Skip to content

Bump the uv group across 1 directory with 8 updates#662

Open
dependabot[bot] wants to merge 1 commit intodevfrom
dependabot/uv/uv-f2d30a38fa
Open

Bump the uv group across 1 directory with 8 updates#662
dependabot[bot] wants to merge 1 commit intodevfrom
dependabot/uv/uv-f2d30a38fa

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 16, 2026

Bumps the uv group with 8 updates in the / directory:

Package From To
mitmproxy 0.14.0 11.0.2
pillow 12.0.0 12.1.1
pip 25.3 26.0
wheel 0.45.1 0.46.2
cryptography 44.0.3 46.0.5
protobuf 6.33.1 6.33.5
python-multipart 0.0.20 0.0.22
sqlparse 0.5.3 0.5.4

Updates mitmproxy from 0.14.0 to 11.0.2

Release notes

Sourced from mitmproxy's releases.

mitmproxy 11.0.2

Changes: See CHANGELOG.md.

You can find the latest release packages at https://mitmproxy.org/downloads/.

mitmproxy 11.0.1

Changes: See CHANGELOG.md.

You can find the latest release packages at https://mitmproxy.org/downloads/.

mitmproxy 11.0.0

Changes: See CHANGELOG.md.

You can find the latest release packages at https://mitmproxy.org/downloads/.

mitmproxy 10.4.2

Changes: See CHANGELOG.md.

You can find the latest release packages at https://mitmproxy.org/downloads/.

mitmproxy 10.4.1

Changes: See CHANGELOG.md.

You can find the latest release packages at https://mitmproxy.org/downloads/.

mitmproxy 10.4.0

Changes: See CHANGELOG.md.

You can find the latest release packages at https://mitmproxy.org/downloads/.

mitmproxy 10.3.1

Changes: See CHANGELOG.md.

You can find the latest release packages at https://mitmproxy.org/downloads/.

mitmproxy 10.3.0

Changes: See CHANGELOG.md.

You can find the latest release packages at https://mitmproxy.org/downloads/.

mitmproxy 10.2.4

Changes: See CHANGELOG.md.

You can find the latest release packages at https://mitmproxy.org/downloads/.

mitmproxy 10.2.3

Changes: See CHANGELOG.md.

You can find the latest release packages at https://mitmproxy.org/downloads/.

... (truncated)

Changelog

Sourced from mitmproxy's changelog.

05 December 2024: mitmproxy 11.0.2

  • Stop sorting keys in JSON contentview (#7346, @​injust)
  • Fix a bug where a custom CA would raise an error. (#7355, @​nneonneo)
  • Fix a bug where the mitmproxy UI would crash on negative durations. (#7358, @​mhils)
  • Allow technically invalid HTTP transfer encodings in requests if validate_inbound_headers is disabled. (#7361, #7373, @​mhils)
  • Fix a bug in windows management in mitmproxy TUI whereby the help window does not appear if "?" is pressed within the overlay (#6500, @​emanuele-em)

24 November 2024: mitmproxy 11.0.1

  • Tighten HTTP detection heuristic to better support custom TCP-based protocols. (#7228, @​fatanugraha)
  • Implement stricter validation of HTTP headers to harden against request smuggling attacks. (#7345, @​mhils)
  • Increase HTTP/2 default flow control window size, fixing performance issues. (#7317, @​sujaldev)
  • Fix a bug where mitmproxy would incorrectly report that TLS 1.0 and 1.1 are not supported with the current OpenSSL build. (#7241, @​mhils)
  • Docker: Update image to Python 3.13 on Debian Bookworm. (#7242, @​mhils)
  • Add a tun proxy mode that creates a virtual network device on Linux for transparent proxying. (#7278, @​mhils)
  • browser.start command now supports Firefox. (#7239, @​sujaldev)
  • Fix interaction of the modify_headers and stream_large_bodies options. This may break users of modify_headers that rely on filters referencing the message body. We expect this to be uncommon, but please make yourself heard if that's not the case. (#7286, @​lukant)
  • Fix a crash when handling corrupted compressed body in savehar addon and its tests. (#7320, @​8192bytes)
  • Remove dependency on protobuf library as it was no longer being used. (#7327, @​matthew16550)

02 October 2024: mitmproxy 11.0.0

  • mitmproxy now supports transparent HTTP/3 proxying. (#7202, @​errorxyz, @​meitinger, @​mhils)
  • Add HTTP3 support in HTTPS reverse-proxy mode. (#7114, @​errorxyz)
  • mitmproxy now officially supports Python 3.13. (#6934, @​mhils)
  • Tighten HTTP detection heuristic to better support custom TCP-based protocols. (#7087)
  • Add show_ignored_hosts option to display ignored flows in the UI.

... (truncated)

Commits

Updates pillow from 12.0.0 to 12.1.1

Release notes

Sourced from pillow's releases.

12.1.1

https://pillow.readthedocs.io/en/stable/releasenotes/12.1.1.html

Dependencies

Other changes

12.1.0

https://pillow.readthedocs.io/en/stable/releasenotes/12.1.0.html

Deprecations

Documentation

Dependencies

Testing

... (truncated)

Commits

Updates pip from 25.3 to 26.0

Changelog

Sourced from pip's changelog.

26.0 (2026-01-30)

Deprecations and Removals

  • Remove support for non-bare project names in egg fragments. Affected users should use the Direct URL requirement syntax <https://packaging.python.org/en/latest/specifications/version-specifiers/#direct-references>. ([#13157](https://github.com/pypa/pip/issues/13157) <https://github.com/pypa/pip/issues/13157>)

Features

  • Display pip's command-line help in colour, if possible. ([#12134](https://github.com/pypa/pip/issues/12134) <https://github.com/pypa/pip/issues/12134>_)

  • Support installing dependencies declared with inline script metadata (:pep:723) with --requirements-from-script. ([#12891](https://github.com/pypa/pip/issues/12891) <https://github.com/pypa/pip/issues/12891>_)

  • Add --all-releases and --only-final options to control pre-release and final release selection during package installation. ([#13221](https://github.com/pypa/pip/issues/13221) <https://github.com/pypa/pip/issues/13221>_)

  • Add --uploaded-prior-to option to only consider packages uploaded prior to a given datetime when the upload-time field is available from a remote index. ([#13625](https://github.com/pypa/pip/issues/13625) <https://github.com/pypa/pip/issues/13625>_)

  • Add --use-feature inprocess-build-deps to request that build dependencies are installed within the same pip install process. This new mechanism is faster, supports --no-clean and --no-cache-dir reliably, and supports prompting for authentication.

    Enabling this feature will also enable --use-feature build-constraints. This feature will become the default in a future pip version. ([#9081](https://github.com/pypa/pip/issues/9081) <https://github.com/pypa/pip/issues/9081>_)

  • pip cache purge and pip cache remove now clean up empty directories and legacy files left by older pip versions. ([#9058](https://github.com/pypa/pip/issues/9058) <https://github.com/pypa/pip/issues/9058>_)

Bug Fixes

  • Fix selecting pre-release versions when only pre-releases match. For example, package>1.0 with versions 1.0, 2.0rc1 now installs 2.0rc1 instead of failing. ([#13746](https://github.com/pypa/pip/issues/13746) <https://github.com/pypa/pip/issues/13746>_)
  • Revisions in version control URLs now must be percent-encoded. For example, use git+https://example.com/repo.git@issue%231 to specify the branch issue#1. If you previously used a branch name containing a % character in a version control URL, you now need to replace it with %25 to ensure correct percent-encoding. ([#13407](https://github.com/pypa/pip/issues/13407) <https://github.com/pypa/pip/issues/13407>_)
  • Preserve original casing when a path is displayed. ([#6823](https://github.com/pypa/pip/issues/6823) <https://github.com/pypa/pip/issues/6823>_)
  • Fix bash completion when the $IFS variable has been modified from its default. ([#13555](https://github.com/pypa/pip/issues/13555) <https://github.com/pypa/pip/issues/13555>_)
  • Precompute Python requirements on each candidate, reducing time of long resolutions. ([#13656](https://github.com/pypa/pip/issues/13656) <https://github.com/pypa/pip/issues/13656>_)
  • Skip redundant work converting version objects to strings when using the importlib.metadata backend. ([#13660](https://github.com/pypa/pip/issues/13660) <https://github.com/pypa/pip/issues/13660>_)
  • Fix pip index versions to honor only-binary/no-binary options. ([#13682](https://github.com/pypa/pip/issues/13682) <https://github.com/pypa/pip/issues/13682>_)
  • Fix fallthrough logic for options, allowing overriding global options with defaults from user config. ([#13703](https://github.com/pypa/pip/issues/13703) <https://github.com/pypa/pip/issues/13703>_)
  • Use a path-segment prefix comparison, not char-by-char. ([#13777](https://github.com/pypa/pip/issues/13777) <https://github.com/pypa/pip/issues/13777>_)

Vendored Libraries

... (truncated)

Commits

Updates wheel from 0.45.1 to 0.46.2

Release notes

Sourced from wheel's releases.

0.46.2

  • Restored the bdist_wheel command for compatibility with setuptools older than v70.1
  • Importing wheel.bdist_wheel now emits a FutureWarning instead of a DeprecationWarning
  • Fixed wheel unpack potentially altering the permissions of files outside of the destination tree with maliciously crafted wheels (CVE-2026-24049)

0.46.1

  • Temporarily restored the wheel.macosx_libfile module (#659)

0.46.0

  • Dropped support for Python 3.8
  • Removed the bdist_wheel setuptools command implementation and entry point. The wheel.bdist_wheel module is now just an alias to setuptools.command.bdist_wheel, emitting a deprecation warning on import.
  • Removed vendored packaging in favor of a run-time dependency on it
  • Made the wheel.metadata module private (with a deprecation warning if it's imported
  • Made the wheel.cli package private (no deprecation warning)
  • Fixed an exception when calling the convert command with an empty description field
Changelog

Sourced from wheel's changelog.

Release Notes

UNRELEASED

  • Added the wheel info subcommand to display metadata about wheel files without unpacking them ([#639](https://github.com/pypa/wheel/issues/639) <https://github.com/pypa/wheel/issues/639>_)

0.46.3 (2026-01-22)

  • Fixed ImportError: cannot import name '_setuptools_logging' from 'wheel' when installed alongside an old version of setuptools and running the bdist_wheel command ([#676](https://github.com/pypa/wheel/issues/676) <https://github.com/pypa/wheel/issues/676>_)

0.46.2 (2026-01-22)

  • Restored the bdist_wheel command for compatibility with setuptools older than v70.1
  • Importing wheel.bdist_wheel now emits a FutureWarning instead of a DeprecationWarning
  • Fixed wheel unpack potentially altering the permissions of files outside of the destination tree with maliciously crafted wheels (CVE-2026-24049)

0.46.1 (2025-04-08)

  • Temporarily restored the wheel.macosx_libfile module ([#659](https://github.com/pypa/wheel/issues/659) <https://github.com/pypa/wheel/issues/659>_)

0.46.0 (2025-04-03)

  • Dropped support for Python 3.8
  • Removed the bdist_wheel setuptools command implementation and entry point. The wheel.bdist_wheel module is now just an alias to setuptools.command.bdist_wheel, emitting a deprecation warning on import.
  • Removed vendored packaging in favor of a run-time dependency on it
  • Made the wheel.metadata module private (with a deprecation warning if it's imported
  • Made the wheel.cli package private (no deprecation warning)
  • Fixed an exception when calling the convert command with an empty description field

0.45.1 (2024-11-23)

  • Fixed pure Python wheels converted from eggs and wininst files having the ABI tag in the file name

0.45.0 (2024-11-08)

  • Refactored the convert command to not need setuptools to be installed
  • Don't configure setuptools logging unless running bdist_wheel

... (truncated)

Commits
  • eba4036 Updated the version number for v0.46.2
  • 557fb54 Created a new release
  • 7a7d2de Fixed security issue around wheel unpack (#675)
  • 41418fa Fixed test failures due to metadata normalization changes
  • c1d442b [pre-commit.ci] pre-commit autoupdate (#674)
  • 0bac882 Update github actions environments (#673)
  • be9f45b [pre-commit.ci] pre-commit autoupdate (#667)
  • 6244f08 Update pre-commit ruff legacy alias (#668)
  • 15b7577 PEP 639 compliance (#670)
  • fc8cb41 Revert "Removed redundant Python version from the publish workflow (#666)"
  • Additional commits viewable in compare view

Updates cryptography from 44.0.3 to 46.0.5

Changelog

Sourced from cryptography's changelog.

46.0.5 - 2026-02-10


* An attacker could create a malicious public key that reveals portions of your
  private key when using certain uncommon elliptic curves (binary curves).
  This version now includes additional security checks to prevent this attack.
  This issue only affects binary elliptic curves, which are rarely used in
  real-world applications. Credit to **XlabAI Team of Tencent Xuanwu Lab and
  Atuin Automated Vulnerability Discovery Engine** for reporting the issue.
  **CVE-2026-26007**
* Support for ``SECT*`` binary elliptic curves is deprecated and will be
  removed in the next release.

.. v46-0-4:


46.0.4 - 2026-01-27

  • Dropped support for win_arm64 wheels_.
  • Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.

.. _v46-0-3:

46.0.3 - 2025-10-15


* Fixed compilation when using LibreSSL 4.2.0.

.. _v46-0-2:


46.0.2 - 2025-09-30

  • Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.4.

.. _v46-0-1:

46.0.1 - 2025-09-16


* Fixed an issue where users installing via ``pip`` on Python 3.14 development
  versions would not properly install a dependency.
* Fixed an issue building the free-threaded macOS 3.14 wheels.

.. _v46-0-0:


46.0.0 - 2025-09-16

  • BACKWARDS INCOMPATIBLE: Support for Python 3.7 has been removed.

... (truncated)

Commits

Updates protobuf from 6.33.1 to 6.33.5

Release notes

Sourced from protobuf's releases.

Protocol Buffers v34.0-rc1

Announcements

Bazel

Compiler

C++

... (truncated)

Commits

Updates python-multipart from 0.0.20 to 0.0.22

Release notes

Sourced from python-multipart's releases.

Version 0.0.22

What's Changed

  • Drop directory path from filename in File 9433f4b.

Full Changelog: Kludex/python-multipart@0.0.21...0.0.22

Version 0.0.21

What's Changed

New Contributors

Full Changelog: Kludex/python-multipart@0.0.20...0.0.21

Changelog

Sourced from python-multipart's changelog.

0.0.22 (2026-01-25)

  • Drop directory path from filename in File 9433f4b.

0.0.21 (2025-12-17)

  • Add support for Python 3.14 and drop EOL 3.8 and 3.9 #216.
Commits

Updates sqlparse from 0.5.3 to 0.5.4

Changelog

Sourced from sqlparse's changelog.

Release 0.5.4 (Nov 28, 2025)

Enhancements

  • Add support for Python 3.14.
  • Add type annotations to top-level API functions and include py.typed marker for PEP 561 compliance, enabling type checking with mypy and other tools (issue756).
  • Add pre-commit hook support. sqlparse can now be used as a pre-commit hook to automatically format SQL files. The CLI now supports multiple files and an --in-place flag for in-place editing (issue537).
  • Add ATTACH and DETACH to PostgreSQL keywords (pr808).
  • Add INTERSECT to close keywords in WHERE clause (pr820).
  • Support REGEXP BINARY comparison operator (pr817).

Bug Fixes

  • Add additional protection against denial of service attacks when parsing very large lists of tuples. This enhances the existing recursion protections with configurable limits for token processing to prevent DoS through algorithmic complexity attacks. The new limits (MAX_GROUPING_DEPTH=100, MAX_GROUPING_TOKENS=10000) can be adjusted or disabled (by setting to None) if needed for legitimate large SQL statements.
  • Remove shebang from cli.py and remove executable flag (pr818).
  • Fix strip_comments not removing all comments when input contains only comments (issue801, pr803 by stropysh).
  • Fix splitting statements with IF EXISTS/IF NOT EXISTS inside BEGIN...END blocks (issue812).
  • Fix splitting on semicolons inside BEGIN...END blocks (issue809).
Commits
  • 14e300b Bump version.
  • 96a67e2 Code cleanup.
  • 1a3bfbd Fix handling of semicolons inside BEGIN...END blocks (fixes #809).
  • e92a032 Fix handling of IF EXISTS statements in BEGIN...END blocks (fixes #812).
  • 149bebf Update Changelog.
  • 561a67e Update AUTHORS.
  • 73c8ba3 bugfix ISSUE_801; Remove all comments when only comments
  • 1b32387 Update action to run on all prs.
  • 31903e0 Add pre-commit hook support (fixes #537)
  • 1357726 docs: add AGENTS.md for project guidance and development commands
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the uv group across 1 directory with 8 updates
4fbd3a8 
Bumps the uv group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [mitmproxy](https://github.com/mitmproxy/mitmproxy) | `0.14.0` | `11.0.2` |
| [pillow](https://github.com/python-pillow/Pillow) | `12.0.0` | `12.1.1` |
| [pip](https://github.com/pypa/pip) | `25.3` | `26.0` |
| [wheel](https://github.com/pypa/wheel) | `0.45.1` | `0.46.2` |
| [cryptography](https://github.com/pyca/cryptography) | `44.0.3` | `46.0.5` |
| [protobuf](https://github.com/protocolbuffers/protobuf) | `6.33.1` | `6.33.5` |
| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.22` |
| [sqlparse](https://github.com/andialbrecht/sqlparse) | `0.5.3` | `0.5.4` |



Updates `mitmproxy` from 0.14.0 to 11.0.2
- [Release notes](https://github.com/mitmproxy/mitmproxy/releases)
- [Changelog](https://github.com/mitmproxy/mitmproxy/blob/main/CHANGELOG.md)
- [Commits](mitmproxy/mitmproxy@v0.14...v11.0.2)

Updates `pillow` from 12.0.0 to 12.1.1
- [Release notes](https://github.com/python-pillow/Pillow/releases)
- [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst)
- [Commits](python-pillow/Pillow@12.0.0...12.1.1)

Updates `pip` from 25.3 to 26.0
- [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst)
- [Commits](pypa/pip@25.3...26.0)

Updates `wheel` from 0.45.1 to 0.46.2
- [Release notes](https://github.com/pypa/wheel/releases)
- [Changelog](https://github.com/pypa/wheel/blob/main/docs/news.rst)
- [Commits](pypa/wheel@0.45.1...0.46.2)

Updates `cryptography` from 44.0.3 to 46.0.5
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@44.0.3...46.0.5)

Updates `protobuf` from 6.33.1 to 6.33.5
- [Release notes](https://github.com/protocolbuffers/protobuf/releases)
- [Commits](https://github.com/protocolbuffers/protobuf/commits)

Updates `python-multipart` from 0.0.20 to 0.0.22
- [Release notes](https://github.com/Kludex/python-multipart/releases)
- [Changelog](https://github.com/Kludex/python-multipart/blob/master/CHANGELOG.md)
- [Commits](Kludex/python-multipart@0.0.20...0.0.22)

Updates `sqlparse` from 0.5.3 to 0.5.4
- [Changelog](https://github.com/andialbrecht/sqlparse/blob/master/CHANGELOG)
- [Commits](andialbrecht/sqlparse@0.5.3...0.5.4)

---
updated-dependencies:
- dependency-name: mitmproxy
  dependency-version: 11.0.2
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: pillow
  dependency-version: 12.1.1
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: pip
  dependency-version: '26.0'
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: wheel
  dependency-version: 0.46.2
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: cryptography
  dependency-version: 46.0.5
  dependency-type: direct:production
  dependency-group: uv
- dependency-name: protobuf
  dependency-version: 6.33.5
  dependency-type: indirect
  dependency-group: uv
- dependency-name: python-multipart
  dependency-version: 0.0.22
  dependency-type: indirect
  dependency-group: uv
- dependency-name: sqlparse
  dependency-version: 0.5.4
  dependency-type: indirect
  dependency-group: uv
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Feb 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants