (#203)
  • 12314bd TOML 1.1: Add \xHH Unicode escape code to basic strings (#202)
  • 2a2aa62 TOML 1.1: Allow newlines and trailing comma in inline tables (#200)
  • 38297f8 Xfail on tests for TOML 1.1 features not yet supported
  • Additional commits viewable in compare view

Updates typing-extensions from 4.14.1 to 4.15.0

Release notes

Sourced from typing-extensions's releases.

4.15.0

No user-facing changes since 4.15.0rc1.

New features since 4.14.1:

  • Add the @typing_extensions.disjoint_base decorator, as specified in PEP 800. Patch by Jelle Zijlstra.
  • Add typing_extensions.type_repr, a backport of annotationlib.type_repr, introduced in Python 3.14 (CPython PR #124551, originally by Jelle Zijlstra). Patch by Semyon Moroz.
  • Fix behavior of type params in typing_extensions.evaluate_forward_ref. Backport of CPython PR #137227 by Jelle Zijlstra.

4.15.0rc1

  • Add the @typing_extensions.disjoint_base decorator, as specified in PEP 800. Patch by Jelle Zijlstra.
  • Add typing_extensions.type_repr, a backport of annotationlib.type_repr, introduced in Python 3.14 (CPython PR #124551, originally by Jelle Zijlstra). Patch by Semyon Moroz.
  • Fix behavior of type params in typing_extensions.evaluate_forward_ref. Backport of CPython PR #137227 by Jelle Zijlstra.
Changelog

Sourced from typing-extensions's changelog.

Release 4.15.0 (August 25, 2025)

No user-facing changes since 4.15.0rc1.

Release 4.15.0rc1 (August 18, 2025)

  • Add the @typing_extensions.disjoint_base decorator, as specified in PEP 800. Patch by Jelle Zijlstra.
  • Add typing_extensions.type_repr, a backport of annotationlib.type_repr, introduced in Python 3.14 (CPython PR #124551, originally by Jelle Zijlstra). Patch by Semyon Moroz.
  • Fix behavior of type params in typing_extensions.evaluate_forward_ref. Backport of CPython PR #137227 by Jelle Zijlstra.
Commits

Updates zstandard from 0.23.0 to 0.25.0

Release notes

Sourced from zstandard's releases.

0.25.0

  • PyO3 Rust created upgraded from 0.24 to 0.25. (#273)
  • We now use Py_REFCNT(obj) instead of accessing (*obj)->ob_refcnt directly. This fixes a nogil / multi-threaded compile error. (#201, #275)
  • A zstandard commit to fix qsort detection on BSD operating systems has been backported. (#272)
  • The PYTHON_ZSTANDARD_IMPORT_POLICY environment variable now has leading and trailing whitespace stripped. Values like cffi and cffi are now equivalent to cffi.
  • The CI jobs for building wheels have been overhauled to always use cibuildwheel and uv (where possible). This change should be backwards compatible. But wheel building for this project has historically been fragile and there may be unwanted changes. We're optimistic that standardizing on uv (except for musllinux ppc64le and s390x where uv isn't available) will lead to more stability over time.
  • CI now runs tests against the wheels we distribute. Previously, we ran tests against a separate build that was theoretically identical. But the builds may have been subtly different, leading to preventable bugs in our wheels. (Enabling this test coverage did not uncover any failures.)
  • The pyproject.toml build backend has been switched from setuptools.build_meta:__legacy__ to setuptools.build_meta.
  • The setuptools build dependency has been upgraded from <69.0.0 to >=77.0.0. Modern versions of setuptools broke --config-settings=--build-option=... as part of implementing PEP 660. A workaround is to use --config-settings=--global-option=... instead. --global-option apparently is deprecated and the setuptools folks have yet to figure out how to thread config settings into setup.py invocations. (--build-option is sent to the build_wheel command but not the build_editable command.)
  • Python 3.14 wheels are now built with manylinux_2_28 (versus manylinux2014) for older Python versions. This may raise the minimum glibc version, effectively dropping support for Debian 8 and 9, Ubuntu 13.10 through 18.04, Fedora 19 to 28, and RHEL/Centos 7. However, in practice most platforms don't container newer glibc symbols and are still ABI compatible with manylinux2014 and glibc 2.17.
  • We now require cffi >= 2.0.0b on Python 3.14. <3.14 still requires 1.17. (#274)
  • The cffi backend is now automatically disabled for free-threaded builds on Python <3.14, as cffi didn't implement free-threaded support until the 2.0 release. (#274)
  • Added CI coverage for free-threaded CPython 3.13 and 3.14. We do not yet formally support free-threaded builds. (#276)
  • The C and Rust backends now declare the GIL as unused.
  • The pythoncapi_compat.h file has been upgraded to the latest version. (#278)
  • setup.py now depends on packaging and uses packaging.version.Version for version comparisons. This removes some deprecation warnings from usage of legacy distutils Version classes.
  • Relax run-time libzstd version checking in C extension from exactly 1.5.7 to >=1.5.6. (#254, #267)
  • C extension types now (correctly) declare their fully qualified type names

... (truncated)

Changelog

Sourced from zstandard's changelog.

0.25.0 (released 2025-09-14)

  • PyO3 Rust created upgraded from 0.24 to 0.25. (#273)
  • We now use Py_REFCNT(obj) instead of accessing (*obj)->ob_refcnt directly. This fixes a nogil / multi-threaded compile error. (#201, #275)
  • A zstandard commit to fix qsort detection on BSD operating systems has been backported. (#272)
  • The PYTHON_ZSTANDARD_IMPORT_POLICY environment variable now has leading and trailing whitespace stripped. Values like cffi and cffi are now equivalent to cffi.
  • The CI jobs for building wheels have been overhauled to always use cibuildwheel and uv (where possible). This change should be backwards compatible. But wheel building for this project has historically been fragile and there may be unwanted changes. We're optimistic that standardizing on uv (except for musllinux ppc64le and s390x where uv isn't available) will lead to more stability over time.
  • CI now runs tests against the wheels we distribute. Previously, we ran tests against a separate build that was theoretically identical. But the builds may have been subtly different, leading to preventable bugs in our wheels. (Enabling this test coverage did not uncover any failures.)
  • The pyproject.toml build backend has been switched from setuptools.build_meta:__legacy__ to setuptools.build_meta.
  • The setuptools build dependency has been upgraded from <69.0.0 to >=77.0.0. Modern versions of setuptools broke --config-settings=--build-option=... as part of implementing PEP 660. A workaround is to use --config-settings=--global-option=...`` instead. --global-optionapparently is deprecated and the setuptools folks have yet to figure out how to thread config settings intosetup.py invocations. (`--build-option is sent to the build_wheel command but not the build_editable command.)
  • Python 3.14 wheels are now built with manylinux_2_28 (versus manylinux2014) for older Python versions. This may raise the minimum glibc version, effectively dropping support for Debian 8 and 9, Ubuntu 13.10 through 18.04, Fedora 19 to 28, and RHEL/Centos 7. However, in practice most platforms don't container newer glibc symbols and are still ABI compatible with manylinux2014 and glibc 2.17.
  • We now require cffi >= 2.0.0b on Python 3.14. <3.14 still requires 1.17. (#274)
  • The cffi backend is now automatically disabled for free-threaded builds on Python <3.14, as cffi didn't implement free-threaded support until the 2.0 release. (#274)
  • Added CI coverage for free-threaded CPython 3.13 and 3.14. We do not yet formally support free-threaded builds. (#276)
  • The C and Rust backends now declare the GIL as unused.
  • The pythoncapi_compat.h file has been upgraded to the latest version. (#278)
  • setup.py now depends on packaging and uses packaging.version.Version for version comparisons. This removes some deprecation warnings from usage of legacy distutils Version classes.
  • Relax run-time libzstd version checking in C extension from exactly 1.5.7

... (truncated)

Commits
  • 7a77a75 global: release 0.25.0
  • 7935539 rust: cargo upgrade
  • bc3074c rust: update dependencies
  • 51a277a c-ext: correctly define fully qualified type names to zstandard.*
  • 9ccbc39 docs: fix ReST in news.rst
  • 58c68a1 zstd: synchronize qsort code with upstream
  • 395f693 docs: document existence of compression.zstd in stdlib
  • 6967817 docs: update comparisons to other implementations
  • e4e829a docs: document new libzstd version constraint behaviors
  • 604a65a Relax libzstd version checking
  • Additional commits viewable in compare view

Updates certifi from 2025.11.12 to 2026.1.4

Commits
  • c64d9f3 2026.01.04 (#389)
  • 4ac232f Bump actions/download-artifact from 6.0.0 to 7.0.0 (#387)
  • 95ae4b2 Update CI workflow to use Ubuntu 24.04 and Python 3.14 stable (#386)
  • b72a7b1 Bump dessant/lock-threads from 5.0.1 to 6.0.0 (#385)
  • ecc2672 Bump actions/upload-artifact from 5.0.0 to 6.0.0 (#384)
  • 6a897db Bump peter-evans/create-pull-request from 7.0.11 to 8.0.0 (#383)
  • 27ca98a Bump peter-evans/create-pull-request from 7.0.9 to 7.0.11 (#381)
  • 56c59a6 Bump actions/checkout from 6.0.0 to 6.0.1 (#382)
  • ae0021c Bump actions/setup-python from 6.0.0 to 6.1.0 (#380)
  • ddf5d0b Bump actions/checkout from 5.0.1 to 6.0.0 (#378)
  • Additional commits viewable in compare view

Updates rpds-py from 0.29.0 to 0.30.0

Release notes

Sourced from rpds-py's releases.

v0.30.0

What's Changed

Full Changelog: crate-py/rpds@v0.29.0...v0.30.0

Commits
  • c38c979 Tag a release.
  • 09c7538 Update the pre-commit link for zizmor.
  • 086997f Remove an unneeded section of the pyproject.toml.
  • 7690933 Merge pull request #204 from edgarrmondragon/pyo3-0.27.2
  • 84f9bd1 Update to PyO3 0.27.2
  • 5cb6bc4 Merge pull request #203 from crate-py/pre-commit-ci-update-config
  • 677a6db [pre-commit.ci] pre-commit autoupdate
  • 5f1fa20 Merge pull request #202 from crate-py/pre-commit-ci-update-config
  • 6657a51 [pre-commit.ci] pre-commit autoupdate
  • See full diff in compare view

Updates urllib3 from 2.5.0 to 2.6.3

Release notes

Sourced from urllib3's releases.

2.6.3

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Changes

2.6.2

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Changes

  • Fixed HTTPResponse.read_chunked() to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (urllib3/urllib3#3734)

2.6.1

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Changes

  • Restore previously removed HTTPResponse.getheaders() and HTTPResponse.getheader() methods. (#3731)

2.6.0

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Security

  • Fixed a security issue where streaming API could improperly handle highly compressed HTTP content ("decompression bombs") leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (CVE-2025-66471 reported by @​Cycloctane, 8.9 High, GHSA-2xpw-w6gg-jr37)
  • Fixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the Content-Encoding header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (CVE-2025-66418 reported by @​illia-v, 8.9 High, GHSA-gm62-xv2j-4w53)

[!IMPORTANT]

  • If urllib3 is not installed with the optional urllib3[brotli] extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to benefit from the security fixes and avoid warnings. Prefer using urllib3[brotli] to install a compatible Brotli package automatically.

... (truncated)

Changelog

Sourced from urllib3's changelog.

2.6.3 (2026-01-07)

  • Fixed a high-severity security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (GHSA-38jv-5279-wg99 <https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99>__)
  • Started treating Retry-After times greater than 6 hours as 6 hours by default. ([#3743](https://github.com/urllib3/urllib3/issues/3743) <https://github.com/urllib3/urllib3/issues/3743>__)
  • Fixed urllib3.connection.VerifiedHTTPSConnection on Emscripten. ([#3752](https://github.com/urllib3/urllib3/issues/3752) <https://github.com/urllib3/urllib3/issues/3752>__)

2.6.2 (2025-12-11)

  • Fixed HTTPResponse.read_chunked() to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. ([#3734](https://github.com/urllib3/urllib3/issues/3734) <https://github.com/urllib3/urllib3/issues/3734>__)

2.6.1 (2025-12-08)

  • Restore previously removed HTTPResponse.getheaders() and HTTPResponse.getheader() methods. ([#3731](https://github.com/urllib3/urllib3/issues/3731) <https://github.com/urllib3/urllib3/issues/3731>__)

2.6.0 (2025-12-05)

Security

  • Fixed a security issue where streaming API could improperly handle highly compressed HTTP content ("decompression bombs") leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (GHSA-2xpw-w6gg-jr37 <https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37>__)
  • Fixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the Content-Encoding header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (GHSA-gm62-xv2j-4w53 <https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53>__)

.. caution::

  • If urllib3 is not installed with the optional urllib3[brotli] extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to benefit from the security fixes and avoid warnings. Prefer using

... (truncated)

Commits
  • 0248277 Release 2.6.3
  • 8864ac4 Merge commit from fork
  • 70cecb2 Fix Scorecard issues related to vulnerable dev dependencies (#3755)
  • 41f249a Move "v2.0 Migration Guide" to the end of the table of contents (#3747)
  • fd4dffd Patch VerifiedHTTPSConnection for Emscripten (#3752)
  • 13f0bfd Handle massive values in Retry-After when calculating time to sleep for (#3743)
  • 8c480bf Bump actions/upload-artifact from 5.0.0 to 6.0.0 (#3748)
  • 4b40616 Bump actions/cache from 4.3.0 to 5.0.1 (#3750)
  • 82b8479 Bump actions/download-artifact from 6.0.0 to 7.0.0 (#3749)
  • 34284cb Mention experimental features in the security policy (#3746)
  • Additional commits viewable in compare view

Updates mypy from 1.18.1 to 1.19.1

Changelog

Sourced from mypy's changelog.

Mypy 1.19.1

  • Fix noncommutative joins with bounded TypeVars (Shantanu, PR 20345)
  • Respect output format for cached runs by serializing raw errors in cache metas (Ivan Levkivskyi, PR 20372)
  • Allow types.NoneType in match cases (A5rocks, PR 20383)
  • Fix mypyc generator regression with empty tuple (BobTheBuidler, PR 20371)
  • Fix crash involving Unpack-ed TypeVarTuple (Shantanu, PR 20323)
  • Fix crash on star import of redefinition (Ivan Levkivskyi, PR 20333)
  • Fix crash on typevar with forward ref used in other module (Ivan Levkivskyi, PR 20334)
  • Fail with an explicit error on PyPy (Ivan Levkivskyi, PR 20389)

Acknowledgements

Thanks to all mypy contributors who contributed to this release:

  • A5rocks
  • BobTheBuidler
  • bzoracler
  • Chainfire
  • Christoph Tyralla
  • David Foster
  • Frank Dana
  • Guo Ci
  • iap
  • Ivan Levkivskyi
  • James Hilton-Balfe
  • jhance
  • Joren Hammudoglu
  • Jukka Lehtosalo
  • KarelKenens
  • Kevin Kannammalil
  • Marc Mueller
  • Michael Carlstrom
  • Michael J. Sullivan
  • Piotr Sawicki
  • Randolf Scholz
  • Shantanu
  • Sigve Sebastian Farstad
  • sobolevn
  • Stanislav Terliakov
  • Stephen Morton
  • Theodore Ando
  • Thiago J. Barbalho
  • wyattscarpenter

I’d also like to thank my employer, Dropbox, for supporting mypy development.

Mypy 1.18

We’ve just uploaded mypy 1.18.1 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance

... (truncated)

Commits

Updates ruff from 0.13.0 to 0.14.14

Release notes

Sourced from ruff's releases.

0.14.14

Release Notes

Released on 2026-01-22.

Preview features

  • Preserve required parentheses in lambda bodies (#22747)
  • Combine range suppression code diagnostics (#22613)
  • [airflow] Second positional argument to Asset/Dataset should not be a dictionary (AIR303) (#22453)
  • [ruff] Detect duplicate entries in __all__ (RUF068) (#22114)

Bug fixes

  • [pyupgrade] Allow shadowing non-builtin bindings (UP029) (#22749)
  • [pyupgrade] Apply UP045 to string arguments of typing.cast (#22320)
  • [flake8-pie] Detect duplicated declared class fields in PIE794 (#22717)

Rule changes

Documentation

  • Add --exit-non-zero-on-format to formatter exit codes section (#22761)
  • Update contributing guide for adding a new rule (#22779)
  • [FastAPI] Document fix safety for FAST001 (#22655)
  • [flake8-async] Tweak explanation to focus on latency/efficiency tradeoff (ASYNC110) (#22715)
  • [pandas-vet] Make example error out-of-the-box (PD002) (#22561)
  • [refurb] Make the example work out of box (FURB101) (#22770)
  • [refurb] Make the example work out of box (FURB103) (#22769)

Contributors

    ...

    Description has been truncated

@dependabot
Bump the python group across 1 directory with 12 updates
126490a 
Bumps the python group with 12 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [jinja2](https://github.com/pallets/jinja) | `3.1.5` | `3.1.6` |
| [jsonschema](https://github.com/python-jsonschema/jsonschema) | `4.23.0` | `4.26.0` |
| [pyyaml](https://github.com/yaml/pyyaml) | `6.0.2` | `6.0.3` |
| [tomli](https://github.com/hukkin/tomli) | `2.2.1` | `2.4.0` |
| [typing-extensions](https://github.com/python/typing_extensions) | `4.14.1` | `4.15.0` |
| [zstandard](https://github.com/indygreg/python-zstandard) | `0.23.0` | `0.25.0` |
| [certifi](https://github.com/certifi/python-certifi) | `2025.11.12` | `2026.1.4` |
| [rpds-py](https://github.com/crate-py/rpds) | `0.29.0` | `0.30.0` |
| [urllib3](https://github.com/urllib3/urllib3) | `2.5.0` | `2.6.3` |
| [mypy](https://github.com/python/mypy) | `1.18.1` | `1.19.1` |
| [ruff](https://github.com/astral-sh/ruff) | `0.13.0` | `0.14.14` |
| [types-jsonschema](https://github.com/typeshed-internal/stub_uploader) | `4.25.1.20250822` | `4.26.0.20260202` |



Updates `jinja2` from 3.1.5 to 3.1.6
- [Release notes](https://github.com/pallets/jinja/releases)
- [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst)
- [Commits](pallets/jinja@3.1.5...3.1.6)

Updates `jsonschema` from 4.23.0 to 4.26.0
- [Release notes](https://github.com/python-jsonschema/jsonschema/releases)
- [Changelog](https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst)
- [Commits](python-jsonschema/jsonschema@v4.23.0...v4.26.0)

Updates `pyyaml` from 6.0.2 to 6.0.3
- [Release notes](https://github.com/yaml/pyyaml/releases)
- [Changelog](https://github.com/yaml/pyyaml/blob/6.0.3/CHANGES)
- [Commits](yaml/pyyaml@6.0.2...6.0.3)

Updates `tomli` from 2.2.1 to 2.4.0
- [Changelog](https://github.com/hukkin/tomli/blob/master/CHANGELOG.md)
- [Commits](hukkin/tomli@2.2.1...2.4.0)

Updates `typing-extensions` from 4.14.1 to 4.15.0
- [Release notes](https://github.com/python/typing_extensions/releases)
- [Changelog](https://github.com/python/typing_extensions/blob/main/CHANGELOG.md)
- [Commits](python/typing_extensions@4.14.1...4.15.0)

Updates `zstandard` from 0.23.0 to 0.25.0
- [Release notes](https://github.com/indygreg/python-zstandard/releases)
- [Changelog](https://github.com/indygreg/python-zstandard/blob/main/docs/news.rst)
- [Commits](indygreg/python-zstandard@0.23.0...0.25.0)

Updates `certifi` from 2025.11.12 to 2026.1.4
- [Commits](certifi/python-certifi@2025.11.12...2026.01.04)

Updates `rpds-py` from 0.29.0 to 0.30.0
- [Release notes](https://github.com/crate-py/rpds/releases)
- [Commits](crate-py/rpds@v0.29.0...v0.30.0)

Updates `urllib3` from 2.5.0 to 2.6.3
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.5.0...2.6.3)

Updates `mypy` from 1.18.1 to 1.19.1
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md)
- [Commits](python/mypy@v1.18.1...v1.19.1)

Updates `ruff` from 0.13.0 to 0.14.14
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/0.14.14/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.13.0...0.14.14)

Updates `types-jsonschema` from 4.25.1.20250822 to 4.26.0.20260202
- [Commits](https://github.com/typeshed-internal/stub_uploader/commits)

---
updated-dependencies:
- dependency-name: jinja2
  dependency-version: 3.1.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python
- dependency-name: jsonschema
  dependency-version: 4.26.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python
- dependency-name: pyyaml
  dependency-version: 6.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python
- dependency-name: tomli
  dependency-version: 2.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python
- dependency-name: typing-extensions
  dependency-version: 4.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python
- dependency-name: zstandard
  dependency-version: 0.25.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python
- dependency-name: certifi
  dependency-version: 2026.1.4
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: python
- dependency-name: rpds-py
  dependency-version: 0.30.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python
- dependency-name: urllib3
  dependency-version: 2.6.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python
- dependency-name: mypy
  dependency-version: 1.19.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: python
- dependency-name: ruff
  dependency-version: 0.14.14
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: python
- dependency-name: types-jsonschema
  dependency-version: 4.26.0.20260202
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: python
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Feb 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants